Accepting request 182783 from home:jfehlig:branches:Virtualization

- CVE-2013-2230: Fix crash when multiple event callbacks were
  registered
  f38c8185-CVE-2013-2230.patch
  bnc#827801

- Update to libvirt 1.1.0
  - Extensible migration APIs
  - Add a policy kit access control driver
  - various improvements in the Xen and libxl drivers
  - improve networking support on BSD
  - agent based vCPU hotplug support
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Drop upstream patches: 244e0b8c-CVE-2013-2218.patch

OBS-URL: https://build.opensuse.org/request/show/182783
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=282
This commit is contained in:
James Fehlig 2013-07-10 22:06:19 +00:00 committed by Git OBS Bridge
parent 78ac454f8b
commit 5674459f46
20 changed files with 165 additions and 166 deletions

View File

@ -1,54 +0,0 @@
commit 244e0b8cf15ca2ef48d82058e728656e6c4bad11
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Fri Jun 28 13:21:33 2013 +0100
Crash of libvirtd by unprivileged user in virConnectListAllInterfaces
On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
> Hi Security Team,
>
> I've discovered a way for an unprivileged user with a readonly connection
> to libvirtd, to crash the daemon.
Ok, the final patch for this is issue will be the simpler variant that
Eric suggested
The embargo can be considered to be lifted on Monday July 1st, at
0900 UTC
The following is the GIT change that DV or myself will apply to libvirt
GIT master immediately before the 1.1.0 release:
>From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 28 Jun 2013 10:48:37 +0100
Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
filters
The virConnectListAllInterfaces method has a double-free of the
'struct netcf_if' object when any of the filtering flags cause
an interface to be skipped over. For example when running the
command 'virsh iface-list --inactive'
This is a regression introduced in release 1.0.6 by
commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f
Author: Guannan Ren <gren@redhat.com>
Date: Tue May 21 21:29:38 2013 +0800
interface: list all interfaces with flags == 0
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-1.0.6.orig/src/interface/interface_backend_netcf.c
+++ libvirt-1.0.6/src/interface/interface_backend_netcf.c
@@ -365,6 +365,7 @@ netcfConnectListAllInterfaces(virConnect
(MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) &&
(status & NETCF_IFACE_INACTIVE)))) {
ncf_if_free(iface);
+ iface = NULL;
continue;
}

View File

@ -34,7 +34,7 @@ Index: src/lxc/lxc_container.c
VIR_FREE(stack); VIR_FREE(stack);
if (cpid < 0) { if (cpid < 0) {
virReportSystemError(errno, "%s", virReportSystemError(errno, "%s",
@@ -2108,6 +2116,9 @@ int lxcContainerStart(virDomainDefPtr de @@ -2097,6 +2105,9 @@ int lxcContainerStart(virDomainDefPtr de
ttyPaths, nttyPaths, handshakefd}; ttyPaths, nttyPaths, handshakefd};
/* allocate a stack for the container */ /* allocate a stack for the container */
@ -44,7 +44,7 @@ Index: src/lxc/lxc_container.c
if (VIR_ALLOC_N(stack, stacksize) < 0) { if (VIR_ALLOC_N(stack, stacksize) < 0) {
virReportOOMError(); virReportOOMError();
return -1; return -1;
@@ -2126,7 +2137,11 @@ int lxcContainerStart(virDomainDefPtr de @@ -2115,7 +2126,11 @@ int lxcContainerStart(virDomainDefPtr de
cflags |= CLONE_NEWNET; cflags |= CLONE_NEWNET;
} }
@ -56,7 +56,7 @@ Index: src/lxc/lxc_container.c
VIR_FREE(stack); VIR_FREE(stack);
VIR_DEBUG("clone() completed, new container PID is %d", pid); VIR_DEBUG("clone() completed, new container PID is %d", pid);
@@ -2152,6 +2167,7 @@ int lxcContainerAvailable(int features) @@ -2141,6 +2156,7 @@ int lxcContainerAvailable(int features)
int cpid; int cpid;
char *childStack; char *childStack;
char *stack; char *stack;
@ -64,7 +64,7 @@ Index: src/lxc/lxc_container.c
if (features & LXC_CONTAINER_FEATURE_USER) if (features & LXC_CONTAINER_FEATURE_USER)
flags |= CLONE_NEWUSER; flags |= CLONE_NEWUSER;
@@ -2159,14 +2175,21 @@ int lxcContainerAvailable(int features) @@ -2148,14 +2164,21 @@ int lxcContainerAvailable(int features)
if (features & LXC_CONTAINER_FEATURE_NET) if (features & LXC_CONTAINER_FEATURE_NET)
flags |= CLONE_NEWNET; flags |= CLONE_NEWNET;

View File

@ -0,0 +1,28 @@
commit f38c8185f97720ecae7ef2291fbaa5d6b0209e17
Author: Ján Tomko <jtomko@redhat.com>
Date: Tue Jul 2 15:17:09 2013 +0200
Fix crash when multiple event callbacks were registered
CVE-2013-2230
Don't overwrite the callback ID returned by
virDomainEventStateRegisterID in ret by 0.
Introduced by abf75aea.
Index: libvirt-1.1.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.0.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.0/src/qemu/qemu_driver.c
@@ -9914,9 +9914,7 @@ qemuConnectDomainEventRegisterAny(virCon
driver->domainEventState,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
- goto cleanup;
-
- ret = 0;
+ ret = -1;
cleanup:
return ret;

View File

@ -8,10 +8,10 @@ uses the 'device_configure' RPC.
This patch changes the xend driver to always call 'device_configure' for This patch changes the xend driver to always call 'device_configure' for
PCI devices to be consistent with the usage in the xen tools. PCI devices to be consistent with the usage in the xen tools.
Index: libvirt-1.0.6/src/xen/xend_internal.c Index: libvirt-1.1.0/src/xen/xend_internal.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/xen/xend_internal.c --- libvirt-1.1.0.orig/src/xen/xend_internal.c
+++ libvirt-1.0.6/src/xen/xend_internal.c +++ libvirt-1.1.0/src/xen/xend_internal.c
@@ -2220,6 +2220,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr @@ -2220,6 +2220,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr
virBuffer buf = VIR_BUFFER_INITIALIZER; virBuffer buf = VIR_BUFFER_INITIALIZER;
char class[8], ref[80]; char class[8], ref[80];

View File

@ -1,7 +1,7 @@
Index: libvirt-1.0.6/examples/apparmor/Makefile.am Index: libvirt-1.1.0/examples/apparmor/Makefile.am
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/examples/apparmor/Makefile.am --- libvirt-1.1.0.orig/examples/apparmor/Makefile.am
+++ libvirt-1.0.6/examples/apparmor/Makefile.am +++ libvirt-1.1.0/examples/apparmor/Makefile.am
@@ -14,8 +14,45 @@ @@ -14,8 +14,45 @@
## License along with this library. If not, see ## License along with this library. If not, see
## <http://www.gnu.org/licenses/>. ## <http://www.gnu.org/licenses/>.
@ -53,10 +53,10 @@ Index: libvirt-1.0.6/examples/apparmor/Makefile.am
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
+ +
+endif +endif
Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in Index: libvirt-1.1.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +++ libvirt-1.1.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -0,0 +1,40 @@ @@ -0,0 +1,40 @@
+# Last Modified: Fri Aug 19 11:21:48 2011 +# Last Modified: Fri Aug 19 11:21:48 2011
+#include <tunables/global> +#include <tunables/global>
@ -98,9 +98,9 @@ Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
+ /var/lib/kvm/images/ r, + /var/lib/kvm/images/ r,
+ /var/lib/kvm/images/** r, + /var/lib/kvm/images/** r,
+} +}
Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper Index: libvirt-1.1.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper --- libvirt-1.1.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ /dev/null +++ /dev/null
@@ -1,38 +0,0 @@ @@ -1,38 +0,0 @@
-# Last Modified: Mon Apr 5 15:10:27 2010 -# Last Modified: Mon Apr 5 15:10:27 2010
@ -141,9 +141,9 @@ Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper
- /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/ r,
- /var/lib/libvirt/images/** r, - /var/lib/libvirt/images/** r,
-} -}
Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd Index: libvirt-1.1.0/examples/apparmor/usr.sbin.libvirtd
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/examples/apparmor/usr.sbin.libvirtd --- libvirt-1.1.0.orig/examples/apparmor/usr.sbin.libvirtd
+++ /dev/null +++ /dev/null
@@ -1,52 +0,0 @@ @@ -1,52 +0,0 @@
-# Last Modified: Mon Apr 5 15:03:58 2010 -# Last Modified: Mon Apr 5 15:03:58 2010
@ -198,10 +198,10 @@ Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd
- change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
- -
-} -}
Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd.in Index: libvirt-1.1.0/examples/apparmor/usr.sbin.libvirtd.in
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd.in +++ libvirt-1.1.0/examples/apparmor/usr.sbin.libvirtd.in
@@ -0,0 +1,58 @@ @@ -0,0 +1,58 @@
+# Last Modified: Fri Aug 19 11:20:36 2011 +# Last Modified: Fri Aug 19 11:20:36 2011
+#include <tunables/global> +#include <tunables/global>
@ -261,9 +261,9 @@ Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd.in
+ change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+ +
+} +}
Index: libvirt-1.0.6/examples/apparmor/libvirt-qemu Index: libvirt-1.1.0/examples/apparmor/libvirt-qemu
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/examples/apparmor/libvirt-qemu --- libvirt-1.1.0.orig/examples/apparmor/libvirt-qemu
+++ /dev/null +++ /dev/null
@@ -1,129 +0,0 @@ @@ -1,129 +0,0 @@
-# Last Modified: Fri Mar 9 14:43:22 2012 -# Last Modified: Fri Mar 9 14:43:22 2012
@ -395,10 +395,10 @@ Index: libvirt-1.0.6/examples/apparmor/libvirt-qemu
- -
- /usr/libexec/qemu-bridge-helper rmix, - /usr/libexec/qemu-bridge-helper rmix,
- } - }
Index: libvirt-1.0.6/examples/apparmor/libvirt-qemu.in Index: libvirt-1.1.0/examples/apparmor/libvirt-qemu.in
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ libvirt-1.0.6/examples/apparmor/libvirt-qemu.in +++ libvirt-1.1.0/examples/apparmor/libvirt-qemu.in
@@ -0,0 +1,132 @@ @@ -0,0 +1,132 @@
+# Last Modified: Fri Mar 9 14:43:22 2012 +# Last Modified: Fri Mar 9 14:43:22 2012
+ +

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:254926d680dde3aa41e69eacc8dd72d346fa9d15dde66fa5a5883b0fac5f5475
size 17229166

3
libvirt-1.1.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b99f431db5ef31e9e6d1acca2a8d1985db67cb89c4d97052e34ee66effa6b715
size 17500172

View File

@ -1,9 +1,9 @@
Adjust libvirt-guests init files to conform to SUSE standards Adjust libvirt-guests init files to conform to SUSE standards
Index: libvirt-1.0.6/tools/libvirt-guests.init.in Index: libvirt-1.1.0/tools/libvirt-guests.init.in
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/tools/libvirt-guests.init.in --- libvirt-1.1.0.orig/tools/libvirt-guests.init.in
+++ libvirt-1.0.6/tools/libvirt-guests.init.in +++ libvirt-1.1.0/tools/libvirt-guests.init.in
@@ -3,15 +3,15 @@ @@ -3,15 +3,15 @@
# the following is the LSB init header # the following is the LSB init header
# #
@ -28,10 +28,10 @@ Index: libvirt-1.0.6/tools/libvirt-guests.init.in
### END INIT INFO ### END INIT INFO
# the following is chkconfig init header # the following is chkconfig init header
Index: libvirt-1.0.6/tools/libvirt-guests.sh.in Index: libvirt-1.1.0/tools/libvirt-guests.sh.in
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/tools/libvirt-guests.sh.in --- libvirt-1.1.0.orig/tools/libvirt-guests.sh.in
+++ libvirt-1.0.6/tools/libvirt-guests.sh.in +++ libvirt-1.1.0/tools/libvirt-guests.sh.in
@@ -16,14 +16,13 @@ @@ -16,14 +16,13 @@
# License along with this library. If not, see # License along with this library. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
@ -189,10 +189,10 @@ Index: libvirt-1.0.6/tools/libvirt-guests.sh.in
esac esac
-exit $RETVAL -exit $RETVAL
+rc_exit +rc_exit
Index: libvirt-1.0.6/tools/libvirt-guests.sysconf Index: libvirt-1.1.0/tools/libvirt-guests.sysconf
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/tools/libvirt-guests.sysconf --- libvirt-1.1.0.orig/tools/libvirt-guests.sysconf
+++ libvirt-1.0.6/tools/libvirt-guests.sysconf +++ libvirt-1.1.0/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@ @@ -1,19 +1,29 @@
+## Path: System/Virtualization/libvirt-guests +## Path: System/Virtualization/libvirt-guests
+ +

View File

@ -1,7 +1,7 @@
Index: libvirt-1.0.6/configure.ac Index: libvirt-1.1.0/configure.ac
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/configure.ac --- libvirt-1.1.0.orig/configure.ac
+++ libvirt-1.0.6/configure.ac +++ libvirt-1.1.0/configure.ac
@@ -172,6 +172,7 @@ LIBVIRT_CHECK_DBUS @@ -172,6 +172,7 @@ LIBVIRT_CHECK_DBUS
LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_FUSE
LIBVIRT_CHECK_HAL LIBVIRT_CHECK_HAL
@ -10,7 +10,7 @@ Index: libvirt-1.0.6/configure.ac
LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_NUMACTL
LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_OPENWSMAN
LIBVIRT_CHECK_PCIACCESS LIBVIRT_CHECK_PCIACCESS
@@ -2227,11 +2228,12 @@ if test "$with_libvirtd" = "no" ; then @@ -2225,11 +2226,12 @@ if test "$with_libvirtd" = "no" ; then
with_interface=no with_interface=no
fi fi
@ -26,7 +26,7 @@ Index: libvirt-1.0.6/configure.ac
esac esac
if test "$with_interface" = "yes" ; then if test "$with_interface" = "yes" ; then
@@ -2510,6 +2512,7 @@ LIBVIRT_RESULT_DBUS @@ -2519,6 +2521,7 @@ LIBVIRT_RESULT_DBUS
LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_FUSE
LIBVIRT_RESULT_HAL LIBVIRT_RESULT_HAL
LIBVIRT_RESULT_NETCF LIBVIRT_RESULT_NETCF
@ -34,11 +34,11 @@ Index: libvirt-1.0.6/configure.ac
LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_NUMACTL
LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_OPENWSMAN
LIBVIRT_RESULT_PCIACCESS LIBVIRT_RESULT_PCIACCESS
Index: libvirt-1.0.6/src/Makefile.am Index: libvirt-1.1.0/src/Makefile.am
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/Makefile.am --- libvirt-1.1.0.orig/src/Makefile.am
+++ libvirt-1.0.6/src/Makefile.am +++ libvirt-1.1.0/src/Makefile.am
@@ -716,6 +716,10 @@ if WITH_NETCF @@ -735,6 +735,10 @@ if WITH_NETCF
INTERFACE_DRIVER_SOURCES += \ INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_netcf.c interface/interface_backend_netcf.c
endif endif
@ -49,7 +49,7 @@ Index: libvirt-1.0.6/src/Makefile.am
if WITH_UDEV if WITH_UDEV
INTERFACE_DRIVER_SOURCES += \ INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_udev.c interface/interface_backend_udev.c
@@ -1215,11 +1219,16 @@ if WITH_NETCF @@ -1276,11 +1280,16 @@ if WITH_NETCF
libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
else else
@ -66,11 +66,11 @@ Index: libvirt-1.0.6/src/Makefile.am
if WITH_DRIVER_MODULES if WITH_DRIVER_MODULES
libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
libvirt_driver_interface_la_LDFLAGS += -module -avoid-version libvirt_driver_interface_la_LDFLAGS += -module -avoid-version
Index: libvirt-1.0.6/tools/virsh.c Index: libvirt-1.1.0/tools/virsh.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/tools/virsh.c --- libvirt-1.1.0.orig/tools/virsh.c
+++ libvirt-1.0.6/tools/virsh.c +++ libvirt-1.1.0/tools/virsh.c
@@ -2886,6 +2886,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE @@ -2883,6 +2883,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
vshPrint(ctl, " Interface"); vshPrint(ctl, " Interface");
# if defined(WITH_NETCF) # if defined(WITH_NETCF)
vshPrint(ctl, " netcf"); vshPrint(ctl, " netcf");
@ -79,10 +79,10 @@ Index: libvirt-1.0.6/tools/virsh.c
# elif defined(WITH_UDEV) # elif defined(WITH_UDEV)
vshPrint(ctl, " udev"); vshPrint(ctl, " udev");
# endif # endif
Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c Index: libvirt-1.1.0/src/interface/interface_backend_netcf.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/interface/interface_backend_netcf.c --- libvirt-1.1.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-1.0.6/src/interface/interface_backend_netcf.c +++ libvirt-1.1.0/src/interface/interface_backend_netcf.c
@@ -23,7 +23,12 @@ @@ -23,7 +23,12 @@
#include <config.h> #include <config.h>
@ -97,45 +97,46 @@ Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c
#include "virerror.h" #include "virerror.h"
#include "datatypes.h" #include "datatypes.h"
@@ -52,6 +57,37 @@ static void interfaceDriverUnlock(struct @@ -54,6 +59,38 @@ static void interfaceDriverUnlock(struct
virMutexUnlock(&driver->lock); virMutexUnlock(&driver->lock);
} }
+#ifdef WITH_NETCONTROL +#ifdef WITH_NETCONTROL
+static void interface_nc_log_driver(const char *category, +static void
+ int priority, +interface_nc_log_driver(const char *category,
+ const char *func, + int priority,
+ const char *file, + const char *func,
+ long long line, + const char *file,
+ const char *msg, + long long line,
+ size_t len ATTRIBUTE_UNUSED) + const char *msg,
+ size_t len ATTRIBUTE_UNUSED)
+{ +{
+ int vp; + int vp;
+ +
+ switch(priority) { + switch(priority) {
+ case NC_LOG_FATAL: + case NC_LOG_FATAL:
+ case NC_LOG_ERROR: + case NC_LOG_ERROR:
+ vp = VIR_LOG_ERROR; + vp = VIR_LOG_ERROR;
+ break; + break;
+ case NC_LOG_WARN: + case NC_LOG_WARN:
+ vp = VIR_LOG_WARN; + vp = VIR_LOG_WARN;
+ break; + break;
+ case NC_LOG_INFO: + case NC_LOG_INFO:
+ vp = VIR_LOG_INFO; + vp = VIR_LOG_INFO;
+ break; + break;
+ case NC_LOG_DEBUG: + case NC_LOG_DEBUG:
+ default: + default:
+ vp = VIR_LOG_DEBUG; + vp = VIR_LOG_DEBUG;
+ break; + break;
+ } + }
+ virLogMessage(VIR_LOG_FROM_FILE, vp, file, line, func, 0, "%s", msg); + virLogMessage(VIR_LOG_FROM_FILE, vp, file, line, func, 0, "%s", msg);
+} +}
+#endif +#endif
+ +
static int netcf_to_vir_err(int netcf_errcode) /*
{ * Get a minimal virInterfaceDef containing enough metadata
switch (netcf_errcode) * for access control checks to be performed. Currently
@@ -137,6 +173,10 @@ static virDrvOpenStatus netcfInterfaceOp @@ -169,6 +206,10 @@ static virDrvOpenStatus netcfInterfaceOp
goto mutex_error; goto mutex_error;
} }
@ -146,10 +147,10 @@ Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c
/* open netcf */ /* open netcf */
if (ncf_init(&driverState->netcf, NULL) != 0) if (ncf_init(&driverState->netcf, NULL) != 0)
{ {
Index: libvirt-1.0.6/src/interface/interface_driver.c Index: libvirt-1.1.0/src/interface/interface_driver.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/interface/interface_driver.c --- libvirt-1.1.0.orig/src/interface/interface_driver.c
+++ libvirt-1.0.6/src/interface/interface_driver.c +++ libvirt-1.1.0/src/interface/interface_driver.c
@@ -28,8 +28,15 @@ interfaceRegister(void) { @@ -28,8 +28,15 @@ interfaceRegister(void) {
if (netcfIfaceRegister() == 0) if (netcfIfaceRegister() == 0)
return 0; return 0;
@ -167,10 +168,10 @@ Index: libvirt-1.0.6/src/interface/interface_driver.c
if (udevIfaceRegister() == 0) if (udevIfaceRegister() == 0)
return 0; return 0;
#endif /* WITH_UDEV */ #endif /* WITH_UDEV */
Index: libvirt-1.0.6/m4/virt-netcontrol.m4 Index: libvirt-1.1.0/m4/virt-netcontrol.m4
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ libvirt-1.0.6/m4/virt-netcontrol.m4 +++ libvirt-1.1.0/m4/virt-netcontrol.m4
@@ -0,0 +1,35 @@ @@ -0,0 +1,35 @@
+dnl The libnetcontrol library +dnl The libnetcontrol library
+dnl +dnl

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Wed Jul 10 15:38:44 MDT 2013 - jfehlig@suse.com
- CVE-2013-2230: Fix crash when multiple event callbacks were
registered
f38c8185-CVE-2013-2230.patch
bnc#827801
-------------------------------------------------------------------
Mon Jul 10 13:53:08 MDT 2013 - jfehlig@suse.com
- Update to libvirt 1.1.0
- Extensible migration APIs
- Add a policy kit access control driver
- various improvements in the Xen and libxl drivers
- improve networking support on BSD
- agent based vCPU hotplug support
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Drop upstream patches: 244e0b8c-CVE-2013-2218.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 8 12:43:45 MDT 2013 - jfehlig@suse.com Mon Jul 8 12:43:45 MDT 2013 - jfehlig@suse.com

View File

@ -225,7 +225,7 @@
Name: libvirt Name: libvirt
Url: http://libvirt.org/ Url: http://libvirt.org/
Version: 1.0.6 Version: 1.1.0
Release: 0 Release: 0
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
License: LGPL-2.1+ License: LGPL-2.1+
@ -404,7 +404,7 @@ Source1: libvirtd.init
Source2: libvirtd-relocation-server.fw Source2: libvirtd-relocation-server.fw
Source99: baselibs.conf Source99: baselibs.conf
# Upstream patches # Upstream patches
Patch0: 244e0b8c-CVE-2013-2218.patch Patch0: f38c8185-CVE-2013-2230.patch
# Need to go upstream # Need to go upstream
Patch100: xen-name-for-devid.patch Patch100: xen-name-for-devid.patch
Patch101: clone.patch Patch101: clone.patch
@ -1126,13 +1126,15 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/sr@latin
%if 0%{?suse_version} < 1130 %if 0%{?suse_version} < 1130
rm -rf $RPM_BUILD_ROOT/usr/share/locale/vi_VN rm -rf $RPM_BUILD_ROOT/usr/share/locale/vi_VN
%endif %endif
# temporarily remove polkit ACL policiy configuration - bnc#827644
rm -f $RPM_BUILD_ROOT/%{_datadir}/polkit-1/actions/org.libvirt.api.policy
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/libvirt mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/libvirt
%find_lang %{name} %find_lang %{name}
# Add a README to the libvirt package with a note about the empty # Add a README to the libvirt package with a note about the empty
# file list # file list
cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt.README << 'EOF' cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt.README << 'EOF'
The libvirt package no longer contains any files. It exists now The libvirt package no longer contains any files. It exists now
only to fulfill it's 'Provides' contract. only to fulfill its 'Provides' contract.
EOF EOF
%if %{with_network} %if %{with_network}
install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/lib/libvirt/dnsmasq/ install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/lib/libvirt/dnsmasq/
@ -1569,6 +1571,7 @@ fi
%{_datadir}/libvirt/schemas/nwfilter.rng %{_datadir}/libvirt/schemas/nwfilter.rng
%{_datadir}/libvirt/schemas/secret.rng %{_datadir}/libvirt/schemas/secret.rng
%{_datadir}/libvirt/schemas/storageencryption.rng %{_datadir}/libvirt/schemas/storageencryption.rng
%{_datadir}/libvirt/schemas/storagefilefeatures.rng
%{_datadir}/libvirt/schemas/storagepool.rng %{_datadir}/libvirt/schemas/storagepool.rng
%{_datadir}/libvirt/schemas/storagevol.rng %{_datadir}/libvirt/schemas/storagevol.rng
%{_datadir}/libvirt/cpu_map.xml %{_datadir}/libvirt/cpu_map.xml

View File

@ -1,7 +1,7 @@
Index: libvirt-1.0.6/daemon/libvirtd.conf Index: libvirt-1.1.0/daemon/libvirtd.conf
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/daemon/libvirtd.conf --- libvirt-1.1.0.orig/daemon/libvirtd.conf
+++ libvirt-1.0.6/daemon/libvirtd.conf +++ libvirt-1.1.0/daemon/libvirtd.conf
@@ -18,8 +18,8 @@ @@ -18,8 +18,8 @@
# It is necessary to setup a CA and issue server certificates before # It is necessary to setup a CA and issue server certificates before
# using this capability. # using this capability.
@ -13,10 +13,10 @@ Index: libvirt-1.0.6/daemon/libvirtd.conf
# Listen for unencrypted TCP connections on the public TCP/IP port. # Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to # NB, must pass the --listen flag to the libvirtd process for this to
Index: libvirt-1.0.6/daemon/libvirtd-config.c Index: libvirt-1.1.0/daemon/libvirtd-config.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/daemon/libvirtd-config.c --- libvirt-1.1.0.orig/daemon/libvirtd-config.c
+++ libvirt-1.0.6/daemon/libvirtd-config.c +++ libvirt-1.1.0/daemon/libvirtd-config.c
@@ -225,7 +225,7 @@ daemonConfigNew(bool privileged ATTRIBUT @@ -225,7 +225,7 @@ daemonConfigNew(bool privileged ATTRIBUT
return NULL; return NULL;
} }

View File

@ -1,9 +1,9 @@
Adjust libvirtd sysconfig file to conform to SUSE standards Adjust libvirtd sysconfig file to conform to SUSE standards
Index: libvirt-1.0.6/daemon/libvirtd.sysconf Index: libvirt-1.1.0/daemon/libvirtd.sysconf
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/daemon/libvirtd.sysconf --- libvirt-1.1.0.orig/daemon/libvirtd.sysconf
+++ libvirt-1.0.6/daemon/libvirtd.sysconf +++ libvirt-1.1.0/daemon/libvirtd.sysconf
@@ -1,16 +1,25 @@ @@ -1,16 +1,25 @@
+## Path: System/Virtualization/libvirt +## Path: System/Virtualization/libvirt
+ +

View File

@ -7,10 +7,10 @@ drivers as loadable modules instead of built-in to the
daemon. Then the qemu driver would only be loaded when needed, daemon. Then the qemu driver would only be loaded when needed,
which would never be the case on a xen-only configuration. which would never be the case on a xen-only configuration.
Index: libvirt-1.0.6/src/qemu/qemu_conf.c Index: libvirt-1.1.0/src/qemu/qemu_conf.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/qemu/qemu_conf.c --- libvirt-1.1.0.orig/src/qemu/qemu_conf.c
+++ libvirt-1.0.6/src/qemu/qemu_conf.c +++ libvirt-1.1.0/src/qemu/qemu_conf.c
@@ -465,15 +465,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD @@ -465,15 +465,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD
p = virConfGetValue(conf, "user"); p = virConfGetValue(conf, "user");

View File

@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver
src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++-
2 files changed, 35 insertions(+), 15 deletions(-) 2 files changed, 35 insertions(+), 15 deletions(-)
Index: libvirt-1.0.6/src/xenxs/xen_sxpr.c Index: libvirt-1.1.0/src/xenxs/xen_sxpr.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/xenxs/xen_sxpr.c --- libvirt-1.1.0.orig/src/xenxs/xen_sxpr.c
+++ libvirt-1.0.6/src/xenxs/xen_sxpr.c +++ libvirt-1.1.0/src/xenxs/xen_sxpr.c
@@ -1006,6 +1006,7 @@ xenParseSxprPCI(virDomainDefPtr def, @@ -1006,6 +1006,7 @@ xenParseSxprPCI(virDomainDefPtr def,
int busID; int busID;
int slotID; int slotID;
@ -78,10 +78,10 @@ Index: libvirt-1.0.6/src/xenxs/xen_sxpr.c
xenFormatSxprPCI(def->hostdevs[i], buf); xenFormatSxprPCI(def->hostdevs[i], buf);
} }
} }
Index: libvirt-1.0.6/src/xenxs/xen_xm.c Index: libvirt-1.1.0/src/xenxs/xen_xm.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/xenxs/xen_xm.c --- libvirt-1.1.0.orig/src/xenxs/xen_xm.c
+++ libvirt-1.0.6/src/xenxs/xen_xm.c +++ libvirt-1.1.0/src/xenxs/xen_xm.c
@@ -806,6 +806,8 @@ xenParseXM(virConfPtr conf, int xendConf @@ -806,6 +806,8 @@ xenParseXM(virConfPtr conf, int xendConf
int busID; int busID;
int slotID; int slotID;

View File

@ -1,7 +1,7 @@
Index: libvirt-1.0.6/src/qemu/qemu.conf Index: libvirt-1.1.0/src/qemu/qemu.conf
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/qemu/qemu.conf --- libvirt-1.1.0.orig/src/qemu/qemu.conf
+++ libvirt-1.0.6/src/qemu/qemu.conf +++ libvirt-1.1.0/src/qemu/qemu.conf
@@ -175,7 +175,16 @@ @@ -175,7 +175,16 @@
# a special value; security_driver can be set to that value in # a special value; security_driver can be set to that value in
# isolation, but it cannot appear in a list of drivers. # isolation, but it cannot appear in a list of drivers.

View File

@ -1,7 +1,7 @@
Index: libvirt-1.0.6/daemon/libvirtd.service.in Index: libvirt-1.1.0/daemon/libvirtd.service.in
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/daemon/libvirtd.service.in --- libvirt-1.1.0.orig/daemon/libvirtd.service.in
+++ libvirt-1.0.6/daemon/libvirtd.service.in +++ libvirt-1.1.0/daemon/libvirtd.service.in
@@ -9,6 +9,8 @@ Before=libvirt-guests.service @@ -9,6 +9,8 @@ Before=libvirt-guests.service
After=network.target After=network.target
After=dbus.service After=dbus.service

View File

@ -1,9 +1,9 @@
Adjust virtlockd init files to conform to SUSE standards Adjust virtlockd init files to conform to SUSE standards
Index: libvirt-1.0.6/src/locking/virtlockd.sysconf Index: libvirt-1.1.0/src/locking/virtlockd.sysconf
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/locking/virtlockd.sysconf --- libvirt-1.1.0.orig/src/locking/virtlockd.sysconf
+++ libvirt-1.0.6/src/locking/virtlockd.sysconf +++ libvirt-1.1.0/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@ @@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlockd +## Path: System/Virtualization/virtlockd
+ +
@ -12,10 +12,10 @@ Index: libvirt-1.0.6/src/locking/virtlockd.sysconf
# #
# Pass extra arguments to virtlockd # Pass extra arguments to virtlockd
#VIRTLOCKD_ARGS= #VIRTLOCKD_ARGS=
Index: libvirt-1.0.6/src/locking/virtlockd.init.in Index: libvirt-1.1.0/src/locking/virtlockd.init.in
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/locking/virtlockd.init.in --- libvirt-1.1.0.orig/src/locking/virtlockd.init.in
+++ libvirt-1.0.6/src/locking/virtlockd.init.in +++ libvirt-1.1.0/src/locking/virtlockd.init.in
@@ -4,11 +4,13 @@ @@ -4,11 +4,13 @@
# http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV
# #

View File

@ -14,10 +14,10 @@
is inactive. We obviously can't search xenstore when the domain is is inactive. We obviously can't search xenstore when the domain is
inactive. inactive.
Index: libvirt-1.0.6/src/xen/xend_internal.c Index: libvirt-1.1.0/src/xen/xend_internal.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/xen/xend_internal.c --- libvirt-1.1.0.orig/src/xen/xend_internal.c
+++ libvirt-1.0.6/src/xen/xend_internal.c +++ libvirt-1.1.0/src/xen/xend_internal.c
@@ -70,7 +70,7 @@ @@ -70,7 +70,7 @@
#define XEND_RCV_BUF_MAX_LEN (256 * 1024) #define XEND_RCV_BUF_MAX_LEN (256 * 1024)

View File

@ -1,7 +1,7 @@
Index: libvirt-1.0.6/src/xenxs/xen_sxpr.c Index: libvirt-1.1.0/src/xenxs/xen_sxpr.c
=================================================================== ===================================================================
--- libvirt-1.0.6.orig/src/xenxs/xen_sxpr.c --- libvirt-1.1.0.orig/src/xenxs/xen_sxpr.c
+++ libvirt-1.0.6/src/xenxs/xen_sxpr.c +++ libvirt-1.1.0/src/xenxs/xen_sxpr.c
@@ -328,7 +328,7 @@ error: @@ -328,7 +328,7 @@ error:
static int static int
xenParseSxprDisks(virDomainDefPtr def, xenParseSxprDisks(virDomainDefPtr def,