diff --git a/bitmap-alloc.patch b/bitmap-alloc.patch deleted file mode 100644 index 2a25011..0000000 --- a/bitmap-alloc.patch +++ /dev/null @@ -1,29 +0,0 @@ -commit ce49cfb48ad5e9cac79819d0ccde4394c237af25 -Author: Eric Blake -Date: Wed Jun 2 09:03:57 2010 -0600 - - bitmap: reject zero-size bitmap - - * src/util/bitmap.c (virBitmapAlloc): Tighten sanity check. - -diff --git a/src/util/bitmap.c b/src/util/bitmap.c -index 69094a5..44edb49 100644 ---- a/src/util/bitmap.c -+++ b/src/util/bitmap.c -@@ -1,6 +1,7 @@ - /* - * bitmap.h: Simple bitmap operations - * -+ * Copyright (C) 2010 Red Hat, Inc. - * Copyright (C) 2010 Novell, Inc. - * - * This library is free software; you can redistribute it and/or -@@ -58,7 +59,7 @@ virBitmapPtr virBitmapAlloc(size_t size) - virBitmapPtr bitmap; - size_t sz; - -- if (SIZE_MAX - VIR_BITMAP_BITS_PER_UNIT < size) -+ if (SIZE_MAX - VIR_BITMAP_BITS_PER_UNIT < size || size == 0) - return NULL; - - sz = (size + VIR_BITMAP_BITS_PER_UNIT - 1) / diff --git a/bitmap-fixes.patch b/bitmap-fixes.patch deleted file mode 100644 index 96d3bd4..0000000 --- a/bitmap-fixes.patch +++ /dev/null @@ -1,59 +0,0 @@ -If VM startup fails early enough (can't find a referenced USB device), -libvirtd will crash trying to clear the VNC port bit, since port = 0, -which overflows us out of the bitmap bounds. - -Fix this by being more defensive in the bitmap operations, and only -clearing a previously set VNC port. - -v2: Add safety check to all relevant bitmap ops. - -Signed-off-by: Cole Robinson ---- - src/qemu/qemu_driver.c | 2 +- - src/util/bitmap.c | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -Index: libvirt-0.8.1/src/qemu/qemu_driver.c -=================================================================== ---- libvirt-0.8.1.orig/src/qemu/qemu_driver.c -+++ libvirt-0.8.1/src/qemu/qemu_driver.c -@@ -3635,7 +3635,7 @@ retry: - if ((vm->def->ngraphics == 1) && - vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && - vm->def->graphics[0]->data.vnc.autoport && -- vm->def->graphics[0]->data.vnc.port != -1) { -+ vm->def->graphics[0]->data.vnc.port >= QEMU_VNC_PORT_MIN) { - if (virBitmapClearBit(driver->reservedVNCPorts, - vm->def->graphics[0]->data.vnc.port - \ - QEMU_VNC_PORT_MIN) < 0) { -Index: libvirt-0.8.1/src/util/bitmap.c -=================================================================== ---- libvirt-0.8.1.orig/src/util/bitmap.c -+++ libvirt-0.8.1/src/util/bitmap.c -@@ -101,7 +101,7 @@ void virBitmapFree(virBitmapPtr bitmap) - */ - int virBitmapSetBit(virBitmapPtr bitmap, size_t b) - { -- if (b > bitmap->size - 1) -+ if (bitmap->size <= b) - return -1; - - bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] |= (1 << VIR_BITMAP_BIT_OFFSET(b)); -@@ -119,7 +119,7 @@ int virBitmapSetBit(virBitmapPtr bitmap, - */ - int virBitmapClearBit(virBitmapPtr bitmap, size_t b) - { -- if (b > bitmap->size - 1) -+ if (bitmap->size <= b) - return -1; - - bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &= ~(1 << VIR_BITMAP_BIT_OFFSET(b)); -@@ -141,7 +141,7 @@ int virBitmapGetBit(virBitmapPtr bitmap, - { - uint32_t bit; - -- if (b > bitmap->size - 1) -+ if (bitmap->size <= b) - return -1; - - bit = bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] & diff --git a/libvirt-0.8.1.tar.bz2 b/libvirt-0.8.1.tar.bz2 deleted file mode 100644 index f77a719..0000000 --- a/libvirt-0.8.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:037256df745a96ba141dbfc4e4197e8bc16c51f21c834f4f89c599c379792698 -size 7706670 diff --git a/libvirt-0.8.3.tar.bz2 b/libvirt-0.8.3.tar.bz2 new file mode 100644 index 0000000..77c2193 --- /dev/null +++ b/libvirt-0.8.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:759f4957e6f2b905857897a84e36cbe73f7dc3a5150637430ff086c3e2b414b4 +size 8250164 diff --git a/libvirt.changes b/libvirt.changes index 195e9d8..d5dd114 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Aug 6 21:53:21 MDT 2010 - jfehlig@novell.com + +- Update to libvirt 0.8.3 + - Support vSphere 4.1 + - Qemu arbitrary monitor commands + - Qemu Monitor API entry point + - lots of improvements and bug fixes + +------------------------------------------------------------------- +Fri Jul 9 14:35:04 MDT 2010 - jfehlig@novell.com + +- VUL-0: multiple issues in libvirt + CVE-2010-223x-000[1-0].patch, CVE-2010-223x-0010.patch, + CVE-2010-2242-nat.patch + bnc#618155 + ------------------------------------------------------------------- Fri Jun 25 09:02:38 MDT 2010 - jfehlig@novell.com diff --git a/libvirt.spec b/libvirt.spec index 5206d57..9428e71 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,5 +1,5 @@ # -# spec file for package libvirt (Version 0.8.1) +# spec file for package libvirt (Version 0.8.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -44,6 +44,7 @@ %define with_udev 0 %define with_hal 0 %define with_yajl 0 +%define with_macvtap 0 # Xen is available only on i386 x86_64 %ifnarch %ix86 x86_64 @@ -96,6 +97,9 @@ BuildRequires: avahi-devel %if %{with_selinux} BuildRequires: libselinux-devel %endif +%if %{with_apparmor} +BuildRequires: libapparmor-devel +%endif %if %{with_numactl} BuildRequires: libnuma-devel %endif @@ -107,14 +111,17 @@ BuildRequires: PolicyKit-devel >= 0.6 %if %{with_phyp} BuildRequires: libssh2-devel %endif +%if %{with_macvtap} +BuildRequires: libnl-devel +%endif # Only for directory ownership: BuildRequires: gtk-doc Url: http://libvirt.org/ License: LGPLv2.1+ Group: Development/Libraries/C and C++ AutoReqProv: yes -Version: 0.8.1 -Release: 3 +Version: 0.8.3 +Release: 1 Summary: A C toolkit to interract with the virtualization capabilities of Linux # The client side, i.e. shared libs and virsh are in a subpackage Requires: %{name}-client = %{version}-%{release} @@ -138,14 +145,6 @@ Requires: PolicyKit >= 0.6 Source0: %{name}-%{version}.tar.bz2 Source1: libvirtd.init # Upstream patches -Patch0: remote-rm-unused-field.patch -Patch1: vnc-race-1.patch -Patch2: vnc-race-2.patch -Patch3: vnc-race-3.patch -Patch4: bitmap-alloc.patch -Patch5: bitmap-fixes.patch -Patch6: xend-content-buf.patch -Patch7: xend-content-buf-fix.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch102: clone.patch @@ -258,14 +257,6 @@ Authors: %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 %patch100 -p1 %patch102 %patch103 -p1 @@ -326,6 +317,9 @@ Authors: %if ! %{with_yajl} %define _without_yajl --without-yajl %endif +%if ! %{with_macvtap} +%define _without_macvtap --without-macvtap +%endif autoreconf -f -i export CFLAGS="$RPM_OPT_FLAGS" %configure --disable-static --with-pic \ @@ -347,6 +341,7 @@ export CFLAGS="$RPM_OPT_FLAGS" %{?_without_hal} \ %{?_without_udev} \ %{?_without_yajl} \ + %{?_without_macvtap} \ --without-xen-proxy \ --libexecdir=%{_libdir}/%{name} \ --with-init-script=none \ @@ -472,6 +467,7 @@ rm -rf $RPM_BUILD_ROOT %if 0%{with_storage_disk} %{_libdir}/%{name}/libvirt_parthelper %endif +%doc %{_mandir}/man8/libvirtd.8* %files client -f %{name}.lang %defattr(-, root, root) @@ -500,6 +496,7 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/libvirt/schemas/storageencryption.rng %{_datadir}/libvirt/cpu_map.xml %{_datadir}/libvirt/schemas/nwfilter.rng +%{_datadir}/libvirt/schemas/domainsnapshot.rng %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf %files devel diff --git a/remote-rm-unused-field.patch b/remote-rm-unused-field.patch deleted file mode 100644 index 0a5f271..0000000 --- a/remote-rm-unused-field.patch +++ /dev/null @@ -1,50 +0,0 @@ -commit 34a7f3f6be9c63ac3d4c4604c1fb2482a4e5053b -Author: Matthew Booth -Date: Fri May 7 16:38:05 2010 +0200 - - Remove unused nwfilter field from struct remote_error - - Change 965466c1 added a new field to struct remote_error, which broke - the RPC protocol. Fortunately the new field is unused, so this change - simply removes it again. - - * src/remote/remote_protocol.(c|h|x): Remove remote_nwfilter from struct - remote_error - -diff --git a/src/remote/remote_protocol.c b/src/remote/remote_protocol.c -index 187281d..972bf52 100644 ---- a/src/remote/remote_protocol.c -+++ b/src/remote/remote_protocol.c -@@ -227,8 +227,6 @@ xdr_remote_error (XDR *xdrs, remote_error *objp) - return FALSE; - if (!xdr_remote_network (xdrs, &objp->net)) - return FALSE; -- if (!xdr_remote_nwfilter (xdrs, &objp->nwfilter)) -- return FALSE; - return TRUE; - } - -diff --git a/src/remote/remote_protocol.h b/src/remote/remote_protocol.h -index 6f01da7..a600af6 100644 ---- a/src/remote/remote_protocol.h -+++ b/src/remote/remote_protocol.h -@@ -143,7 +143,6 @@ struct remote_error { - int int1; - int int2; - remote_network net; -- remote_nwfilter nwfilter; - }; - typedef struct remote_error remote_error; - -diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x -index 8000ee0..1ce488c 100644 ---- a/src/remote/remote_protocol.x -+++ b/src/remote/remote_protocol.x -@@ -266,7 +266,6 @@ struct remote_error { - int int1; - int int2; - remote_network net; -- remote_nwfilter nwfilter; - }; - - /* Authentication types available thus far.... */ diff --git a/vnc-race-1.patch b/vnc-race-1.patch deleted file mode 100644 index 32d7aca..0000000 --- a/vnc-race-1.patch +++ /dev/null @@ -1,281 +0,0 @@ -commit 2f32d7afd5bd71f79c0e756c87813702065c6d1a -Author: Jim Fehlig -Date: Thu May 20 22:23:48 2010 -0600 - - Add simple bitmap operations to utils - - V2: - - Move bitmap impl to src/util/bitmap.[ch] - - Use CHAR_BIT instead of explicit '8' - - Use size_t instead of unsigned int - - Fix calculation of bitmap size in virBitmapAlloc - - Ensure bit is within range of map in the set, clear, and get - operations - - Use bool in virBitmapGetBit - - Add virBitmapFree to free-like funcs in cfg.mk - - V3: - - Check for overflow in virBitmapAlloc - - Fix copy and paste bug in virBitmapAlloc - - Use size_t in prototypes - - Add ATTRIBUTE_NONNULL in prototypes where appropriate - and remove NULL check from impl - - V4: - - Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate. - -Index: libvirt-0.8.1/src/Makefile.am -=================================================================== ---- libvirt-0.8.1.orig/src/Makefile.am -+++ libvirt-0.8.1/src/Makefile.am -@@ -50,6 +50,7 @@ augeastest_DATA = - # helper APIs for various purposes - UTIL_SOURCES = \ - util/authhelper.c util/authhelper.h \ -+ util/bitmap.c util/bitmap.h \ - util/bridge.c util/bridge.h \ - util/buf.c util/buf.h \ - util/conf.c util/conf.h \ -Index: libvirt-0.8.1/src/libvirt_private.syms -=================================================================== ---- libvirt-0.8.1.orig/src/libvirt_private.syms -+++ libvirt-0.8.1/src/libvirt_private.syms -@@ -4,6 +4,14 @@ - # - - -+# bitmap.h -+virBitmapAlloc; -+virBitmapFree; -+virBitmapSetBit; -+virBitmapClearBit; -+virBitmapGetBit; -+ -+ - # buf.h - virBufferVSprintf; - virBufferEscapeString; -Index: libvirt-0.8.1/src/util/bitmap.c -=================================================================== ---- /dev/null -+++ libvirt-0.8.1/src/util/bitmap.c -@@ -0,0 +1,151 @@ -+/* -+ * bitmap.h: Simple bitmap operations -+ * -+ * Copyright (C) 2010 Novell, Inc. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ * -+ * Author: Jim Fehlig -+ */ -+ -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "bitmap.h" -+#include "memory.h" -+ -+ -+struct _virBitmap { -+ size_t size; -+ uint32_t *map; -+}; -+ -+ -+#define VIR_BITMAP_BITS_PER_UNIT (sizeof(uint32_t) * CHAR_BIT) -+#define VIR_BITMAP_UNIT_OFFSET(b) ((b) / VIR_BITMAP_BITS_PER_UNIT) -+#define VIR_BITMAP_BIT_OFFSET(b) ((b) % VIR_BITMAP_BITS_PER_UNIT) -+ -+ -+/** -+ * virBitmapAlloc: -+ * @size: number of bits -+ * -+ * Allocate a bitmap capable of containing @size bits. -+ * -+ * Returns a pointer to the allocated bitmap or NULL if -+ * memory cannot be allocated. -+ */ -+virBitmapPtr virBitmapAlloc(size_t size) -+{ -+ virBitmapPtr bitmap; -+ size_t sz; -+ -+ if (SIZE_MAX - VIR_BITMAP_BITS_PER_UNIT < size) -+ return NULL; -+ -+ sz = (size + VIR_BITMAP_BITS_PER_UNIT - 1) / -+ VIR_BITMAP_BITS_PER_UNIT; -+ -+ if (VIR_ALLOC(bitmap) < 0) -+ return NULL; -+ -+ if (VIR_ALLOC_N(bitmap->map, sz) < 0) { -+ VIR_FREE(bitmap); -+ return NULL; -+ } -+ -+ return bitmap; -+} -+ -+/** -+ * virBitmapFree: -+ * @bitmap: previously allocated bitmap -+ * -+ * Free @bitmap previously allocated by virBitmapAlloc. -+ */ -+void virBitmapFree(virBitmapPtr bitmap) -+{ -+ if (bitmap) { -+ VIR_FREE(bitmap->map); -+ VIR_FREE(bitmap); -+ } -+} -+ -+/** -+ * virBitmapSetBit: -+ * @bitmap: Pointer to bitmap -+ * @b: bit position to set -+ * -+ * Set bit position @b in @bitmap -+ * -+ * Returns 0 on if bit is successfully set, -1 on error. -+ */ -+int virBitmapSetBit(virBitmapPtr bitmap, size_t b) -+{ -+ if (b > bitmap->size - 1) -+ return -1; -+ -+ bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] |= (1 << VIR_BITMAP_BIT_OFFSET(b)); -+ return 0; -+} -+ -+/** -+ * virBitmapClearBit: -+ * @bitmap: Pointer to bitmap -+ * @b: bit position to clear -+ * -+ * Clear bit position @b in @bitmap -+ * -+ * Returns 0 on if bit is successfully clear, -1 on error. -+ */ -+int virBitmapClearBit(virBitmapPtr bitmap, size_t b) -+{ -+ if (b > bitmap->size - 1) -+ return -1; -+ -+ bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &= ~(1 << VIR_BITMAP_BIT_OFFSET(b)); -+ return 0; -+} -+ -+/** -+ * virBitmapGetBit: -+ * @bitmap: Pointer to bitmap -+ * @b: bit position to get -+ * @result: bool pointer to receive bit setting -+ * -+ * Get setting of bit position @b in @bitmap and store in @result -+ * -+ * On success, @result will contain the setting of @b and 0 is -+ * returned. On failure, -1 is returned and @result is unchanged. -+ */ -+int virBitmapGetBit(virBitmapPtr bitmap, size_t b, bool *result) -+{ -+ uint32_t bit; -+ -+ if (b > bitmap->size - 1) -+ return -1; -+ -+ bit = bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] & -+ (1 << VIR_BITMAP_BIT_OFFSET(b)); -+ -+ *result = bit != 0; -+ return 0; -+} -Index: libvirt-0.8.1/src/util/bitmap.h -=================================================================== ---- /dev/null -+++ libvirt-0.8.1/src/util/bitmap.h -@@ -0,0 +1,63 @@ -+/* -+ * bitmap.h: Simple bitmap operations -+ * -+ * Copyright (C) 2010 Novell, Inc. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ * -+ * Author: Jim Fehlig -+ */ -+ -+#ifndef __BITMAP_H__ -+# define __BITMAP_H__ -+ -+#include "internal.h" -+ -+#include -+#include -+ -+ -+typedef struct _virBitmap virBitmap; -+typedef virBitmap *virBitmapPtr; -+ -+/* -+ * Allocate a bitmap capable of containing @size bits. -+ */ -+virBitmapPtr virBitmapAlloc(size_t size) ATTRIBUTE_RETURN_CHECK; -+ -+/* -+ * Free previously allocated bitmap -+ */ -+void virBitmapFree(virBitmapPtr bitmap); -+ -+/* -+ * Set bit position @b in @bitmap -+ */ -+int virBitmapSetBit(virBitmapPtr bitmap, size_t b) -+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK; -+ -+/* -+ * Clear bit position @b in @bitmap -+ */ -+int virBitmapClearBit(virBitmapPtr bitmap, size_t b) -+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK; -+ -+/* -+ * Get setting of bit position @b in @bitmap and store in @result -+ */ -+int virBitmapGetBit(virBitmapPtr bitmap, size_t b, bool *result) -+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3) ATTRIBUTE_RETURN_CHECK; -+ -+#endif diff --git a/vnc-race-2.patch b/vnc-race-2.patch deleted file mode 100644 index 67a9d16..0000000 --- a/vnc-race-2.patch +++ /dev/null @@ -1,29 +0,0 @@ -commit c020f6203e3735a531135bc4321415ce5520fbde -Author: Jim Fehlig -Date: Thu May 20 22:25:16 2010 -0600 - - Add defines for QEMU_VNC_PORT_{MIN,MAX} and use them - -Index: libvirt-0.8.1/src/qemu/qemu_driver.c -=================================================================== ---- libvirt-0.8.1.orig/src/qemu/qemu_driver.c -+++ libvirt-0.8.1/src/qemu/qemu_driver.c -@@ -89,6 +89,9 @@ - - #define VIR_FROM_THIS VIR_FROM_QEMU - -+#define QEMU_VNC_PORT_MIN 5900 -+#define QEMU_VNC_PORT_MAX 65535 -+ - /* Only 1 job is allowed at any time - * A job includes *all* monitor commands, even those just querying - * information, not merely actions */ -@@ -2607,7 +2610,7 @@ qemuInitPCIAddresses(struct qemud_driver - static int qemudNextFreeVNCPort(struct qemud_driver *driver ATTRIBUTE_UNUSED) { - int i; - -- for (i = 5900 ; i < 65535 ; i++) { -+ for (i = QEMU_VNC_PORT_MIN; i < QEMU_VNC_PORT_MAX; i++) { - int fd; - int reuse = 1; - struct sockaddr_in addr; diff --git a/vnc-race-3.patch b/vnc-race-3.patch deleted file mode 100644 index e083557..0000000 --- a/vnc-race-3.patch +++ /dev/null @@ -1,130 +0,0 @@ -commit ba196952f57f2cb22be75fa5a4f363035a111103 -Author: Jim Fehlig -Date: Fri May 21 07:52:09 2010 -0600 - - Fix race in finding available vnc port - - The qemu driver contains a subtle race in the logic to find next - available vnc port. Currently it iterates through all available ports - and returns the first for which bind(2) succeeds. However it is possible - that a previously issued port has not yet been bound by qemu, resulting - in the same port used for a subsequent domain. - - This patch addresses the race by using a simple bitmap to "reserve" the - ports allocated by libvirt. - - V2: - - Put port bitmap in struct qemud_driver - - Initialize bitmap in qemudStartup - - V3: - - Check for failure of virBitmapGetBit - - Additional check for port != -1 before calling virbitmapClearBit - - V4: - - Check for failure of virBitmap{Set,Clear}Bit - -Index: libvirt-0.8.1/src/qemu/qemu_conf.h -=================================================================== ---- libvirt-0.8.1.orig/src/qemu/qemu_conf.h -+++ libvirt-0.8.1/src/qemu/qemu_conf.h -@@ -39,6 +39,7 @@ - # include "pci.h" - # include "cpu_conf.h" - # include "driver.h" -+# include "bitmap.h" - - # define qemudDebug(fmt, ...) do {} while(0) - -@@ -153,6 +154,8 @@ struct qemud_driver { - char *saveImageFormat; - - pciDeviceList *activePciHostdevs; -+ -+ virBitmapPtr reservedVNCPorts; - }; - - typedef struct _qemuDomainPCIAddressSet qemuDomainPCIAddressSet; -Index: libvirt-0.8.1/src/qemu/qemu_driver.c -=================================================================== ---- libvirt-0.8.1.orig/src/qemu/qemu_driver.c -+++ libvirt-0.8.1/src/qemu/qemu_driver.c -@@ -1479,6 +1479,11 @@ qemudStartup(int privileged) { - virEventAddTimeout(-1, qemuDomainEventFlush, qemu_driver, NULL)) < 0) - goto error; - -+ /* Allocate bitmap for vnc port reservation */ -+ if ((qemu_driver->reservedVNCPorts = -+ virBitmapAlloc(QEMU_VNC_PORT_MAX - QEMU_VNC_PORT_MIN)) == NULL) -+ goto out_of_memory; -+ - if (privileged) { - if (virAsprintf(&qemu_driver->logDir, - "%s/log/libvirt/qemu", LOCAL_STATE_DIR) == -1) -@@ -1775,6 +1780,7 @@ qemudShutdown(void) { - virCapabilitiesFree(qemu_driver->caps); - - virDomainObjListDeinit(&qemu_driver->domains); -+ virBitmapFree(qemu_driver->reservedVNCPorts); - - VIR_FREE(qemu_driver->securityDriverName); - VIR_FREE(qemu_driver->logDir); -@@ -2607,13 +2613,22 @@ qemuInitPCIAddresses(struct qemud_driver - return ret; - } - --static int qemudNextFreeVNCPort(struct qemud_driver *driver ATTRIBUTE_UNUSED) { -+static int qemudNextFreeVNCPort(struct qemud_driver *driver) { - int i; - - for (i = QEMU_VNC_PORT_MIN; i < QEMU_VNC_PORT_MAX; i++) { - int fd; - int reuse = 1; - struct sockaddr_in addr; -+ bool used = false; -+ -+ if (virBitmapGetBit(driver->reservedVNCPorts, -+ i - QEMU_VNC_PORT_MIN, &used) < 0) -+ VIR_DEBUG("virBitmapGetBit failed on bit %d", i - QEMU_VNC_PORT_MIN); -+ -+ if (used) -+ continue; -+ - addr.sin_family = AF_INET; - addr.sin_port = htons(i); - addr.sin_addr.s_addr = htonl(INADDR_ANY); -@@ -2629,6 +2644,12 @@ static int qemudNextFreeVNCPort(struct q - if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == 0) { - /* Not in use, lets grab it */ - close(fd); -+ /* Add port to bitmap of reserved ports */ -+ if (virBitmapSetBit(driver->reservedVNCPorts, -+ i - QEMU_VNC_PORT_MIN) < 0) { -+ VIR_DEBUG("virBitmapSetBit failed on bit %d", -+ i - QEMU_VNC_PORT_MIN); -+ } - return i; - } - close(fd); -@@ -3608,6 +3629,21 @@ retry: - - qemudRemoveDomainStatus(driver, vm); - -+ /* Remove VNC port from port reservation bitmap, but only if it was -+ reserved by the driver (autoport=yes) -+ */ -+ if ((vm->def->ngraphics == 1) && -+ vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && -+ vm->def->graphics[0]->data.vnc.autoport && -+ vm->def->graphics[0]->data.vnc.port != -1) { -+ if (virBitmapClearBit(driver->reservedVNCPorts, -+ vm->def->graphics[0]->data.vnc.port - \ -+ QEMU_VNC_PORT_MIN) < 0) { -+ VIR_DEBUG("virBitmapClearBit failed on bit %d", -+ vm->def->graphics[0]->data.vnc.port - QEMU_VNC_PORT_MIN); -+ } -+ } -+ - vm->pid = -1; - vm->def->id = -1; - vm->state = VIR_DOMAIN_SHUTOFF; diff --git a/xend-content-buf-fix.patch b/xend-content-buf-fix.patch deleted file mode 100644 index 784aecb..0000000 --- a/xend-content-buf-fix.patch +++ /dev/null @@ -1,79 +0,0 @@ -commit b1eb7f2e987d21b1711e86e5cb63a69abfce82f1 -Author: Jim Fehlig -Date: Fri Jun 4 10:04:03 2010 -0600 - - Fixes for commit 211dd1e9 - - Fixes for issues in commit 211dd1e9 noted by by Jim Meyering. - - 1. Allocate content buffer of size content_length + 1 to ensure - NUL-termination. - 2. Limit content buffer size to 64k - 3. Fix whitespace issue - - V2: - - Add comment to clarify allocation of content buffer - - Add ATTRIBUTE_NONNULL where appropriate - - User NULLSTR macro - -diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c -index 0c1a738..51cad92 100644 ---- a/src/xen/xend_internal.c -+++ b/src/xen/xend_internal.c -@@ -68,6 +68,7 @@ - # define XEND_CONFIG_MIN_VERS_PVFB_NEWCONF 3 - #endif - -+#define XEND_RCV_BUF_MAX_LEN 65536 - - #ifndef PROXY - static int -@@ -310,7 +311,7 @@ istartswith(const char *haystack, const char *needle) - * Returns the HTTP return code and @content is set to the - * allocated memory containing HTTP content. - */ --static int -+static int ATTRIBUTE_NONNULL (2) - xend_req(int fd, char **content) - { - char buffer[4096]; -@@ -330,7 +331,19 @@ xend_req(int fd, char **content) - if (content_length > 0) { - ssize_t ret; - -- if (VIR_ALLOC_N(*content, content_length) < 0 ) { -+ if (content_length > XEND_RCV_BUF_MAX_LEN) { -+ virXendError(VIR_ERR_INTERNAL_ERROR, -+ _("Xend returned HTTP Content-Length of %d, " -+ "which exceeds maximum of %d"), -+ content_length, -+ XEND_RCV_BUF_MAX_LEN); -+ return -1; -+ } -+ -+ /* Allocate one byte beyond the end of the largest buffer we will read. -+ Combined with the fact that VIR_ALLOC_N zeros the returned buffer, -+ this guarantees that "content" will always be NUL-terminated. */ -+ if (VIR_ALLOC_N(*content, content_length + 1) < 0 ) { - virReportOOMError(); - return -1; - } -@@ -353,7 +366,7 @@ xend_req(int fd, char **content) - * - * Returns the HTTP return code or -1 in case or error. - */ --static int -+static int ATTRIBUTE_NONNULL(3) - xend_get(virConnectPtr xend, const char *path, - char **content) - { -@@ -379,8 +392,7 @@ xend_get(virConnectPtr xend, const char *path, - ((ret != 404) || (!STRPREFIX(path, "/xend/domain/")))) { - virXendError(VIR_ERR_GET_FAILED, - _("%d status from xen daemon: %s:%s"), -- ret, path, -- content ? *content: "NULL"); -+ ret, path, NULLSTR(*content)); - } - - return ret; diff --git a/xend-content-buf.patch b/xend-content-buf.patch deleted file mode 100644 index 70b887c..0000000 --- a/xend-content-buf.patch +++ /dev/null @@ -1,244 +0,0 @@ -commit 211dd1e9c54a9ba92e2e648acacbc18981374073 -Author: Jim Fehlig -Date: Wed Jun 2 18:07:17 2010 -0600 - - Allocate buffer to hold xend response - - There are cases when a response from xend can exceed 4096 bytes, in - which case anything beyond 4096 is ignored. This patch changes the - current fixed-size, stack-allocated buffer to a dynamically allocated - buffer based on Content-Length in HTTP header. - -diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c -index e763bad..0c1a738 100644 ---- a/src/xen/xend_internal.c -+++ b/src/xen/xend_internal.c -@@ -302,17 +302,19 @@ istartswith(const char *haystack, const char *needle) - * xend_req: - * @fd: the file descriptor - * @content: the buffer to store the content -- * @n_content: the size of the buffer - * - * Read the HTTP response from a Xen Daemon request. -+ * If the response contains content, memory is allocated to -+ * hold the content. - * -- * Returns the HTTP return code. -+ * Returns the HTTP return code and @content is set to the -+ * allocated memory containing HTTP content. - */ - static int --xend_req(int fd, char *content, size_t n_content) -+xend_req(int fd, char **content) - { - char buffer[4096]; -- int content_length = -1; -+ int content_length = 0; - int retcode = 0; - - while (sreads(fd, buffer, sizeof(buffer)) > 0) { -@@ -325,19 +327,17 @@ xend_req(int fd, char *content, size_t n_content) - retcode = atoi(buffer + 9); - } - -- if (content_length > -1) { -+ if (content_length > 0) { - ssize_t ret; - -- if ((unsigned int) content_length > (n_content + 1)) -- content_length = n_content - 1; -+ if (VIR_ALLOC_N(*content, content_length) < 0 ) { -+ virReportOOMError(); -+ return -1; -+ } - -- ret = sread(fd, content, content_length); -+ ret = sread(fd, *content, content_length); - if (ret < 0) - return -1; -- -- content[ret] = 0; -- } else { -- content[0] = 0; - } - - return retcode; -@@ -348,7 +348,6 @@ xend_req(int fd, char *content, size_t n_content) - * @xend: pointer to the Xen Daemon structure - * @path: the path used for the HTTP request - * @content: the buffer to store the content -- * @n_content: the size of the buffer - * - * Do an HTTP GET RPC with the Xen Daemon - * -@@ -356,7 +355,7 @@ xend_req(int fd, char *content, size_t n_content) - */ - static int - xend_get(virConnectPtr xend, const char *path, -- char *content, size_t n_content) -+ char **content) - { - int ret; - int s = do_connect(xend); -@@ -373,14 +372,15 @@ xend_get(virConnectPtr xend, const char *path, - "Accept-Encoding: identity\r\n" - "Content-Type: application/x-www-form-urlencoded\r\n" "\r\n"); - -- ret = xend_req(s, content, n_content); -+ ret = xend_req(s, content); - close(s); - - if (((ret < 0) || (ret >= 300)) && - ((ret != 404) || (!STRPREFIX(path, "/xend/domain/")))) { - virXendError(VIR_ERR_GET_FAILED, - _("%d status from xen daemon: %s:%s"), -- ret, path, content); -+ ret, path, -+ content ? *content: "NULL"); - } - - return ret; -@@ -392,8 +392,6 @@ xend_get(virConnectPtr xend, const char *path, - * @xend: pointer to the Xen Daemon structure - * @path: the path used for the HTTP request - * @ops: the information sent for the POST -- * @content: the buffer to store the content -- * @n_content: the size of the buffer - * - * Do an HTTP POST RPC with the Xen Daemon, this usually makes changes at the - * Xen level. -@@ -401,10 +399,10 @@ xend_get(virConnectPtr xend, const char *path, - * Returns the HTTP return code or -1 in case or error. - */ - static int --xend_post(virConnectPtr xend, const char *path, const char *ops, -- char *content, size_t n_content) -+xend_post(virConnectPtr xend, const char *path, const char *ops) - { - char buffer[100]; -+ char *err_buf = NULL; - int ret; - int s = do_connect(xend); - -@@ -425,26 +423,28 @@ xend_post(virConnectPtr xend, const char *path, const char *ops, - swrites(s, "\r\n\r\n"); - swrites(s, ops); - -- ret = xend_req(s, content, n_content); -+ ret = xend_req(s, &err_buf); - close(s); - - if ((ret < 0) || (ret >= 300)) { - virXendError(VIR_ERR_POST_FAILED, -- _("xend_post: error from xen daemon: %s"), content); -- } else if ((ret == 202) && (strstr(content, "failed") != NULL)) { -+ _("xend_post: error from xen daemon: %s"), err_buf); -+ } else if ((ret == 202) && err_buf && (strstr(err_buf, "failed") != NULL)) { - virXendError(VIR_ERR_POST_FAILED, -- _("xend_post: error from xen daemon: %s"), content); -+ _("xend_post: error from xen daemon: %s"), err_buf); - ret = -1; -- } else if (((ret >= 200) && (ret <= 202)) && (strstr(content, "xend.err") != NULL)) { -+ } else if (((ret >= 200) && (ret <= 202)) && err_buf && -+ (strstr(err_buf, "xend.err") != NULL)) { - /* This is to catch case of things like 'virsh dump Domain-0 foo' - * which returns a success code, but the word 'xend.err' - * in body to indicate error :-( - */ - virXendError(VIR_ERR_POST_FAILED, -- _("xend_post: error from xen daemon: %s"), content); -+ _("xend_post: error from xen daemon: %s"), err_buf); - ret = -1; - } - -+ VIR_FREE(err_buf); - return ret; - } - #endif /* ! PROXY */ -@@ -487,8 +487,6 @@ http2unix(int ret) - * xend_op_ext: - * @xend: pointer to the Xen Daemon structure - * @path: path for the object -- * @error: buffer for the error output -- * @n_error: size of @error - * @key: the key for the operation - * @ap: input values to pass to the operation - * -@@ -497,8 +495,7 @@ http2unix(int ret) - * Returns 0 in case of success, -1 in case of failure. - */ - static int --xend_op_ext(virConnectPtr xend, const char *path, char *error, -- size_t n_error, const char *key, va_list ap) -+xend_op_ext(virConnectPtr xend, const char *path, const char *key, va_list ap) - { - const char *k = key, *v; - virBuffer buf = VIR_BUFFER_INITIALIZER; -@@ -524,7 +521,7 @@ xend_op_ext(virConnectPtr xend, const char *path, char *error, - } - - content = virBufferContentAndReset(&buf); -- ret = http2unix(xend_post(xend, path, content, error, n_error)); -+ ret = http2unix(xend_post(xend, path, content)); - VIR_FREE(content); - - return ret; -@@ -535,8 +532,6 @@ xend_op_ext(virConnectPtr xend, const char *path, char *error, - * xend_op: - * @xend: pointer to the Xen Daemon structure - * @name: the domain name target of this operation -- * @error: buffer for the error output -- * @n_error: size of @error - * @key: the key for the operation - * @ap: input values to pass to the operation - * @...: input values to pass to the operation -@@ -550,14 +545,13 @@ static int ATTRIBUTE_SENTINEL - xend_op(virConnectPtr xend, const char *name, const char *key, ...) - { - char buffer[1024]; -- char error[1024]; - va_list ap; - int ret; - - snprintf(buffer, sizeof(buffer), "/xend/domain/%s", name); - - va_start(ap, key); -- ret = xend_op_ext(xend, buffer, error, sizeof(error), key, ap); -+ ret = xend_op_ext(xend, buffer, key, ap); - va_end(ap); - - return ret; -@@ -581,21 +575,29 @@ static struct sexpr *sexpr_get(virConnectPtr xend, const char *fmt, ...) - static struct sexpr * - sexpr_get(virConnectPtr xend, const char *fmt, ...) - { -- char buffer[4096]; -+ char *buffer = NULL; - char path[1024]; - va_list ap; - int ret; -+ struct sexpr *res = NULL; - - va_start(ap, fmt); - vsnprintf(path, sizeof(path), fmt, ap); - va_end(ap); - -- ret = xend_get(xend, path, buffer, sizeof(buffer)); -+ ret = xend_get(xend, path, &buffer); - ret = http2unix(ret); - if (ret == -1) -- return NULL; -+ goto cleanup; -+ -+ if (buffer == NULL) -+ goto cleanup; -+ -+ res = string2sexpr(buffer); - -- return string2sexpr(buffer); -+cleanup: -+ VIR_FREE(buffer); -+ return res; - } - - /**