Accepting request 203343 from Virtualization

Updated libvirt package for Factory/13.1 fixing various bugs
and security issues.  Please copy to 13.1 or let me know if
an explicit SR is needed for 13.1.  Thanks!

- Move virt-login-shell to new subpackage libvirt-login-shell,
  requiring users to opt-in for this setuid binary.  Note: For now,
  virt-login-shell will not have setuid permissions, pending
  resolution of bnc#837609

- qemu: Fix seamless SPICE migration
  484cc321-fix-spice-migration.patch
  bnc#842301

- CVE-2013-4399: Fix crash in libvirtd when events are registered
  and ACLs active
  8294aa0c-CVE-2013-4399.patch
  bnc#844052, bnc#842300

- Update the stale gettext BuildRequires and Requires dependencies
  in the spec file
  bnc#841325

- virt-aa-helper apparmor profile was denying read access to
  /proc/$PID/*.  Give read accesss to these files.
  Updated install-apparmor-profiles.patch
  bnc#841720

- libvirtd apparmor profile was denying access to
  /usr/lib/xen/bin/qemu-system-i386, which is now the default
  emulator used with Xen guests
  Updated install-apparmor-profiles.patch
  bnc#845648

OBS-URL: https://build.opensuse.org/request/show/203343
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=132

484cc321-fix-spice-migration.patch

@@ -0,0 +1,31 @@
+commit 484cc3217b73b865f00bf42a9c12187b37200699
+Author: Martin Kletzander <mkletzan@redhat.com>
+Date:   Fri Sep 20 16:40:20 2013 +0200
+
+    qemu: Fix seamless SPICE migration
+    
+    Since the wait is done during migration (still inside
+    QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
+    in order to prohibit all other jobs from interfering in the meantime.
+    This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
+    waiting on the monitor condition and after GetSpiceMigrationStatus
+    mangled its internal data, the daemon crashed.
+    
+    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886
+
+Index: libvirt-1.1.2/src/qemu/qemu_migration.c
+===================================================================
+--- libvirt-1.1.2.orig/src/qemu/qemu_migration.c
++++ libvirt-1.1.2/src/qemu/qemu_migration.c
+@@ -1598,7 +1598,10 @@ qemuMigrationWaitForSpice(virQEMUDriverP
+         /* Poll every 50ms for progress & to allow cancellation */
+         struct timespec ts = { .tv_sec = 0, .tv_nsec = 50 * 1000 * 1000ull };
+ 
+-        qemuDomainObjEnterMonitor(driver, vm);
++        if (qemuDomainObjEnterMonitorAsync(driver, vm,
++                                           QEMU_ASYNC_JOB_MIGRATION_OUT) < 0)
++            return -1;
++
+         if (qemuMonitorGetSpiceMigrationStatus(priv->mon,
+                                                &spice_migrated) < 0) {
+             qemuDomainObjExitMonitor(driver, vm);

8294aa0c-CVE-2013-4399.patch

@@ -0,0 +1,48 @@
+commit 8294aa0c1750dcb49d6345cd9bd97bf421580d8b
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Fri Sep 27 15:46:07 2013 +0100
+
+    Fix crash in libvirtd when events are registered & ACLs active
+    
+    When a client disconnects from libvirtd, all event callbacks
+    must be removed. This involves running the public API
+    
+      virConnectDomainEventDeregisterAny
+    
+    This code does not run in normal API dispatch context, so no
+    identity was set. The result was that the access control drivers
+    denied the attempt to deregister callbacks. The callbacks thus
+    continued to trigger after the client was free'd causing fairly
+    predictable use of free memory & a crash.
+    
+    This can be triggered by any client with readonly access when
+    the ACL drivers are active.
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.1.2/daemon/remote.c
+===================================================================
+--- libvirt-1.1.2.orig/daemon/remote.c
++++ libvirt-1.1.2/daemon/remote.c
+@@ -666,8 +666,11 @@ void remoteClientFreeFunc(void *data)
+ 
+     /* Deregister event delivery callback */
+     if (priv->conn) {
++        virIdentityPtr sysident = virIdentityGetSystem();
+         size_t i;
+ 
++        virIdentitySetCurrent(sysident);
++
+         for (i = 0; i < VIR_DOMAIN_EVENT_ID_LAST; i++) {
+             if (priv->domainEventCallbackID[i] != -1) {
+                 VIR_DEBUG("Deregistering to relay remote events %zu", i);
+@@ -678,6 +681,9 @@ void remoteClientFreeFunc(void *data)
+         }
+ 
+         virConnectClose(priv->conn);
++
++        virIdentitySetCurrent(NULL);
++        virObjectUnref(sysident);
+     }
+ 
+     VIR_FREE(priv);

install-apparmor-profiles.patch

@@ -57,7 +57,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 ===================================================================
 --- /dev/null
 +++ libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,41 @@
 +# Last Modified: Fri Aug 19 11:21:48 2011
 +#include <tunables/global>
 +
@@ -71,6 +71,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 +  # needed for when disk is on a network filesystem
 +  network inet,
 +
++  @{PROC}/[0-9]** r,
 +  deny @{PROC}/[0-9]*/mounts r,
 +  @{PROC}/filesystems r,
 +
@@ -202,7 +203,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
 ===================================================================
 --- /dev/null
 +++ libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
-@@ -0,0 +1,58 @@
+@@ -0,0 +1,59 @@
 +# Last Modified: Fri Aug 19 11:20:36 2011
 +#include <tunables/global>
 +@{LIBVIRT}="libvirt"
@@ -244,6 +245,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
 +  /usr/bin/* Ux,
 +  /usr/sbin/* Ux,
 +  /usr/lib/xen/bin/qemu-dm Ux,
++  /usr/lib/xen/bin/qemu-system-i386 Ux,
 +  /usr/lib/PolicyKit/polkit-read-auth-helper Px,
 +
 +  # force the use of virt-aa-helper

libvirt.changes

@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Mon Oct 14 22:20:41 MDT 2013 - jfehlig@suse.com
+
+- Move virt-login-shell to new subpackage libvirt-login-shell,
+  requiring users to opt-in for this setuid binary.  Note: For now,
+  virt-login-shell will not have setuid permissions, pending
+  resolution of bnc#837609
+
+-------------------------------------------------------------------
+Mon Oct 14 21:25:49 MDT 2013 - jfehlig@suse.com
+
+- qemu: Fix seamless SPICE migration
+  484cc321-fix-spice-migration.patch
+  bnc#842301
+
+-------------------------------------------------------------------
+Mon Oct 14 20:33:43 MDT 2013 - jfehlig@suse.com
+
+- CVE-2013-4399: Fix crash in libvirtd when events are registered
+  and ACLs active
+  8294aa0c-CVE-2013-4399.patch
+  bnc#844052, bnc#842300
+
+-------------------------------------------------------------------
+Mon Oct 14 16:40:25 MDT 2013 - jfehlig@suse.com
+
+- Update the stale gettext BuildRequires and Requires dependencies
+  in the spec file
+  bnc#841325
+
+-------------------------------------------------------------------
+Mon Oct 14 16:01:46 MDT 2013 - jfehlig@suse.com
+
+- virt-aa-helper apparmor profile was denying read access to
+  /proc/$PID/*.  Give read accesss to these files.
+  Updated install-apparmor-profiles.patch
+  bnc#841720
+
+-------------------------------------------------------------------
+Mon Oct 14 13:46:14 MDT 2013 - jfehlig@suse.com
+
+- libvirtd apparmor profile was denying access to
+  /usr/lib/xen/bin/qemu-system-i386, which is now the default
+  emulator used with Xen guests
+  Updated install-apparmor-profiles.patch
+  bnc#845648
+
 -------------------------------------------------------------------
 Thu Oct  3 11:04:26 MDT 2013 - jfehlig@suse.com
 

libvirt.spec

@@ -273,7 +273,7 @@ Requires:       libvirt-client = %{version}-%{release}
 # listed against each sub-RPM
 BuildRequires:  autoconf
 BuildRequires:  automake
-BuildRequires:  gettext-devel
+BuildRequires:  gettext-tools
 BuildRequires:  libtool
 %if %{with_systemd}
 BuildRequires:  systemd
@@ -282,7 +282,6 @@ BuildRequires:  systemd
 BuildRequires:  xen-devel
 %endif
 BuildRequires:  fdupes
-BuildRequires:  gettext
 BuildRequires:  libattr-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgnutls-devel
@@ -410,6 +409,8 @@ Patch2:         db7a5688-CVE-2013-4311.patch
 Patch3:         e65667c0-CVE-2013-4311.patch
 Patch4:         922b7fda-CVE-2013-4311.patch
 Patch5:         e4697b92-CVE-2013-4311.patch
+Patch6:         8294aa0c-CVE-2013-4399.patch
+Patch7:         484cc321-fix-spice-migration.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       clone.patch
@@ -849,7 +850,7 @@ Requires:       readline
 # (client invokes 'nc' against the UNIX socket on the server)
 Requires:       netcat-openbsd
 # Needed by libvirt-guests init script.
-Requires:       gettext
+Requires:       gettext-runtime
 # Needed by virt-pki-validate script.
 Requires:       gnutls
 # Needed for probing the power management features of the host.
@@ -891,6 +892,15 @@ Requires:       augeas
 Includes the Sanlock lock manager plugin for the QEMU driver
 %endif
 
+%package login-shell
+Summary:        Login shell for containers
+Group:          Development/Libraries/C and C++
+Requires:       %{name}-client = %{version}-%{release}
+
+%description login-shell
+Povides virt-login-shell, a tool to execute a shell within a container
+matching the users name
+
 %if %{with_python}
 
 %package python
@@ -914,6 +924,8 @@ of recent versions of Linux (and other OSes).
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+%patch7 -p1
 %patch100 -p1
 %patch101
 %patch102 -p1
@@ -1594,17 +1606,11 @@ fi
 %doc %{_mandir}/man1/virt-xml-validate.1*
 %doc %{_mandir}/man1/virt-pki-validate.1*
 %doc %{_mandir}/man1/virt-host-validate.1*
-%doc %{_mandir}/man1/virt-login-shell.1*
 %config(noreplace) %{_sysconfdir}/%{name}/libvirt.conf
-%config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf
 %{_bindir}/virsh
 %{_bindir}/virt-xml-validate
 %{_bindir}/virt-pki-validate
 %{_bindir}/virt-host-validate
-# setuid binary that needs security audit - bnc#837609
-# In the meantime, don't install setuid
-#%attr(4755, root, root) %{_bindir}/virt-login-shell
-%{_bindir}/virt-login-shell
 %dir %{_libdir}/%{name}
 %{_libdir}/lib*.so.*
 %attr(0755, root, root) %{_libdir}/%{name}/libvirt-guests.sh
@@ -1684,6 +1690,15 @@ fi
 %attr(0755, root, root) %{_libdir}/%{name}/libvirt_sanlock_helper
 %endif
 
+%files login-shell
+%defattr(-, root, root)
+%config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf
+%doc %{_mandir}/man1/virt-login-shell.1*
+# setuid binary that needs security audit - bnc#837609
+# In the meantime, don't install setuid
+#%attr(4755, root, root) %{_bindir}/virt-login-shell
+%{_bindir}/virt-login-shell
+
 %if %{with_python}
 
 %files python