From fe8f4e8203eb33add3b496265c8db88c5127f8f9b90cca6f00909b2add8d5b78 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Mon, 18 Jan 2016 19:32:30 +0000 Subject: [PATCH 1/2] Accepting request 354651 from home:jfehlig:branches:Virtualization - Update to libvirt 1.3.1 - CVE-2015-5313 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 034e47c3-CVE-2015-5313.patch, ace1ee22-qemuxml2argv-test.patch, add-with-login-shell.patch, virt-aa-helper-rw-mounts.patch OBS-URL: https://build.opensuse.org/request/show/354651 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=508 --- 034e47c3-CVE-2015-5313.patch | 68 ------------------- ace1ee22-qemuxml2argv-test.patch | 45 ------------ add-with-login-shell.patch | 79 ---------------------- apparmor-fixes.patch | 6 +- apparmor-no-mount.patch | 6 +- blockcopy-check-dst-identical-device.patch | 8 +-- libvirt-1.3.0.tar.gz | 3 - libvirt-1.3.0.tar.gz.asc | 7 -- libvirt-1.3.1.tar.gz | 3 + libvirt-1.3.1.tar.gz.asc | 7 ++ libvirt-guests-init-script.patch | 43 ++++++++---- libvirt-power8-models.patch | 6 +- libvirt-suse-netcontrol.patch | 46 ++++++------- libvirt.changes | 11 +++ libvirt.spec | 17 +---- libvirtd-defaults.patch | 18 ++--- libvirtd-init-script.patch | 6 +- libvirtd-systemd-socket.patch | 6 +- lxc-wait-after-eth-del.patch | 22 +++--- ppc64le-canonical-name.patch | 6 +- qemu-apparmor-screenshot.patch | 6 +- support-managed-pci-xen-driver.patch | 28 ++++---- suse-qemu-conf.patch | 6 +- systemd-service-xen.patch | 6 +- virt-aa-helper-rw-mounts.patch | 33 --------- virtlockd-init-script.patch | 49 ++++++++++---- virtlogd-init-script.patch | 55 ++++++++++----- xen-pv-cdrom.patch | 16 ++--- xen-sxpr-disk-type.patch | 8 +-- 29 files changed, 225 insertions(+), 395 deletions(-) delete mode 100644 034e47c3-CVE-2015-5313.patch delete mode 100644 ace1ee22-qemuxml2argv-test.patch delete mode 100644 add-with-login-shell.patch delete mode 100644 libvirt-1.3.0.tar.gz delete mode 100644 libvirt-1.3.0.tar.gz.asc create mode 100644 libvirt-1.3.1.tar.gz create mode 100644 libvirt-1.3.1.tar.gz.asc delete mode 100644 virt-aa-helper-rw-mounts.patch diff --git a/034e47c3-CVE-2015-5313.patch b/034e47c3-CVE-2015-5313.patch deleted file mode 100644 index e2d0f63..0000000 --- a/034e47c3-CVE-2015-5313.patch +++ /dev/null @@ -1,68 +0,0 @@ -commit 034e47c338b13a95cf02106a3af912c1c5f818d7 -Author: Eric Blake -Date: Tue Dec 8 17:46:31 2015 -0700 - - CVE-2015-5313: storage: don't allow '/' in filesystem volume names - - The libvirt file system storage driver determines what file to - act on by concatenating the pool location with the volume name. - If a user is able to pick names like "../../../etc/passwd", then - they can escape the bounds of the pool. For that matter, - virStoragePoolListVolumes() doesn't descend into subdirectories, - so a user really shouldn't use a name with a slash. - - Normally, only privileged users can coerce libvirt into creating - or opening existing files using the virStorageVol APIs; and such - users already have full privilege to create any domain XML (so it - is not an escalation of privilege). But in the case of - fine-grained ACLs, it is feasible that a user can be granted - storage_vol:create but not domain:write, and it violates - assumptions if such a user can abuse libvirt to access files - outside of the storage pool. - - Therefore, prevent all use of volume names that contain "/", - whether or not such a name is actually attempting to escape the - pool. - - This changes things from: - - $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 - Vol ../../../../../../etc/haha created - $ rm /etc/haha - - to: - - $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 - error: Failed to create vol ../../../../../../etc/haha - error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' - - Signed-off-by: Eric Blake - -Index: libvirt-1.3.0/src/storage/storage_backend_fs.c -=================================================================== ---- libvirt-1.3.0.orig/src/storage/storage_backend_fs.c -+++ libvirt-1.3.0/src/storage/storage_backend_fs.c -@@ -1,7 +1,7 @@ - /* - * storage_backend_fs.c: storage backend for FS and directory handling - * -- * Copyright (C) 2007-2014 Red Hat, Inc. -+ * Copyright (C) 2007-2015 Red Hat, Inc. - * Copyright (C) 2007-2008 Daniel P. Berrange - * - * This library is free software; you can redistribute it and/or -@@ -1057,6 +1057,14 @@ virStorageBackendFileSystemVolCreate(vir - else - vol->type = VIR_STORAGE_VOL_FILE; - -+ /* Volumes within a directory pools are not recursive; do not -+ * allow escape to ../ or a subdir */ -+ if (strchr(vol->name, '/')) { -+ virReportError(VIR_ERR_OPERATION_INVALID, -+ _("volume name '%s' cannot contain '/'"), vol->name); -+ return -1; -+ } -+ - VIR_FREE(vol->target.path); - if (virAsprintf(&vol->target.path, "%s/%s", - pool->def->target.path, diff --git a/ace1ee22-qemuxml2argv-test.patch b/ace1ee22-qemuxml2argv-test.patch deleted file mode 100644 index 62c51bf..0000000 --- a/ace1ee22-qemuxml2argv-test.patch +++ /dev/null @@ -1,45 +0,0 @@ -commit ace1ee225f5cd87fb095054a6a19bdcd0fa57518 -Author: Peter Krempa -Date: Thu Dec 10 14:36:51 2015 +0100 - - test: qemuxml2argv: Mock virMemoryMaxValue to remove 32/64 bit difference - - Always return LLONG_MAX even on 32 bit systems. The limitation - originates from our use of "unsigned long" in several APIs. The internal - data type is unsigned long long. Make the test suite deterministic by - removing the architecture difference. - - Flaw was introduced in 645881139b3d2c86acf9d644c3a1471520bc9e57 where - I've added a test that uses too large numbers. - -Index: libvirt-1.3.0/src/util/virutil.c -=================================================================== ---- libvirt-1.3.0.orig/src/util/virutil.c -+++ libvirt-1.3.0/src/util/virutil.c -@@ -2639,6 +2639,8 @@ virMemoryLimitIsSet(unsigned long long v - * @capped: whether the value must fit into unsigned long - * (long long is assumed otherwise) - * -+ * Note: This function is mocked in tests/qemuxml2argvmock.c for test stability -+ * - * Returns the maximum possible memory value in bytes. - */ - unsigned long long -Index: libvirt-1.3.0/tests/qemuxml2argvmock.c -=================================================================== ---- libvirt-1.3.0.orig/tests/qemuxml2argvmock.c -+++ libvirt-1.3.0/tests/qemuxml2argvmock.c -@@ -74,3 +74,13 @@ virTPMCreateCancelPath(const char *devpa - - return path; - } -+ -+/** -+ * Large values for memory would fail on 32 bit systems, despite having -+ * variables that support it. -+ */ -+unsigned long long -+virMemoryMaxValue(bool capped ATTRIBUTE_UNUSED) -+{ -+ return LLONG_MAX; -+} diff --git a/add-with-login-shell.patch b/add-with-login-shell.patch deleted file mode 100644 index 6dc64de..0000000 --- a/add-with-login-shell.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 5f42064688d5e2c81b623ef20c243c77f2094193 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Mon, 9 Nov 2015 15:36:40 -0700 -Subject: [PATCH] Allow building lxc without virt-login-shell - -Add a configure option to disable virt-login-shell build even if lxc is -enabled. ---- - configure.ac | 14 ++++++++++++++ - tools/Makefile.am | 12 ++++++------ - 2 files changed, 20 insertions(+), 6 deletions(-) - -Index: libvirt-1.3.0/configure.ac -=================================================================== ---- libvirt-1.3.0.orig/configure.ac -+++ libvirt-1.3.0/configure.ac -@@ -1074,6 +1074,19 @@ if test "$with_lxc" = "yes" ; then - fi - AM_CONDITIONAL([WITH_LXC], [test "$with_lxc" = "yes"]) - -+AC_ARG_WITH([login_shell], -+ [AS_HELP_STRING([--with-login-shell], -+ [build virt-login-shell @<:@default=yes@:>@])]) -+m4_divert_text([DEFAULTS], [with_login_shell=yes]) -+ -+if test "$with_lxc" != "yes" ; then -+ with_login_shell="no" -+fi -+if test "$with_login_shell" ; then -+ AC_DEFINE_UNQUOTED([WITH_LOGIN_SHELL], 1, [whether virt-login-shell is built]) -+fi -+AM_CONDITIONAL([WITH_LOGIN_SHELL], [test "$with_login_shell" = "yes"]) -+ - dnl - dnl Checks for the Parallels driver - dnl -@@ -2974,6 +2987,7 @@ AC_MSG_NOTICE([ Init script: $with_ - AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files]) - AC_MSG_NOTICE([ Default Editor: $DEFAULT_EDITOR]) - AC_MSG_NOTICE([ Loader/NVRAM: $with_loader_nvram]) -+AC_MSG_NOTICE([ virt-login-shell: $with_login_shell]) - AC_MSG_NOTICE([]) - AC_MSG_NOTICE([Developer Tools]) - AC_MSG_NOTICE([]) -Index: libvirt-1.3.0/tools/Makefile.am -=================================================================== ---- libvirt-1.3.0.orig/tools/Makefile.am -+++ libvirt-1.3.0/tools/Makefile.am -@@ -71,12 +71,12 @@ sbin_SCRIPTS = virt-sanlock-cleanup - DISTCLEANFILES += virt-sanlock-cleanup - endif WITH_SANLOCK - --if WITH_LXC -+if WITH_LOGIN_SHELL - conf_DATA += virt-login-shell.conf - bin_PROGRAMS += virt-login-shell --else ! WITH_LXC -+else ! WITH_LOGIN_SHELL - EXTRA_DIST += virt-login-shell.conf --endif ! WITH_LXC -+endif ! WITH_LOGIN_SHELL - - - dist_man1_MANS = \ -@@ -85,11 +85,11 @@ dist_man1_MANS = \ - virt-xml-validate.1 \ - virsh.1 \ - virt-admin.1 --if WITH_LXC -+if WITH_LOGIN_SHELL - dist_man1_MANS += virt-login-shell.1 --else ! WITH_LXC -+else ! WITH_LOGIN_SHELL - EXTRA_DIST += virt-login-shell.1 --endif ! WITH_LXC -+endif ! WITH_LOGIN_SHELL - if WITH_SANLOCK - dist_man8_MANS = virt-sanlock-cleanup.8 - endif WITH_SANLOCK diff --git a/apparmor-fixes.patch b/apparmor-fixes.patch index eb68fcc..cf45ca6 100644 --- a/apparmor-fixes.patch +++ b/apparmor-fixes.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.3.0/examples/apparmor/libvirt-qemu +Index: libvirt-1.3.1/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.3.0.orig/examples/apparmor/libvirt-qemu -+++ libvirt-1.3.0/examples/apparmor/libvirt-qemu +--- libvirt-1.3.1.orig/examples/apparmor/libvirt-qemu ++++ libvirt-1.3.1/examples/apparmor/libvirt-qemu @@ -143,6 +143,9 @@ # for restore /bin/bash rmix, diff --git a/apparmor-no-mount.patch b/apparmor-no-mount.patch index c988502..3c8c95f 100644 --- a/apparmor-no-mount.patch +++ b/apparmor-no-mount.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.3.0/examples/apparmor/libvirt-lxc +Index: libvirt-1.3.1/examples/apparmor/libvirt-lxc =================================================================== ---- libvirt-1.3.0.orig/examples/apparmor/libvirt-lxc -+++ libvirt-1.3.0/examples/apparmor/libvirt-lxc +--- libvirt-1.3.1.orig/examples/apparmor/libvirt-lxc ++++ libvirt-1.3.1/examples/apparmor/libvirt-lxc @@ -2,39 +2,15 @@ #include diff --git a/blockcopy-check-dst-identical-device.patch b/blockcopy-check-dst-identical-device.patch index bfa705b..40280c9 100644 --- a/blockcopy-check-dst-identical-device.patch +++ b/blockcopy-check-dst-identical-device.patch @@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-1.3.0/src/qemu/qemu_driver.c +Index: libvirt-1.3.1/src/qemu/qemu_driver.c =================================================================== ---- libvirt-1.3.0.orig/src/qemu/qemu_driver.c -+++ libvirt-1.3.0/src/qemu/qemu_driver.c -@@ -16728,6 +16728,15 @@ qemuDomainBlockCopyCommon(virDomainObjPt +--- libvirt-1.3.1.orig/src/qemu/qemu_driver.c ++++ libvirt-1.3.1/src/qemu/qemu_driver.c +@@ -16698,6 +16698,15 @@ qemuDomainBlockCopyCommon(virDomainObjPt _("non-file destination not supported yet")); goto endjob; } diff --git a/libvirt-1.3.0.tar.gz b/libvirt-1.3.0.tar.gz deleted file mode 100644 index 11345e1..0000000 --- a/libvirt-1.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ebcf5645fa565e3fe2fe94a86e841db9b768cf0e0a7e6cf395c6327f9a23bd64 -size 30114683 diff --git a/libvirt-1.3.0.tar.gz.asc b/libvirt-1.3.0.tar.gz.asc deleted file mode 100644 index 2fe8758..0000000 --- a/libvirt-1.3.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlZn8jcACgkQRga4pd6VvB/RIQCgkbUJElaR8UblnEcphnlFUaZt -YooAn32VWCOwuu/LanKnpQU5Ud0Fckx8 -=+X0a ------END PGP SIGNATURE----- diff --git a/libvirt-1.3.1.tar.gz b/libvirt-1.3.1.tar.gz new file mode 100644 index 0000000..fc8de83 --- /dev/null +++ b/libvirt-1.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a5d43fbed34d31eeffc641d2ac9b6026a57bf1a4fa74d0fa19a9891d9ec2c21a +size 29900143 diff --git a/libvirt-1.3.1.tar.gz.asc b/libvirt-1.3.1.tar.gz.asc new file mode 100644 index 0000000..929b298 --- /dev/null +++ b/libvirt-1.3.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlaa/ekACgkQRga4pd6VvB83RwCfSMXt/m+s8hfjxmOHDLPw91// +be4AoIjs/qtDhPxg+nqJvXjzNnCPyVdZ +=rjLr +-----END PGP SIGNATURE----- diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index 153a7ab..b3cf231 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -1,23 +1,25 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.3.0/tools/libvirt-guests.init.in +Index: libvirt-1.3.1/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.3.0.orig/tools/libvirt-guests.init.in -+++ libvirt-1.3.0/tools/libvirt-guests.init.in -@@ -3,15 +3,15 @@ - # the following is the LSB init header +--- libvirt-1.3.1.orig/tools/libvirt-guests.init.in ++++ libvirt-1.3.1/tools/libvirt-guests.init.in +@@ -4,27 +4,27 @@ + # http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html # ### BEGIN INIT INFO -# Provides: libvirt-guests +-# Default-Start: 3 4 5 +-# Default-Stop: 0 1 2 6 -# Required-Start: libvirtd -# Required-Stop: libvirtd --# Default-Start: 2 3 4 5 --# Default-Stop: 0 1 6 +# Provides: libvirt-guests +# Required-Start: $network $remote_fs libvirtd +# Required-Stop: $network $remote_fs libvirtd +# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 + # Should-Start: + # Should-Stop: # Short-Description: suspend/resume libvirt guests on shutdown/boot -# Description: This is a script for suspending active libvirt guests -# on shutdown and resuming them on next boot @@ -28,10 +30,25 @@ Index: libvirt-1.3.0/tools/libvirt-guests.init.in ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.3.0/tools/libvirt-guests.sh.in + # +-# libvirt-guests: suspend/resume libvirt guests on shutdown/boot ++# libvirt-guests: suspend/resume libvirt guests on shutdown/boot + # +-# chkconfig: 345 99 01 +-# description: This is a script for suspending active libvirt guests \ +-# on shutdown and resuming them on next boot \ +-# See http://libvirt.org ++# chkconfig: 345 99 01 ++# description: This is a script for suspending active libvirt guests \ ++# on shutdown and resuming them on next boot \ ++# See http://libvirt.org + # + + exec @libexecdir@/libvirt-guests.sh "$@" +Index: libvirt-1.3.1/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.3.0.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.3.0/tools/libvirt-guests.sh.in +--- libvirt-1.3.1.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.3.1/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # . @@ -191,10 +208,10 @@ Index: libvirt-1.3.0/tools/libvirt-guests.sh.in esac -exit $RETVAL +rc_exit -Index: libvirt-1.3.0/tools/libvirt-guests.sysconf +Index: libvirt-1.3.1/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.3.0.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.3.0/tools/libvirt-guests.sysconf +--- libvirt-1.3.1.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.3.1/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/libvirt-power8-models.patch b/libvirt-power8-models.patch index 3ebcace..ef4332c 100644 --- a/libvirt-power8-models.patch +++ b/libvirt-power8-models.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.3.0/src/cpu/cpu_map.xml +Index: libvirt-1.3.1/src/cpu/cpu_map.xml =================================================================== ---- libvirt-1.3.0.orig/src/cpu/cpu_map.xml -+++ libvirt-1.3.0/src/cpu/cpu_map.xml +--- libvirt-1.3.1.orig/src/cpu/cpu_map.xml ++++ libvirt-1.3.1/src/cpu/cpu_map.xml @@ -1424,6 +1424,16 @@ diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index ad98d3f..e5302f5 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,8 +1,8 @@ -Index: libvirt-1.3.0/configure.ac +Index: libvirt-1.3.1/configure.ac =================================================================== ---- libvirt-1.3.0.orig/configure.ac -+++ libvirt-1.3.0/configure.ac -@@ -242,6 +242,7 @@ LIBVIRT_CHECK_FUSE +--- libvirt-1.3.1.orig/configure.ac ++++ libvirt-1.3.1/configure.ac +@@ -246,6 +246,7 @@ LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_GLUSTER LIBVIRT_CHECK_HAL LIBVIRT_CHECK_NETCF @@ -10,7 +10,7 @@ Index: libvirt-1.3.0/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2495,11 +2496,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2507,11 +2508,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ Index: libvirt-1.3.0/configure.ac esac if test "$with_interface" = "yes" ; then -@@ -2893,6 +2895,7 @@ LIBVIRT_RESULT_FUSE +@@ -2890,6 +2892,7 @@ LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_GLUSTER LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -34,11 +34,11 @@ Index: libvirt-1.3.0/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.3.0/src/Makefile.am +Index: libvirt-1.3.1/src/Makefile.am =================================================================== ---- libvirt-1.3.0.orig/src/Makefile.am -+++ libvirt-1.3.0/src/Makefile.am -@@ -922,6 +922,10 @@ if WITH_NETCF +--- libvirt-1.3.1.orig/src/Makefile.am ++++ libvirt-1.3.1/src/Makefile.am +@@ -923,6 +923,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif WITH_NETCF @@ -49,7 +49,7 @@ Index: libvirt-1.3.0/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1547,6 +1551,10 @@ if WITH_NETCF +@@ -1548,6 +1552,10 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) endif WITH_NETCF @@ -60,11 +60,11 @@ Index: libvirt-1.3.0/src/Makefile.am if WITH_UDEV libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS) libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS) -Index: libvirt-1.3.0/tools/virsh.c +Index: libvirt-1.3.1/tools/virsh.c =================================================================== ---- libvirt-1.3.0.orig/tools/virsh.c -+++ libvirt-1.3.0/tools/virsh.c -@@ -588,6 +588,8 @@ virshShowVersion(vshControl *ctl ATTRIBU +--- libvirt-1.3.1.orig/tools/virsh.c ++++ libvirt-1.3.1/tools/virsh.c +@@ -589,6 +589,8 @@ virshShowVersion(vshControl *ctl ATTRIBU vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); @@ -73,10 +73,10 @@ Index: libvirt-1.3.0/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.3.0/src/interface/interface_backend_netcf.c +Index: libvirt-1.3.1/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.3.0.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.3.0/src/interface/interface_backend_netcf.c +--- libvirt-1.3.1.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.3.1/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -160,10 +160,10 @@ Index: libvirt-1.3.0/src/interface/interface_backend_netcf.c if (virSetSharedInterfaceDriver(&interfaceDriver) < 0) return -1; if (virRegisterStateDriver(&interfaceStateDriver) < 0) -Index: libvirt-1.3.0/src/interface/interface_driver.c +Index: libvirt-1.3.1/src/interface/interface_driver.c =================================================================== ---- libvirt-1.3.0.orig/src/interface/interface_driver.c -+++ libvirt-1.3.0/src/interface/interface_driver.c +--- libvirt-1.3.1.orig/src/interface/interface_driver.c ++++ libvirt-1.3.1/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -181,10 +181,10 @@ Index: libvirt-1.3.0/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.3.0/m4/virt-netcontrol.m4 +Index: libvirt-1.3.1/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.3.0/m4/virt-netcontrol.m4 ++++ libvirt-1.3.1/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index 7a73f95..52fae52 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Jan 18 18:30:52 UTC 2016 - jfehlig@suse.com + +- Update to libvirt 1.3.1 + - CVE-2015-5313 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: 034e47c3-CVE-2015-5313.patch, + ace1ee22-qemuxml2argv-test.patch, add-with-login-shell.patch, + virt-aa-helper-rw-mounts.patch + ------------------------------------------------------------------- Tue Dec 22 02:21:44 UTC 2015 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index e52c2d9..c536b79 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,7 +1,7 @@ # # spec file for package libvirt # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -240,7 +240,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 1.3.0 +Version: 1.3.1 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -453,11 +453,7 @@ Source3: libvirtd.init Source4: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: 034e47c3-CVE-2015-5313.patch -Patch1: ace1ee22-qemuxml2argv-test.patch # Patches pending upstream review -Patch100: add-with-login-shell.patch -Patch101: virt-aa-helper-rw-mounts.patch # Need to go upstream Patch150: xen-pv-cdrom.patch Patch151: blockcopy-check-dst-identical-device.patch @@ -973,10 +969,6 @@ Wireshark dissector plugin for better analysis of libvirt RPC traffic. %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch100 -p1 -%patch101 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 @@ -1214,10 +1206,7 @@ gzip -9 ChangeLog %install %makeinstall SYSTEMD_UNIT_DIR=%{_unitdir} DOCS_DIR=%{_docdir}/%{name}-python EXAMPLE_DIR=%{_docdir}/%{name}-python/examples HTML_DIR=%{_docdir}/%{name} -for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap domtop rename -do - (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) -done +make -C examples distclean cp examples/lxcconvert/virt-lxc-convert $RPM_BUILD_ROOT%{_bindir} rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %if %{with_wireshark} diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index d004f06..bb5b915 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.3.0/daemon/libvirtd.conf +Index: libvirt-1.3.1/daemon/libvirtd.conf =================================================================== ---- libvirt-1.3.0.orig/daemon/libvirtd.conf -+++ libvirt-1.3.0/daemon/libvirtd.conf +--- libvirt-1.3.1.orig/daemon/libvirtd.conf ++++ libvirt-1.3.1/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,10 +13,10 @@ Index: libvirt-1.3.0/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.3.0/daemon/libvirtd-config.c +Index: libvirt-1.3.1/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.3.0.orig/daemon/libvirtd-config.c -+++ libvirt-1.3.0/daemon/libvirtd-config.c +--- libvirt-1.3.1.orig/daemon/libvirtd-config.c ++++ libvirt-1.3.1/daemon/libvirtd-config.c @@ -242,7 +242,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; @@ -26,10 +26,10 @@ Index: libvirt-1.3.0/daemon/libvirtd-config.c data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || -Index: libvirt-1.3.0/daemon/test_libvirtd.aug.in +Index: libvirt-1.3.1/daemon/test_libvirtd.aug.in =================================================================== ---- libvirt-1.3.0.orig/daemon/test_libvirtd.aug.in -+++ libvirt-1.3.0/daemon/test_libvirtd.aug.in +--- libvirt-1.3.1.orig/daemon/test_libvirtd.aug.in ++++ libvirt-1.3.1/daemon/test_libvirtd.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd = ::CONFIG:: diff --git a/libvirtd-init-script.patch b/libvirtd-init-script.patch index 5793be7..6fef147 100644 --- a/libvirtd-init-script.patch +++ b/libvirtd-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.3.0/daemon/libvirtd.sysconf +Index: libvirt-1.3.1/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.3.0.orig/daemon/libvirtd.sysconf -+++ libvirt-1.3.0/daemon/libvirtd.sysconf +--- libvirt-1.3.1.orig/daemon/libvirtd.sysconf ++++ libvirt-1.3.1/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/libvirtd-systemd-socket.patch b/libvirtd-systemd-socket.patch index 912c113..4c007df 100644 --- a/libvirtd-systemd-socket.patch +++ b/libvirtd-systemd-socket.patch @@ -9,10 +9,10 @@ as See bsc#933043 -Index: libvirt-1.3.0/daemon/libvirtd.socket.in +Index: libvirt-1.3.1/daemon/libvirtd.socket.in =================================================================== ---- libvirt-1.3.0.orig/daemon/libvirtd.socket.in -+++ libvirt-1.3.0/daemon/libvirtd.socket.in +--- libvirt-1.3.1.orig/daemon/libvirtd.socket.in ++++ libvirt-1.3.1/daemon/libvirtd.socket.in @@ -2,10 +2,8 @@ ListenStream=@runstatedir@/libvirt/libvirt-sock ListenStream=@runstatedir@/libvirt/libvirt-sock-ro diff --git a/lxc-wait-after-eth-del.patch b/lxc-wait-after-eth-del.patch index 0f8b36a..a4fdd58 100644 --- a/lxc-wait-after-eth-del.patch +++ b/lxc-wait-after-eth-del.patch @@ -13,10 +13,10 @@ device with the same name that is being created. src/lxc/lxc_process.c | 1 + 3 files changed, 4 insertions(+) -Index: libvirt-1.3.0/src/lxc/lxc_controller.c +Index: libvirt-1.3.1/src/lxc/lxc_controller.c =================================================================== ---- libvirt-1.3.0.orig/src/lxc/lxc_controller.c -+++ libvirt-1.3.0/src/lxc/lxc_controller.c +--- libvirt-1.3.1.orig/src/lxc/lxc_controller.c ++++ libvirt-1.3.1/src/lxc/lxc_controller.c @@ -2002,6 +2002,7 @@ static int virLXCControllerDeleteInterfa if (virNetDevVethDelete(ctrl->veths[i]) < 0) ret = -1; @@ -25,11 +25,11 @@ Index: libvirt-1.3.0/src/lxc/lxc_controller.c return ret; } -Index: libvirt-1.3.0/src/lxc/lxc_driver.c +Index: libvirt-1.3.1/src/lxc/lxc_driver.c =================================================================== ---- libvirt-1.3.0.orig/src/lxc/lxc_driver.c -+++ libvirt-1.3.0/src/lxc/lxc_driver.c -@@ -4254,6 +4254,7 @@ lxcDomainAttachDeviceNetLive(virConnectP +--- libvirt-1.3.1.orig/src/lxc/lxc_driver.c ++++ libvirt-1.3.1/src/lxc/lxc_driver.c +@@ -4257,6 +4257,7 @@ lxcDomainAttachDeviceNetLive(virConnectP case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: ignore_value(virNetDevVethDelete(veth)); @@ -37,7 +37,7 @@ Index: libvirt-1.3.0/src/lxc/lxc_driver.c break; case VIR_DOMAIN_NET_TYPE_DIRECT: -@@ -4681,6 +4682,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb +@@ -4684,6 +4685,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } @@ -45,10 +45,10 @@ Index: libvirt-1.3.0/src/lxc/lxc_driver.c break; /* It'd be nice to support this, but with macvlan -Index: libvirt-1.3.0/src/lxc/lxc_process.c +Index: libvirt-1.3.1/src/lxc/lxc_process.c =================================================================== ---- libvirt-1.3.0.orig/src/lxc/lxc_process.c -+++ libvirt-1.3.0/src/lxc/lxc_process.c +--- libvirt-1.3.1.orig/src/lxc/lxc_process.c ++++ libvirt-1.3.1/src/lxc/lxc_process.c @@ -221,6 +221,7 @@ static void virLXCProcessCleanup(virLXCD } networkReleaseActualDevice(vm->def, iface); diff --git a/ppc64le-canonical-name.patch b/ppc64le-canonical-name.patch index 3e0df63..0cd2d46 100644 --- a/ppc64le-canonical-name.patch +++ b/ppc64le-canonical-name.patch @@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64 See bnc#894956 -Index: libvirt-1.3.0/src/util/virarch.c +Index: libvirt-1.3.1/src/util/virarch.c =================================================================== ---- libvirt-1.3.0.orig/src/util/virarch.c -+++ libvirt-1.3.0/src/util/virarch.c +--- libvirt-1.3.1.orig/src/util/virarch.c ++++ libvirt-1.3.1/src/util/virarch.c @@ -169,6 +169,8 @@ virArch virArchFromHost(void) arch = VIR_ARCH_I686; } else if (STREQ(ut.machine, "amd64")) { diff --git a/qemu-apparmor-screenshot.patch b/qemu-apparmor-screenshot.patch index 3014514..881139c 100644 --- a/qemu-apparmor-screenshot.patch +++ b/qemu-apparmor-screenshot.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.3.0/examples/apparmor/libvirt-qemu +Index: libvirt-1.3.1/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.3.0.orig/examples/apparmor/libvirt-qemu -+++ libvirt-1.3.0/examples/apparmor/libvirt-qemu +--- libvirt-1.3.1.orig/examples/apparmor/libvirt-qemu ++++ libvirt-1.3.1/examples/apparmor/libvirt-qemu @@ -152,6 +152,9 @@ /sys/bus/ r, /sys/class/ r, diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index 5f52204..f10ff3e 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,11 +8,11 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.3.0/src/xenconfig/xen_common.c +Index: libvirt-1.3.1/src/xenconfig/xen_common.c =================================================================== ---- libvirt-1.3.0.orig/src/xenconfig/xen_common.c -+++ libvirt-1.3.0/src/xenconfig/xen_common.c -@@ -403,6 +403,8 @@ xenParsePCI(virConfPtr conf, virDomainDe +--- libvirt-1.3.1.orig/src/xenconfig/xen_common.c ++++ libvirt-1.3.1/src/xenconfig/xen_common.c +@@ -393,6 +393,8 @@ xenParsePCI(virConfPtr conf, virDomainDe { virConfValuePtr list = virConfGetValue(conf, "pci"); virDomainHostdevDefPtr hostdev = NULL; @@ -21,7 +21,7 @@ Index: libvirt-1.3.0/src/xenconfig/xen_common.c if (list && list->type == VIR_CONF_LIST) { list = list->list; -@@ -424,6 +426,11 @@ xenParsePCI(virConfPtr conf, virDomainDe +@@ -414,6 +416,11 @@ xenParsePCI(virConfPtr conf, virDomainDe /* pci=['0000:00:1b.0','0000:00:13.0'] */ if (!(key = list->str)) goto skippci; @@ -33,7 +33,7 @@ Index: libvirt-1.3.0/src/xenconfig/xen_common.c if (!(nextkey = strchr(key, ':'))) goto skippci; if (virStrncpy(domain, key, (nextkey - key), sizeof(domain)) == NULL) { -@@ -467,10 +474,31 @@ xenParsePCI(virConfPtr conf, virDomainDe +@@ -457,10 +464,31 @@ xenParsePCI(virConfPtr conf, virDomainDe goto skippci; if (virStrToLong_i(func, NULL, 16, &funcID) < 0) goto skippci; @@ -66,11 +66,11 @@ Index: libvirt-1.3.0/src/xenconfig/xen_common.c hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; hostdev->source.subsys.u.pci.addr.domain = domainID; hostdev->source.subsys.u.pci.addr.bus = busID; -Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c +Index: libvirt-1.3.1/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.3.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.3.0/src/xenconfig/xen_sxpr.c -@@ -999,6 +999,7 @@ xenParseSxprPCI(virDomainDefPtr def, +--- libvirt-1.3.1.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.3.1/src/xenconfig/xen_sxpr.c +@@ -1060,6 +1060,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; int funcID; @@ -78,7 +78,7 @@ Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c node = cur->u.s.car; if (!sexpr_lookup(node, "dev")) -@@ -1046,11 +1047,13 @@ xenParseSxprPCI(virDomainDefPtr def, +@@ -1107,11 +1108,13 @@ xenParseSxprPCI(virDomainDefPtr def, goto error; } @@ -93,7 +93,7 @@ Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; dev->source.subsys.u.pci.addr.domain = domainID; dev->source.subsys.u.pci.addr.bus = busID; -@@ -2013,11 +2016,15 @@ static void +@@ -1976,11 +1979,15 @@ static void xenFormatSxprPCI(virDomainHostdevDefPtr def, virBufferPtr buf) { @@ -110,7 +110,7 @@ Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c } -@@ -2036,12 +2043,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP +@@ -1999,12 +2006,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP virBufferPtr buf, int detach) { @@ -123,7 +123,7 @@ Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c virBufferAddLit(buf, "(pci "); xenFormatSxprPCI(def, buf); if (detach) -@@ -2096,12 +2097,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, +@@ -2059,12 +2060,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, for (i = 0; i < def->nhostdevs; i++) { if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index 77697a2..90b106a 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.3.0/src/qemu/qemu.conf +Index: libvirt-1.3.1/src/qemu/qemu.conf =================================================================== ---- libvirt-1.3.0.orig/src/qemu/qemu.conf -+++ libvirt-1.3.0/src/qemu/qemu.conf +--- libvirt-1.3.1.orig/src/qemu/qemu.conf ++++ libvirt-1.3.1/src/qemu/qemu.conf @@ -201,11 +201,20 @@ # isolation, but it cannot appear in a list of drivers. # diff --git a/systemd-service-xen.patch b/systemd-service-xen.patch index 7bd3daf..d4a50ba 100644 --- a/systemd-service-xen.patch +++ b/systemd-service-xen.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.3.0/daemon/libvirtd.service.in +Index: libvirt-1.3.1/daemon/libvirtd.service.in =================================================================== ---- libvirt-1.3.0.orig/daemon/libvirtd.service.in -+++ libvirt-1.3.0/daemon/libvirtd.service.in +--- libvirt-1.3.1.orig/daemon/libvirtd.service.in ++++ libvirt-1.3.1/daemon/libvirtd.service.in @@ -7,6 +7,7 @@ After=iscsid.service After=apparmor.service After=local-fs.target diff --git a/virt-aa-helper-rw-mounts.patch b/virt-aa-helper-rw-mounts.patch deleted file mode 100644 index a49d9fd..0000000 --- a/virt-aa-helper-rw-mounts.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 9abe699b0b91fd2c8a2870b36342a37fa97f7e36 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Tue, 17 Nov 2015 10:11:30 +0100 -Subject: [PATCH] virt-aa-helper: don't deny writes to readonly mounts - -There is no need to deny writes on a readonly mount: write still -won't be accepted, even if the user remounts the folder as RW in -the guest as qemu sets the 9p mount as ro. - -This deny rule was leading to problems for example with readonly /: -The qemu process had to write to a bunch of files in / like logs, -sockets, etc. This deny rule was also preventing auditing of these -denials, making it harder to debug. ---- - src/security/virt-aa-helper.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -Index: libvirt-1.3.0/src/security/virt-aa-helper.c -=================================================================== ---- libvirt-1.3.0.orig/src/security/virt-aa-helper.c -+++ libvirt-1.3.0/src/security/virt-aa-helper.c -@@ -1127,7 +1127,10 @@ get_files(vahControl * ctl) - ctl->def->fss[i]->src) { - virDomainFSDefPtr fs = ctl->def->fss[i]; - -- if (vah_add_path(&buf, fs->src, fs->readonly ? "r" : "rw", true) != 0) -+ /* We don't need to add deny rw rules for readonly mounts, -+ * this can only lead to troubles when mounting / readonly. -+ */ -+ if (vah_add_path(&buf, fs->src, "rw", true) != 0) - goto cleanup; - } - } diff --git a/virtlockd-init-script.patch b/virtlockd-init-script.patch index ba73dfa..5439e06 100644 --- a/virtlockd-init-script.patch +++ b/virtlockd-init-script.patch @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.3.0/src/locking/virtlockd.sysconf +Index: libvirt-1.3.1/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.3.0.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.3.0/src/locking/virtlockd.sysconf +--- libvirt-1.3.1.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.3.1/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,22 +12,28 @@ Index: libvirt-1.3.0/src/locking/virtlockd.sysconf # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.3.0/src/locking/virtlockd.init.in +Index: libvirt-1.3.1/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.3.0.orig/src/locking/virtlockd.init.in -+++ libvirt-1.3.0/src/locking/virtlockd.init.in -@@ -4,12 +4,14 @@ - # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV +--- libvirt-1.3.1.orig/src/locking/virtlockd.init.in ++++ libvirt-1.3.1/src/locking/virtlockd.init.in +@@ -4,59 +4,57 @@ + # http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html # ### BEGIN INIT INFO -# Provides: virtlockd --# Default-Start: --# Default-Stop: 0 1 2 3 4 5 6 +-# Default-Start: 3 4 5 +-# Default-Stop: 0 1 2 6 +-# Required-Start: +-# Required-Stop: +-# Should-Start: $network $remote_fs +-# Should-Stop: $network $remote_fs +# Provides: virtlockd +# Required-Start: $network $remote_fs -+# Default-Start: 3 5 +# Required-Stop: $network $remote_fs ++# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 ++# Should-Start: ++# Should-Stop: # Short-Description: virtual machine lock manager -# Description: This is a daemon for managing locks -# on virtual machine disk images @@ -36,8 +42,21 @@ Index: libvirt-1.3.0/src/locking/virtlockd.init.in ### END INIT INFO # the following is chkconfig init header -@@ -24,35 +26,33 @@ - # pidfile: @localstatedir@/run/virtlockd.pid + # +-# virtlockd: virtual machine lock manager ++# virtlockd: virtual machine lock manager + # +-# chkconfig: 345 96 04 +-# description: This is a daemon for managing locks \ +-# on virtual machine disk images ++# chkconfig: 345 96 04 ++# description: This is a daemon for managing locks \ ++# on virtual machine disk images + # +-# processname: virtlockd +-# pidfile: @localstatedir@/run/virtlockd.pid ++# processname: virtlockd ++# pidfile: @localstatedir@/run/virtlockd.pid # -# Source function library. @@ -84,7 +103,7 @@ Index: libvirt-1.3.0/src/locking/virtlockd.init.in rm -f $PIDFILE fi } -@@ -66,9 +66,7 @@ reload() { +@@ -70,9 +68,7 @@ reload() { echo -n $"Reloading $SERVICE configuration: " killproc -p $PIDFILE $PROCESS -USR1 @@ -95,7 +114,7 @@ Index: libvirt-1.3.0/src/locking/virtlockd.init.in } # See how we were called. -@@ -77,18 +75,20 @@ case "$1" in +@@ -81,18 +77,20 @@ case "$1" in $1 ;; status) diff --git a/virtlogd-init-script.patch b/virtlogd-init-script.patch index e1c6835..b8a26ca 100644 --- a/virtlogd-init-script.patch +++ b/virtlogd-init-script.patch @@ -1,21 +1,27 @@ Adjust virtlogd init files to conform to SUSE standards -Index: libvirt-1.3.0/src/logging/virtlogd.init.in +Index: libvirt-1.3.1/src/logging/virtlogd.init.in =================================================================== ---- libvirt-1.3.0.orig/src/logging/virtlogd.init.in -+++ libvirt-1.3.0/src/logging/virtlogd.init.in -@@ -4,12 +4,14 @@ - # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV +--- libvirt-1.3.1.orig/src/logging/virtlogd.init.in ++++ libvirt-1.3.1/src/logging/virtlogd.init.in +@@ -4,59 +4,56 @@ + # http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html # ### BEGIN INIT INFO -# Provides: virtlogd --# Default-Start: --# Default-Stop: 0 1 2 3 4 5 6 +-# Default-Start: 3 4 5 +-# Default-Stop: 0 1 2 6 +-# Required-Start: +-# Required-Stop: +-# Should-Start: $network $remote_fs +-# Should-Stop: $network $remote_fs +# Provides: virtlogd +# Required-Start: $network $remote_fs -+# Default-Start: 3 5 +# Required-Stop: $network $remote_fs ++# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 ++# Should-Start ++# Should-Stop: # Short-Description: virtual machine log manager -# Description: This is a daemon for managing logs -# of virtual machine consoles @@ -24,8 +30,21 @@ Index: libvirt-1.3.0/src/logging/virtlogd.init.in ### END INIT INFO # the following is chkconfig init header -@@ -24,35 +26,32 @@ - # pidfile: @localstatedir@/run/virtlogd.pid + # +-# virtlogd: virtual machine log manager ++# virtlogd: virtual machine log manager + # +-# chkconfig: 345 96 04 +-# description: This is a daemon for managing logs \ +-# of virtual machine consoles ++# chkconfig: 345 96 04 ++# description: This is a daemon for managing logs \ ++# of virtual machine consoles + # +-# processname: virtlogd +-# pidfile: @localstatedir@/run/virtlogd.pid ++# processname: virtlogd ++# pidfile: @localstatedir@/run/virtlogd.pid # -# Source function library. @@ -49,7 +68,7 @@ Index: libvirt-1.3.0/src/logging/virtlogd.init.in - daemon --pidfile $PIDFILE --check $SERVICE $PROCESS --daemon $VIRTLOGD_ARGS - RETVAL=$? - echo -- [ $RETVAL -eq 0 ] && touch @localstatedir@/log/subsys/$SERVICE +- [ $RETVAL -eq 0 ] && touch @localstatedir@/lock/subsys/$SERVICE + echo -n $"Starting $SERVICE " + test -d $PIDDIR || mkdir -p $PIDDIR + startproc -p $PIDFILE $PROCESS --pid-file $PIDFILE --daemon $VIRTLOGD_ARGS @@ -66,11 +85,11 @@ Index: libvirt-1.3.0/src/logging/virtlogd.init.in - echo + rc_status -v if [ $RETVAL -eq 0 ]; then -- rm -f @localstatedir@/log/subsys/$SERVICE +- rm -f @localstatedir@/lock/subsys/$SERVICE rm -f $PIDFILE fi } -@@ -66,9 +65,7 @@ reload() { +@@ -70,9 +67,7 @@ reload() { echo -n $"Reloading $SERVICE configuration: " killproc -p $PIDFILE $PROCESS -USR1 @@ -81,7 +100,7 @@ Index: libvirt-1.3.0/src/logging/virtlogd.init.in } # See how we were called. -@@ -77,18 +74,20 @@ case "$1" in +@@ -81,18 +76,20 @@ case "$1" in $1 ;; status) @@ -95,7 +114,7 @@ Index: libvirt-1.3.0/src/logging/virtlogd.init.in reload ;; condrestart|try-restart) -- [ -f @localstatedir@/log/subsys/$SERVICE ] && restart || : +- [ -f @localstatedir@/lock/subsys/$SERVICE ] && restart || : + $0 status >/dev/null && restart || : ;; *) @@ -107,10 +126,10 @@ Index: libvirt-1.3.0/src/logging/virtlogd.init.in esac -exit $RETVAL +rc_exit -Index: libvirt-1.3.0/src/logging/virtlogd.sysconf +Index: libvirt-1.3.1/src/logging/virtlogd.sysconf =================================================================== ---- libvirt-1.3.0.orig/src/logging/virtlogd.sysconf -+++ libvirt-1.3.0/src/logging/virtlogd.sysconf +--- libvirt-1.3.1.orig/src/logging/virtlogd.sysconf ++++ libvirt-1.3.1/src/logging/virtlogd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlogd + diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index 61acada..ce5112b 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,17 +1,17 @@ -Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c +Index: libvirt-1.3.1/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.3.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.3.0/src/xenconfig/xen_sxpr.c -@@ -334,7 +334,7 @@ xenParseSxprChar(const char *value, +--- libvirt-1.3.1.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.3.1/src/xenconfig/xen_sxpr.c +@@ -390,7 +390,7 @@ xenParseSxprVifRate(const char *rate, un static int xenParseSxprDisks(virDomainDefPtr def, const struct sexpr *root, -- int hvm, -+ int hvm ATTRIBUTE_UNUSED, - int xendConfigVersion) +- int hvm) ++ int hvm ATTRIBUTE_UNUSED) { const struct sexpr *cur, *node; -@@ -385,7 +385,6 @@ xenParseSxprDisks(virDomainDefPtr def, + virDomainDiskDefPtr disk = NULL; +@@ -440,7 +440,6 @@ xenParseSxprDisks(virDomainDefPtr def, /* There is a case without the uname to the CD-ROM device */ offset = strchr(dst, ':'); if (!offset || diff --git a/xen-sxpr-disk-type.patch b/xen-sxpr-disk-type.patch index 5ab67a1..0d353c2 100644 --- a/xen-sxpr-disk-type.patch +++ b/xen-sxpr-disk-type.patch @@ -6,11 +6,11 @@ and 'file'. This was implicitly done prior to commit 9673418c. https://bugzilla.suse.com/show_bug.cgi?id=938228 -Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c +Index: libvirt-1.3.1/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.3.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.3.0/src/xenconfig/xen_sxpr.c -@@ -449,10 +449,11 @@ xenParseSxprDisks(virDomainDefPtr def, +--- libvirt-1.3.1.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.3.1/src/xenconfig/xen_sxpr.c +@@ -504,10 +504,11 @@ xenParseSxprDisks(virDomainDefPtr def, omnipotent, we can revisit this, perhaps stat()'ing the src file in question */ virDomainDiskSetType(disk, VIR_STORAGE_TYPE_FILE); From ead8cd12f95e0f15c842f6682610bfb740fcd4a46f35067f5b79252052984552 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Wed, 27 Jan 2016 22:57:49 +0000 Subject: [PATCH 2/2] Accepting request 356399 from home:jfehlig:branches:Virtualization - qemu: set /usr/share/qemu/ovmf-x86_64-ms-{code,vars}.bin as default UEFI firmwares for x86_64 bsc#961853 OBS-URL: https://build.opensuse.org/request/show/356399 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=509 --- libvirt.changes | 7 +++++++ libvirt.spec | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/libvirt.changes b/libvirt.changes index 52fae52..fc0af04 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Jan 23 01:19:22 UTC 2016 - jfehlig@suse.com + +- qemu: set /usr/share/qemu/ovmf-x86_64-ms-{code,vars}.bin as + default UEFI firmwares for x86_64 + bsc#961853 + ------------------------------------------------------------------- Mon Jan 18 18:30:52 UTC 2016 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index c536b79..116a1cf 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -215,6 +215,11 @@ %endif %endif +# Advertise OVMF for >= 13.1 +%if 0%{?suse_version} >= 1310 + %define with_loader_nvram --with-loader-nvram="/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin" +%endif + %if %{with_macvtap} %define with_libnl 1 %endif @@ -1196,6 +1201,7 @@ export CFLAGS="$RPM_OPT_FLAGS" --libexecdir=%{_libdir}/%{name} \ --with-qemu-user=%{qemu_user} \ --with-qemu-group=%{qemu_group} \ + %{?with_loader_nvram} \ --without-login-shell \ %{init_scripts} \ ac_cv_path_MODPROBE=/sbin/modprobe \