Accepting request 204842 from Virtualization

Sorry for the delay.  Quite some work to get libvirt in shape for RC2.
Lots of bug fixes, and most importantly fixes for CVE-2013-{4400,4401}.
Pretty please copy to 13.1 :)

- libxl driver: fix initialization of VNC and SDL info for
  HVM domains
  libxl-hvm-vnc.patch
  bnc#847566
- Allow libvirtd apparmor profile to access /etc/xen/scripts/*

- Fix file descriptor passing in python bindings
  e350826c-python-fix-fd-passing.patch
  rhb#1021434

- Have systemd terminate the machine as a workaround of fdo#68370
  bd773e74-lxc-terminate-machine.patch
  bnc#842834

- Spec file fixes to only package libvirt-login-shell when
  building the LXC driver

- CVE-2013-4400: Unsantized use of env variables allows privilege
  escalation via virt-login-shell
  ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch,
  b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch,
  5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch
  bnc#837609
- CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native
  57687fd6-CVE-2013-4401.patch
  bnc#845704

- Move hypervisor-specific files out of libvirt-daemon package
  and into libvirt-daemon-<hypervisor> subpackage
  bnc#845851

OBS-URL: https://build.opensuse.org/request/show/204842
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=133

3e2f27e1-CVE-2013-4400.patch

@@ -0,0 +1,354 @@
+commit 3e2f27e13b94f7302ad948bcacb5e02c859a25fc
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Thu Oct 10 13:09:08 2013 +0100
+
+    Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
+    
+    The libvirt.so library has far too many library deps to allow
+    linking against it from setuid programs. Those libraries can
+    do stuff in __attribute__((constructor) functions which is
+    not setuid safe.
+    
+    The virt-login-shell needs to link directly against individual
+    files that it uses, with all library deps turned off except
+    for libxml2 and libselinux.
+    
+    Create a libvirt-setuid-rpc-client.la library which is linked
+    to by virt-login-shell. A config-post.h file allows this library
+    to disable all external deps except libselinux and libxml2.
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.1.2/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/Makefile.am
++++ libvirt-1.1.2/Makefile.am
+@@ -31,6 +31,7 @@ XML_EXAMPLES = \
+ 					test/*.xml storage/*.xml)))
+ 
+ EXTRA_DIST = \
++  config-post.h \
+   ChangeLog-old \
+   libvirt.spec libvirt.spec.in \
+   mingw-libvirt.spec.in \
+Index: libvirt-1.1.2/config-post.h
+===================================================================
+--- /dev/null
++++ libvirt-1.1.2/config-post.h
+@@ -0,0 +1,44 @@
++/*
++ * Copyright (C) 2013 Red Hat, Inc.
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library.  If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++/*
++ * Since virt-login-shell will be setuid, we must do everything
++ * we can to avoid linking to other libraries. Many of them do
++ * unsafe things in functions marked __atttribute__((constructor)).
++ * The only way avoid to avoid such deps is to re-compile the
++ * functions with the code in question disabled, and for that we
++ * must override the main config.h rules. Hence this file :-(
++ */
++
++#ifdef LIBVIRT_SETUID_RPC_CLIENT
++# undef HAVE_LIBDEVMAPPER_H
++# undef HAVE_LIBNL
++# undef HAVE_LIBNL3
++# undef HAVE_LIBSASL2
++# undef WITH_CAPNG
++# undef WITH_CURL
++# undef WITH_DTRACE_PROBES
++# undef WITH_GNUTLS
++# undef WITH_MACVTAP
++# undef WITH_NUMACTL
++# undef WITH_SASL
++# undef WITH_SSH2
++# undef WITH_VIRTUALPORT
++# undef WITH_YAJL
++# undef WITH_YAJL2
++#endif
+Index: libvirt-1.1.2/configure.ac
+===================================================================
+--- libvirt-1.1.2.orig/configure.ac
++++ libvirt-1.1.2/configure.ac
+@@ -20,6 +20,7 @@ AC_INIT([libvirt], [1.1.2], [libvir-list
+ AC_CONFIG_SRCDIR([src/libvirt.c])
+ AC_CONFIG_AUX_DIR([build-aux])
+ AC_CONFIG_HEADERS([config.h])
++AH_BOTTOM([#include <config-post.h>])
+ AC_CONFIG_MACRO_DIR([m4])
+ dnl Make automake keep quiet about wildcards & other GNUmake-isms
+ AM_INIT_AUTOMAKE([-Wno-portability tar-ustar])
+Index: libvirt-1.1.2/daemon/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/daemon/Makefile.am
++++ libvirt-1.1.2/daemon/Makefile.am
+@@ -18,6 +18,7 @@
+ 
+ INCLUDES = \
+ 	-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
++	-I$(top_srcdir) \
+ 	-I$(top_builddir)/include -I$(top_srcdir)/include \
+ 	-I$(top_builddir)/src -I$(top_srcdir)/src \
+ 	-I$(top_srcdir)/src/util \
+Index: libvirt-1.1.2/examples/domain-events/events-c/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/examples/domain-events/events-c/Makefile.am
++++ libvirt-1.1.2/examples/domain-events/events-c/Makefile.am
+@@ -15,7 +15,8 @@
+ ## <http://www.gnu.org/licenses/>.
+ 
+ INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include \
+-	   -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib
++	   -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
++	   -I$(top_srcdir)
+ noinst_PROGRAMS = event-test
+ event_test_CFLAGS = $(WARN_CFLAGS)
+ event_test_SOURCES = event-test.c
+Index: libvirt-1.1.2/examples/hellolibvirt/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/examples/hellolibvirt/Makefile.am
++++ libvirt-1.1.2/examples/hellolibvirt/Makefile.am
+@@ -14,7 +14,7 @@
+ ## License along with this library.  If not, see
+ ## <http://www.gnu.org/licenses/>.
+ 
+-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include
++INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)
+ noinst_PROGRAMS = hellolibvirt
+ hellolibvirt_CFLAGS = $(WARN_CFLAGS)
+ hellolibvirt_SOURCES = hellolibvirt.c
+Index: libvirt-1.1.2/examples/openauth/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/examples/openauth/Makefile.am
++++ libvirt-1.1.2/examples/openauth/Makefile.am
+@@ -14,7 +14,7 @@
+ ## License along with this library.  If not, see
+ ## <http://www.gnu.org/licenses/>.
+ 
+-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include
++INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)
+ noinst_PROGRAMS = openauth
+ openauth_CFLAGS = $(WARN_CFLAGS)
+ openauth_SOURCES = openauth.c
+Index: libvirt-1.1.2/gnulib/lib/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/gnulib/lib/Makefile.am
++++ libvirt-1.1.2/gnulib/lib/Makefile.am
+@@ -27,4 +27,4 @@ noinst_LTLIBRARIES =
+ 
+ include gnulib.mk
+ 
+-INCLUDES = $(GETTEXT_CPPFLAGS)
++INCLUDES = -I$(top_srcdir) $(GETTEXT_CPPFLAGS)
+Index: libvirt-1.1.2/python/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/python/Makefile.am
++++ libvirt-1.1.2/python/Makefile.am
+@@ -20,6 +20,7 @@ INCLUDES = \
+ 	$(PYTHON_INCLUDES) \
+ 	-I$(top_builddir)/gnulib/lib \
+ 	-I$(top_srcdir)/gnulib/lib \
++	-I$(top_srcdir) \
+ 	-I$(top_builddir)/src \
+ 	-I$(top_srcdir)/src \
+ 	-I$(top_srcdir)/src/util \
+Index: libvirt-1.1.2/src/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/src/Makefile.am
++++ libvirt-1.1.2/src/Makefile.am
+@@ -21,6 +21,7 @@
+ # that actually use them. Also keep GETTEXT_CPPFLAGS at the end.
+ INCLUDES =	-I../gnulib/lib					\
+ 		-I$(top_srcdir)/gnulib/lib			\
++		-I$(top_srcdir)					\
+ 		-I../include					\
+ 		-I$(top_srcdir)/include				\
+ 		-I$(top_srcdir)/src/util			\
+@@ -1917,6 +1918,77 @@ libvirt_lxc_la_LDFLAGS = \
+ libvirt_lxc_la_CFLAGS = $(AM_CFLAGS)
+ libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD)
+ 
++# Since virt-login-shell will be setuid, we must do everything
++# we can to avoid linking to other libraries. Many of them do
++# unsafe things in functions marked __atttribute__((constructor)).
++# This library is built to include the bare minimum required to
++# have a RPC client for local UNIX socket access only. We use
++# the ../config-post.h header to disable all external deps that
++# we don't want
++if WITH_LXC
++noinst_LTLIBRARIES += libvirt-setuid-rpc-client.la
++
++libvirt_setuid_rpc_client_la_SOURCES = 		\
++		util/viralloc.c			\
++		util/virbitmap.c		\
++		util/virbuffer.c		\
++		util/vircommand.c		\
++		util/virconf.c			\
++		util/virerror.c			\
++		util/virevent.c			\
++		util/vireventpoll.c		\
++		util/virfile.c			\
++		util/virhash.c			\
++		util/virhashcode.c		\
++		util/virjson.c			\
++		util/virlog.c			\
++		util/virobject.c		\
++		util/virpidfile.c		\
++		util/virprocess.c		\
++		util/virrandom.c		\
++		util/virsocketaddr.c		\
++		util/virstoragefile.c		\
++		util/virstring.c		\
++		util/virtime.c			\
++		util/virthread.c		\
++		util/virtypedparam.c		\
++		util/viruri.c			\
++		util/virutil.c			\
++		util/viruuid.c			\
++		conf/domain_event.c		\
++		rpc/virnetsocket.c		\
++		rpc/virnetsocket.h		\
++		rpc/virnetmessage.h		\
++		rpc/virnetmessage.c		\
++		rpc/virkeepalive.c		\
++		rpc/virkeepalive.h		\
++		rpc/virnetclient.c		\
++		rpc/virnetclientprogram.c	\
++		rpc/virnetclientstream.c	\
++		rpc/virnetprotocol.c		\
++		remote/remote_driver.c		\
++		remote/remote_protocol.c	\
++		remote/qemu_protocol.c		\
++		remote/lxc_protocol.c		\
++		datatypes.c			\
++		libvirt.c			\
++		libvirt-lxc.c			\
++		$(NULL)
++
++libvirt_setuid_rpc_client_la_LDFLAGS =		\
++		$(AM_LDFLAGS)			\
++		$(LIBXML_LIBS)			\
++		$(SELINUX_LIBS)			\
++		$(NULL)
++libvirt_setuid_rpc_client_la_CFLAGS =		\
++		-DLIBVIRT_SETUID_RPC_CLIENT	\
++		-I$(top_srcdir)/src/conf	\
++		-I$(top_srcdir)/src/rpc		\
++		$(AM_CFLAGS)			\
++		$(SELINUX_CFLAGS)		\
++		$(NULL)
++endif WITH_LXC
++
+ lockdriverdir = $(libdir)/libvirt/lock-driver
+ lockdriver_LTLIBRARIES =
+ 
+Index: libvirt-1.1.2/src/libvirt.c
+===================================================================
+--- libvirt-1.1.2.orig/src/libvirt.c
++++ libvirt-1.1.2/src/libvirt.c
+@@ -446,40 +446,46 @@ virGlobalInit(void)
+         goto error;
+ 
+     /*
++     * Note we must avoid everything except 'remote' driver
++     * for virt-login-shell usage
++     */
++#ifndef LIBVIRT_SETUID_RPC_CLIENT
++    /*
+      * Note that the order is important: the first ones have a higher
+      * priority when calling virConnectOpen.
+      */
+-#ifdef WITH_TEST
++# ifdef WITH_TEST
+     if (testRegister() == -1)
+         goto error;
+-#endif
+-#ifdef WITH_OPENVZ
++# endif
++# ifdef WITH_OPENVZ
+     if (openvzRegister() == -1)
+         goto error;
+-#endif
+-#ifdef WITH_VMWARE
++# endif
++# ifdef WITH_VMWARE
+     if (vmwareRegister() == -1)
+         goto error;
+-#endif
+-#ifdef WITH_PHYP
++# endif
++# ifdef WITH_PHYP
+     if (phypRegister() == -1)
+         goto error;
+-#endif
+-#ifdef WITH_ESX
++# endif
++# ifdef WITH_ESX
+     if (esxRegister() == -1)
+         goto error;
+-#endif
+-#ifdef WITH_HYPERV
++# endif
++# ifdef WITH_HYPERV
+     if (hypervRegister() == -1)
+         goto error;
+-#endif
+-#ifdef WITH_XENAPI
++# endif
++# ifdef WITH_XENAPI
+     if (xenapiRegister() == -1)
+         goto error;
+-#endif
+-#ifdef WITH_PARALLELS
++# endif
++# ifdef WITH_PARALLELS
+     if (parallelsRegister() == -1)
+         goto error;
++# endif
+ #endif
+ #ifdef WITH_REMOTE
+     if (remoteRegister() == -1)
+Index: libvirt-1.1.2/tools/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/tools/Makefile.am
++++ libvirt-1.1.2/tools/Makefile.am
+@@ -149,6 +149,11 @@ virt_host_validate_CFLAGS = \
+ 		$(COVERAGE_CFLAGS)				\
+ 		$(NULL)
+ 
++# Since virt-login-shell will be setuid, we must do everything
++# we can to avoid linking to other libraries. Many of them do
++# unsafe things in functions marked __atttribute__((constructor)).
++# This we statically link to a library containing only the minimal
++# libvirt client code, not libvirt.so itself.
+ virt_login_shell_SOURCES =					\
+ 		virt-login-shell.c
+ 
+@@ -159,11 +164,11 @@ virt_login_shell_LDFLAGS = \
+ virt_login_shell_LDADD =					\
+ 		$(STATIC_BINARIES)				\
+ 		$(PIE_LDFLAGS)					\
+-		../src/libvirt.la				\
+-		../src/libvirt-lxc.la				\
++		../src/libvirt-setuid-rpc-client.la		\
+ 		../gnulib/lib/libgnu.la
+ 
+ virt_login_shell_CFLAGS =					\
++		-DLIBVIRT_SETUID_RPC_CLIENT			\
+ 		$(WARN_CFLAGS)					\
+ 		$(PIE_CFLAGS)					\
+ 		$(COVERAGE_CFLAGS)

57687fd6-CVE-2013-4401.patch

@@ -0,0 +1,52 @@
+commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Thu Oct 3 16:37:57 2013 +0100
+
+    Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
+    
+    The virConnectDomainXMLToNative API should require 'connect:write'
+    not 'connect:read', since it will trigger execution of the QEMU
+    binaries listed in the XML.
+    
+    Also make virConnectDomainXMLFromNative API require a full
+    read-write connection and 'connect:write' permission. Although the
+    current impl doesn't trigger execution of QEMU, we should not
+    rely on that impl detail from an API permissioning POV.
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.1.2/src/libvirt.c
+===================================================================
+--- libvirt-1.1.2.orig/src/libvirt.c
++++ libvirt-1.1.2/src/libvirt.c
+@@ -4606,6 +4606,10 @@ char *virConnectDomainXMLFromNative(virC
+         virDispatchError(NULL);
+         return NULL;
+     }
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     virCheckNonNullArgGoto(nativeFormat, error);
+     virCheckNonNullArgGoto(nativeConfig, error);
+Index: libvirt-1.1.2/src/remote/remote_protocol.x
+===================================================================
+--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
++++ libvirt-1.1.2/src/remote/remote_protocol.x
+@@ -3812,13 +3812,13 @@ enum remote_procedure {
+ 
+     /**
+      * @generate: both
+-     * @acl: connect:read
++     * @acl: connect:write
+      */
+     REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135,
+ 
+     /**
+      * @generate: both
+-     * @acl: connect:read
++     * @acl: connect:write
+      */
+     REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136,
+ 

5a0ea4b7-CVE-2013-4400.patch

@@ -0,0 +1,103 @@
+commit 5a0ea4b7b9af2231ed161b94f9af65375c6ee9c2
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Mon Oct 21 15:36:11 2013 -0600
+
+    build: fix linking virt-login-shell
+    
+    After commit 3e2f27e1, I've noticed build failures of virt-login-shell
+    when libapparmor-devel is installed on the build host
+    
+    CCLD     virt-login-shell
+    ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
+    In function `virExec':
+    /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
+    reference to `aa_change_profile'
+    collect2: error: ld returned 1 exit status
+    
+    I was about to commit an easy fix under the build-breaker rule
+    (build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
+    to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
+    makes sense (build-fix-2.patch).
+    
+    Should I just stick with the simple fix, or is something along the lines
+    of patch 2 preferred?
+    
+    Regards,
+    Jim
+    
+    >From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
+    From: Jim Fehlig <jfehlig@suse.com>
+    Date: Mon, 21 Oct 2013 15:30:02 -0600
+    Subject: [PATCH] build: fix virt-login-shell build with apparmor
+    
+    With libapparmor-devel installed, virt-login-shell fails to link
+    
+    CCLD     virt-login-shell
+    ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
+    /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
+    collect2: error: ld returned 1 exit status
+    
+    Fix by linking libvirt_setuid_rpc_client with previously determined
+    SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
+    and use both throughout src/Makefile.am where it makes sense.
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+
+Index: libvirt-1.1.2/src/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/src/Makefile.am
++++ libvirt-1.1.2/src/Makefile.am
+@@ -49,11 +49,14 @@ nodist_conf_DATA =
+ 
+ THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD)
+ 
++SECDRIVER_CFLAGS =
+ SECDRIVER_LIBS =
+ if WITH_SECDRIVER_SELINUX
++SECDRIVER_CFLAGS += $(SELINUX_CFLAGS)
+ SECDRIVER_LIBS += $(SELINUX_LIBS)
+ endif
+ if WITH_SECDRIVER_APPARMOR
++SECDRIVER_CFLAGS += $(APPARMOR_CFLAGS)
+ SECDRIVER_LIBS += $(APPARMOR_LIBS)
+ endif
+ 
+@@ -1978,14 +1981,14 @@ libvirt_setuid_rpc_client_la_SOURCES =
+ libvirt_setuid_rpc_client_la_LDFLAGS =		\
+ 		$(AM_LDFLAGS)			\
+ 		$(LIBXML_LIBS)			\
+-		$(SELINUX_LIBS)			\
++		$(SECDRIVER_LIBS)		\
+ 		$(NULL)
+ libvirt_setuid_rpc_client_la_CFLAGS =		\
+ 		-DLIBVIRT_SETUID_RPC_CLIENT	\
+ 		-I$(top_srcdir)/src/conf	\
+ 		-I$(top_srcdir)/src/rpc		\
+ 		$(AM_CFLAGS)			\
+-		$(SELINUX_CFLAGS)		\
++		$(SECDRIVER_CFLAGS)		\
+ 		$(NULL)
+ endif WITH_LXC
+ 
+@@ -2268,6 +2271,7 @@ libvirt_net_rpc_la_LDFLAGS = \
+ 			$(GNUTLS_LIBS) \
+ 			$(SASL_LIBS) \
+ 			$(SSH2_LIBS)\
++			$(SECDRIVER_LIBS) \
+ 			$(AM_LDFLAGS) \
+ 			$(CYGWIN_EXTRA_LDFLAGS) \
+ 			$(MINGW_EXTRA_LDFLAGS)
+@@ -2410,12 +2414,7 @@ if WITH_BLKID
+ libvirt_lxc_CFLAGS += $(BLKID_CFLAGS)
+ libvirt_lxc_LDADD += $(BLKID_LIBS)
+ endif
+-if WITH_SECDRIVER_SELINUX
+-libvirt_lxc_CFLAGS += $(SELINUX_CFLAGS)
+-endif
+-if WITH_SECDRIVER_APPARMOR
+-libvirt_lxc_CFLAGS += $(APPARMOR_CFLAGS)
+-endif
++libvirt_lxc_CFLAGS += $(SECDRIVER_CFLAGS)
+ endif
+ endif
+ EXTRA_DIST += $(LXC_CONTROLLER_SOURCES)

79552754-libvirtd-chardev-crash.patch

@@ -0,0 +1,87 @@
+commit 795527548fea79902ea4ce32747e069944cf3e61
+Author: Peter Krempa <pkrempa@redhat.com>
+Date:   Thu Sep 26 08:12:39 2013 +0200
+
+    conf: Don't crash on invalid chardev source definition of RNGs and other
+    
+    Since commit 297c99a5 an invalid source definition XML of a character
+    device that is used as backend for RNG devices, smartcards and redirdevs
+    causes crash of the daemon when parsing such a definition.
+    
+    The device types mentioned above are not a part of a regular character
+    device but are backends for other types. Thus when parsing such device
+    NULL is passed as the argument @chr_def. Later when checking the
+    validity of the definition @chr_def was dereferenced when parsing a UNIX
+    socket backend with missing path of the socket and crashed the daemon.
+    
+    Sample offending configuration:
+      <devices>
+      ...
+        <rng model='virtio'>
+          <backend model='egd' type='unix'>
+            <source mode='bind' service='1024'/>
+          </backend>
+        </rng>
+      </devices>
+    
+    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196
+
+Index: libvirt-1.1.2/src/conf/domain_conf.c
+===================================================================
+--- libvirt-1.1.2.orig/src/conf/domain_conf.c
++++ libvirt-1.1.2/src/conf/domain_conf.c
+@@ -7026,7 +7026,8 @@ virDomainChrSourceDefParseXML(virDomainC
+     case VIR_DOMAIN_CHR_TYPE_UNIX:
+         /* path can be auto generated */
+         if (!path &&
+-            chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) {
++            (!chr_def ||
++             chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("Missing source path attribute for char device"));
+             goto error;
+Index: libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
+===================================================================
+--- /dev/null
++++ libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
+@@ -0,0 +1,27 @@
++<domain type='qemu'>
++  <name>QEMUGuest1</name>
++  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
++  <memory unit='KiB'>219100</memory>
++  <currentMemory unit='KiB'>219100</currentMemory>
++  <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
++  <os>
++    <type arch='i686' machine='pc'>hvm</type>
++    <boot dev='hd'/>
++  </os>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu</emulator>
++    <controller type='usb' index='0'/>
++    <controller type='pci' index='0' model='pci-root'/>
++    <memballoon model='virtio'/>
++    <rng model='virtio'>
++      <backend model='egd' type='unix'>
++        <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1012196 -->
++        <source mode='connect' host='1.2.3.4' service='1234'/>
++      </backend>
++    </rng>
++  </devices>
++</domain>
+Index: libvirt-1.1.2/tests/qemuxml2argvtest.c
+===================================================================
+--- libvirt-1.1.2.orig/tests/qemuxml2argvtest.c
++++ libvirt-1.1.2/tests/qemuxml2argvtest.c
+@@ -973,6 +973,8 @@ mymain(void)
+             QEMU_CAPS_OBJECT_RNG_RANDOM);
+     DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
+             QEMU_CAPS_OBJECT_RNG_EGD);
++    DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE,
++            QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD);
+     DO_TEST("virtio-rng-ccw",
+             QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
+             QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW,

843bdb2f-CVE-2013-4400.patch

@@ -0,0 +1,27 @@
+commit 843bdb2f8a3364637cda2911624149525188843f
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Mon Oct 21 23:12:22 2013 -0600
+
+    build: fix build of virt-login-shell on systems with older gnutls
+    
+    On systems where gnutls uses libgcrypt, I'm seeing the following
+    build failure
+    
+    libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type
+    libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function)
+    ...
+    
+    Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h
+
+Index: libvirt-1.1.2/config-post.h
+===================================================================
+--- libvirt-1.1.2.orig/config-post.h
++++ libvirt-1.1.2/config-post.h
+@@ -34,6 +34,7 @@
+ # undef WITH_CURL
+ # undef WITH_DTRACE_PROBES
+ # undef WITH_GNUTLS
++# undef WITH_GNUTLS_GCRYPT
+ # undef WITH_MACVTAP
+ # undef WITH_NUMACTL
+ # undef WITH_SASL

8c3586ea-CVE-2013-4400.patch

@@ -0,0 +1,61 @@
+commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Wed Oct 9 10:59:36 2013 +0100
+
+    Only allow 'stderr' log output when running setuid (CVE-2013-4400)
+    
+    We must not allow file/syslog/journald log outputs when running
+    setuid since they can be abused to do bad things. In particular
+    the 'file' output can be used to overwrite files.
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.1.2/src/util/virlog.c
+===================================================================
+--- libvirt-1.1.2.orig/src/util/virlog.c
++++ libvirt-1.1.2/src/util/virlog.c
+@@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priorit
+  * Multiple output can be defined in a single @output, they just need to be
+  * separated by spaces.
+  *
++ * If running in setuid mode, then only the 'stderr' output will
++ * be allowed
++ *
+  * Returns the number of output parsed and installed or -1 in case of error
+  */
+ int
+@@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs)
+     virLogPriority prio;
+     int ret = -1;
+     int count = 0;
++    bool isSUID = virIsSUID();
+ 
+     if (cur == NULL)
+         return -1;
+@@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs)
+             if (virLogAddOutputToStderr(prio) == 0)
+                 count++;
+         } else if (STREQLEN(cur, "syslog", 6)) {
++            if (isSUID)
++                goto cleanup;
+             cur += 6;
+             if (*cur != ':')
+                 goto cleanup;
+@@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs)
+             VIR_FREE(name);
+ #endif /* HAVE_SYSLOG_H */
+         } else if (STREQLEN(cur, "file", 4)) {
++            if (isSUID)
++                goto cleanup;
+             cur += 4;
+             if (*cur != ':')
+                 goto cleanup;
+@@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs)
+             VIR_FREE(name);
+             VIR_FREE(abspath);
+         } else if (STREQLEN(cur, "journald", 8)) {
++            if (isSUID)
++                goto cleanup;
+             cur += 8;
+ #if USE_JOURNALD
+             if (virLogAddOutputToJournald(prio) == 0)

ae53e5d1-CVE-2013-4400.patch

@@ -0,0 +1,96 @@
+commit ae53e5d10e434e07079d7e3ba11ec654ba6a256e
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Wed Oct 9 10:52:39 2013 +0100
+
+    Add helpers for getting env vars in a setuid environment
+    
+    Care must be taken accessing env variables when running
+    setuid. Introduce a virGetEnvAllowSUID for env vars which
+    are safe to use in a setuid environment, and another
+    virGetEnvBlockSUID for vars which are not safe. Also add
+    a virIsSUID helper method for any other non-env var code
+    to use.
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.1.2/src/libvirt_private.syms
+===================================================================
+--- libvirt-1.1.2.orig/src/libvirt_private.syms
++++ libvirt-1.1.2/src/libvirt_private.syms
+@@ -2042,6 +2042,8 @@ virFindFCHostCapableVport;
+ virFormatIntDecimal;
+ virGetDeviceID;
+ virGetDeviceUnprivSGIO;
++virGetEnvAllowSUID;
++virGetEnvBlockSUID;
+ virGetFCHostNameByWWN;
+ virGetGroupID;
+ virGetGroupList;
+@@ -2060,6 +2062,7 @@ virIndexToDiskName;
+ virIsCapableFCHost;
+ virIsCapableVport;
+ virIsDevMapperDevice;
++virIsSUID;
+ virManageVport;
+ virParseNumber;
+ virParseOwnershipIds;
+Index: libvirt-1.1.2/src/util/virutil.c
+===================================================================
+--- libvirt-1.1.2.orig/src/util/virutil.c
++++ libvirt-1.1.2/src/util/virutil.c
+@@ -2116,3 +2116,42 @@ cleanup:
+ 
+     return rc;
+ }
++
++
++/**
++ * virGetEnvBlockSUID:
++ * @name: the environment variable name
++ *
++ * Obtain an environment variable which is unsafe to
++ * use when running setuid. If running setuid, a NULL
++ * value will be returned
++ */
++const char *virGetEnvBlockSUID(const char *name)
++{
++    return secure_getenv(name);
++}
++
++
++/**
++ * virGetEnvBlockSUID:
++ * @name: the environment variable name
++ *
++ * Obtain an environment variable which is safe to
++ * use when running setuid. The value will be returned
++ * even when running setuid
++ */
++const char *virGetEnvAllowSUID(const char *name)
++{
++    return getenv(name);
++}
++
++
++/**
++ * virIsSUID:
++ * Return a true value if running setuid. Does not
++ * check for elevated capabilities bits.
++ */
++bool virIsSUID(void)
++{
++    return getuid() != geteuid();
++}
+Index: libvirt-1.1.2/src/util/virutil.h
+===================================================================
+--- libvirt-1.1.2.orig/src/util/virutil.h
++++ libvirt-1.1.2/src/util/virutil.h
+@@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long l
+ 
+ int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
+ 
++const char *virGetEnvBlockSUID(const char *name);
++const char *virGetEnvAllowSUID(const char *name);
++bool virIsSUID(void);
++
+ #endif /* __VIR_UTIL_H__ */

b7fcc799a-CVE-2013-4400.patch

@@ -0,0 +1,36 @@
+commit b7fcc799ad5d8f3e55b89b94e599903e3c092467
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Wed Oct 9 15:14:34 2013 +0100
+
+    Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
+    
+    We don't want to inherit any FDs in the new namespace
+    except for the stdio FDs. Explicitly close them all,
+    just in case some do not have the close-on-exec flag
+    set.
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.1.2/tools/virt-login-shell.c
+===================================================================
+--- libvirt-1.1.2.orig/tools/virt-login-shell.c
++++ libvirt-1.1.2/tools/virt-login-shell.c
+@@ -313,6 +313,18 @@ main(int argc, char **argv)
+     if (cpid == 0) {
+         pid_t ccpid;
+ 
++        int openmax = sysconf(_SC_OPEN_MAX);
++        int fd;
++        if (openmax < 0) {
++            virReportSystemError(errno,  "%s",
++                                 _("sysconf(_SC_OPEN_MAX) failed"));
++            return EXIT_FAILURE;
++        }
++        for (fd = 3; fd < openmax; fd++) {
++            int tmpfd = fd;
++            VIR_MASS_CLOSE(tmpfd);
++        }
++
+         /* Fork once because we don't want to affect
+          * virt-login-shell's namespace itself
+          */

bd773e74-lxc-terminate-machine.patch

@@ -0,0 +1,247 @@
+commit bd773e74f0d1d1b9ebbfcaa645178316b4f2265c
+Author: Cédric Bosdonnat <cbosdonnat@suse.com>
+Date:   Mon Sep 30 16:46:29 2013 +0200
+
+    LXC: workaround machined uncleaned data with containers running systemd.
+    
+    The problem is described by [0] but its effect on libvirt is that
+    starting a container with a full distro running systemd after having
+    stopped it simply fails.
+    
+    The container cleanup now calls the machined Terminate function to make
+    sure that everything is in order for the next run.
+    
+     [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370
+
+Index: libvirt-1.1.2/src/libvirt_private.syms
+===================================================================
+--- libvirt-1.1.2.orig/src/libvirt_private.syms
++++ libvirt-1.1.2/src/libvirt_private.syms
+@@ -1940,8 +1940,10 @@ virSysinfoSetup;
+ 
+ # util/virsystemd.h
+ virSystemdCreateMachine;
++virSystemdMakeMachineName;
+ virSystemdMakeScopeName;
+ virSystemdMakeSliceName;
++virSystemdTerminateMachine;
+ 
+ 
+ # util/virthread.h
+Index: libvirt-1.1.2/src/lxc/lxc_process.c
+===================================================================
+--- libvirt-1.1.2.orig/src/lxc/lxc_process.c
++++ libvirt-1.1.2/src/lxc/lxc_process.c
+@@ -50,6 +50,7 @@
+ #include "virstring.h"
+ #include "viratomic.h"
+ #include "virprocess.h"
++#include "virsystemd.h"
+ 
+ #define VIR_FROM_THIS VIR_FROM_LXC
+ 
+@@ -210,6 +211,13 @@ static void virLXCProcessCleanup(virLXCD
+         virCgroupFree(&priv->cgroup);
+     }
+ 
++    /* Get machined to terminate the machine as it may not have cleaned it
++     * properly. See https://bugs.freedesktop.org/show_bug.cgi?id=68370 for
++     * the bug we are working around here.
++     */
++    virSystemdTerminateMachine(vm->def->name, "lxc", true);
++
++
+     /* now that we know it's stopped call the hook if present */
+     if (virHookPresent(VIR_HOOK_DRIVER_LXC)) {
+         char *xml = virDomainDefFormat(vm->def, 0);
+Index: libvirt-1.1.2/src/util/virsystemd.c
+===================================================================
+--- libvirt-1.1.2.orig/src/util/virsystemd.c
++++ libvirt-1.1.2/src/util/virsystemd.c
+@@ -116,6 +116,27 @@ char *virSystemdMakeSliceName(const char
+     return virBufferContentAndReset(&buf);
+ }
+ 
++char *virSystemdMakeMachineName(const char *name,
++                                const char *drivername,
++                                bool privileged)
++{
++    char *machinename = NULL;
++    char *username = NULL;
++    if (privileged) {
++        if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0)
++            goto cleanup;
++    } else {
++        if (!(username = virGetUserName(geteuid())))
++            goto cleanup;
++        if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0)
++            goto cleanup;
++    }
++
++cleanup:
++    VIR_FREE(username);
++
++    return machinename;
++}
+ 
+ /**
+  * virSystemdCreateMachine:
+@@ -142,7 +163,6 @@ int virSystemdCreateMachine(const char *
+     DBusConnection *conn;
+     char *machinename = NULL;
+     char *creatorname = NULL;
+-    char *username = NULL;
+     char *slicename = NULL;
+ 
+     if (!virDBusHasSystemBus())
+@@ -150,15 +170,8 @@ int virSystemdCreateMachine(const char *
+ 
+     conn = virDBusGetSystemBus();
+ 
+-    if (privileged) {
+-        if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0)
+-            goto cleanup;
+-    } else {
+-        if (!(username = virGetUserName(geteuid())))
+-            goto cleanup;
+-        if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0)
+-            goto cleanup;
+-    }
++    if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged)))
++        goto cleanup;
+ 
+     if (virAsprintf(&creatorname, "libvirt-%s", drivername) < 0)
+         goto cleanup;
+@@ -241,8 +254,52 @@ int virSystemdCreateMachine(const char *
+     ret = 0;
+ 
+ cleanup:
+-    VIR_FREE(username);
+     VIR_FREE(creatorname);
+     VIR_FREE(machinename);
+     return ret;
+ }
++
++int virSystemdTerminateMachine(const char *name,
++                               const char *drivername,
++                               bool privileged)
++{
++    int ret;
++    DBusConnection *conn;
++    char *machinename = NULL;
++
++    if(!virDBusHasSystemBus())
++        return -2;
++
++    conn = virDBusGetSystemBus();
++
++    ret = -1;
++    if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged)))
++        goto cleanup;
++
++    /*
++     * The systemd DBus API we're invoking has the
++     * following signature
++     *
++     * TerminateMachine(in  s name);
++    *
++     * @name a host unique name for the machine. shows up
++     * in 'ps' listing & similar
++     */
++
++    VIR_DEBUG("Attempting to terminate machine via systemd");
++    if (virDBusCallMethod(conn,
++                          NULL,
++                          "org.freedesktop.machine1",
++                          "/org/freedesktop/machine1",
++                          "org.freedesktop.machine1.Manager",
++                          "TerminateMachine",
++                          "s",
++                          machinename) < 0)
++        goto cleanup;
++
++    ret = 0;
++
++cleanup:
++    VIR_FREE(machinename);
++    return ret;
++}
+Index: libvirt-1.1.2/src/util/virsystemd.h
+===================================================================
+--- libvirt-1.1.2.orig/src/util/virsystemd.h
++++ libvirt-1.1.2/src/util/virsystemd.h
+@@ -29,6 +29,10 @@ char *virSystemdMakeScopeName(const char
+                               const char *slicename);
+ char *virSystemdMakeSliceName(const char *partition);
+ 
++char *virSystemdMakeMachineName(const char *name,
++                                const char *drivername,
++                                bool privileged);
++
+ int virSystemdCreateMachine(const char *name,
+                             const char *drivername,
+                             bool privileged,
+@@ -38,4 +42,8 @@ int virSystemdCreateMachine(const char *
+                             bool iscontainer,
+                             const char *partition);
+ 
++int virSystemdTerminateMachine(const char *name,
++                               const char *drivername,
++                               bool privileged);
++
+ #endif /* __VIR_SYSTEMD_H__ */
+Index: libvirt-1.1.2/tests/virsystemdtest.c
+===================================================================
+--- libvirt-1.1.2.orig/tests/virsystemdtest.c
++++ libvirt-1.1.2/tests/virsystemdtest.c
+@@ -51,6 +51,18 @@ static int testCreateContainer(const voi
+     return 0;
+ }
+ 
++static int testTerminateContainer(const void *opaque ATTRIBUTE_UNUSED)
++{
++    if (virSystemdTerminateMachine("demo",
++                                   "lxc",
++                                   true) < 0) {
++        fprintf(stderr, "%s", "Failed to terminate LXC machine\n");
++        return -1;
++    }
++
++    return 0;
++}
++
+ static int testCreateMachine(const void *opaque ATTRIBUTE_UNUSED)
+ {
+     unsigned char uuid[VIR_UUID_BUFLEN] = {
+@@ -74,6 +86,18 @@ static int testCreateMachine(const void
+     return 0;
+ }
+ 
++static int testTerminateMachine(const void *opaque ATTRIBUTE_UNUSED)
++{
++    if (virSystemdTerminateMachine("demo",
++                                   "qemu",
++                                   false) < 0) {
++        fprintf(stderr, "%s", "Failed to terminate KVM machine\n");
++        return -1;
++    }
++
++    return 0;
++}
++
+ static int testCreateNoSystemd(const void *opaque ATTRIBUTE_UNUSED)
+ {
+     unsigned char uuid[VIR_UUID_BUFLEN] = {
+@@ -177,8 +201,12 @@ mymain(void)
+ 
+     if (virtTestRun("Test create container ", 1, testCreateContainer, NULL) < 0)
+         ret = -1;
++    if (virtTestRun("Test terminate container ", 1, testTerminateContainer, NULL) < 0)
++        ret = -1;
+     if (virtTestRun("Test create machine ", 1, testCreateMachine, NULL) < 0)
+         ret = -1;
++    if (virtTestRun("Test terminate machine ", 1, testTerminateMachine, NULL) < 0)
++        ret = -1;
+     if (virtTestRun("Test create no systemd ", 1, testCreateNoSystemd, NULL) < 0)
+         ret = -1;
+     if (virtTestRun("Test create bad systemd ", 1, testCreateBadSystemd, NULL) < 0)

e350826c-python-fix-fd-passing.patch

@@ -0,0 +1,26 @@
+commit e350826c653b20dd271ab99075d2f224c7451356
+Author: Marian Neagul <marian@info.uvt.ro>
+Date:   Tue Oct 22 16:03:39 2013 +0100
+
+    python: Fix Create*WithFiles filefd passing
+    
+    Commit d76227be added functions virDomainCreateWithFiles and
+    virDomainCreateXMLWithFiles, but there was a little piece missing in
+    python bindings.  This patch fixes proper passing of file descriptors
+    in the overwrites of these functions.
+
+Index: libvirt-1.1.2/python/libvirt-override.c
+===================================================================
+--- libvirt-1.1.2.orig/python/libvirt-override.c
++++ libvirt-1.1.2/python/libvirt-override.c
+@@ -7149,6 +7149,10 @@ libvirt_virDomainCreateXMLWithFiles(PyOb
+ 
+         if (libvirt_intUnwrap(pyfd, &fd) < 0)
+             goto cleanup;
++
++        files[i] = fd;
++
++        files[i] = fd;
+     }
+ 
+     LIBVIRT_BEGIN_ALLOW_THREADS;

install-apparmor-profiles.patch

@@ -203,7 +203,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
 ===================================================================
 --- /dev/null
 +++ libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
-@@ -0,0 +1,59 @@
+@@ -0,0 +1,60 @@
 +# Last Modified: Fri Aug 19 11:20:36 2011
 +#include <tunables/global>
 +@{LIBVIRT}="libvirt"
@@ -255,6 +255,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
 +  audit deny /sys/kernel/security/apparmor/matching rwxl,
 +  audit deny /sys/kernel/security/apparmor/.* rwxl,
 +  /sys/kernel/security/apparmor/profiles r,
++  /etc/xen/scripts/* rx,
 +  @libdir@/libvirt/* Pxr,
 +  @libdir@/libvirt/libvirt_parthelper Ux,
 +  @libdir@/libvirt/libvirt_iohelper Ux,

libvirt-suse-netcontrol.patch

@@ -2,7 +2,7 @@ Index: libvirt-1.1.2/configure.ac
 ===================================================================
 --- libvirt-1.1.2.orig/configure.ac
 +++ libvirt-1.1.2/configure.ac
-@@ -173,6 +173,7 @@ LIBVIRT_CHECK_DBUS
+@@ -174,6 +174,7 @@ LIBVIRT_CHECK_DBUS
  LIBVIRT_CHECK_FUSE
  LIBVIRT_CHECK_HAL
  LIBVIRT_CHECK_NETCF
@@ -10,7 +10,7 @@ Index: libvirt-1.1.2/configure.ac
  LIBVIRT_CHECK_NUMACTL
  LIBVIRT_CHECK_OPENWSMAN
  LIBVIRT_CHECK_PCIACCESS
-@@ -2296,11 +2297,12 @@ if test "$with_libvirtd" = "no" ; then
+@@ -2297,11 +2298,12 @@ if test "$with_libvirtd" = "no" ; then
    with_interface=no
  fi
  
@@ -26,7 +26,7 @@ Index: libvirt-1.1.2/configure.ac
  esac
  
  if test "$with_interface" = "yes" ; then
-@@ -2608,6 +2610,7 @@ LIBVIRT_RESULT_DBUS
+@@ -2609,6 +2611,7 @@ LIBVIRT_RESULT_DBUS
  LIBVIRT_RESULT_FUSE
  LIBVIRT_RESULT_HAL
  LIBVIRT_RESULT_NETCF
@@ -38,7 +38,7 @@ Index: libvirt-1.1.2/src/Makefile.am
 ===================================================================
 --- libvirt-1.1.2.orig/src/Makefile.am
 +++ libvirt-1.1.2/src/Makefile.am
-@@ -750,6 +750,10 @@ if WITH_NETCF
+@@ -754,6 +754,10 @@ if WITH_NETCF
  INTERFACE_DRIVER_SOURCES +=					\
  		interface/interface_backend_netcf.c
  endif
@@ -49,7 +49,7 @@ Index: libvirt-1.1.2/src/Makefile.am
  if WITH_UDEV
  INTERFACE_DRIVER_SOURCES +=					\
  		interface/interface_backend_udev.c
-@@ -1310,11 +1314,16 @@ if WITH_NETCF
+@@ -1314,11 +1318,16 @@ if WITH_NETCF
  libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
  libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
  else

libvirt.changes

@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Fri Oct 25 13:10:27 MDT 2013 - jfehlig@suse.com
+
+- libxl driver: fix initialization of VNC and SDL info for
+  HVM domains
+  libxl-hvm-vnc.patch
+  bnc#847566
+- Allow libvirtd apparmor profile to access /etc/xen/scripts/*
+
+-------------------------------------------------------------------
+Tue Oct 22 21:37:08 MDT 2013 - jfehlig@suse.com
+
+- Fix file descriptor passing in python bindings
+  e350826c-python-fix-fd-passing.patch
+  rhb#1021434
+
+-------------------------------------------------------------------
+Tue Oct 22 14:37:08 MDT 2013 - cbosdonnat@suse.com
+
+- Have systemd terminate the machine as a workaround of fdo#68370
+  bd773e74-lxc-terminate-machine.patch
+  bnc#842834
+
+-------------------------------------------------------------------
+Tue Oct 22 12:28:03 MDT 2013 - jfehlig@suse.com
+
+- Spec file fixes to only package libvirt-login-shell when
+  building the LXC driver
+
+-------------------------------------------------------------------
+Mon Oct 21 11:33:03 MDT 2013 - jfehlig@suse.com
+
+- CVE-2013-4400: Unsantized use of env variables allows privilege
+  escalation via virt-login-shell
+  ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch,
+  b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch,
+  5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch
+  bnc#837609
+- CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native
+  57687fd6-CVE-2013-4401.patch
+  bnc#845704
+
+-------------------------------------------------------------------
+Fri Oct 18 14:42:39 MDT 2013 - jfehlig@suse.com
+
+- Move hypervisor-specific files out of libvirt-daemon package
+  and into libvirt-daemon-<hypervisor> subpackage
+  bnc#845851
+- conf: Don't crash on invalid chardev source definition
+  79552754-libvirtd-chardev-crash.patch
+  bnc#845704, rhb#1012196
+
+-------------------------------------------------------------------
+Thu Oct 17 14:14:46 MDT 2013 - jfehlig@suse.com
+
+- Use newer libnl3 instead of libnl-1_1
+  bnc#845540
+
 -------------------------------------------------------------------
 Mon Oct 14 22:20:41 MDT 2013 - jfehlig@suse.com
 

libvirt.spec

@@ -314,7 +314,7 @@ BuildRequires:  libpcap-devel
 %if 0%{?suse_version} < 1210
 BuildRequires:  libnl-devel
 %else
-BuildRequires:  libnl-1_1-devel
+BuildRequires:  libnl3-devel
 %endif
 %endif
 %if %{with_avahi}
@@ -411,10 +411,21 @@ Patch4:         922b7fda-CVE-2013-4311.patch
 Patch5:         e4697b92-CVE-2013-4311.patch
 Patch6:         8294aa0c-CVE-2013-4399.patch
 Patch7:         484cc321-fix-spice-migration.patch
+Patch8:         79552754-libvirtd-chardev-crash.patch
+Patch9:         57687fd6-CVE-2013-4401.patch
+Patch10:        ae53e5d1-CVE-2013-4400.patch
+Patch11:        8c3586ea-CVE-2013-4400.patch
+Patch12:        b7fcc799a-CVE-2013-4400.patch
+Patch13:        3e2f27e1-CVE-2013-4400.patch
+Patch14:        5a0ea4b7-CVE-2013-4400.patch
+Patch15:        843bdb2f-CVE-2013-4400.patch
+Patch16:        bd773e74-lxc-terminate-machine.patch
+Patch17:        e350826c-python-fix-fd-passing.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       clone.patch
 Patch102:       xen-pv-cdrom.patch
+Patch103:       libxl-hvm-vnc.patch
 # Our patches
 Patch200:       libvirtd-defaults.patch
 Patch201:       libvirtd-init-script.patch
@@ -892,14 +903,18 @@ Requires:       augeas
 Includes the Sanlock lock manager plugin for the QEMU driver
 %endif
 
+%if %{with_lxc}
+
 %package login-shell
-Summary:        Login shell for containers
+Summary:        Login shell for connecting users to an LXC container
 Group:          Development/Libraries/C and C++
 Requires:       %{name}-client = %{version}-%{release}
 
 %description login-shell
-Povides virt-login-shell, a tool to execute a shell within a container
-matching the users name
+Provides the set-uid virt-login-shell binary that is used to
+connect a user to an LXC container when they login, by switching
+namespaces.
+%endif
 
 %if %{with_python}
 
@@ -926,9 +941,20 @@ of recent versions of Linux (and other OSes).
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
 %patch100 -p1
 %patch101
 %patch102 -p1
+%patch103 -p1
 %patch200 -p1
 %patch201 -p1
 %patch202 -p1
@@ -1193,34 +1219,19 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter
 rm -rf $RPM_BUILD_ROOT%{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
 %endif
-%if %{with_lxc}
-cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-lxc.README << 'EOF'
-Any empty package encapsulating requirements for a libvirtd capable
-of managing LXC.
-EOF
-%else
+%if ! %{with_lxc}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_lxc.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc
 %endif
-%if %{with_qemu}
-cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-qemu.README << 'EOF'
-Any empty package encapsulating requirements for a libvirtd capable
-of managing QEMU/KVM.
-EOF
-%else
+%if ! %{with_qemu}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu
 %endif
-%if %{with_uml}
-cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-uml.README << 'EOF'
-Any empty package encapsulating requirements for a libvirtd capable
-of managing UML.
-EOF
-%else
+%if ! %{with_uml}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
 %endif
 %if %{with_vbox}
@@ -1414,36 +1425,6 @@ fi
 %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
 %endif
 %endif
-%if %{with_qemu}
-%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
-%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
-%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
-%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
-%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/
-%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/target/
-%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
-%{_datadir}/augeas/lenses/libvirtd_qemu.aug
-%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
-%endif
-%if %{with_lxc}
-%config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/
-%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
-%attr(0755, root, root) %{_libdir}/%{name}/libvirt_lxc
-%{_datadir}/augeas/lenses/libvirtd_lxc.aug
-%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug
-%endif
-%if %{with_uml}
-%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/
-%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
-%endif
-%if %{with_libxl}
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/
-%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/
-%endif
 %if %{with_storage_disk}
 %attr(0755, root, root) %{_libdir}/%{name}/libvirt_parthelper
 %endif
@@ -1553,6 +1534,8 @@ fi
 %defattr(-, root, root)
 %dir %{_libdir}/%{name}/connection-driver
 %{_libdir}/%{name}/connection-driver/libvirt_driver_libxl.so
+%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/
 %endif
 
 %if %{with_vbox}
@@ -1567,21 +1550,38 @@ fi
 
 %files daemon-qemu
 %defattr(-, root, root)
-%doc %{_docdir}/%{name}/libvirt-daemon-qemu.README
+%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
+%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/target/
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
+%{_datadir}/augeas/lenses/libvirtd_qemu.aug
+%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
 %endif
 
 %if %{with_lxc}
 
 %files daemon-lxc
 %defattr(-, root, root)
-%doc %{_docdir}/%{name}/libvirt-daemon-lxc.README
+%config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc
+%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
+%attr(0755, root, root) %{_libdir}/%{name}/libvirt_lxc
+%{_datadir}/augeas/lenses/libvirtd_lxc.aug
+%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug
 %endif
 
 %if %{with_uml}
 
 %files daemon-uml
 %defattr(-, root, root)
-%doc %{_docdir}/%{name}/libvirt-daemon-uml.README
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml
+%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
 %endif
 
 %if %{with_xen} || %{with_libxl}
@@ -1690,6 +1690,8 @@ fi
 %attr(0755, root, root) %{_libdir}/%{name}/libvirt_sanlock_helper
 %endif
 
+%if %{with_lxc}
+
 %files login-shell
 %defattr(-, root, root)
 %config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf
@@ -1698,6 +1700,7 @@ fi
 # In the meantime, don't install setuid
 #%attr(4755, root, root) %{_bindir}/virt-login-shell
 %{_bindir}/virt-login-shell
+%endif
 
 %if %{with_python}
 

libxl-hvm-vnc.patch

@@ -0,0 +1,45 @@
+Index: libvirt-1.1.2/src/libxl/libxl_conf.c
+===================================================================
+--- libvirt-1.1.2.orig/src/libxl/libxl_conf.c
++++ libvirt-1.1.2/src/libxl/libxl_conf.c
+@@ -524,6 +524,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de
+ }
+ 
+ static int
++libxlFixupDomBuildInfo(virDomainDefPtr def, libxl_domain_config *d_config)
++{
++    libxl_domain_build_info *b_info = &d_config->b_info;
++    int hvm = STREQ(def->os.type, "hvm");
++    libxl_device_vfb vfb;
++
++    if (!hvm)
++        return 0;
++
++    if (d_config->num_vfbs) {
++        vfb = d_config->vfbs[0];
++        if (libxl_defbool_val(vfb.vnc.enable))
++            memcpy(&b_info->u.hvm.vnc, &vfb.vnc, sizeof(libxl_vnc_info));
++        else if (libxl_defbool_val(vfb.sdl.enable))
++            memcpy(&b_info->u.hvm.sdl, &vfb.sdl, sizeof(libxl_sdl_info));
++        else
++            return -1;
++    }
++
++    return 0;
++}
++
++
++static int
+ libxlMakeDomBuildInfo(virDomainObjPtr vm, libxl_domain_config *d_config)
+ {
+     virDomainDefPtr def = vm->def;
+@@ -1025,6 +1049,9 @@ libxlBuildDomainConfig(libxlDriverPrivat
+     if (libxlMakeVfbList(driver, def, d_config) < 0)
+         return -1;
+ 
++    if (libxlFixupDomBuildInfo(def, d_config) < 0)
++        return -1;
++
+     d_config->on_reboot = def->onReboot;
+     d_config->on_poweroff = def->onPoweroff;
+     d_config->on_crash = def->onCrash;