libvirt/libvirt-suse-netcontrol.patch
James Fehlig da9af7a383 Accepting request 692393 from home:jfehlig:branches:Virtualization
- CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime
  for read-only connections and users
  CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch
  bsc#1131595
- spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch
  touches remote_protocol.x

- Update to libvirt 5.2.0
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped patches:
    4ec3cf9a-apparmor-rules.patch,
    f38ef0fa-no-RDMA-check.patch,
    411cdaf8-apparmor-check-profile-name.patch,
    696239ba-qemu-fix-query-cpus-fast.patch,
    09eb1ae0-conf-add-xenbus-controller.patch,
    fb059757-libxl-add-xenbus-controller.patch,
    ec5a1191-libxl-support-max-grant-frames.patch,
    5a64c202-xenconfig-support-max-grant-frames.patch
  - Added patches:
    ff376c62-tests-fix-mocking-stat-lstat.patch,
    mprivozn-test-fix-proposal.patch

OBS-URL: https://build.opensuse.org/request/show/692393
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=745
2019-04-08 22:27:41 +00:00

218 lines
7.0 KiB
Diff

Index: libvirt-5.2.0/configure.ac
===================================================================
--- libvirt-5.2.0.orig/configure.ac
+++ libvirt-5.2.0/configure.ac
@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH
LIBVIRT_ARG_LIBXML
LIBVIRT_ARG_MACVTAP
LIBVIRT_ARG_NETCF
+LIBVIRT_ARG_NETCONTROL
LIBVIRT_ARG_NLS
LIBVIRT_ARG_NSS
LIBVIRT_ARG_NUMACTL
@@ -300,6 +301,7 @@ LIBVIRT_CHECK_LIBSSH
LIBVIRT_CHECK_LIBXML
LIBVIRT_CHECK_MACVTAP
LIBVIRT_CHECK_NETCF
+LIBVIRT_CHECK_NETCONTROL
LIBVIRT_CHECK_NLS
LIBVIRT_CHECK_NUMACTL
LIBVIRT_CHECK_NWFILTER
@@ -998,6 +1000,7 @@ LIBVIRT_RESULT_LIBXL
LIBVIRT_RESULT_LIBXML
LIBVIRT_RESULT_MACVTAP
LIBVIRT_RESULT_NETCF
+LIBVIRT_RESULT_NETCONTROL
LIBVIRT_RESULT_NLS
LIBVIRT_RESULT_NSS
LIBVIRT_RESULT_NUMACTL
Index: libvirt-5.2.0/tools/virsh.c
===================================================================
--- libvirt-5.2.0.orig/tools/virsh.c
+++ libvirt-5.2.0/tools/virsh.c
@@ -563,6 +563,8 @@ virshShowVersion(vshControl *ctl ATTRIBU
vshPrint(ctl, " Interface");
# if defined(WITH_NETCF)
vshPrint(ctl, " netcf");
+# elif defined(WITH_NETCONTROL)
+ vshPrint(ctl, " netcontrol");
# elif defined(WITH_UDEV)
vshPrint(ctl, " udev");
# endif
Index: libvirt-5.2.0/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-5.2.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-5.2.0/src/interface/interface_backend_netcf.c
@@ -21,7 +21,12 @@
#include <config.h>
-#include <netcf.h>
+#ifdef WITH_NETCONTROL
+# include <netcontrol/netcf.h>
+# include <netcontrol/logger.h>
+#else
+# include <netcf.h>
+#endif
#include "virerror.h"
#include "datatypes.h"
@@ -63,6 +68,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState
static virNetcfDriverStatePtr driver;
+#ifdef WITH_NETCONTROL
+static void
+interface_nc_log_driver(const char *category ATTRIBUTE_UNUSED,
+ int priority,
+ const char *func,
+ const char *file,
+ long long line,
+ const char *msg,
+ size_t len ATTRIBUTE_UNUSED)
+{
+ int vp;
+
+ switch (priority) {
+ case NC_LOG_FATAL:
+ case NC_LOG_ERROR:
+ vp = VIR_LOG_ERROR;
+ break;
+ case NC_LOG_WARN:
+ vp = VIR_LOG_WARN;
+ break;
+ case NC_LOG_INFO:
+ vp = VIR_LOG_INFO;
+ break;
+ case NC_LOG_DEBUG:
+ default:
+ vp = VIR_LOG_DEBUG;
+ break;
+ }
+ virLogMessage(&virLogSelf, vp, file, line, func, 0, "%s", msg);
+}
+#endif
static void
virNetcfDriverStateDispose(void *obj)
@@ -87,6 +123,10 @@ netcfStateInitialize(bool privileged,
driver->privileged = privileged;
+#ifdef WITH_NETCONTROL
+ nc_logger_redirect_to(interface_nc_log_driver);
+#endif
+
/* open netcf */
if (ncf_init(&driver->netcf, NULL) != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -1223,6 +1263,19 @@ static virStateDriver interfaceStateDriv
int netcfIfaceRegister(void)
{
+ struct netcf *netcf;
+
+ /* Initialization of libnetcontrol will fail if NetworkManager is enabled.
+ * Skip registration if ncf_init fails.
+ * TODO: finer-grained check? E.g. is_nm_enabled()
+ */
+ if (ncf_init(&netcf, NULL) != 0) {
+ VIR_WARN("Failed to intialize libnetcontrol. Management of interface devices is disabled");
+ return 0;
+ }
+
+ ncf_close(netcf);
+
if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0)
return -1;
if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
Index: libvirt-5.2.0/src/interface/interface_driver.c
===================================================================
--- libvirt-5.2.0.orig/src/interface/interface_driver.c
+++ libvirt-5.2.0/src/interface/interface_driver.c
@@ -30,8 +30,15 @@ interfaceRegister(void)
if (netcfIfaceRegister() == 0)
return 0;
#endif /* WITH_NETCF */
+#ifdef WITH_NETCONTROL
+ /* Attempt to load the netcontrol based backend, which is a slightly
+ patched netcf backend */
+ if (netcfIfaceRegister() == 0)
+ return 0;
+#endif /* WITH_NETCONTROL */
#if WITH_UDEV
- /* If there's no netcf or it failed to load, register the udev backend */
+ /* If there's no netcf or netcontrol, or it failed to load, register the
+ udev backend */
if (udevIfaceRegister() == 0)
return 0;
#endif /* WITH_UDEV */
Index: libvirt-5.2.0/m4/virt-netcontrol.m4
===================================================================
--- /dev/null
+++ libvirt-5.2.0/m4/virt-netcontrol.m4
@@ -0,0 +1,39 @@
+dnl The libnetcontrol library
+dnl
+dnl Copyright (C) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_ARG_NETCONTROL],[
+ LIBVIRT_ARG_WITH_FEATURE([NETCONTROL], [netcontrol], [check], [0.2.0])
+])
+
+AC_DEFUN([LIBVIRT_CHECK_NETCONTROL],[
+ LIBVIRT_CHECK_PKG([NETCONTROL], [netcontrol], [0.2.0])
+
+ if test "$with_netcontrol" = "yes" ; then
+ old_CFLAGS="$CFLAGS"
+ old_LIBS="$CFLAGS"
+ CFLAGS="$CFLAGS $NETCONTROL_CFLAGS"
+ LIBS="$LIBS $NETCONTROL_LIBS"
+ CFLAGS="$old_CFLAGS"
+ LIBS="$old_LIBS"
+ fi
+])
+
+AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[
+ LIBVIRT_RESULT_LIB([NETCONTROL])
+])
Index: libvirt-5.2.0/src/interface/Makefile.inc.am
===================================================================
--- libvirt-5.2.0.orig/src/interface/Makefile.inc.am
+++ libvirt-5.2.0/src/interface/Makefile.inc.am
@@ -4,6 +4,7 @@ INTERFACE_DRIVER_SOURCES = \
$(NULL)
INTERFACE_DRIVER_NETCF_SOURCES = interface/interface_backend_netcf.c
+INTERFACE_DRIVER_NETCONTROL_SOURCES = interface/interface_backend_netcf.c
INTERFACE_DRIVER_UDEV_SOURCES = interface/interface_backend_udev.c
DRIVER_SOURCE_FILES += $(INTERFACE_DRIVER_SOURCES)
@@ -33,6 +34,11 @@ libvirt_driver_interface_la_CFLAGS += $(
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
libvirt_driver_interface_la_SOURCES += $(INTERFACE_DRIVER_NETCF_SOURCES)
endif WITH_NETCF
+if WITH_NETCONTROL
+libvirt_driver_interface_la_CFLAGS += $(NETCONTROL_CFLAGS)
+libvirt_driver_interface_la_LIBADD += $(NETCONTROL_LIBS)
+libvirt_driver_interface_la_SOURCES += $(INTERFACE_DRIVER_NETCONTROL_SOURCES)
+endif WITH_NETCONTROL
if WITH_UDEV
libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS)