From 8082129d0c97eed783ed8548502b98e86698b2c1932248656df526dda40428f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Mon, 15 Dec 2014 14:16:23 +0000 Subject: [PATCH] Accepting request 265250 from home:cbosdonnat:branches:Virtualization - Update to libvirt 1.2.11 - Implement public API for virDomainGetFSInfo - qemu: Add define for the new throttle options - CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats() - CVE-2014-7823: dumpxml: security hole with migratable flag - Drop upstream patches: 2222123-virt-aa-helper-crash.patch, 433b427-iplink-name.patch, 52691f99-qemu-mig-crash.patch, 72fecf1-lxc-resolve-symlinks.patch, b1674ad5-CVE-2014-7823.patch, ba9b7252-sys-net-rw.patch, c264eea-virt-aa-helper-sandbox.patch, e50457d-lxc-unmount-check.patch, cgroup-all-devices.patch, libvirt-ppc64le-support.patch OBS-URL: https://build.opensuse.org/request/show/265250 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=428 --- 2222123-virt-aa-helper-crash.patch | 27 ---- 433b427-iplink-name.patch | 37 ----- 52691f99-qemu-mig-crash.patch | 29 ---- 72fecf1-lxc-resolve-symlinks.patch | 155 --------------------- b1674ad5-CVE-2014-7823.patch | 57 -------- ba9b7252-sys-net-rw.patch | 130 ------------------ c264eea-virt-aa-helper-sandbox.patch | 26 ---- cgroup-all-devices.patch | 36 ----- e50457d-lxc-unmount-check.patch | 42 ------ libvirt-1.2.10.tar.gz | 3 - libvirt-1.2.10.tar.gz.asc | 7 - libvirt-1.2.11.tar.gz | 3 + libvirt-1.2.11.tar.gz.asc | 7 + libvirt-power8-models.patch | 10 +- libvirt-ppc64le-support.patch | 196 --------------------------- libvirt-suse-netcontrol.patch | 54 ++++---- libvirt.changes | 20 +++ libvirt.spec | 30 +--- 18 files changed, 65 insertions(+), 804 deletions(-) delete mode 100644 2222123-virt-aa-helper-crash.patch delete mode 100644 433b427-iplink-name.patch delete mode 100644 52691f99-qemu-mig-crash.patch delete mode 100644 72fecf1-lxc-resolve-symlinks.patch delete mode 100644 b1674ad5-CVE-2014-7823.patch delete mode 100644 ba9b7252-sys-net-rw.patch delete mode 100644 c264eea-virt-aa-helper-sandbox.patch delete mode 100644 cgroup-all-devices.patch delete mode 100644 e50457d-lxc-unmount-check.patch delete mode 100644 libvirt-1.2.10.tar.gz delete mode 100644 libvirt-1.2.10.tar.gz.asc create mode 100644 libvirt-1.2.11.tar.gz create mode 100644 libvirt-1.2.11.tar.gz.asc delete mode 100644 libvirt-ppc64le-support.patch diff --git a/2222123-virt-aa-helper-crash.patch b/2222123-virt-aa-helper-crash.patch deleted file mode 100644 index 07910d4..0000000 --- a/2222123-virt-aa-helper-crash.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 22221233d0c2fd2c2d41b7527fe2bec13295a427 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Thu, 20 Nov 2014 11:31:44 +0100 -Subject: [PATCH 1/5] virt-aa-helper wasn't running virErrorInitialize - -This turns out to be working by magic but needs to be fixed. ---- - src/security/virt-aa-helper.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -Index: libvirt-1.2.10/src/security/virt-aa-helper.c -=================================================================== ---- libvirt-1.2.10.orig/src/security/virt-aa-helper.c -+++ libvirt-1.2.10/src/security/virt-aa-helper.c -@@ -1251,6 +1251,12 @@ main(int argc, char **argv) - exit(EXIT_FAILURE); - } - -+ if (virThreadInitialize() < 0 || -+ virErrorInitialize() < 0) { -+ fprintf(stderr, _("%s: initialization failed\n"), argv[0]); -+ exit(EXIT_FAILURE); -+ } -+ - /* clear the environment */ - environ = NULL; - if (setenv("PATH", "/sbin:/usr/sbin", 1) != 0) { diff --git a/433b427-iplink-name.patch b/433b427-iplink-name.patch deleted file mode 100644 index a7c85c5..0000000 --- a/433b427-iplink-name.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 433b427ff853ab72d32573d415e6ec569b77c7cb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Thu, 20 Nov 2014 15:26:35 +0100 -Subject: [PATCH 3/5] ip link needs 'name' in 3.16 to create the veth pair - -Due to a change (or bug?) in ip link implementation, the command - 'ip link add vnet0...' -is forced into - 'ip link add name vnet0...' -The changed command also works on older versions of iproute2, just the -'name' parameter has been made mandatory. ---- - src/util/virnetdevveth.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: libvirt-1.2.10/src/util/virnetdevveth.c -=================================================================== ---- libvirt-1.2.10.orig/src/util/virnetdevveth.c -+++ libvirt-1.2.10/src/util/virnetdevveth.c -@@ -89,7 +89,7 @@ static int virNetDevVethGetFreeNum(int s - * @veth2: pointer to return name for container end of veth pair - * - * Creates a veth device pair using the ip command: -- * ip link add veth1 type veth peer name veth2 -+ * ip link add name veth1 type veth peer name veth2 - * If veth1 points to NULL on entry, it will be a valid interface on - * return. veth2 should point to NULL on entry. - * -@@ -146,7 +146,7 @@ int virNetDevVethCreate(char** veth1, ch - } - - cmd = virCommandNew("ip"); -- virCommandAddArgList(cmd, "link", "add", -+ virCommandAddArgList(cmd, "link", "add", "name", - *veth1 ? *veth1 : veth1auto, - "type", "veth", "peer", "name", - *veth2 ? *veth2 : veth2auto, diff --git a/52691f99-qemu-mig-crash.patch b/52691f99-qemu-mig-crash.patch deleted file mode 100644 index cd20ba8..0000000 --- a/52691f99-qemu-mig-crash.patch +++ /dev/null @@ -1,29 +0,0 @@ -commit 52691f99fa016ac46c9546c37706e57a5180d4c6 -Author: Jiri Denemark -Date: Thu Nov 20 13:09:16 2014 +0100 - - qemu: Fix crash in tunnelled migration - - Any attempt to start a tunnelled migration with libvirtd that supports - RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes - libvirtd on the destination host. - - The crash is inevitable because qemuMigrationPrepareAny is always called - with NULL protocol in case of tunnelled migration. - - https://bugzilla.redhat.com/show_bug.cgi?id=1147331 - Signed-off-by: Jiri Denemark - -Index: libvirt-1.2.10/src/qemu/qemu_migration.c -=================================================================== ---- libvirt-1.2.10.orig/src/qemu/qemu_migration.c -+++ libvirt-1.2.10/src/qemu/qemu_migration.c -@@ -2688,7 +2688,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr - QEMU_MIGRATION_COOKIE_NBD))) - goto cleanup; - -- if (STREQ(protocol, "rdma") && !vm->def->mem.hard_limit) { -+ if (STREQ_NULLABLE(protocol, "rdma") && !vm->def->mem.hard_limit) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("cannot start RDMA migration with no memory hard " - "limit set")); diff --git a/72fecf1-lxc-resolve-symlinks.patch b/72fecf1-lxc-resolve-symlinks.patch deleted file mode 100644 index 40a90fd..0000000 --- a/72fecf1-lxc-resolve-symlinks.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 72fecf1813b9e77a7f89bc1e708f91bdab7d9ad4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Fri, 21 Nov 2014 17:45:55 +0100 -Subject: [PATCH 4/5] lxc: be more patient while resolving symlinks - -Resolving symlinks can fail before mounting any file system if one file -system depends on another being mounted. Symlinks are now resolved in -two passes: - - * Before any file system is mounted, but then we are more gentle if - the source path can't be accessed - * Right before mounting a file system, so that we are sure that we - have the resolved path... but then if it can't be accessed we raise - an error. ---- - src/conf/domain_conf.h | 1 + - src/lxc/lxc_container.c | 77 ++++++++++++++++++++++++++++++++++--------------- - 2 files changed, 54 insertions(+), 24 deletions(-) - -Index: libvirt-1.2.10/src/conf/domain_conf.h -=================================================================== ---- libvirt-1.2.10.orig/src/conf/domain_conf.h -+++ libvirt-1.2.10/src/conf/domain_conf.h -@@ -814,6 +814,7 @@ struct _virDomainFSDef { - virDomainDeviceInfo info; - unsigned long long space_hard_limit; /* in bytes */ - unsigned long long space_soft_limit; /* in bytes */ -+ bool symlinksResolved; - }; - - -Index: libvirt-1.2.10/src/lxc/lxc_container.c -=================================================================== ---- libvirt-1.2.10.orig/src/lxc/lxc_container.c -+++ libvirt-1.2.10/src/lxc/lxc_container.c -@@ -609,6 +609,48 @@ static int lxcContainerUnmountSubtree(co - return ret; - } - -+static int lxcContainerResolveSymlinks(virDomainFSDefPtr fs, bool gentle) -+{ -+ char *newroot; -+ -+ if (!fs->src || fs->symlinksResolved) -+ return 0; -+ -+ if (access(fs->src, F_OK)) { -+ if (gentle) { -+ /* Just ignore the error for the while, we'll try again later */ -+ VIR_DEBUG("Skipped unaccessible '%s'", fs->src); -+ return 0; -+ } else { -+ virReportSystemError(errno, -+ _("Failed to access '%s'"), fs->src); -+ return -1; -+ } -+ } -+ -+ VIR_DEBUG("Resolving '%s'", fs->src); -+ if (virFileResolveAllLinks(fs->src, &newroot) < 0) { -+ if (gentle) { -+ VIR_DEBUG("Skipped non-resolvable '%s'", fs->src); -+ return 0; -+ } else { -+ virReportSystemError(errno, -+ _("Failed to resolve symlink at %s"), -+ fs->src); -+ } -+ return -1; -+ } -+ -+ /* Mark it resolved to skip it the next time */ -+ fs->symlinksResolved = true; -+ -+ VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot); -+ -+ VIR_FREE(fs->src); -+ fs->src = newroot; -+ -+ return 0; -+} - - static int lxcContainerPrepareRoot(virDomainDefPtr def, - virDomainFSDefPtr root, -@@ -635,6 +677,9 @@ static int lxcContainerPrepareRoot(virDo - return -1; - } - -+ if (lxcContainerResolveSymlinks(root, false) < 0) -+ return -1; -+ - if (virAsprintf(&dst, "%s/%s.root", - LXC_STATE_DIR, def->name) < 0) - return -1; -@@ -1555,6 +1600,9 @@ static int lxcContainerMountAllFS(virDom - if (STREQ(vmDef->fss[i]->dst, "/")) - continue; - -+ if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0) -+ return -1; -+ - if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst, - false) < 0) - return -1; -@@ -1738,37 +1786,18 @@ static int lxcContainerSetupPivotRoot(vi - return ret; - } - -- --static int lxcContainerResolveSymlinks(virDomainDefPtr vmDef) -+static int lxcContainerResolveAllSymlinks(virDomainDefPtr vmDef) - { -- char *newroot; - size_t i; - - VIR_DEBUG("Resolving symlinks"); - - for (i = 0; i < vmDef->nfss; i++) { - virDomainFSDefPtr fs = vmDef->fss[i]; -- if (!fs->src) -- continue; -- -- if (access(fs->src, F_OK)) { -- virReportSystemError(errno, -- _("Failed to access '%s'"), fs->src); -+ /* In the first pass, be gentle as some files may -+ depend on other filesystems to be mounted */ -+ if (lxcContainerResolveSymlinks(fs, true) < 0) - return -1; -- } -- -- VIR_DEBUG("Resolving '%s'", fs->src); -- if (virFileResolveAllLinks(fs->src, &newroot) < 0) { -- virReportSystemError(errno, -- _("Failed to resolve symlink at %s"), -- fs->src); -- return -1; -- } -- -- VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot); -- -- VIR_FREE(fs->src); -- fs->src = newroot; - } - VIR_DEBUG("Resolved all filesystem symlinks"); - -@@ -2107,7 +2136,7 @@ static int lxcContainerChild(void *data) - goto cleanup; - } - -- if (lxcContainerResolveSymlinks(vmDef) < 0) -+ if (lxcContainerResolveAllSymlinks(vmDef) < 0) - goto cleanup; - - VIR_DEBUG("Setting up pivot"); diff --git a/b1674ad5-CVE-2014-7823.patch b/b1674ad5-CVE-2014-7823.patch deleted file mode 100644 index 95c316a..0000000 --- a/b1674ad5-CVE-2014-7823.patch +++ /dev/null @@ -1,57 +0,0 @@ -commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b -Author: Eric Blake -Date: Fri Oct 31 22:14:07 2014 -0600 - - CVE-2014-7823: dumpxml: security hole with migratable flag - - Commit 28f8dfd (v1.0.0) introduced a security hole: in at least - the qemu implementation of virDomainGetXMLDesc, the use of the - flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only - connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE - prior to calling qemuDomainFormatXML. However, the use of - VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write - clients only. This patch treats the migratable flag as requiring - the same permissions, rather than analyzing what might break if - migratable xml no longer includes secret information. - - Fortunately, the information leak is low-risk: all that is gated - by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password; - but VNC passwords are already weak (FIPS forbids their use, and - on a non-FIPS machine, anyone stupid enough to trust a max-8-byte - password sent in plaintext over the network deserves what they - get). SPICE offers better security than VNC, and all other - secrets are properly protected by use of virSecret associations - rather than direct output in domain XML. - - * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC): - Tighten rules on use of migratable flag. - * src/libvirt-domain.c (virDomainGetXMLDesc): Likewise. - - Signed-off-by: Eric Blake - -Index: libvirt-1.2.10/src/libvirt-domain.c -=================================================================== ---- libvirt-1.2.10.orig/src/libvirt-domain.c -+++ libvirt-1.2.10/src/libvirt-domain.c -@@ -2607,7 +2607,8 @@ virDomainGetXMLDesc(virDomainPtr domain, - virCheckDomainReturn(domain, NULL); - conn = domain->conn; - -- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { -+ if ((conn->flags & VIR_CONNECT_RO) && -+ (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) { - virReportError(VIR_ERR_OPERATION_DENIED, "%s", - _("virDomainGetXMLDesc with secure flag")); - goto error; -Index: libvirt-1.2.10/src/remote/remote_protocol.x -=================================================================== ---- libvirt-1.2.10.orig/src/remote/remote_protocol.x -+++ libvirt-1.2.10/src/remote/remote_protocol.x -@@ -3255,6 +3255,7 @@ enum remote_procedure { - * @generate: both - * @acl: domain:read - * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE -+ * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE - */ - REMOTE_PROC_DOMAIN_GET_XML_DESC = 14, - diff --git a/ba9b7252-sys-net-rw.patch b/ba9b7252-sys-net-rw.patch deleted file mode 100644 index b6c9332..0000000 --- a/ba9b7252-sys-net-rw.patch +++ /dev/null @@ -1,130 +0,0 @@ -From ba9b7252ea8d87dfa217fb11dc5dadc039176807 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Wed, 10 Dec 2014 10:22:28 +0100 -Subject: [PATCH] lxc: give RW access to /proc/sys/net/ipv[46] to containers - -Some programs want to change some values for the network interfaces -configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them -allows wicked to work on openSUSE 13.2+. - -Reusing the lxcNeedNetworkNamespace function to tell -lxcContainerMountBasicFS if the netns is disabled. When no netns is -set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as -these would provide full access to the host NICs config. ---- - src/lxc/lxc_container.c | 64 +++++++++++++++++++++++++++++++------------------ - 1 file changed, 41 insertions(+), 23 deletions(-) - -diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c -index 3b08b86..1b9e2f2 100644 ---- a/src/lxc/lxc_container.c -+++ b/src/lxc/lxc_container.c -@@ -800,15 +800,18 @@ typedef struct { - int mflags; - bool skipUserNS; - bool skipUnmounted; -+ bool skipNoNetns; - } virLXCBasicMountInfo; - - static const virLXCBasicMountInfo lxcBasicMounts[] = { -- { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, -- { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false }, -- { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, -- { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, -+ { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false }, -+ { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false }, -+ { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true }, -+ { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true }, -+ { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false }, -+ { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false }, - #if WITH_SELINUX -- { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, -+ { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false }, - #endif - }; - -@@ -940,10 +943,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled, - continue; - } - -+ /* Skip mounts with missing source without shouting: it may be a -+ * missing folder in /proc due to the absence of a kernel feature */ -+ if (STRPREFIX(mnt_src, "/") && !virFileExists(mnt_src)) { -+ VIR_DEBUG("Skipping due to missing source: %s", mnt_src); -+ VIR_FREE(mnt_src); -+ continue; -+ } -+ -+ if (mnt->skipNoNetns && netns_disabled) { -+ VIR_DEBUG("Skipping due to absence of network namespace"); -+ VIR_FREE(mnt_src); -+ continue; -+ } -+ - if (virFileMakePath(mnt->dst) < 0) { - virReportSystemError(errno, - _("Failed to mkdir %s"), -- mnt_src); -+ mnt->dst); - goto cleanup; - } - -@@ -1697,6 +1714,23 @@ static int lxcContainerUnmountForSharedRoot(const char *stateDir, - } - - -+static bool -+lxcNeedNetworkNamespace(virDomainDefPtr def) -+{ -+ size_t i; -+ if (def->nets != NULL) -+ return true; -+ if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON) -+ return true; -+ for (i = 0; i < def->nhostdevs; i++) { -+ if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES && -+ def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET) -+ return true; -+ } -+ return false; -+} -+ -+ - /* Got a FS mapped to /, we're going the pivot_root - * approach to do a better-chroot-than-chroot - * this is based on this thread http://lkml.org/lkml/2008/3/5/29 -@@ -1741,7 +1775,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, - - /* Mounts the core /proc, /sys, etc filesystems */ - if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap, -- !vmDef->nnets) < 0) -+ !lxcNeedNetworkNamespace(vmDef)) < 0) - goto cleanup; - - /* Ensure entire root filesystem (except /.oldroot) is readonly */ -@@ -2240,22 +2274,6 @@ virArch lxcContainerGetAlt32bitArch(virArch arch) - } - - --static bool --lxcNeedNetworkNamespace(virDomainDefPtr def) --{ -- size_t i; -- if (def->nets != NULL) -- return true; -- if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON) -- return true; -- for (i = 0; i < def->nhostdevs; i++) { -- if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES && -- def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET) -- return true; -- } -- return false; --} -- - /** - * lxcContainerStart: - * @def: pointer to virtual machine structure --- -2.1.2 - diff --git a/c264eea-virt-aa-helper-sandbox.patch b/c264eea-virt-aa-helper-sandbox.patch deleted file mode 100644 index f97a451..0000000 --- a/c264eea-virt-aa-helper-sandbox.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c264eeaa381a917f01ba74526bf202073358a9dc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Thu, 20 Nov 2014 11:32:38 +0100 -Subject: [PATCH 2/5] virt-aa-helper: /etc/libvirt-sandbox/services isn't - restricted - -To get virt-sandbox-service working with AppArmor, virt-aa-helper -needs not to choke on path in /etc/libvirt-sandbox/services. ---- - src/security/virt-aa-helper.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Index: libvirt-1.2.10/src/security/virt-aa-helper.c -=================================================================== ---- libvirt-1.2.10.orig/src/security/virt-aa-helper.c -+++ libvirt-1.2.10/src/security/virt-aa-helper.c -@@ -571,7 +571,8 @@ valid_path(const char *path, const bool - }; - /* override the above with these */ - const char * const override[] = { -- "/sys/devices/pci" /* for hostdev pci devices */ -+ "/sys/devices/pci", /* for hostdev pci devices */ -+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ - }; - - if (path == NULL) { diff --git a/cgroup-all-devices.patch b/cgroup-all-devices.patch deleted file mode 100644 index f8946f4..0000000 --- a/cgroup-all-devices.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c3cebcbf0303af428f75c53de99d75885b8a8ce3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Wed, 10 Dec 2014 14:32:10 +0100 -Subject: [PATCH] Avoid getting '-1:-1' in devices cgroup list - -When calling virCgroupAllowAllDevices we get these invalid entries -in the device cgroup config. - b -1:-1 rw - c -1:-1 rw -Check for positive values before outputting the major and minor to -avoid that. ---- - src/util/vircgroup.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c -index 166f4dc..3995477 100644 ---- a/src/util/vircgroup.c -+++ b/src/util/vircgroup.c -@@ -2767,11 +2767,11 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor, - char *minorstr = NULL; - - if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || -- virAsprintf(&majorstr, "%i", major) < 0) -+ (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) - goto cleanup; - - if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || -- virAsprintf(&minorstr, "%i", minor) < 0) -+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) - goto cleanup; - - if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, --- -2.1.2 - diff --git a/e50457d-lxc-unmount-check.patch b/e50457d-lxc-unmount-check.patch deleted file mode 100644 index 59ed962..0000000 --- a/e50457d-lxc-unmount-check.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e50457dd4cc5d4ba1ac7b05734157524620d087f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Mon, 24 Nov 2014 15:10:19 +0100 -Subject: [PATCH 5/5] lxc: don't unmount subtree if it contains the source of - the mount - -The typical case where we had a problem is with such a filesystem -definition as created by virt-sandbox-service: - - - - - - -In this case, we don't want to unmount the /var subtree or we may -loose the access to the source folder. ---- - src/lxc/lxc_container.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -Index: libvirt-1.2.10/src/lxc/lxc_container.c -=================================================================== ---- libvirt-1.2.10.orig/src/lxc/lxc_container.c -+++ libvirt-1.2.10/src/lxc/lxc_container.c -@@ -1600,11 +1600,15 @@ static int lxcContainerMountAllFS(virDom - if (STREQ(vmDef->fss[i]->dst, "/")) - continue; - -+ VIR_DEBUG("Mounting '%s' -> '%s'", vmDef->fss[i]->src, vmDef->fss[i]->dst); -+ - if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0) - return -1; - -- if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst, -- false) < 0) -+ -+ if (!(vmDef->fss[i]->src && -+ STRPREFIX(vmDef->fss[i]->src, vmDef->fss[i]->dst)) && -+ lxcContainerUnmountSubtree(vmDef->fss[i]->dst, false) < 0) - return -1; - - if (lxcContainerMountFS(vmDef->fss[i], sec_mount_options) < 0) diff --git a/libvirt-1.2.10.tar.gz b/libvirt-1.2.10.tar.gz deleted file mode 100644 index 6c10450..0000000 --- a/libvirt-1.2.10.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5050f4cea3dd59d3eca25c3d3f16085e10d624ecc18bd35820cd3dac6f46c08e -size 30029503 diff --git a/libvirt-1.2.10.tar.gz.asc b/libvirt-1.2.10.tar.gz.asc deleted file mode 100644 index 280e7a9..0000000 --- a/libvirt-1.2.10.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlRXIOgACgkQRga4pd6VvB+obgCcCzOsG4rjI5PZs5Br9SXZuh41 -vUkAoIaaoJv304OoiEdsCr1x4gAwaFpU -=FzVc ------END PGP SIGNATURE----- diff --git a/libvirt-1.2.11.tar.gz b/libvirt-1.2.11.tar.gz new file mode 100644 index 0000000..9332f1c --- /dev/null +++ b/libvirt-1.2.11.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1b886429734a53fc9a201f46d77448fda963e1323246269eb0dcb4c12fb02fcc +size 30571605 diff --git a/libvirt-1.2.11.tar.gz.asc b/libvirt-1.2.11.tar.gz.asc new file mode 100644 index 0000000..cf6cffb --- /dev/null +++ b/libvirt-1.2.11.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlSLprsACgkQRga4pd6VvB9dIgCgiRsIp7IpLVT3rGLmJeGFlWIL +TIsAnimwS0VUT5YtHfkgNIzYOUjK7yq+ +=Voyk +-----END PGP SIGNATURE----- diff --git a/libvirt-power8-models.patch b/libvirt-power8-models.patch index 287675c..e0cd402 100644 --- a/libvirt-power8-models.patch +++ b/libvirt-power8-models.patch @@ -1,9 +1,9 @@ -Index: libvirt-1.2.10/src/cpu/cpu_map.xml +Index: libvirt-1.2.11/src/cpu/cpu_map.xml =================================================================== ---- libvirt-1.2.10.orig/src/cpu/cpu_map.xml -+++ libvirt-1.2.10/src/cpu/cpu_map.xml -@@ -627,5 +627,15 @@ - +--- libvirt-1.2.11.orig/src/cpu/cpu_map.xml ++++ libvirt-1.2.11/src/cpu/cpu_map.xml +@@ -657,5 +657,15 @@ + + diff --git a/libvirt-ppc64le-support.patch b/libvirt-ppc64le-support.patch deleted file mode 100644 index 53a0f00..0000000 --- a/libvirt-ppc64le-support.patch +++ /dev/null @@ -1,196 +0,0 @@ -Index: libvirt-1.2.10/src/conf/domain_conf.c -=================================================================== ---- libvirt-1.2.10.orig/src/conf/domain_conf.c -+++ libvirt-1.2.10/src/conf/domain_conf.c -@@ -10043,7 +10043,8 @@ virDomainVideoDefaultType(const virDomai - (STREQ(def->os.type, "xen") || - STREQ(def->os.type, "linux"))) - return VIR_DOMAIN_VIDEO_TYPE_XEN; -- else if (def->os.arch == VIR_ARCH_PPC64) -+ else if (def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) - return VIR_DOMAIN_VIDEO_TYPE_VGA; - else - return VIR_DOMAIN_VIDEO_TYPE_CIRRUS; -Index: libvirt-1.2.10/src/cpu/cpu_powerpc.c -=================================================================== ---- libvirt-1.2.10.orig/src/cpu/cpu_powerpc.c -+++ libvirt-1.2.10/src/cpu/cpu_powerpc.c -@@ -38,7 +38,7 @@ - - VIR_LOG_INIT("cpu.cpu_powerpc"); - --static const virArch archs[] = { VIR_ARCH_PPC64 }; -+static const virArch archs[] = { VIR_ARCH_PPC64, VIR_ARCH_PPC64LE }; - - struct ppc_vendor { - char *name; -Index: libvirt-1.2.10/src/qemu/qemu_capabilities.c -=================================================================== ---- libvirt-1.2.10.orig/src/qemu/qemu_capabilities.c -+++ libvirt-1.2.10/src/qemu/qemu_capabilities.c -@@ -633,7 +633,8 @@ virQEMUCapsProbeCPUModels(virQEMUCapsPtr - if (qemuCaps->arch == VIR_ARCH_I686 || - qemuCaps->arch == VIR_ARCH_X86_64) { - parse = virQEMUCapsParseX86Models; -- } else if (qemuCaps->arch == VIR_ARCH_PPC64) { -+ } else if (qemuCaps->arch == VIR_ARCH_PPC64 || -+ qemuCaps->arch == VIR_ARCH_PPC64LE) { - parse = virQEMUCapsParsePPCModels; - } else { - VIR_DEBUG("don't know how to parse %s CPU models", -@@ -2003,7 +2004,8 @@ bool virQEMUCapsHasPCIMultiBus(virQEMUCa - return true; - - if (def->os.arch == VIR_ARCH_PPC || -- def->os.arch == VIR_ARCH_PPC64) { -+ def->os.arch == VIR_ARCH_PPC64|| -+ def->os.arch == VIR_ARCH_PPC64LE) { - /* - * Usage of pci.0 naming: - * -@@ -3573,7 +3575,9 @@ virQEMUCapsSupportsChardev(virDomainDefP - !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE)) - return false; - -- if ((def->os.arch == VIR_ARCH_PPC) || (def->os.arch == VIR_ARCH_PPC64)) { -+ if (def->os.arch == VIR_ARCH_PPC || -+ def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) { - /* only pseries need -device spapr-vty with -chardev */ - return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && - chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO); -Index: libvirt-1.2.10/src/qemu/qemu_command.c -=================================================================== ---- libvirt-1.2.10.orig/src/qemu/qemu_command.c -+++ libvirt-1.2.10/src/qemu/qemu_command.c -@@ -713,7 +713,8 @@ qemuSetSCSIControllerModel(virDomainDefP - return -1; - } - } else { -- if ((def->os.arch == VIR_ARCH_PPC64) && -+ if ((def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) && - STRPREFIX(def->os.machine, "pseries")) { - *model = VIR_DOMAIN_CONTROLLER_MODEL_SCSI_IBMVSCSI; - } else if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SCSI_LSI)) { -@@ -1264,7 +1265,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi - - for (i = 0; i < def->nserials; i++) { - if (def->serials[i]->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && -- (def->os.arch == VIR_ARCH_PPC64) && -+ (def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) && - STRPREFIX(def->os.machine, "pseries")) - def->serials[i]->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO; - if (qemuAssignSpaprVIOAddress(def, &def->serials[i]->info, -@@ -1273,7 +1275,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi - } - - if (def->nvram) { -- if (def->os.arch == VIR_ARCH_PPC64 && -+ if ((def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) && - STRPREFIX(def->os.machine, "pseries")) - def->nvram->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO; - if (qemuAssignSpaprVIOAddress(def, &def->nvram->info, -@@ -4195,7 +4198,8 @@ qemuBuildUSBControllerDevStr(virDomainDe - model = def->model; - - if (model == -1) { -- if (domainDef->os.arch == VIR_ARCH_PPC64) -+ if (domainDef->os.arch == VIR_ARCH_PPC64 || -+ domainDef->os.arch == VIR_ARCH_PPC64LE) - model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI; - else - model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI; -@@ -8573,7 +8577,8 @@ qemuBuildCommandLine(virConnectPtr conn, - !qemuDomainMachineIsQ35(def) && - (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX3_USB_UHCI) || - (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCI_OHCI) && -- def->os.arch == VIR_ARCH_PPC64))) { -+ (def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE)))) { - if (usblegacy) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("Multiple legacy USB controllers are " -@@ -9771,7 +9776,8 @@ qemuBuildCommandLine(virConnectPtr conn, - } - - if (def->nvram) { -- if (def->os.arch == VIR_ARCH_PPC64 && -+ if ((def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) && - STRPREFIX(def->os.machine, "pseries")) { - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_NVRAM)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -@@ -9894,7 +9900,8 @@ qemuBuildSerialChrDeviceStr(char **devic - { - virBuffer cmd = VIR_BUFFER_INITIALIZER; - -- if ((arch == VIR_ARCH_PPC64) && STRPREFIX(machine, "pseries")) { -+ if ((arch == VIR_ARCH_PPC64 || -+ arch == VIR_ARCH_PPC64LE) && STRPREFIX(machine, "pseries")) { - if (serial->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && - serial->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO) { - virBufferAsprintf(&cmd, "spapr-vty,chardev=char%s", -@@ -10316,8 +10323,9 @@ qemuParseCommandLineDisk(virDomainXMLOpt - if (VIR_ALLOC(def->src) < 0) - goto error; - -- if (((dom->os.arch == VIR_ARCH_PPC64) && -- dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) -+ if (((dom->os.arch == VIR_ARCH_PPC64 || -+ dom->os.arch == VIR_ARCH_PPC64LE) && -+ dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) - def->bus = VIR_DOMAIN_DISK_BUS_SCSI; - else - def->bus = VIR_DOMAIN_DISK_BUS_IDE; -@@ -10409,7 +10417,8 @@ qemuParseCommandLineDisk(virDomainXMLOpt - } else if (STREQ(keywords[i], "if")) { - if (STREQ(values[i], "ide")) { - def->bus = VIR_DOMAIN_DISK_BUS_IDE; -- if (((dom->os.arch == VIR_ARCH_PPC64) && -+ if (((dom->os.arch == VIR_ARCH_PPC64 || -+ dom->os.arch == VIR_ARCH_PPC64LE) && - dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("pseries systems do not support ide devices '%s'"), val); -@@ -11654,8 +11663,9 @@ qemuParseCommandLine(virCapsPtr qemuCaps - } - if (STREQ(arg, "-cdrom")) { - disk->device = VIR_DOMAIN_DISK_DEVICE_CDROM; -- if (((def->os.arch == VIR_ARCH_PPC64) && -- def->os.machine && STRPREFIX(def->os.machine, "pseries"))) -+ if (((def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) && -+ def->os.machine && STRPREFIX(def->os.machine, "pseries"))) - disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; - if (VIR_STRDUP(disk->dst, "hdc") < 0) - goto error; -@@ -11670,9 +11680,10 @@ qemuParseCommandLine(virCapsPtr qemuCaps - disk->bus = VIR_DOMAIN_DISK_BUS_IDE; - else - disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; -- if (((def->os.arch == VIR_ARCH_PPC64) && -- def->os.machine && STRPREFIX(def->os.machine, "pseries"))) -- disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; -+ if (((def->os.arch == VIR_ARCH_PPC64 || -+ def->os.arch == VIR_ARCH_PPC64LE) && -+ def->os.machine && STRPREFIX(def->os.machine, "pseries"))) -+ disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; - } - if (VIR_STRDUP(disk->dst, arg + 1) < 0) - goto error; -Index: libvirt-1.2.10/src/qemu/qemu_domain.c -=================================================================== ---- libvirt-1.2.10.orig/src/qemu/qemu_domain.c -+++ libvirt-1.2.10/src/qemu/qemu_domain.c -@@ -980,6 +980,7 @@ qemuDomainDefPostParse(virDomainDefPtr d - break; - - case VIR_ARCH_PPC64: -+ case VIR_ARCH_PPC64LE: - addPCIRoot = true; - addDefaultUSBKBD = true; - addDefaultUSBMouse = true; diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 1af1d9f..927be38 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.10/configure.ac +Index: libvirt-1.2.11/configure.ac =================================================================== ---- libvirt-1.2.10.orig/configure.ac -+++ libvirt-1.2.10/configure.ac +--- libvirt-1.2.11.orig/configure.ac ++++ libvirt-1.2.11/configure.ac @@ -237,6 +237,7 @@ LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_GLUSTER LIBVIRT_CHECK_HAL @@ -34,11 +34,11 @@ Index: libvirt-1.2.10/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.2.10/src/Makefile.am +Index: libvirt-1.2.11/src/Makefile.am =================================================================== ---- libvirt-1.2.10.orig/src/Makefile.am -+++ libvirt-1.2.10/src/Makefile.am -@@ -856,6 +856,10 @@ if WITH_NETCF +--- libvirt-1.2.11.orig/src/Makefile.am ++++ libvirt-1.2.11/src/Makefile.am +@@ -859,6 +859,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif WITH_NETCF @@ -49,7 +49,7 @@ Index: libvirt-1.2.10/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1499,10 +1503,15 @@ if WITH_NETCF +@@ -1502,10 +1506,15 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else ! WITH_NETCF @@ -65,11 +65,11 @@ Index: libvirt-1.2.10/src/Makefile.am endif ! WITH_NETCF if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la -Index: libvirt-1.2.10/tools/virsh.c +Index: libvirt-1.2.11/tools/virsh.c =================================================================== ---- libvirt-1.2.10.orig/tools/virsh.c -+++ libvirt-1.2.10/tools/virsh.c -@@ -3340,6 +3340,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE +--- libvirt-1.2.11.orig/tools/virsh.c ++++ libvirt-1.2.11/tools/virsh.c +@@ -3341,6 +3341,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); @@ -78,10 +78,10 @@ Index: libvirt-1.2.10/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c +Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.2.10.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.2.10/src/interface/interface_backend_netcf.c +--- libvirt-1.2.11.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.2.11/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -98,7 +98,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c #include "datatypes.h" @@ -65,6 +70,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState - static virNetcfDriverStatePtr driverState; + static virNetcfDriverStatePtr driver; +#ifdef WITH_NETCONTROL +static void @@ -135,7 +135,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c static void virNetcfDriverStateDispose(void *obj) @@ -87,7 +123,22 @@ netcfStateInitialize(bool privileged ATT - if (!(driverState = virObjectLockableNew(virNetcfDriverStateClass))) + if (!(driver = virObjectLockableNew(virNetcfDriverStateClass))) return -1; +#ifdef WITH_NETCONTROL @@ -147,28 +147,28 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c + * fail in netcfInterfaceOpen. This restores the behavior before + * commit 822fe136. + */ -+ if (ncf_init(&driverState->netcf, NULL) != 0) { ++ if (ncf_init(&driver->netcf, NULL) != 0) { + VIR_WARN("Failed to initialize netcontrol. Continuing with network " + "interface management features disabled"); -+ virObjectUnref(driverState); -+ driverState = NULL; ++ virObjectUnref(driver); ++ driver = NULL; + } +#else - if (ncf_init(&driverState->netcf, NULL) != 0) { + if (ncf_init(&driver->netcf, NULL) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("failed to initialize netcf")); @@ -95,6 +146,7 @@ netcfStateInitialize(bool privileged ATT - driverState = NULL; + driver = NULL; return -1; } +#endif return 0; } -Index: libvirt-1.2.10/src/interface/interface_driver.c +Index: libvirt-1.2.11/src/interface/interface_driver.c =================================================================== ---- libvirt-1.2.10.orig/src/interface/interface_driver.c -+++ libvirt-1.2.10/src/interface/interface_driver.c +--- libvirt-1.2.11.orig/src/interface/interface_driver.c ++++ libvirt-1.2.11/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -186,10 +186,10 @@ Index: libvirt-1.2.10/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.2.10/m4/virt-netcontrol.m4 +Index: libvirt-1.2.11/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.2.10/m4/virt-netcontrol.m4 ++++ libvirt-1.2.11/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index a0bd104..61ea7e1 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Mon Dec 15 09:48:02 UTC 2014 - cbosdonnat@suse.com + +- Update to libvirt 1.2.11 + - Implement public API for virDomainGetFSInfo + - qemu: Add define for the new throttle options + - CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats() + - CVE-2014-7823: dumpxml: security hole with migratable flag +- Drop upstream patches: 2222123-virt-aa-helper-crash.patch, + 433b427-iplink-name.patch, + 52691f99-qemu-mig-crash.patch, + 72fecf1-lxc-resolve-symlinks.patch, + b1674ad5-CVE-2014-7823.patch, + ba9b7252-sys-net-rw.patch, + c264eea-virt-aa-helper-sandbox.patch, + e50457d-lxc-unmount-check.patch, + cgroup-all-devices.patch, + libvirt-ppc64le-support.patch + + ------------------------------------------------------------------- Wed Dec 10 13:22:14 UTC 2014 - cbosdonnat@suse.com diff --git a/libvirt.spec b/libvirt.spec index 88767ce..29db81b 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -235,7 +235,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 1.2.10 +Version: 1.2.11 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -434,23 +434,13 @@ Source3: libvirtd.init Source4: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: b1674ad5-CVE-2014-7823.patch -Patch1: 2222123-virt-aa-helper-crash.patch -Patch2: c264eea-virt-aa-helper-sandbox.patch -Patch3: 433b427-iplink-name.patch -Patch4: 72fecf1-lxc-resolve-symlinks.patch -Patch5: e50457d-lxc-unmount-check.patch -Patch6: 52691f99-qemu-mig-crash.patch -Patch7: ba9b7252-sys-net-rw.patch # Patches pending upstream review -Patch100: cgroup-all-devices.patch # Need to go upstream Patch150: xen-name-for-devid.patch Patch151: xen-pv-cdrom.patch Patch152: blockcopy-check-dst-identical-device.patch -Patch153: libvirt-ppc64le-support.patch -Patch154: libvirt-power8-models.patch -Patch155: ppc64le-canonical-name.patch +Patch153: libvirt-power8-models.patch +Patch154: ppc64le-canonical-name.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch @@ -975,21 +965,11 @@ Provides a dissector for the libvirt RPC protocol to help debugging it. %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch100 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 %patch153 -p1 %patch154 -p1 -%patch155 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 @@ -1827,10 +1807,6 @@ fi %{_libdir}/libvirt-qemu.so %{_libdir}/libvirt-lxc.so %{_includedir}/libvirt -%{_includedir}/libvirt/virterror.h -%{_includedir}/libvirt/libvirt.h -%{_includedir}/libvirt/libvirt-qemu.h -%{_includedir}/libvirt/libvirt-lxc.h %{_libdir}/pkgconfig/libvirt.pc %{_libdir}/pkgconfig/libvirt-qemu.pc %{_libdir}/pkgconfig/libvirt-lxc.pc