From 53a4a5c7facf57d3bcbe8817e52c1c7919e9701abcc3ebb0d97fdbf08775713e Mon Sep 17 00:00:00 2001
From: James Fehlig <jfehlig@suse.com>
Date: Tue, 22 Oct 2013 17:07:40 +0000
Subject: [PATCH] Add upstream patches to fix build on older systems that have
 a gnutls that uses libgcrypt.

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=316
---
 5a0ea4b7-CVE-2013-4400.patch  | 103 ++++++++++++++++++++++++++++++++++
 843bdb2f-CVE-2013-4400.patch  |  27 +++++++++
 CVE-2013-4400-build-fix.patch |  37 ------------
 libvirt-suse-netcontrol.patch |   4 +-
 libvirt.changes               |   2 +-
 libvirt.spec                  |   6 +-
 6 files changed, 137 insertions(+), 42 deletions(-)
 create mode 100644 5a0ea4b7-CVE-2013-4400.patch
 create mode 100644 843bdb2f-CVE-2013-4400.patch
 delete mode 100644 CVE-2013-4400-build-fix.patch

diff --git a/5a0ea4b7-CVE-2013-4400.patch b/5a0ea4b7-CVE-2013-4400.patch
new file mode 100644
index 0000000..409add3
--- /dev/null
+++ b/5a0ea4b7-CVE-2013-4400.patch
@@ -0,0 +1,103 @@
+commit 5a0ea4b7b9af2231ed161b94f9af65375c6ee9c2
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Mon Oct 21 15:36:11 2013 -0600
+
+    build: fix linking virt-login-shell
+    
+    After commit 3e2f27e1, I've noticed build failures of virt-login-shell
+    when libapparmor-devel is installed on the build host
+    
+    CCLD     virt-login-shell
+    ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
+    In function `virExec':
+    /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
+    reference to `aa_change_profile'
+    collect2: error: ld returned 1 exit status
+    
+    I was about to commit an easy fix under the build-breaker rule
+    (build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
+    to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
+    makes sense (build-fix-2.patch).
+    
+    Should I just stick with the simple fix, or is something along the lines
+    of patch 2 preferred?
+    
+    Regards,
+    Jim
+    
+    >From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
+    From: Jim Fehlig <jfehlig@suse.com>
+    Date: Mon, 21 Oct 2013 15:30:02 -0600
+    Subject: [PATCH] build: fix virt-login-shell build with apparmor
+    
+    With libapparmor-devel installed, virt-login-shell fails to link
+    
+    CCLD     virt-login-shell
+    ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
+    /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
+    collect2: error: ld returned 1 exit status
+    
+    Fix by linking libvirt_setuid_rpc_client with previously determined
+    SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
+    and use both throughout src/Makefile.am where it makes sense.
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+
+Index: libvirt-1.1.2/src/Makefile.am
+===================================================================
+--- libvirt-1.1.2.orig/src/Makefile.am
++++ libvirt-1.1.2/src/Makefile.am
+@@ -49,11 +49,14 @@ nodist_conf_DATA =
+ 
+ THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD)
+ 
++SECDRIVER_CFLAGS =
+ SECDRIVER_LIBS =
+ if WITH_SECDRIVER_SELINUX
++SECDRIVER_CFLAGS += $(SELINUX_CFLAGS)
+ SECDRIVER_LIBS += $(SELINUX_LIBS)
+ endif
+ if WITH_SECDRIVER_APPARMOR
++SECDRIVER_CFLAGS += $(APPARMOR_CFLAGS)
+ SECDRIVER_LIBS += $(APPARMOR_LIBS)
+ endif
+ 
+@@ -1978,14 +1981,14 @@ libvirt_setuid_rpc_client_la_SOURCES =
+ libvirt_setuid_rpc_client_la_LDFLAGS =		\
+ 		$(AM_LDFLAGS)			\
+ 		$(LIBXML_LIBS)			\
+-		$(SELINUX_LIBS)			\
++		$(SECDRIVER_LIBS)		\
+ 		$(NULL)
+ libvirt_setuid_rpc_client_la_CFLAGS =		\
+ 		-DLIBVIRT_SETUID_RPC_CLIENT	\
+ 		-I$(top_srcdir)/src/conf	\
+ 		-I$(top_srcdir)/src/rpc		\
+ 		$(AM_CFLAGS)			\
+-		$(SELINUX_CFLAGS)		\
++		$(SECDRIVER_CFLAGS)		\
+ 		$(NULL)
+ endif WITH_LXC
+ 
+@@ -2268,6 +2271,7 @@ libvirt_net_rpc_la_LDFLAGS = \
+ 			$(GNUTLS_LIBS) \
+ 			$(SASL_LIBS) \
+ 			$(SSH2_LIBS)\
++			$(SECDRIVER_LIBS) \
+ 			$(AM_LDFLAGS) \
+ 			$(CYGWIN_EXTRA_LDFLAGS) \
+ 			$(MINGW_EXTRA_LDFLAGS)
+@@ -2410,12 +2414,7 @@ if WITH_BLKID
+ libvirt_lxc_CFLAGS += $(BLKID_CFLAGS)
+ libvirt_lxc_LDADD += $(BLKID_LIBS)
+ endif
+-if WITH_SECDRIVER_SELINUX
+-libvirt_lxc_CFLAGS += $(SELINUX_CFLAGS)
+-endif
+-if WITH_SECDRIVER_APPARMOR
+-libvirt_lxc_CFLAGS += $(APPARMOR_CFLAGS)
+-endif
++libvirt_lxc_CFLAGS += $(SECDRIVER_CFLAGS)
+ endif
+ endif
+ EXTRA_DIST += $(LXC_CONTROLLER_SOURCES)
diff --git a/843bdb2f-CVE-2013-4400.patch b/843bdb2f-CVE-2013-4400.patch
new file mode 100644
index 0000000..8daa299
--- /dev/null
+++ b/843bdb2f-CVE-2013-4400.patch
@@ -0,0 +1,27 @@
+commit 843bdb2f8a3364637cda2911624149525188843f
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Mon Oct 21 23:12:22 2013 -0600
+
+    build: fix build of virt-login-shell on systems with older gnutls
+    
+    On systems where gnutls uses libgcrypt, I'm seeing the following
+    build failure
+    
+    libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type
+    libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function)
+    ...
+    
+    Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h
+
+Index: libvirt-1.1.2/config-post.h
+===================================================================
+--- libvirt-1.1.2.orig/config-post.h
++++ libvirt-1.1.2/config-post.h
+@@ -34,6 +34,7 @@
+ # undef WITH_CURL
+ # undef WITH_DTRACE_PROBES
+ # undef WITH_GNUTLS
++# undef WITH_GNUTLS_GCRYPT
+ # undef WITH_MACVTAP
+ # undef WITH_NUMACTL
+ # undef WITH_SASL
diff --git a/CVE-2013-4400-build-fix.patch b/CVE-2013-4400-build-fix.patch
deleted file mode 100644
index 6dd6391..0000000
--- a/CVE-2013-4400-build-fix.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-commit a6f05b5fdf139aa7155b64b2b581ff88151fbfca
-Author: Jim Fehlig <jfehlig@suse.com>
-Date:   Mon Oct 21 14:57:27 2013 -0600
-
-    build: fix virt-login-shell build with apparmor
-    
-    With libapparmor-devel installed, virt-login-shell fails to link
-    
-    CCLD     virt-login-shell
-    ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
-    /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
-    collect2: error: ld returned 1 exit status
-    
-    Fix by linking libvirt_setuid_rpc_client with previously determined
-    SECDRIVER_LIBS in src/Makefile.am.
-
-Index: libvirt-1.1.2/src/Makefile.am
-===================================================================
---- libvirt-1.1.2.orig/src/Makefile.am
-+++ libvirt-1.1.2/src/Makefile.am
-@@ -1978,7 +1978,7 @@ libvirt_setuid_rpc_client_la_SOURCES =
- libvirt_setuid_rpc_client_la_LDFLAGS =		\
- 		$(AM_LDFLAGS)			\
- 		$(LIBXML_LIBS)			\
--		$(SELINUX_LIBS)			\
-+		$(SECDRIVER_LIBS)		\
- 		$(NULL)
- libvirt_setuid_rpc_client_la_CFLAGS =		\
- 		-DLIBVIRT_SETUID_RPC_CLIENT	\
-@@ -1986,6 +1986,7 @@ libvirt_setuid_rpc_client_la_CFLAGS =		\
- 		-I$(top_srcdir)/src/rpc		\
- 		$(AM_CFLAGS)			\
- 		$(SELINUX_CFLAGS)		\
-+		$(APPARMOR_CFLAGS)		\
- 		$(NULL)
- endif WITH_LXC
- 
diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch
index c7a3f07..cb32f6e 100644
--- a/libvirt-suse-netcontrol.patch
+++ b/libvirt-suse-netcontrol.patch
@@ -38,7 +38,7 @@ Index: libvirt-1.1.2/src/Makefile.am
 ===================================================================
 --- libvirt-1.1.2.orig/src/Makefile.am
 +++ libvirt-1.1.2/src/Makefile.am
-@@ -751,6 +751,10 @@ if WITH_NETCF
+@@ -754,6 +754,10 @@ if WITH_NETCF
  INTERFACE_DRIVER_SOURCES +=					\
  		interface/interface_backend_netcf.c
  endif
@@ -49,7 +49,7 @@ Index: libvirt-1.1.2/src/Makefile.am
  if WITH_UDEV
  INTERFACE_DRIVER_SOURCES +=					\
  		interface/interface_backend_udev.c
-@@ -1311,11 +1315,16 @@ if WITH_NETCF
+@@ -1314,11 +1318,16 @@ if WITH_NETCF
  libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
  libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
  else
diff --git a/libvirt.changes b/libvirt.changes
index 9012bb6..23ce6fc 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -5,7 +5,7 @@ Mon Oct 21 11:33:03 MDT 2013 - jfehlig@suse.com
   escalation via virt-login-shell
   ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch,
   b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch,
-  CVE-2013-4400-build-fix.patch
+  5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch
   bnc#837609
 - CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native
   57687fd6-CVE-2013-4401.patch
diff --git a/libvirt.spec b/libvirt.spec
index f769a20..964fe05 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -417,11 +417,12 @@ Patch10:        ae53e5d1-CVE-2013-4400.patch
 Patch11:        8c3586ea-CVE-2013-4400.patch
 Patch12:        b7fcc799a-CVE-2013-4400.patch
 Patch13:        3e2f27e1-CVE-2013-4400.patch
+Patch14:        5a0ea4b7-CVE-2013-4400.patch
+Patch15:        843bdb2f-CVE-2013-4400.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       clone.patch
 Patch102:       xen-pv-cdrom.patch
-Patch103:       CVE-2013-4400-build-fix.patch
 # Our patches
 Patch200:       libvirtd-defaults.patch
 Patch201:       libvirtd-init-script.patch
@@ -939,10 +940,11 @@ of recent versions of Linux (and other OSes).
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
+%patch15 -p1
 %patch100 -p1
 %patch101
 %patch102 -p1
-%patch103 -p1
 %patch200 -p1
 %patch201 -p1
 %patch202 -p1