From 5674459f46d6078506fb98438cafb33177a38325b43e635b591b82c943d47a73 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Wed, 10 Jul 2013 22:06:19 +0000 Subject: [PATCH] Accepting request 182783 from home:jfehlig:branches:Virtualization - CVE-2013-2230: Fix crash when multiple event callbacks were registered f38c8185-CVE-2013-2230.patch bnc#827801 - Update to libvirt 1.1.0 - Extensible migration APIs - Add a policy kit access control driver - various improvements in the Xen and libxl drivers - improve networking support on BSD - agent based vCPU hotplug support - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 244e0b8c-CVE-2013-2218.patch OBS-URL: https://build.opensuse.org/request/show/182783 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=282 --- 244e0b8c-CVE-2013-2218.patch | 54 ------------------- clone.patch | 8 +-- f38c8185-CVE-2013-2230.patch | 28 ++++++++++ fix-pci-attach-xen-driver.patch | 6 +-- install-apparmor-profiles.patch | 30 +++++------ libvirt-1.0.6.tar.bz2 | 3 -- libvirt-1.1.0.tar.bz2 | 3 ++ libvirt-guests-init-script.patch | 18 +++---- libvirt-suse-netcontrol.patch | 79 ++++++++++++++-------------- libvirt.changes | 21 ++++++++ libvirt.spec | 9 ++-- libvirtd-defaults.patch | 12 ++--- libvirtd-init-script.patch | 6 +-- relax-qemu-usergroup-check.patch | 6 +-- support-managed-pci-xen-driver.patch | 12 ++--- suse-qemu-conf.patch | 6 +-- systemd-service-xen.patch | 6 +-- virtlockd-init-script.patch | 12 ++--- xen-name-for-devid.patch | 6 +-- xen-pv-cdrom.patch | 6 +-- 20 files changed, 165 insertions(+), 166 deletions(-) delete mode 100644 244e0b8c-CVE-2013-2218.patch create mode 100644 f38c8185-CVE-2013-2230.patch delete mode 100644 libvirt-1.0.6.tar.bz2 create mode 100644 libvirt-1.1.0.tar.bz2 diff --git a/244e0b8c-CVE-2013-2218.patch b/244e0b8c-CVE-2013-2218.patch deleted file mode 100644 index a1d6c9f..0000000 --- a/244e0b8c-CVE-2013-2218.patch +++ /dev/null @@ -1,54 +0,0 @@ -commit 244e0b8cf15ca2ef48d82058e728656e6c4bad11 -Author: Daniel P. Berrange -Date: Fri Jun 28 13:21:33 2013 +0100 - - Crash of libvirtd by unprivileged user in virConnectListAllInterfaces - - On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote: - > Hi Security Team, - > - > I've discovered a way for an unprivileged user with a readonly connection - > to libvirtd, to crash the daemon. - - Ok, the final patch for this is issue will be the simpler variant that - Eric suggested - - The embargo can be considered to be lifted on Monday July 1st, at - 0900 UTC - - The following is the GIT change that DV or myself will apply to libvirt - GIT master immediately before the 1.1.0 release: - - >From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001 - From: "Daniel P. Berrange" - Date: Fri, 28 Jun 2013 10:48:37 +0100 - Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with - filters - - The virConnectListAllInterfaces method has a double-free of the - 'struct netcf_if' object when any of the filtering flags cause - an interface to be skipped over. For example when running the - command 'virsh iface-list --inactive' - - This is a regression introduced in release 1.0.6 by - - commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f - Author: Guannan Ren - Date: Tue May 21 21:29:38 2013 +0800 - - interface: list all interfaces with flags == 0 - - Signed-off-by: Daniel P. Berrange - -Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c -=================================================================== ---- libvirt-1.0.6.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.0.6/src/interface/interface_backend_netcf.c -@@ -365,6 +365,7 @@ netcfConnectListAllInterfaces(virConnect - (MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) && - (status & NETCF_IFACE_INACTIVE)))) { - ncf_if_free(iface); -+ iface = NULL; - continue; - } - diff --git a/clone.patch b/clone.patch index 3a24b32..51cf9bd 100644 --- a/clone.patch +++ b/clone.patch @@ -34,7 +34,7 @@ Index: src/lxc/lxc_container.c VIR_FREE(stack); if (cpid < 0) { virReportSystemError(errno, "%s", -@@ -2108,6 +2116,9 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2097,6 +2105,9 @@ int lxcContainerStart(virDomainDefPtr de ttyPaths, nttyPaths, handshakefd}; /* allocate a stack for the container */ @@ -44,7 +44,7 @@ Index: src/lxc/lxc_container.c if (VIR_ALLOC_N(stack, stacksize) < 0) { virReportOOMError(); return -1; -@@ -2126,7 +2137,11 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2115,7 +2126,11 @@ int lxcContainerStart(virDomainDefPtr de cflags |= CLONE_NEWNET; } @@ -56,7 +56,7 @@ Index: src/lxc/lxc_container.c VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); -@@ -2152,6 +2167,7 @@ int lxcContainerAvailable(int features) +@@ -2141,6 +2156,7 @@ int lxcContainerAvailable(int features) int cpid; char *childStack; char *stack; @@ -64,7 +64,7 @@ Index: src/lxc/lxc_container.c if (features & LXC_CONTAINER_FEATURE_USER) flags |= CLONE_NEWUSER; -@@ -2159,14 +2175,21 @@ int lxcContainerAvailable(int features) +@@ -2148,14 +2164,21 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; diff --git a/f38c8185-CVE-2013-2230.patch b/f38c8185-CVE-2013-2230.patch new file mode 100644 index 0000000..dcb0b4c --- /dev/null +++ b/f38c8185-CVE-2013-2230.patch @@ -0,0 +1,28 @@ +commit f38c8185f97720ecae7ef2291fbaa5d6b0209e17 +Author: Ján Tomko +Date: Tue Jul 2 15:17:09 2013 +0200 + + Fix crash when multiple event callbacks were registered + + CVE-2013-2230 + + Don't overwrite the callback ID returned by + virDomainEventStateRegisterID in ret by 0. + + Introduced by abf75aea. + +Index: libvirt-1.1.0/src/qemu/qemu_driver.c +=================================================================== +--- libvirt-1.1.0.orig/src/qemu/qemu_driver.c ++++ libvirt-1.1.0/src/qemu/qemu_driver.c +@@ -9914,9 +9914,7 @@ qemuConnectDomainEventRegisterAny(virCon + driver->domainEventState, + dom, eventID, + callback, opaque, freecb, &ret) < 0) +- goto cleanup; +- +- ret = 0; ++ ret = -1; + + cleanup: + return ret; diff --git a/fix-pci-attach-xen-driver.patch b/fix-pci-attach-xen-driver.patch index 1d80216..ddc3ee6 100644 --- a/fix-pci-attach-xen-driver.patch +++ b/fix-pci-attach-xen-driver.patch @@ -8,10 +8,10 @@ uses the 'device_configure' RPC. This patch changes the xend driver to always call 'device_configure' for PCI devices to be consistent with the usage in the xen tools. -Index: libvirt-1.0.6/src/xen/xend_internal.c +Index: libvirt-1.1.0/src/xen/xend_internal.c =================================================================== ---- libvirt-1.0.6.orig/src/xen/xend_internal.c -+++ libvirt-1.0.6/src/xen/xend_internal.c +--- libvirt-1.1.0.orig/src/xen/xend_internal.c ++++ libvirt-1.1.0/src/xen/xend_internal.c @@ -2220,6 +2220,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr virBuffer buf = VIR_BUFFER_INITIALIZER; char class[8], ref[80]; diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index 40c4aad..63584de 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.6/examples/apparmor/Makefile.am +Index: libvirt-1.1.0/examples/apparmor/Makefile.am =================================================================== ---- libvirt-1.0.6.orig/examples/apparmor/Makefile.am -+++ libvirt-1.0.6/examples/apparmor/Makefile.am +--- libvirt-1.1.0.orig/examples/apparmor/Makefile.am ++++ libvirt-1.1.0/examples/apparmor/Makefile.am @@ -14,8 +14,45 @@ ## License along with this library. If not, see ## . @@ -53,10 +53,10 @@ Index: libvirt-1.0.6/examples/apparmor/Makefile.am + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + +endif -Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +Index: libvirt-1.1.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null -+++ libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ libvirt-1.1.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,40 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include @@ -98,9 +98,9 @@ Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} -Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-1.1.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-1.0.6.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-1.1.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 @@ -141,9 +141,9 @@ Index: libvirt-1.0.6/examples/apparmor/usr.lib.libvirt.virt-aa-helper - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} -Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd +Index: libvirt-1.1.0/examples/apparmor/usr.sbin.libvirtd =================================================================== ---- libvirt-1.0.6.orig/examples/apparmor/usr.sbin.libvirtd +--- libvirt-1.1.0.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 @@ -198,10 +198,10 @@ Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} -Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd.in +Index: libvirt-1.1.0/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null -+++ libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd.in ++++ libvirt-1.1.0/examples/apparmor/usr.sbin.libvirtd.in @@ -0,0 +1,58 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include @@ -261,9 +261,9 @@ Index: libvirt-1.0.6/examples/apparmor/usr.sbin.libvirtd.in + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} -Index: libvirt-1.0.6/examples/apparmor/libvirt-qemu +Index: libvirt-1.1.0/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.0.6.orig/examples/apparmor/libvirt-qemu +--- libvirt-1.1.0.orig/examples/apparmor/libvirt-qemu +++ /dev/null @@ -1,129 +0,0 @@ -# Last Modified: Fri Mar 9 14:43:22 2012 @@ -395,10 +395,10 @@ Index: libvirt-1.0.6/examples/apparmor/libvirt-qemu - - /usr/libexec/qemu-bridge-helper rmix, - } -Index: libvirt-1.0.6/examples/apparmor/libvirt-qemu.in +Index: libvirt-1.1.0/examples/apparmor/libvirt-qemu.in =================================================================== --- /dev/null -+++ libvirt-1.0.6/examples/apparmor/libvirt-qemu.in ++++ libvirt-1.1.0/examples/apparmor/libvirt-qemu.in @@ -0,0 +1,132 @@ +# Last Modified: Fri Mar 9 14:43:22 2012 + diff --git a/libvirt-1.0.6.tar.bz2 b/libvirt-1.0.6.tar.bz2 deleted file mode 100644 index d54aefc..0000000 --- a/libvirt-1.0.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:254926d680dde3aa41e69eacc8dd72d346fa9d15dde66fa5a5883b0fac5f5475 -size 17229166 diff --git a/libvirt-1.1.0.tar.bz2 b/libvirt-1.1.0.tar.bz2 new file mode 100644 index 0000000..cc1f929 --- /dev/null +++ b/libvirt-1.1.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b99f431db5ef31e9e6d1acca2a8d1985db67cb89c4d97052e34ee66effa6b715 +size 17500172 diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index ed2e301..9efc1f5 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.0.6/tools/libvirt-guests.init.in +Index: libvirt-1.1.0/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.0.6.orig/tools/libvirt-guests.init.in -+++ libvirt-1.0.6/tools/libvirt-guests.init.in +--- libvirt-1.1.0.orig/tools/libvirt-guests.init.in ++++ libvirt-1.1.0/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # @@ -28,10 +28,10 @@ Index: libvirt-1.0.6/tools/libvirt-guests.init.in ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.0.6/tools/libvirt-guests.sh.in +Index: libvirt-1.1.0/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.0.6.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.0.6/tools/libvirt-guests.sh.in +--- libvirt-1.1.0.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.1.0/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # . @@ -189,10 +189,10 @@ Index: libvirt-1.0.6/tools/libvirt-guests.sh.in esac -exit $RETVAL +rc_exit -Index: libvirt-1.0.6/tools/libvirt-guests.sysconf +Index: libvirt-1.1.0/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.0.6.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.0.6/tools/libvirt-guests.sysconf +--- libvirt-1.1.0.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.1.0/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index aaec9af..7bb7854 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.6/configure.ac +Index: libvirt-1.1.0/configure.ac =================================================================== ---- libvirt-1.0.6.orig/configure.ac -+++ libvirt-1.0.6/configure.ac +--- libvirt-1.1.0.orig/configure.ac ++++ libvirt-1.1.0/configure.ac @@ -172,6 +172,7 @@ LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_HAL @@ -10,7 +10,7 @@ Index: libvirt-1.0.6/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2227,11 +2228,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2225,11 +2226,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ Index: libvirt-1.0.6/configure.ac esac if test "$with_interface" = "yes" ; then -@@ -2510,6 +2512,7 @@ LIBVIRT_RESULT_DBUS +@@ -2519,6 +2521,7 @@ LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -34,11 +34,11 @@ Index: libvirt-1.0.6/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.0.6/src/Makefile.am +Index: libvirt-1.1.0/src/Makefile.am =================================================================== ---- libvirt-1.0.6.orig/src/Makefile.am -+++ libvirt-1.0.6/src/Makefile.am -@@ -716,6 +716,10 @@ if WITH_NETCF +--- libvirt-1.1.0.orig/src/Makefile.am ++++ libvirt-1.1.0/src/Makefile.am +@@ -735,6 +735,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif @@ -49,7 +49,7 @@ Index: libvirt-1.0.6/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1215,11 +1219,16 @@ if WITH_NETCF +@@ -1276,11 +1280,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else @@ -66,11 +66,11 @@ Index: libvirt-1.0.6/src/Makefile.am if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la libvirt_driver_interface_la_LDFLAGS += -module -avoid-version -Index: libvirt-1.0.6/tools/virsh.c +Index: libvirt-1.1.0/tools/virsh.c =================================================================== ---- libvirt-1.0.6.orig/tools/virsh.c -+++ libvirt-1.0.6/tools/virsh.c -@@ -2886,6 +2886,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE +--- libvirt-1.1.0.orig/tools/virsh.c ++++ libvirt-1.1.0/tools/virsh.c +@@ -2883,6 +2883,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); @@ -79,10 +79,10 @@ Index: libvirt-1.0.6/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c +Index: libvirt-1.1.0/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.0.6.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.0.6/src/interface/interface_backend_netcf.c +--- libvirt-1.1.0.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.1.0/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -97,45 +97,46 @@ Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c #include "virerror.h" #include "datatypes.h" -@@ -52,6 +57,37 @@ static void interfaceDriverUnlock(struct +@@ -54,6 +59,38 @@ static void interfaceDriverUnlock(struct virMutexUnlock(&driver->lock); } +#ifdef WITH_NETCONTROL -+static void interface_nc_log_driver(const char *category, -+ int priority, -+ const char *func, -+ const char *file, -+ long long line, -+ const char *msg, -+ size_t len ATTRIBUTE_UNUSED) ++static void ++interface_nc_log_driver(const char *category, ++ int priority, ++ const char *func, ++ const char *file, ++ long long line, ++ const char *msg, ++ size_t len ATTRIBUTE_UNUSED) +{ -+ int vp; ++ int vp; + + switch(priority) { + case NC_LOG_FATAL: + case NC_LOG_ERROR: + vp = VIR_LOG_ERROR; -+ break; ++ break; + case NC_LOG_WARN: + vp = VIR_LOG_WARN; -+ break; ++ break; + case NC_LOG_INFO: + vp = VIR_LOG_INFO; -+ break; ++ break; + case NC_LOG_DEBUG: + default: + vp = VIR_LOG_DEBUG; -+ break; ++ break; + } + virLogMessage(VIR_LOG_FROM_FILE, vp, file, line, func, 0, "%s", msg); +} +#endif + - static int netcf_to_vir_err(int netcf_errcode) - { - switch (netcf_errcode) -@@ -137,6 +173,10 @@ static virDrvOpenStatus netcfInterfaceOp + /* + * Get a minimal virInterfaceDef containing enough metadata + * for access control checks to be performed. Currently +@@ -169,6 +206,10 @@ static virDrvOpenStatus netcfInterfaceOp goto mutex_error; } @@ -146,10 +147,10 @@ Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c /* open netcf */ if (ncf_init(&driverState->netcf, NULL) != 0) { -Index: libvirt-1.0.6/src/interface/interface_driver.c +Index: libvirt-1.1.0/src/interface/interface_driver.c =================================================================== ---- libvirt-1.0.6.orig/src/interface/interface_driver.c -+++ libvirt-1.0.6/src/interface/interface_driver.c +--- libvirt-1.1.0.orig/src/interface/interface_driver.c ++++ libvirt-1.1.0/src/interface/interface_driver.c @@ -28,8 +28,15 @@ interfaceRegister(void) { if (netcfIfaceRegister() == 0) return 0; @@ -167,10 +168,10 @@ Index: libvirt-1.0.6/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.0.6/m4/virt-netcontrol.m4 +Index: libvirt-1.1.0/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.0.6/m4/virt-netcontrol.m4 ++++ libvirt-1.1.0/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index 615bf2a..a2fc959 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Wed Jul 10 15:38:44 MDT 2013 - jfehlig@suse.com + +- CVE-2013-2230: Fix crash when multiple event callbacks were + registered + f38c8185-CVE-2013-2230.patch + bnc#827801 + +------------------------------------------------------------------- +Mon Jul 10 13:53:08 MDT 2013 - jfehlig@suse.com + +- Update to libvirt 1.1.0 + - Extensible migration APIs + - Add a policy kit access control driver + - various improvements in the Xen and libxl drivers + - improve networking support on BSD + - agent based vCPU hotplug support + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Drop upstream patches: 244e0b8c-CVE-2013-2218.patch + ------------------------------------------------------------------- Mon Jul 8 12:43:45 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 2176227..8229454 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -225,7 +225,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 1.0.6 +Version: 1.1.0 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -404,7 +404,7 @@ Source1: libvirtd.init Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: 244e0b8c-CVE-2013-2218.patch +Patch0: f38c8185-CVE-2013-2230.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -1126,13 +1126,15 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/sr@latin %if 0%{?suse_version} < 1130 rm -rf $RPM_BUILD_ROOT/usr/share/locale/vi_VN %endif +# temporarily remove polkit ACL policiy configuration - bnc#827644 +rm -f $RPM_BUILD_ROOT/%{_datadir}/polkit-1/actions/org.libvirt.api.policy mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/libvirt %find_lang %{name} # Add a README to the libvirt package with a note about the empty # file list cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt.README << 'EOF' The libvirt package no longer contains any files. It exists now -only to fulfill it's 'Provides' contract. +only to fulfill its 'Provides' contract. EOF %if %{with_network} install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/lib/libvirt/dnsmasq/ @@ -1569,6 +1571,7 @@ fi %{_datadir}/libvirt/schemas/nwfilter.rng %{_datadir}/libvirt/schemas/secret.rng %{_datadir}/libvirt/schemas/storageencryption.rng +%{_datadir}/libvirt/schemas/storagefilefeatures.rng %{_datadir}/libvirt/schemas/storagepool.rng %{_datadir}/libvirt/schemas/storagevol.rng %{_datadir}/libvirt/cpu_map.xml diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index 45b06a2..cddc405 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.6/daemon/libvirtd.conf +Index: libvirt-1.1.0/daemon/libvirtd.conf =================================================================== ---- libvirt-1.0.6.orig/daemon/libvirtd.conf -+++ libvirt-1.0.6/daemon/libvirtd.conf +--- libvirt-1.1.0.orig/daemon/libvirtd.conf ++++ libvirt-1.1.0/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,10 +13,10 @@ Index: libvirt-1.0.6/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.0.6/daemon/libvirtd-config.c +Index: libvirt-1.1.0/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.0.6.orig/daemon/libvirtd-config.c -+++ libvirt-1.0.6/daemon/libvirtd-config.c +--- libvirt-1.1.0.orig/daemon/libvirtd-config.c ++++ libvirt-1.1.0/daemon/libvirtd-config.c @@ -225,7 +225,7 @@ daemonConfigNew(bool privileged ATTRIBUT return NULL; } diff --git a/libvirtd-init-script.patch b/libvirtd-init-script.patch index 141fb15..f78ffe7 100644 --- a/libvirtd-init-script.patch +++ b/libvirtd-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.0.6/daemon/libvirtd.sysconf +Index: libvirt-1.1.0/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.0.6.orig/daemon/libvirtd.sysconf -+++ libvirt-1.0.6/daemon/libvirtd.sysconf +--- libvirt-1.1.0.orig/daemon/libvirtd.sysconf ++++ libvirt-1.1.0/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/relax-qemu-usergroup-check.patch b/relax-qemu-usergroup-check.patch index d08af22..f6d46a2 100644 --- a/relax-qemu-usergroup-check.patch +++ b/relax-qemu-usergroup-check.patch @@ -7,10 +7,10 @@ drivers as loadable modules instead of built-in to the daemon. Then the qemu driver would only be loaded when needed, which would never be the case on a xen-only configuration. -Index: libvirt-1.0.6/src/qemu/qemu_conf.c +Index: libvirt-1.1.0/src/qemu/qemu_conf.c =================================================================== ---- libvirt-1.0.6.orig/src/qemu/qemu_conf.c -+++ libvirt-1.0.6/src/qemu/qemu_conf.c +--- libvirt-1.1.0.orig/src/qemu/qemu_conf.c ++++ libvirt-1.1.0/src/qemu/qemu_conf.c @@ -465,15 +465,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD p = virConfGetValue(conf, "user"); diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index b8d1b91..aa5fc93 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.0.6/src/xenxs/xen_sxpr.c +Index: libvirt-1.1.0/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.0.6.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.0.6/src/xenxs/xen_sxpr.c +--- libvirt-1.1.0.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.1.0/src/xenxs/xen_sxpr.c @@ -1006,6 +1006,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; @@ -78,10 +78,10 @@ Index: libvirt-1.0.6/src/xenxs/xen_sxpr.c xenFormatSxprPCI(def->hostdevs[i], buf); } } -Index: libvirt-1.0.6/src/xenxs/xen_xm.c +Index: libvirt-1.1.0/src/xenxs/xen_xm.c =================================================================== ---- libvirt-1.0.6.orig/src/xenxs/xen_xm.c -+++ libvirt-1.0.6/src/xenxs/xen_xm.c +--- libvirt-1.1.0.orig/src/xenxs/xen_xm.c ++++ libvirt-1.1.0/src/xenxs/xen_xm.c @@ -806,6 +806,8 @@ xenParseXM(virConfPtr conf, int xendConf int busID; int slotID; diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index 6455b7f..8dcc86f 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.6/src/qemu/qemu.conf +Index: libvirt-1.1.0/src/qemu/qemu.conf =================================================================== ---- libvirt-1.0.6.orig/src/qemu/qemu.conf -+++ libvirt-1.0.6/src/qemu/qemu.conf +--- libvirt-1.1.0.orig/src/qemu/qemu.conf ++++ libvirt-1.1.0/src/qemu/qemu.conf @@ -175,7 +175,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. diff --git a/systemd-service-xen.patch b/systemd-service-xen.patch index 1593d44..446e21c 100644 --- a/systemd-service-xen.patch +++ b/systemd-service-xen.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.6/daemon/libvirtd.service.in +Index: libvirt-1.1.0/daemon/libvirtd.service.in =================================================================== ---- libvirt-1.0.6.orig/daemon/libvirtd.service.in -+++ libvirt-1.0.6/daemon/libvirtd.service.in +--- libvirt-1.1.0.orig/daemon/libvirtd.service.in ++++ libvirt-1.1.0/daemon/libvirtd.service.in @@ -9,6 +9,8 @@ Before=libvirt-guests.service After=network.target After=dbus.service diff --git a/virtlockd-init-script.patch b/virtlockd-init-script.patch index eea0651..622713f 100644 --- a/virtlockd-init-script.patch +++ b/virtlockd-init-script.patch @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.0.6/src/locking/virtlockd.sysconf +Index: libvirt-1.1.0/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.0.6.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.0.6/src/locking/virtlockd.sysconf +--- libvirt-1.1.0.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.1.0/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,10 +12,10 @@ Index: libvirt-1.0.6/src/locking/virtlockd.sysconf # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.0.6/src/locking/virtlockd.init.in +Index: libvirt-1.1.0/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.0.6.orig/src/locking/virtlockd.init.in -+++ libvirt-1.0.6/src/locking/virtlockd.init.in +--- libvirt-1.1.0.orig/src/locking/virtlockd.init.in ++++ libvirt-1.1.0/src/locking/virtlockd.init.in @@ -4,11 +4,13 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV # diff --git a/xen-name-for-devid.patch b/xen-name-for-devid.patch index 04cd05a..ed7babe 100644 --- a/xen-name-for-devid.patch +++ b/xen-name-for-devid.patch @@ -14,10 +14,10 @@ is inactive. We obviously can't search xenstore when the domain is inactive. -Index: libvirt-1.0.6/src/xen/xend_internal.c +Index: libvirt-1.1.0/src/xen/xend_internal.c =================================================================== ---- libvirt-1.0.6.orig/src/xen/xend_internal.c -+++ libvirt-1.0.6/src/xen/xend_internal.c +--- libvirt-1.1.0.orig/src/xen/xend_internal.c ++++ libvirt-1.1.0/src/xen/xend_internal.c @@ -70,7 +70,7 @@ #define XEND_RCV_BUF_MAX_LEN (256 * 1024) diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index b2a29e1..362060c 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.6/src/xenxs/xen_sxpr.c +Index: libvirt-1.1.0/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.0.6.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.0.6/src/xenxs/xen_sxpr.c +--- libvirt-1.1.0.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.1.0/src/xenxs/xen_sxpr.c @@ -328,7 +328,7 @@ error: static int xenParseSxprDisks(virDomainDefPtr def,