From fd05ea59ce38236304343c5ef4a0243eba4725386d7af9602deaec0ea0c2ce94 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 5 Jul 2011 20:25:50 +0000 Subject: [PATCH] update to libvirt 0.9.3 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=134 --- 774b21c1-CVE-2011-2511.patch | 83 ------------------------------------ clone.patch | 10 ++--- libvirt-0.9.2.tar.bz2 | 3 -- libvirt-0.9.3.tar.bz2 | 3 ++ libvirt.changes | 15 +++++++ libvirt.spec | 16 +++---- libvirtd-defaults.patch | 40 ++++++++--------- use-init-script-redhat.patch | 28 ++++++------ 8 files changed, 64 insertions(+), 134 deletions(-) delete mode 100644 774b21c1-CVE-2011-2511.patch delete mode 100644 libvirt-0.9.2.tar.bz2 create mode 100644 libvirt-0.9.3.tar.bz2 diff --git a/774b21c1-CVE-2011-2511.patch b/774b21c1-CVE-2011-2511.patch deleted file mode 100644 index adf52b9..0000000 --- a/774b21c1-CVE-2011-2511.patch +++ /dev/null @@ -1,83 +0,0 @@ -commit 774b21c163845170c9ffa873f5720d318812eaf6 -Author: Eric Blake -Date: Fri Jun 24 12:16:05 2011 -0600 - - remote: protect against integer overflow - - Integer overflow and remote code are never a nice mix. - - This has existed since commit 56cd414. - - * src/libvirt.c (virDomainGetVcpus): Reject overflow up front. - * src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow - on sending rpc. - * daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on - receiving rpc. - -Index: libvirt-0.9.2/daemon/remote.c -=================================================================== ---- libvirt-0.9.2.orig/daemon/remote.c -+++ libvirt-0.9.2/daemon/remote.c -@@ -61,6 +61,7 @@ - #include "network.h" - #include "libvirt/libvirt-qemu.h" - #include "command.h" -+#include "intprops.h" - - #define VIR_FROM_THIS VIR_FROM_REMOTE - -@@ -1074,7 +1075,8 @@ remoteDispatchDomainGetVcpus(struct qemu - goto cleanup; - } - -- if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) { -+ if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) || -+ args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) { - virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX")); - goto cleanup; - } -Index: libvirt-0.9.2/src/libvirt.c -=================================================================== ---- libvirt-0.9.2.orig/src/libvirt.c -+++ libvirt-0.9.2/src/libvirt.c -@@ -39,6 +39,7 @@ - #include "util.h" - #include "memory.h" - #include "configmake.h" -+#include "intprops.h" - - #ifndef WITH_DRIVER_MODULES - # ifdef WITH_TEST -@@ -6805,8 +6806,8 @@ virDomainGetVcpus(virDomainPtr domain, v - - /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not - try to memcpy anything into a NULL pointer. */ -- if ((cpumaps == NULL && maplen != 0) -- || (cpumaps && maplen <= 0)) { -+ if (!cpumaps ? maplen != 0 -+ : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) { - virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__); - goto error; - } -Index: libvirt-0.9.2/src/remote/remote_driver.c -=================================================================== ---- libvirt-0.9.2.orig/src/remote/remote_driver.c -+++ libvirt-0.9.2/src/remote/remote_driver.c -@@ -84,6 +84,7 @@ - #include "ignore-value.h" - #include "files.h" - #include "command.h" -+#include "intprops.h" - - #define VIR_FROM_THIS VIR_FROM_REMOTE - -@@ -2032,7 +2033,8 @@ remoteDomainGetVcpus (virDomainPtr domai - maxinfo, REMOTE_VCPUINFO_MAX); - goto done; - } -- if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) { -+ if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) || -+ maxinfo * maplen > REMOTE_CPUMAPS_MAX) { - remoteError(VIR_ERR_RPC, - _("vCPU map buffer length exceeds maximum: %d > %d"), - maxinfo * maplen, REMOTE_CPUMAPS_MAX); diff --git a/clone.patch b/clone.patch index 65dc506..ef3828f 100644 --- a/clone.patch +++ b/clone.patch @@ -2,8 +2,8 @@ Index: src/lxc/lxc_container.c =================================================================== --- src/lxc/lxc_container.c.orig +++ src/lxc/lxc_container.c -@@ -879,6 +879,9 @@ int lxcContainerStart(virDomainDefPtr de - lxc_child_argv_t args = { def, nveths, veths, control, ttyPath }; +@@ -896,6 +896,9 @@ int lxcContainerStart(virDomainDefPtr de + handshakefd}; /* allocate a stack for the container */ +#ifdef __ia64__ @@ -12,7 +12,7 @@ Index: src/lxc/lxc_container.c if (VIR_ALLOC_N(stack, stacksize) < 0) { virReportOOMError(); return -1; -@@ -897,7 +900,11 @@ int lxcContainerStart(virDomainDefPtr de +@@ -914,7 +917,11 @@ int lxcContainerStart(virDomainDefPtr de flags |= CLONE_NEWNET; } @@ -24,7 +24,7 @@ Index: src/lxc/lxc_container.c VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); -@@ -924,6 +931,7 @@ int lxcContainerAvailable(int features) +@@ -941,6 +948,7 @@ int lxcContainerAvailable(int features) char *childStack; char *stack; int childStatus; @@ -32,7 +32,7 @@ Index: src/lxc/lxc_container.c if (features & LXC_CONTAINER_FEATURE_USER) flags |= CLONE_NEWUSER; -@@ -931,14 +939,21 @@ int lxcContainerAvailable(int features) +@@ -948,14 +956,21 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; diff --git a/libvirt-0.9.2.tar.bz2 b/libvirt-0.9.2.tar.bz2 deleted file mode 100644 index 8645e18..0000000 --- a/libvirt-0.9.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6125b2151c99df356b35a41c19744bcf90aad343d3ecf170a51fc1a24b0701ab -size 10791970 diff --git a/libvirt-0.9.3.tar.bz2 b/libvirt-0.9.3.tar.bz2 new file mode 100644 index 0000000..fb54b66 --- /dev/null +++ b/libvirt-0.9.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7b83113a581b4e256245e49b6aa7bc99c0d85219ab5917cb1036301dcb810dcd +size 10948358 diff --git a/libvirt.changes b/libvirt.changes index 6574716..e6ab91b 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Jul 5 14:15:22 MDT 2011 - jfehlig@suse.de + +- Update to libvirt 0.9.3 + - vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo) + - Add TXT record support for virtual DNS service + - Support reboots with the QEMU driver + - Introduce virDomainGetControlInfo API + - virNodeGetMemoryStats: Expose new API + - virNodeGetCPUTime: Implement public API + - send-key: Defining the public API + - vcpupin: introduce a new libvirt API (virDomainPinVcpuFlags) + - support multifunction PCI device + - lxc: various improvements + ------------------------------------------------------------------- Fri Jul 1 10:10:23 MDT 2011 - jfehlig@suse.de diff --git a/libvirt.spec b/libvirt.spec index efb0a50..d30a892 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -17,6 +17,9 @@ # norootforbuild +# In the future, we may want a client only build, which will create a +# libvirt.so only containing the generic RPC driver and the test driver, +# but no libvirtd # For now, default to a full server + client build %define client_only 0 @@ -41,13 +44,13 @@ %define with_lxc 0%{!?_without_lxc:%{server_drivers}} %define with_vbox 0%{!?_without_vbox:%{server_drivers}} %define with_uml 0%{!?_without_uml:%{server_drivers}} -%define with_xenapi 0%{!?_without_xenapi:%{server_drivers}} %define with_libxl 0%{!?_without_libxl:%{server_drivers}} +%define with_vmware 0%{!?_without_vmware:%{server_drivers}} # Then the hypervisor drivers that talk a native remote protocol %define with_phyp 0%{!?_without_phyp:0} %define with_esx 0%{!?_without_esx:1} -%define with_vmware 0%{!?_without_vmware:1} +%define with_xenapi 0%{!?_without_xenapi:1} # Then the secondary host drivers %define with_network 0%{!?_without_network:%{server_drivers}} @@ -283,8 +286,8 @@ Url: http://libvirt.org/ License: LGPLv2.1+ Group: Development/Libraries/C and C++ AutoReqProv: yes -Version: 0.9.2 -Release: 3 +Version: 0.9.3 +Release: 1 Summary: A C toolkit to interract with the virtualization capabilities of Linux # The client side, i.e. shared libs and virsh are in a subpackage @@ -349,7 +352,6 @@ Source0: %{name}-%{version}.tar.bz2 Source1: libvirtd.init Source2: libvirtd-relocation-server.fw # Upstream patches -Patch0: 774b21c1-CVE-2011-2511.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -443,7 +445,6 @@ Authors: Karel Zak %if %{with_python} - %package python License: LGPLv2.1+ Summary: A C toolkit to interract with the virtualization capabilities of Linux @@ -466,7 +467,6 @@ Authors: %prep %setup -q -%patch0 -p1 %patch100 -p1 %patch101 %patch102 -p1 @@ -740,7 +740,6 @@ fi %postun client -p /sbin/ldconfig %if %{with_libvirtd} - %files %defattr(-, root, root) %{_sbindir}/libvirtd @@ -858,7 +857,6 @@ fi %doc %{_docdir}/%{name}/html %if %{with_python} - %files python %defattr(-, root, root) %doc %{_docdir}/%{name}-python diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index 72e9fdf..a982589 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-0.9.0/daemon/libvirtd.conf +Index: libvirt-0.9.3/daemon/libvirtd.conf =================================================================== ---- libvirt-0.9.0.orig/daemon/libvirtd.conf -+++ libvirt-0.9.0/daemon/libvirtd.conf +--- libvirt-0.9.3.orig/daemon/libvirtd.conf ++++ libvirt-0.9.3/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -28,25 +28,25 @@ Index: libvirt-0.9.0/daemon/libvirtd.conf # Override the default mDNS advertizement name. This must be # unique on the immediate broadcast network. -Index: libvirt-0.9.0/daemon/libvirtd.c +Index: libvirt-0.9.3/daemon/libvirtd.c =================================================================== ---- libvirt-0.9.0.orig/daemon/libvirtd.c -+++ libvirt-0.9.0/daemon/libvirtd.c -@@ -148,7 +148,7 @@ static int sigwrite = -1; /* Signa - static int ipsock = 0; /* -l Listen for TCP/IP */ +--- libvirt-0.9.3.orig/daemon/libvirtd.c ++++ libvirt-0.9.3/daemon/libvirtd.c +@@ -897,7 +897,7 @@ daemonConfigNew(bool privileged ATTRIBUT + return NULL; + } - /* Defaults for configuration file elements */ --static int listen_tls = 1; -+static int listen_tls = 0; - static int listen_tcp = 0; - static char *listen_addr = (char *) LIBVIRTD_LISTEN_ADDR; - static char *tls_port = (char *) LIBVIRTD_TLS_PORT; -@@ -170,7 +170,7 @@ static int auth_tcp = REMOTE_AUTH_NONE; +- data->listen_tls = 1; ++ data->listen_tls = 0; + data->listen_tcp = 0; + + if (!(data->tls_port = strdup(LIBVIRTD_TLS_PORT))) +@@ -934,7 +934,7 @@ daemonConfigNew(bool privileged ATTRIBUT #endif - static int auth_tls = REMOTE_AUTH_NONE; + data->auth_tls = REMOTE_AUTH_NONE; --static int mdns_adv = 1; -+static int mdns_adv = 0; - static char *mdns_name = NULL; +- data->mdns_adv = 1; ++ data->mdns_adv = 0; - static int tls_no_verify_certificate = 0; + data->min_workers = 5; + data->max_workers = 20; diff --git a/use-init-script-redhat.patch b/use-init-script-redhat.patch index 560ae5a..293c6dc 100644 --- a/use-init-script-redhat.patch +++ b/use-init-script-redhat.patch @@ -1,8 +1,8 @@ -Index: libvirt-0.9.2/tools/Makefile.am +Index: libvirt-0.9.3/tools/Makefile.am =================================================================== ---- libvirt-0.9.2.orig/tools/Makefile.am -+++ libvirt-0.9.2/tools/Makefile.am -@@ -131,16 +131,17 @@ uninstall-local: uninstall-init +--- libvirt-0.9.3.orig/tools/Makefile.am ++++ libvirt-0.9.3/tools/Makefile.am +@@ -147,16 +147,17 @@ uninstall-local: uninstall-init if LIBVIRT_INIT_SCRIPT_RED_HAT install-init: libvirt-guests.init @@ -26,10 +26,10 @@ Index: libvirt-0.9.2/tools/Makefile.am BUILT_SOURCES += libvirt-guests.init -Index: libvirt-0.9.2/tools/libvirt-guests.sysconf +Index: libvirt-0.9.3/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-0.9.2.orig/tools/libvirt-guests.sysconf -+++ libvirt-0.9.2/tools/libvirt-guests.sysconf +--- libvirt-0.9.3.orig/tools/libvirt-guests.sysconf ++++ libvirt-0.9.3/tools/libvirt-guests.sysconf @@ -1,18 +1,28 @@ +## Path: System/Virtualization/libvirt + @@ -74,10 +74,10 @@ Index: libvirt-0.9.2/tools/libvirt-guests.sysconf # number of seconds we're willing to wait for a guest to shut down -#SHUTDOWN_TIMEOUT=0 +SHUTDOWN_TIMEOUT=120 -Index: libvirt-0.9.2/tools/libvirt-guests.init.sh +Index: libvirt-0.9.3/tools/libvirt-guests.init.sh =================================================================== ---- libvirt-0.9.2.orig/tools/libvirt-guests.init.sh -+++ libvirt-0.9.2/tools/libvirt-guests.init.sh +--- libvirt-0.9.3.orig/tools/libvirt-guests.init.sh ++++ libvirt-0.9.3/tools/libvirt-guests.init.sh @@ -4,10 +4,10 @@ # ### BEGIN INIT INFO @@ -220,11 +220,11 @@ Index: libvirt-0.9.2/tools/libvirt-guests.init.sh esac -exit $RETVAL +rc_exit -Index: libvirt-0.9.2/daemon/Makefile.am +Index: libvirt-0.9.3/daemon/Makefile.am =================================================================== ---- libvirt-0.9.2.orig/daemon/Makefile.am -+++ libvirt-0.9.2/daemon/Makefile.am -@@ -302,16 +302,12 @@ install-logrotate: $(LOGROTATE_CONFS) +--- libvirt-0.9.3.orig/daemon/Makefile.am ++++ libvirt-0.9.3/daemon/Makefile.am +@@ -246,16 +246,12 @@ install-logrotate: $(LOGROTATE_CONFS) if LIBVIRT_INIT_SCRIPT_RED_HAT install-init: libvirtd.init