Package: libvirt / 0.8.3-5+squeeze5

Metadata

Package Version Patches format
libvirt 0.8.3-5+squeeze5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 remove RHism.diff.patch | (download)

tools/virsh.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] remove-rhism.diff


0002 qemu disable network.diff.patch | (download)

src/Makefile.am | 3 0 + 3 - 0 !
src/Makefile.in | 3 0 + 3 - 0 !
2 files changed, 6 deletions(-)

 [patch] qemu-disable-network.diff


0003 allow libvirt group to access the socket.patch | (download)

daemon/libvirtd.conf | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] allow libvirt group to access the socket


0004 fix Debian specific path to hvm loader.patch | (download)

src/xen/xen_hypervisor.c | 2 1 + 1 - 0 !
tests/xencapsdata/xen-i686-pae-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-be-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-x86_64-hvm.xml | 4 2 + 2 - 0 !
5 files changed, 6 insertions(+), 6 deletions(-)

 [patch] fix debian specific path to hvm loader

Closes: #517059

0005 Autodetect if the remote nc command supports the q o.patch | (download)

src/remote/remote_driver.c | 47 40 + 7 - 0 !
1 file changed, 40 insertions(+), 7 deletions(-)

 [patch] autodetect if the remote nc command supports the -q option

0006 patch qemuMonitorTextGetMigrationStatus to intercept.patch | (download)

src/qemu/qemu_monitor_text.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 [patch] patch qemumonitortextgetmigrationstatus to intercept unknown command 'info migrate'

Debian package kvm up to version 72 has not implemented the command 'info migrate'.
This command interface returns help page of info commands and looks like this:


0007 Fix block statistics with newer versions of Xen.patch | (download)

src/xen/block_stats.c | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 [patch] fix block statistics with newer versions of xen

Apparently the xen block device statistics moved from
"/sys/devices/xen-backend/vbd-%d-%d/statistics/%s"
to
"/sys/bus/xen-backend/devices/vbd-%d-%d/statistics/%s"

* src/xen/block_stats.c: try the extra path in case of failure to
  find the statistics in /sys

0008 Disable CHECKSUM rule.patch | (download)

src/util/iptables.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] disable checksum rule

not supported by Squeeze's iptables

Closes: #598330

0009 Don t fail lxc domain start when memory controller s.patch | (download)

src/lxc/lxc_controller.c | 4 3 + 1 - 0 !
src/lxc/lxc_driver.c | 11 8 + 3 - 0 !
2 files changed, 11 insertions(+), 4 deletions(-)

 [patch] don't fail lxc domain start when memory controller support is missing

Debian stock kernel has CONFIG_CGROUP_MEM_RES_CTLR disabled due to the
overhead [1]. Allow to start containers if the corresponding files in
the cgroup filesystem are missing.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534964

Closes: #566180

0010 nwfilter resolve deadlock between VM operations and .patch | (download)

src/conf/nwfilter_conf.c | 18 18 + 0 - 0 !
src/conf/nwfilter_conf.h | 6 6 + 0 - 0 !
src/libvirt_private.syms | 2 2 + 0 - 0 !
src/nwfilter/nwfilter_driver.c | 13 13 + 0 - 0 !
src/qemu/qemu_driver.c | 18 14 + 4 - 0 !
5 files changed, 53 insertions(+), 4 deletions(-)

 [patch] nwfilter: resolve deadlock between vm operations and filter update

0011 OpenVZ take veid from vmdef name when defining new d.patch | (download)

src/openvz/openvz_driver.c | 40 1 + 39 - 0 !
1 file changed, 1 insertion(+), 39 deletions(-)

 [patch] openvz: take veid from vmdef->name when defining new domains

to fix domain creation.
0012 OpenVZ Fix some overwritten error codes.patch | (download)

src/openvz/openvz_driver.c | 10 4 + 6 - 0 !
1 file changed, 4 insertions(+), 6 deletions(-)

 [patch] openvz: fix some overwritten error codes

Don't overwrite errors during domain creation/definition to ease
tracking down problems.

security/0013 Add missing checks for read only connections.patch | (download)

src/libvirt.c | 27 27 + 0 - 0 !
1 file changed, 27 insertions(+)

 add missing checks for read only connections

As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
  - virConnectDomainXMLToNative
  - virNodeDeviceDettach
  - virNodeDeviceReAttach
  - virNodeDeviceReset
  - virDomainRevertToSnapshot
  - virDomainSnapshotDelete

* src/libvirt.c: fix the above set of entry points to error on read-only
                 connections


security/0014 Make error reporting in libvirtd thread safe.patch | (download)

daemon/dispatch.c | 8 2 + 6 - 0 !
daemon/remote.c | 216 112 + 104 - 0 !
2 files changed, 114 insertions(+), 110 deletions(-)

 make error reporting in libvirtd thread safe

security/0015 Fix integer overflow in VirDomainGetVcpus.patch | (download)

daemon/remote.c | 4 3 + 1 - 0 !
gnulib/lib/intprops.h | 61 61 + 0 - 0 !
src/libvirt.c | 5 3 + 2 - 0 !
src/remote/remote_driver.c | 4 3 + 1 - 0 !
4 files changed, 70 insertions(+), 4 deletions(-)

 fix integer overflow in virdomaingetvcpus

Patch taken from upsteam. (CVE-2011-2511)

Closes: #633630

0016 Add missing return on error path.patch | (download)

daemon/libvirtd.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add missing return on error path


security/0017 New virSetUIDGID utility function.patch | (download)

configure.ac | 2 1 + 1 - 0 !
src/util/util.c | 64 64 + 0 - 0 !
src/util/util.h | 2 2 + 0 - 0 !
3 files changed, 67 insertions(+), 1 deletion(-)

 new virsetuidgid() utility function

virSetUIDGID() sets both the real and effective group and user of the
process, and additionally calls initgroups() to assure that the
process joins all the auxiliary groups that the given uid is a member
of.


security/0018 Run initgroups in qemudOpenAsUID.patch | (download)

src/qemu/qemu_driver.c | 27 22 + 5 - 0 !
1 file changed, 22 insertions(+), 5 deletions(-)

 run initgroups() in qemudopenasuid()

qemudOpenAsUID is intended to open a file with the credentials of a
specified uid. Current implementation fails if the file is accessible to
one of uid's groups but not owned by uid.

This patch replaces the supplementary group list that the child process
inherited from libvirtd with the default group list of uid.


security/0019 Replace setuid setgid initgroups with virSetUIDGID.patch | (download)

src/qemu/qemu_driver.c | 44 14 + 30 - 0 !
src/qemu/qemu_security_dac.c | 18 2 + 16 - 0 !
2 files changed, 16 insertions(+), 46 deletions(-)

 replace setuid/setgid/initgroups with virsetuidgid()

This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=664406

0020 Rerun autoconf.patch | (download)

config.h.in | 3 3 + 0 - 0 !
configure | 1 1 + 0 - 0 !
2 files changed, 4 insertions(+)

 rerun autoconf