Package: libvirt / 1.2.9-9

Metadata

Package Version Patches format
libvirt 1.2.9-9 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian/allow libxl to find default path to pygrub.patch | (download)

src/libxl/libxl_conf.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 allow libxl to find default path to pygrub.

The Xen debian packages relocate pygrub into
/usr/lib/xen-X.Y/bin/pygrub, not /usr/bin/pygrub. Since libxl knows to
DTRT with a bare "pygrub" just use that by default.

debian/remove RHism.diff.patch | (download)

tools/virsh.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove-rhism.diff


debian/Don t enable default network on boot.patch | (download)

src/Makefile.am | 3 0 + 3 - 0 !
src/Makefile.in | 3 0 + 3 - 0 !
2 files changed, 6 deletions(-)

 don't enable default network on boot

to not interfere with existing network configurations

debian/fix Debian specific path to hvm loader.patch | (download)

src/xen/xen_hypervisor.c | 2 1 + 1 - 0 !
tests/xencapsdata/xen-i686-pae-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-be-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-x86_64-hvm.xml | 4 2 + 2 - 0 !
5 files changed, 6 insertions(+), 6 deletions(-)

 fix debian specific path to hvm loader

Closes: #517059

debian/Debianize libvirt guests.patch | (download)

tools/libvirt-guests.sh.in | 45 28 + 17 - 0 !
tools/libvirt-guests.sysconf | 4 2 + 2 - 0 !
2 files changed, 30 insertions(+), 19 deletions(-)

 debianize libvirt-guests

patch qemuMonitorTextGetMigrationStatus to intercept.patch | (download)

src/qemu/qemu_monitor_text.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 patch qemumonitortextgetmigrationstatus to intercept unknown command
 'info migrate'

Debian package kvm up to version 72 has not implemented the command 'info migrate'.
This command interface returns help page of info commands and looks like this:


Disable gnulib s test nonplocking pipe.sh.patch | (download)

gnulib/tests/test-nonblocking-pipe.sh | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 disable gnulib's test-nonplocking-pipe.sh

since it fails on at least sparc and mips from time to time.

Issue reported upstresm.

Disable failing virnetsockettest.patch | (download)

tests/virnetsockettest.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 disable failing virnetsockettest

until we debugged the interaction with pbuilder

Don t fail if we can t setup avahi.patch | (download)

src/rpc/virnetserver.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 don't fail if we can't setup avahi


Reduce udevadm settle timeout to 10 seconds.patch | (download)

src/util/virutil.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 reduce udevadm settle timeout to 10 seconds

This isn't a proper fix but it will make virt-manager at least start.

Closes: #663931

debian/Debianize systemd service files.patch | (download)

daemon/libvirtd.service.in | 4 2 + 2 - 0 !
tools/libvirt-guests.service.in | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 debianize systemd service files


Allow xen toolstack to find it s binaries.patch | (download)

docs/schemas/capability.rng | 4 2 + 2 - 0 !
src/xen/xen_hypervisor.c | 6 2 + 4 - 0 !
tests/xencapsdata/xen-i686-pae-hvm.xml | 6 3 + 3 - 0 !
tests/xencapsdata/xen-i686-pae.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-i686.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-be-hvm.xml | 6 3 + 3 - 0 !
tests/xencapsdata/xen-ia64-be.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-hvm.xml | 6 3 + 3 - 0 !
tests/xencapsdata/xen-ia64.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ppc64.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-x86_64-hvm.xml | 10 5 + 5 - 0 !
tests/xencapsdata/xen-x86_64.xml | 2 1 + 1 - 0 !
12 files changed, 24 insertions(+), 26 deletions(-)

 allow xen toolstack to find it's binaries

Closes: #685749

Skip vircgrouptest.patch | (download)

tests/vircgrouptest.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 skip vircgrouptest

We don't have a mock for nodeGetCPUCount yet so we fail in a chroot
without sysfs mounted.

debian/Use sensible editor as fallback.patch | (download)

tools/virsh.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use sensible-editor as fallback

Closes: #594444

debian/Debianize virtlockd.patch | (download)

src/locking/virtlockd.service.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 debianize virtlockd


qemu use systemd s TerminateMachine to kill all proc.patch | (download)

src/libvirt_private.syms | 1 1 + 0 - 0 !
src/qemu/qemu_cgroup.c | 11 10 + 1 - 0 !
src/qemu/qemu_cgroup.h | 2 1 + 1 - 0 !
src/qemu/qemu_process.c | 4 2 + 2 - 0 !
src/util/vircgroup.c | 11 11 + 0 - 0 !
src/util/vircgroup.h | 5 5 + 0 - 0 !
6 files changed, 30 insertions(+), 4 deletions(-)

 qemu: use systemd's terminatemachine to kill all processes

If we don't properly clean up all processes in the
machine-<vmname>.scope systemd won't remove the cgroup and subsequent vm
starts fail with

  'CreateMachine: File exists'

Additional processes can e.g. be added via

  echo $PID > /sys/fs/cgroup/systemd/machine.slice/machine-${VMNAME}.scope/tasks

but there are other cases like

  http://bugs.debian.org/761521

Invoke TerminateMachine to be on the safe side since systemd tracks the
cgroup anyway. This is a noop if all processes have terminated already.

Closes: #761521

security/CVE 2014 7823 dumpxml security hole with migratable .patch | (download)

src/libvirt.c | 3 2 + 1 - 0 !
src/remote/remote_protocol.x | 1 1 + 0 - 0 !
2 files changed, 3 insertions(+), 1 deletion(-)

 cve-2014-7823: dumpxml: security hole with migratable flag

Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
the qemu implementation of virDomainGetXMLDesc, the use of the
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
prior to calling qemuDomainFormatXML.  However, the use of
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
clients only.  This patch treats the migratable flag as requiring
the same permissions, rather than analyzing what might break if
migratable xml no longer includes secret information.

Fortunately, the information leak is low-risk: all that is gated
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
but VNC passwords are already weak (FIPS forbids their use, and
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
password sent in plaintext over the network deserves what they
get).  SPICE offers better security than VNC, and all other
secrets are properly protected by use of virSecret associations
rather than direct output in domain XML.

* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
Tighten rules on use of migratable flag.
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b)

Conflicts:
	src/libvirt-domain.c - file split from older src/libvirt.c
Signed-off-by: Eric Blake <eblake@redhat.com>

util Prepare URI formatting for libxml2 2.9.2.patch | (download)

src/util/viruri.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 util: prepare uri formatting for libxml2 >= 2.9.2

Since commit 8eb55d782a2b9afacc7938694891cc6fad7b42a5 libxml2 removes
two slashes from the URI when there is no server part.  This is fixed
with beb7281055dbf0ed4d041022a67c6c5cfd126f25, but only if the calling
application calls xmlSaveUri() on URI that xmlURIParse() parsed.  And
that is not the case in virURIFormat().  virURIFormat() accepts
virURIPtr that can be created without parsing it and we do that when we
format network storage paths for gluster for example.  Even though
virStorageSourceParseBackingURI() uses virURIParse(), it throws that data
structure right away.

Since we want to format URIs as URIs and not absolute URIs or opaque
URIs (see RFC 3986), we can specify that with a special hack thanks to
commit beb7281055dbf0ed4d041022a67c6c5cfd126f25, by setting port to -1.

This fixes qemuxml2argvtest test where the disk-drive-network-gluster
case was failing.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

security/CVE 2014 8131 Fix possible deadlock and segfault in .patch | (download)

src/qemu/qemu_driver.c | 20 13 + 7 - 0 !
1 file changed, 13 insertions(+), 7 deletions(-)

 cve-2014-8131: fix possible deadlock and segfault in
 qemuConnectGetAllDomainStats()

When user doesn't have read access on one of the domains he requested,
the for loop could exit abruptly or continue and override pointer which
pointed to locked object.

This patch fixed two issues at once.  One is that domflags might have
had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this
is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the
job was acquired and cleaning domflags on every start of the loop.
Second one is that the domain is kept locked when
virConnectGetAllDomainStatsCheckACL() fails and continues the loop when
it didn't end.  Adding a simple virObjectUnlock() and clearing the
pointer ought to do.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 57023c0a3af4af1c547189c1f6712ed5edeb0c0b)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

qemu bulk stats Fix logic in monitor handling.patch | (download)

src/qemu/qemu_driver.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 qemu: bulk stats: fix logic in monitor handling

A logic bug in qemuConnectGetAllDomainStats makes the code mark the
monitor as available when qemuDomainObjBeginJob fails, instead of when
it succeeds, as the correct flow requires.

This patch fixes the check and updates the code documentation
accordingly.

Broken by commit 57023c0a3af4af1c547189c1f6712ed5edeb0c0b.

Signed-off-by: Francesco Romani <fromani@redhat.com>
(cherry picked from commit cb104ef734dfea12cb8826dba7e2c98912c4b7e1)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

security/CVE 2014 8135 storage fix crash caused by no check r.patch | (download)

src/storage/storage_driver.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 cve-2014-8135: storage: fix crash caused by no check return before
 set close

https://bugzilla.redhat.com/show_bug.cgi?id=1087104#c5

When trying to use an invalid offset to virStorageVolUpload(), libvirt
fails in virFDStreamOpenFileInternal(), although it seems libvirt does
not check the return in storageVolUpload(), and calls
virFDStreamSetInternalCloseCb() right after.  But stream doesn't have a
privateData (is NULL) yet, and the daemon crashes then.

0  0x00007f09429a9c10 in pthread_mutex_lock () from /lib64/libpthread.so.0
1  0x00007f094514dbf5 in virMutexLock (m=<optimized out>) at util/virthread.c:88
2  0x00007f09451cb211 in virFDStreamSetInternalCloseCb at fdstream.c:795
3  0x00007f092ff2c9eb in storageVolUpload at storage/storage_driver.c:2098
4  0x00007f09451f46e0 in virStorageVolUpload at libvirt.c:14000
5  0x00007f0945c78fa1 in remoteDispatchStorageVolUpload at remote_dispatch.h:14339
6  remoteDispatchStorageVolUploadHelper at remote_dispatch.h:14309
7  0x00007f094524a192 in virNetServerProgramDispatchCall at rpc/virnetserverprogram.c:437

Signed-off-by: Luyao Huang <lhuang@redhat.com>
(cherry picked from commit 87b9437f8951f9d24f9a85c6bbfff0e54df8c984)

security/CVE 2014 8136 qemu migration Unlock vm on failed ACL.patch | (download)

src/qemu/qemu_driver.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 cve-2014-8136: qemu: migration: unlock vm on failed acl check in
 protocol v2 APIs

Avoid leaving the domain locked on a failed ACL check in
qemuDomainMigratePerform() and qemuDomainMigrateFinish2().

Introduced in commit abf75aea247e (Add ACL checks into the QEMU driver).

(cherry picked from commit 2bdcd29c713dfedd813c89f56ae98f6f3898313d)

upstream/qemu Fix crash in tunnelled migration.patch | (download)

src/qemu/qemu_migration.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 qemu: fix crash in tunnelled migration

Any attempt to start a tunnelled migration with libvirtd that supports
RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
libvirtd on the destination host.

The crash is inevitable because qemuMigrationPrepareAny is always called
with NULL protocol in case of tunnelled migration.

https://bugzilla.redhat.com/show_bug.cgi?id=1147331
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Closes: #773503

lxc Move setting ifname_guest_actual to virLXCSetupI.patch | (download)

src/lxc/lxc_process.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 lxc: move setting ifname_guest_actual to virlxcsetupinterfaces

so it applies to interfaces of type 'direct' too.

lxc Don t crash on NULL ifname_guest_actual.patch | (download)

src/lxc/lxc_container.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 lxc: don't crash on null ifname_guest_actual


upstream/vbox fix a bug in _machineStateInactive.patch | (download)

src/vbox/vbox_tmpl.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 vbox: fix a bug in _machinestateinactive

This function returned non-inactive domains instead of active
domains.  This broke virConnectNumOfDefinedDomains() and
virConnectListDefinedDomains() functions.

Closes: #770202

security/CVE 2015 0236 qemu Check ACLs when dumping security .patch | (download)

src/qemu/qemu_driver.c | 2 1 + 1 - 0 !
src/remote/remote_protocol.x | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 cve-2015-0236: qemu: check acls when dumping security info from save
 image

The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it.

security/CVE 2015 0236 qemu Check ACLs when dumping securi 14.patch | (download)

src/qemu/qemu_driver.c | 2 1 + 1 - 0 !
src/remote/remote_protocol.x | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 cve-2015-0236: qemu: check acls when dumping security info from
 snapshots

The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it. Found via code inspection while fixing
permissions for save images.

qemu Don t try to parse help for new QEM.patch | (download)

src/qemu/qemu_capabilities.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 

Since QEMU 1.2.0, we switched to QMP probing instead of parsing -help
(and other commands, such as -cpu ?) output. However, if QMP probing
failed, we still tried starting QEMU with various options and parsing
the output, which was guaranteed to fail because the output changed.
Let's just refuse parsing -help for QEMU >= 1.2.0.