Package: libvirt / 3.0.0-4+deb9u2~bpo8+1

Metadata

Package Version Patches format
libvirt 3.0.0-4+deb9u2~bpo8+1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian/remove RHism.diff.patch | (download)

tools/virsh.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove-rhism.diff


debian/Don t enable default network on boot.patch | (download)

src/Makefile.am | 3 1 + 2 - 0 !
src/Makefile.in | 3 1 + 2 - 0 !
2 files changed, 2 insertions(+), 4 deletions(-)

 don't enable default network on boot

to not interfere with existing network configurations

debian/fix Debian specific path to hvm loader.patch | (download)

src/xen/xen_hypervisor.c | 2 1 + 1 - 0 !
tests/xencapsdata/xen-i686-pae-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-be-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-x86_64-hvm.xml | 4 2 + 2 - 0 !
5 files changed, 6 insertions(+), 6 deletions(-)

 fix debian specific path to hvm loader

Closes: #517059

debian/Debianize libvirt guests.patch | (download)

tools/libvirt-guests.sh.in | 45 28 + 17 - 0 !
tools/libvirt-guests.sysconf | 4 2 + 2 - 0 !
2 files changed, 30 insertions(+), 19 deletions(-)

 debianize libvirt-guests

patch qemuMonitorTextGetMigrationStatus to intercept.patch | (download)

src/qemu/qemu_monitor_text.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 patch qemumonitortextgetmigrationstatus to intercept unknown command
 'info migrate'

Debian package kvm up to version 72 has not implemented the command 'info migrate'.
This command interface returns help page of info commands and looks like this:


Disable gnulib s test nonplocking pipe.sh.patch | (download)

gnulib/tests/test-nonblocking-pipe.sh | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 disable gnulib's test-nonplocking-pipe.sh

since it fails on at least sparc and mips from time to time.

Issue reported upstresm.

Reduce udevadm settle timeout to 10 seconds.patch | (download)

src/util/virutil.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 reduce udevadm settle timeout to 10 seconds

This isn't a proper fix but it will make virt-manager at least start.

Closes: #663931

debian/Debianize systemd service files.patch | (download)

daemon/libvirtd.service.in | 4 2 + 2 - 0 !
tools/libvirt-guests.service.in | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 debianize systemd service files


Allow xen toolstack to find it s binaries.patch | (download)

docs/schemas/capability.rng | 4 2 + 2 - 0 !
src/xen/xen_hypervisor.c | 6 2 + 4 - 0 !
tests/xencapsdata/xen-i686-pae-hvm.xml | 6 3 + 3 - 0 !
tests/xencapsdata/xen-i686-pae.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-i686.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-be-hvm.xml | 6 3 + 3 - 0 !
tests/xencapsdata/xen-ia64-be.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-hvm.xml | 6 3 + 3 - 0 !
tests/xencapsdata/xen-ia64.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ppc64.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-x86_64-hvm.xml | 10 5 + 5 - 0 !
tests/xencapsdata/xen-x86_64.xml | 2 1 + 1 - 0 !
12 files changed, 24 insertions(+), 26 deletions(-)

 allow xen toolstack to find it's binaries

Closes: #685749

Skip vircgrouptest.patch | (download)

tests/vircgrouptest.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 skip vircgrouptest

We don't have a mock for nodeGetCPUCount yet so we fail in a chroot
without sysfs mounted.

debian/Debianize virtlockd.patch | (download)

src/locking/virtlockd.service.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 debianize virtlockd


debian/Use upstreams polkit rule.patch | (download)

daemon/Makefile.am | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use upstreams polkit rule

As of 1.2.16 upstream ships a Polkit rule like Debian does.

Allow access to libnl 3 config files.patch | (download)

examples/apparmor/usr.lib.libvirt.virt-aa-helper | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 allow access to libnl-3 config files

Closes: #786650

debian/apparmor_profiles_local_include.patch | (download)

examples/apparmor/usr.lib.libvirt.virt-aa-helper | 3 3 + 0 - 0 !
examples/apparmor/usr.sbin.libvirtd | 3 3 + 0 - 0 !
2 files changed, 6 insertions(+)

 apparmor_profiles_local_include

Include local apparmor profile

virt aa helper apparmor allow usr share OVMF too.patch | (download)

examples/apparmor/libvirt-qemu | 1 1 + 0 - 0 !
src/security/virt-aa-helper.c | 1 1 + 0 - 0 !
tests/virt-aa-helper-test | 7 6 + 1 - 0 !
3 files changed, 8 insertions(+), 1 deletion(-)

 virt-aa-helper, apparmor: allow /usr/share/ovmf/ too

The split firmware and variables files introduced by
Set defaults for zfs tools.patch | (download)

m4/virt-storage-zfs.m4 | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 set defaults for zfs tools

so we don't have to build-depend on a program in contrib

Pass GPG_TTY env var to the ssh binary.patch | (download)

src/rpc/virnetsocket.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 pass gpg_tty env var to the ssh binary


openpty Skip test if no pty is available.patch | (download)

gnulib/tests/test-openpty.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 openpty: skip test if no pty is available

In chroots for package builds with recent debootstrap there may be
no ptys or they might not be accessible. This both manifests as ENOENT
on Linux.

Works around #817236

test posix_openpt don t fail on EACCESS.patch | (download)

gnulib/tests/test-posix_openpt.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 test-posix_openpt: don't fail on eaccess

In chroots created with recent debootstrap /dev/ptmx might not be accessible.

Works around #817236

Disable use of namespaces by default.patch | (download)

src/qemu/qemu_conf.c | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

 disable use of namespaces by default

When namespaces are enabled there is currently breakage when
using disk hotplug and when using AppArmor

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

debian/Debianize virtlogd.patch | (download)

src/logging/virtlogd.service.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 debianize virtlogd


CVE 2017 2635 qemu Don t update physical storage size of .patch | (download)

src/qemu/qemu_driver.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 cve-2017-2635: qemu: don't update physical storage size of empty
 drives

Previously the code called virStorageSourceUpdateBlockPhysicalSize which
did not do anything on empty drives since it worked only on block
devices. After the refactor in c5f6151390 it's called for all devices
and thus attempts to deref the NULL path of empty drives.

Add a check that skips the update of the physical size if the storage
source is empty.

Upstream-Commit: c3de387380f6057ee0e46cd9f2f0a092e8070875
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1420718

apparmor allow usr lib qemu qemu bridge helper.patch | (download)

examples/apparmor/usr.sbin.libvirtd | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 apparmor: allow /usr/lib/qemu/qemu-bridge-helper

This unbreaks e.g. gnome-boxes

qemu skip QMP probing of CPU definitions when missing.patch | (download)

src/qemu/qemu_capabilities.c | 5 5 + 0 - 0 !
src/qemu/qemu_capabilities.h | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_1.2.2.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_1.3.1.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_1.4.2.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.6.0-gicv2.aarch64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.6.0-gicv3.aarch64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.6.0.ppc64le.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 1 + 0 - 0 !
tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 769 769 + 0 - 0 !
20 files changed, 792 insertions(+)

 qemu: skip qmp probing of cpu definitions when missing

This unbreaks emulators that don't support this command such as
qemu-system-mips*.

Closes: #854125

security/qemu ensure TLS clients always verify the server certific.patch | (download)

src/qemu/qemu_command.c | 2 1 + 1 - 0 !
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args | 2 1 + 1 - 0 !
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 qemu: ensure tls clients always verify the server certificate

The default_tls_x509_verify (and related) parameters in qemu.conf
control whether the QEMU TLS servers request & verify certificates
from clients. This works as a simple access control system for
servers by requiring the CA to issue certs to permitted clients.
This use of client certificates is disabled by default, since it
requires extra work to issue client certificates.

Unfortunately the code was using this configuration parameter when
setting up both TLS clients and servers in QEMU. The result was that
TLS clients for character devices and disk devices had verification
turned off, meaning they would ignore errors while validating the
server certificate.

This allows for trivial MITM attacks between client and server,
as any certificate returned by the attacker will be accepted by
the client.

This is assigned CVE-2017-1000256  / LSN-2017-0002

qemu shared disks with cache directsync should be safe fo.patch | (download)

src/qemu/qemu_migration.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 qemu: shared disks with cache=directsync should be safe for
 migration

At present shared disks can be migrated with either readonly or cache=none. But
cache=directsync should be safe for migration, because both cache=directsync and cache=none
don't use the host page cache, and cache=direct write through qemu block layer cache.

Signed-off-by: Peng Hao <peng.hao2@zte.com.cn>
qemu avoid denial of service reading from QEMU monitor CV.patch | (download)

src/qemu/qemu_monitor.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 qemu: avoid denial of service reading from qemu monitor
 (CVE-2018-5748)

We read from QEMU until seeing a \r\n pair to indicate a completed reply
or event. To avoid memory denial-of-service though, we must have a size
limit on amount of data we buffer. 10 MB is large enough that it ought
to cope with normal QEMU replies, and small enough that we're not
consuming unreasonable mem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>