[libvirt/f18] Rebased to version 0.10.2.3 Fix libxl driver to build against xen 4.2 (bz #870689) Fix possible cras
Cole Robinson
crobinso at fedoraproject.org
Mon Jan 28 20:20:51 UTC 2013
commit 64e6ea2c74390a13ff52155198dbf3aeb3c506fb
Author: Cole Robinson <crobinso at redhat.com>
Date: Mon Jan 28 15:20:46 2013 -0500
Rebased to version 0.10.2.3
Fix libxl driver to build against xen 4.2 (bz #870689)
Fix possible crash when destroying guests (bz #877110)
Fix loading sysctl file (bz #887017)
Fix svirt memory leak (bz #890039)
Fix attaching PCI netdev to VM (bz #893131)
Fix libvirtd segfault on shutdown (bz #903194)
Raise mem limit to stop qemu processes from getting OOM killed (bz #903432)
CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173)
...event-dnsmasq-from-listening-on-localhost.patch | 195 --------------------
...tom-svirt_tcg_t-context-for-TCG-based-gue.patch | 30 ++--
libvirt.spec | 66 ++++---
sources | 2 +-
4 files changed, 56 insertions(+), 237 deletions(-)
---
diff --git a/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch b/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
index 36f28a2..a5e683b 100644
--- a/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
+++ b/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
@@ -1,10 +1,7 @@
-From fcfb9d8b8e46365cb43e5dca864bb298504c6e1a Mon Sep 17 00:00:00 2001
-Message-Id: <fcfb9d8b8e46365cb43e5dca864bb298504c6e1a.1355685201.git.crobinso at redhat.com>
-In-Reply-To: <84cbd3a98aac26bd705801f55aac82da9c92967d.1355685201.git.crobinso at redhat.com>
-References: <84cbd3a98aac26bd705801f55aac82da9c92967d.1355685201.git.crobinso at redhat.com>
+From 95ea6a38bd9a3ca8393c7d738df8bab0ca554439 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange at redhat.com>
-Date: Wed, 12 Dec 2012 11:49:19 +0000
-Subject: [PATCH 2/2] Support custom 'svirt_tcg_t' context for TCG based guests
+Date: Wed, 12 Dec 2012 11:47:19 +0000
+Subject: [PATCH] Support custom 'svirt_tcg_t' context for TCG based guests
The current SELinux policy only works for KVM guests, since
TCG requires the 'execmem' privilege. There is a 'virt_use_execmem'
@@ -19,12 +16,13 @@ lacks support. In this case we fallback to the normal label and
expect users to set the boolean tunable
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
+(cherry picked from commit 77d3a8097480e388f1ce3129fe530f235b05f93b)
---
src/security/security_selinux.c | 48 +++++++++++++++++++++++++++++++++++++----
1 file changed, 44 insertions(+), 4 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 3157e83..223f9a7 100644
+index 2720266..b9f5a7b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -58,6 +58,7 @@ typedef virSecuritySELinuxCallbackData *virSecuritySELinuxCallbackDataPtr;
@@ -35,7 +33,7 @@ index 3157e83..223f9a7 100644
char *file_context;
char *content_context;
virHashTablePtr mcs;
-@@ -446,8 +447,23 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
+@@ -475,8 +476,23 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
}
ptr = strchrnul(data->domain_context, '\n');
@@ -60,7 +58,7 @@ index 3157e83..223f9a7 100644
if (virFileReadAll(selinux_virtual_image_context_path(), 2*MAX_CONTEXT, &(data->file_context)) < 0) {
virReportSystemError(errno,
-@@ -469,6 +485,9 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
+@@ -498,6 +514,9 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
*ptr = '\0';
}
@@ -70,15 +68,15 @@ index 3157e83..223f9a7 100644
if (!(data->mcs = virHashCreate(10, NULL)))
goto error;
-@@ -476,6 +495,7 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
-
- error:
+@@ -508,6 +527,7 @@ error:
+ selabel_close(data->label_handle);
+ #endif
VIR_FREE(data->domain_context);
+ VIR_FREE(data->alt_domain_context);
VIR_FREE(data->file_context);
VIR_FREE(data->content_context);
virHashFree(data->mcs);
-@@ -506,6 +526,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
+@@ -538,6 +558,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
const char *range;
virSecurityLabelDefPtr seclabel;
virSecuritySELinuxDataPtr data;
@@ -86,7 +84,7 @@ index 3157e83..223f9a7 100644
if (mgr == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR,
-@@ -568,10 +589,28 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
+@@ -600,10 +621,28 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
if (virSecuritySELinuxMCSAdd(mgr, mcs) < 0)
goto cleanup;
@@ -118,7 +116,7 @@ index 3157e83..223f9a7 100644
if (!seclabel->label) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
-@@ -722,6 +761,7 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
+@@ -758,6 +797,7 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
virHashFree(data->mcs);
VIR_FREE(data->domain_context);
@@ -127,5 +125,5 @@ index 3157e83..223f9a7 100644
VIR_FREE(data->content_context);
--
-1.8.0.2
+1.8.1
diff --git a/libvirt.spec b/libvirt.spec
index 732eb2f..8634fad 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -114,6 +114,7 @@
%define with_systemd 0%{!?_without_systemd:0}
%define with_numad 0%{!?_without_numad:0}
%define with_firewalld 0%{!?_without_firewalld:0}
+%define with_libssh2_transport 0%{!?_without_libssh2_transport:0}
# Non-server/HV driver defaults which are always enabled
%define with_python 0%{!?_without_python:1}
@@ -187,8 +188,8 @@
%endif
%endif
-# Fedora doesn't have new enough Xen for libxl until F16
-%if 0%{?fedora} && 0%{?fedora} < 16
+# Fedora doesn't have new enough Xen for libxl until F18
+%if 0%{?fedora} && 0%{?fedora} < 18
%define with_libxl 0
%endif
@@ -235,6 +236,11 @@
%endif
%endif
+# Enable libssh2 transport for new enough distros
+%if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
+%define with_libssh2_transport 0%{!?_without_libssh2_transport:1}
+%endif
+
# Disable some drivers when building without libvirt daemon.
# The logic is the same as in configure.ac
%if ! %{with_libvirtd}
@@ -300,10 +306,6 @@
%define with_storage 0
%endif
-# libxl driver doesn't build with Xen 4.2 in rawhide
-%if 0%{?fedora} && 0%{?fedora} >= 18
-%define with_libxl 0
-%endif
# Force QEMU to run as non-root
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
@@ -332,8 +334,8 @@
Summary: Library providing a simple virtualization API
Name: libvirt
-Version: 0.10.2.2
-Release: 3%{?dist}%{?extra_release}
+Version: 0.10.2.3
+Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -352,10 +354,9 @@ Patch2: libvirt-dbus.patch
# Cleanly save session VMs on logout/shutdown (bz 872254)
# keep: Fixed upstream, but using patches not suitable for stable
Patch3: libvirt-save-with-session.patch
-# Fix conflict with NM launched dnsmasq (bz 886663)
-Patch4: 0001-network-prevent-dnsmasq-from-listening-on-localhost.patch
# Fix selinux denials when launching non-kvm qemu guests (bz 885837)
-Patch5: 0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
+# keep: missed stable release
+Patch4: 0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
%if %{with_libvirtd}
@@ -522,9 +523,13 @@ BuildRequires: numactl-devel
%if %{with_capng}
BuildRequires: libcap-ng-devel >= 0.5.0
%endif
-%if %{with_phyp}
+%if %{with_phyp} || %{with_libssh2_transport}
+%if %{with_libssh2_transport}
+BuildRequires: libssh2-devel >= 1.3.0
+%else
BuildRequires: libssh2-devel
%endif
+%endif
%if %{with_netcf}
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
@@ -645,7 +650,7 @@ Requires: PolicyKit >= 0.6
%if %{with_storage_fs}
Requires: nfs-utils
# For mkfs
-Requires: util-linux-ng
+Requires: util-linux
# For pool-build probing for existing pools
BuildRequires: libblkid-devel >= 2.17
# For glusterfs
@@ -706,11 +711,6 @@ Requires(postun): systemd-units
Requires: numad
%endif
-# libxl driver doesn't build with Xen 4.2 in rawhide
-%if ! %{with_libxl}
-Obsoletes: libvirt-daemon-driver-libxl
-%endif
-
%description daemon
Server side daemon required to manage the virtualization capabilities
of recent versions of Linux. Requires a hypervisor specific sub-RPM
@@ -1028,6 +1028,9 @@ Requires: cyrus-sasl
# work correctly & doesn't have onerous dependencies
Requires: cyrus-sasl-md5
%endif
+%if %{with_libssh2_transport}
+Requires: libssh2 >= 1.3.0
+%endif
%description client
Shared libraries and client binaries needed to access to the
@@ -1076,7 +1079,6 @@ of recent versions of Linux (and other OSes).
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%patch5 -p1
%build
%if ! %{with_xen}
@@ -1397,8 +1399,6 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} \
$RPM_BUILD_ROOT%{_datadir}/doc/libvirt-docs-%{version}
-sed -i -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/libvirt-guests
-
%if %{with_dtrace}
%ifarch %{power64} s390x x86_64 ia64 alpha sparc64
mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_probes.stp \
@@ -1408,6 +1408,10 @@ mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_qemu_probes.stp \
%endif
%endif
+%if 0%{?fedora} < 14 && 0%{?rhel} < 6
+rm -f $RPM_BUILD_ROOT%{_prefix}/lib/sysctl.d/libvirtd.conf
+%endif
+
%clean
rm -fr %{buildroot}
@@ -1647,9 +1651,7 @@ fi
%config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
%config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
%if 0%{?fedora} >= 14 || 0%{?rhel} >= 6
-%config(noreplace) %{_sysconfdir}/sysctl.d/libvirtd
-%else
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd
+%config(noreplace) %{_prefix}/lib/sysctl.d/libvirtd.conf
%endif
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
@@ -1902,11 +1904,13 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd
%{_datadir}/libvirt/cpu_map.xml
-%{_sysconfdir}/rc.d/init.d/libvirt-guests
%if %{with_systemd}
%{_unitdir}/libvirt-guests.service
+%else
+%{_sysconfdir}/rc.d/init.d/libvirt-guests
%endif
%config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
+%attr(0755, root, root) %{_libexecdir}/libvirt-guests.sh
%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
%if %{with_sasl}
@@ -1950,6 +1954,18 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd
%endif
%changelog
+* Mon Jan 28 2013 Cole Robinson <crobinso at redhat.com> - 0.10.2.3-1
+- Rebased to version 0.10.2.3
+- Fix libxl driver to build against xen 4.2 (bz #870689)
+- Fix possible crash when destroying guests (bz #877110)
+- Fix loading sysctl file (bz #887017)
+- Fix svirt memory leak (bz #890039)
+- Fix attaching PCI netdev to VM (bz #893131)
+- Fix libvirtd segfault on shutdown (bz #903194)
+- Raise mem limit to stop qemu processes from getting OOM killed (bz #903432)
+- CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz
+ #905173)
+
* Mon Dec 17 2012 Cole Robinson <crobinso at redhat.com> - 0.10.2.2-3
- Fix scriplet warning when uninstalling libvirt-client (bz #888071)
diff --git a/sources b/sources
index 99be95a..1fcce42 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-940e42fe5b098eae8eec695d716be712 libvirt-0.10.2.2.tar.gz
+8ffff74a7e6674c782fec06c94c3381b libvirt-0.10.2.3.tar.gz
More information about the scm-commits
mailing list