[libvirt/f18] Rebased to version 0.10.2.3 Fix libxl driver to build against xen 4.2 (bz #870689) Fix possible cras

Cole Robinson crobinso at fedoraproject.org
Mon Jan 28 20:20:51 UTC 2013 

commit 64e6ea2c74390a13ff52155198dbf3aeb3c506fb
Author: Cole Robinson <crobinso at redhat.com>
Date:   Mon Jan 28 15:20:46 2013 -0500

    Rebased to version 0.10.2.3
    Fix libxl driver to build against xen 4.2 (bz #870689)
    Fix possible crash when destroying guests (bz #877110)
    Fix loading sysctl file (bz #887017)
    Fix svirt memory leak (bz #890039)
    Fix attaching PCI netdev to VM (bz #893131)
    Fix libvirtd segfault on shutdown (bz #903194)
    Raise mem limit to stop qemu processes from getting OOM killed (bz #903432)
    CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173)

 ...event-dnsmasq-from-listening-on-localhost.patch |  195 --------------------
 ...tom-svirt_tcg_t-context-for-TCG-based-gue.patch |   30 ++--
 libvirt.spec                                       |   66 ++++---
 sources                                            |    2 +-
 4 files changed, 56 insertions(+), 237 deletions(-)
---
diff --git a/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch b/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
index 36f28a2..a5e683b 100644
--- a/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
+++ b/0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
@@ -1,10 +1,7 @@
-From fcfb9d8b8e46365cb43e5dca864bb298504c6e1a Mon Sep 17 00:00:00 2001
-Message-Id: <fcfb9d8b8e46365cb43e5dca864bb298504c6e1a.1355685201.git.crobinso at redhat.com>
-In-Reply-To: <84cbd3a98aac26bd705801f55aac82da9c92967d.1355685201.git.crobinso at redhat.com>
-References: <84cbd3a98aac26bd705801f55aac82da9c92967d.1355685201.git.crobinso at redhat.com>
+From 95ea6a38bd9a3ca8393c7d738df8bab0ca554439 Mon Sep 17 00:00:00 2001
 From: "Daniel P. Berrange" <berrange at redhat.com>
-Date: Wed, 12 Dec 2012 11:49:19 +0000
-Subject: [PATCH 2/2] Support custom 'svirt_tcg_t' context for TCG based guests
+Date: Wed, 12 Dec 2012 11:47:19 +0000
+Subject: [PATCH] Support custom 'svirt_tcg_t' context for TCG based guests
 
 The current SELinux policy only works for KVM guests, since
 TCG requires the 'execmem' privilege. There is a 'virt_use_execmem'
@@ -19,12 +16,13 @@ lacks support. In this case we fallback to the normal label and
 expect users to set the boolean tunable
 
 Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
+(cherry picked from commit 77d3a8097480e388f1ce3129fe530f235b05f93b)
 ---
  src/security/security_selinux.c | 48 +++++++++++++++++++++++++++++++++++++----
  1 file changed, 44 insertions(+), 4 deletions(-)
 
 diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 3157e83..223f9a7 100644
+index 2720266..b9f5a7b 100644
 --- a/src/security/security_selinux.c
 +++ b/src/security/security_selinux.c
 @@ -58,6 +58,7 @@ typedef virSecuritySELinuxCallbackData *virSecuritySELinuxCallbackDataPtr;
@@ -35,7 +33,7 @@ index 3157e83..223f9a7 100644
      char *file_context;
      char *content_context;
      virHashTablePtr mcs;
-@@ -446,8 +447,23 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
+@@ -475,8 +476,23 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
      }
  
      ptr = strchrnul(data->domain_context, '\n');
@@ -60,7 +58,7 @@ index 3157e83..223f9a7 100644
  
      if (virFileReadAll(selinux_virtual_image_context_path(), 2*MAX_CONTEXT, &(data->file_context)) < 0) {
          virReportSystemError(errno,
-@@ -469,6 +485,9 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
+@@ -498,6 +514,9 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
              *ptr = '\0';
      }
  
@@ -70,15 +68,15 @@ index 3157e83..223f9a7 100644
      if (!(data->mcs = virHashCreate(10, NULL)))
          goto error;
  
-@@ -476,6 +495,7 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
- 
- error:
+@@ -508,6 +527,7 @@ error:
+     selabel_close(data->label_handle);
+ #endif
      VIR_FREE(data->domain_context);
 +    VIR_FREE(data->alt_domain_context);
      VIR_FREE(data->file_context);
      VIR_FREE(data->content_context);
      virHashFree(data->mcs);
-@@ -506,6 +526,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
+@@ -538,6 +558,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
      const char *range;
      virSecurityLabelDefPtr seclabel;
      virSecuritySELinuxDataPtr data;
@@ -86,7 +84,7 @@ index 3157e83..223f9a7 100644
  
      if (mgr == NULL) {
          virReportError(VIR_ERR_INTERNAL_ERROR,
-@@ -568,10 +589,28 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
+@@ -600,10 +621,28 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
          if (virSecuritySELinuxMCSAdd(mgr, mcs) < 0)
              goto cleanup;
  
@@ -118,7 +116,7 @@ index 3157e83..223f9a7 100644
          if (!seclabel->label)  {
              virReportError(VIR_ERR_INTERNAL_ERROR,
                             _("cannot generate selinux context for %s"), mcs);
-@@ -722,6 +761,7 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
+@@ -758,6 +797,7 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
      virHashFree(data->mcs);
  
      VIR_FREE(data->domain_context);
@@ -127,5 +125,5 @@ index 3157e83..223f9a7 100644
      VIR_FREE(data->content_context);
  
 -- 
-1.8.0.2
+1.8.1
 
diff --git a/libvirt.spec b/libvirt.spec
index 732eb2f..8634fad 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -114,6 +114,7 @@
 %define with_systemd       0%{!?_without_systemd:0}
 %define with_numad         0%{!?_without_numad:0}
 %define with_firewalld     0%{!?_without_firewalld:0}
+%define with_libssh2_transport 0%{!?_without_libssh2_transport:0}
 
 # Non-server/HV driver defaults which are always enabled
 %define with_python        0%{!?_without_python:1}
@@ -187,8 +188,8 @@
 %endif
 %endif
 
-# Fedora doesn't have new enough Xen for libxl until F16
-%if 0%{?fedora} && 0%{?fedora} < 16
+# Fedora doesn't have new enough Xen for libxl until F18
+%if 0%{?fedora} && 0%{?fedora} < 18
 %define with_libxl 0
 %endif
 
@@ -235,6 +236,11 @@
 %endif
 %endif
 
+# Enable libssh2 transport for new enough distros
+%if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
+%define with_libssh2_transport 0%{!?_without_libssh2_transport:1}
+%endif
+
 # Disable some drivers when building without libvirt daemon.
 # The logic is the same as in configure.ac
 %if ! %{with_libvirtd}
@@ -300,10 +306,6 @@
 %define with_storage 0
 %endif
 
-# libxl driver doesn't build with Xen 4.2 in rawhide
-%if 0%{?fedora} && 0%{?fedora} >= 18
-%define with_libxl 0
-%endif
 
 # Force QEMU to run as non-root
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
@@ -332,8 +334,8 @@
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
-Version: 0.10.2.2
-Release: 3%{?dist}%{?extra_release}
+Version: 0.10.2.3
+Release: 1%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -352,10 +354,9 @@ Patch2: libvirt-dbus.patch
 # Cleanly save session VMs on logout/shutdown (bz 872254)
 # keep: Fixed upstream, but using patches not suitable for stable
 Patch3: libvirt-save-with-session.patch
-# Fix conflict with NM launched dnsmasq (bz 886663)
-Patch4: 0001-network-prevent-dnsmasq-from-listening-on-localhost.patch
 # Fix selinux denials when launching non-kvm qemu guests (bz 885837)
-Patch5: 0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
+# keep: missed stable release
+Patch4: 0002-Support-custom-svirt_tcg_t-context-for-TCG-based-gue.patch
 
 
 %if %{with_libvirtd}
@@ -522,9 +523,13 @@ BuildRequires: numactl-devel
 %if %{with_capng}
 BuildRequires: libcap-ng-devel >= 0.5.0
 %endif
-%if %{with_phyp}
+%if %{with_phyp} || %{with_libssh2_transport}
+%if %{with_libssh2_transport}
+BuildRequires: libssh2-devel >= 1.3.0
+%else
 BuildRequires: libssh2-devel
 %endif
+%endif
 
 %if %{with_netcf}
 %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
@@ -645,7 +650,7 @@ Requires: PolicyKit >= 0.6
 %if %{with_storage_fs}
 Requires: nfs-utils
 # For mkfs
-Requires: util-linux-ng
+Requires: util-linux
 # For pool-build probing for existing pools
 BuildRequires: libblkid-devel >= 2.17
 # For glusterfs
@@ -706,11 +711,6 @@ Requires(postun): systemd-units
 Requires: numad
 %endif
 
-# libxl driver doesn't build with Xen 4.2 in rawhide
-%if ! %{with_libxl}
-Obsoletes: libvirt-daemon-driver-libxl
-%endif
-
 %description daemon
 Server side daemon required to manage the virtualization capabilities
 of recent versions of Linux. Requires a hypervisor specific sub-RPM
@@ -1028,6 +1028,9 @@ Requires: cyrus-sasl
 # work correctly & doesn't have onerous dependencies
 Requires: cyrus-sasl-md5
 %endif
+%if %{with_libssh2_transport}
+Requires: libssh2 >= 1.3.0
+%endif
 
 %description client
 Shared libraries and client binaries needed to access to the
@@ -1076,7 +1079,6 @@ of recent versions of Linux (and other OSes).
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 %build
 %if ! %{with_xen}
@@ -1397,8 +1399,6 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
 mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} \
    $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-docs-%{version}
 
-sed -i -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/libvirt-guests
-
 %if %{with_dtrace}
 %ifarch %{power64} s390x x86_64 ia64 alpha sparc64
 mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_probes.stp \
@@ -1408,6 +1408,10 @@ mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_qemu_probes.stp \
 %endif
 %endif
 
+%if 0%{?fedora} < 14 && 0%{?rhel} < 6
+rm -f $RPM_BUILD_ROOT%{_prefix}/lib/sysctl.d/libvirtd.conf
+%endif
+
 %clean
 rm -fr %{buildroot}
 
@@ -1647,9 +1651,7 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
 %if 0%{?fedora} >= 14 || 0%{?rhel} >= 6
-%config(noreplace) %{_sysconfdir}/sysctl.d/libvirtd
-%else
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd
+%config(noreplace) %{_prefix}/lib/sysctl.d/libvirtd.conf
 %endif
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
@@ -1902,11 +1904,13 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd
 
 %{_datadir}/libvirt/cpu_map.xml
 
-%{_sysconfdir}/rc.d/init.d/libvirt-guests
 %if %{with_systemd}
 %{_unitdir}/libvirt-guests.service
+%else
+%{_sysconfdir}/rc.d/init.d/libvirt-guests
 %endif
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
+%attr(0755, root, root) %{_libexecdir}/libvirt-guests.sh
 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
 
 %if %{with_sasl}
@@ -1950,6 +1954,18 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd
 %endif
 
 %changelog
+* Mon Jan 28 2013 Cole Robinson <crobinso at redhat.com> - 0.10.2.3-1
+- Rebased to version 0.10.2.3
+- Fix libxl driver to build against xen 4.2 (bz #870689)
+- Fix possible crash when destroying guests (bz #877110)
+- Fix loading sysctl file (bz #887017)
+- Fix svirt memory leak (bz #890039)
+- Fix attaching PCI netdev to VM (bz #893131)
+- Fix libvirtd segfault on shutdown (bz #903194)
+- Raise mem limit to stop qemu processes from getting OOM killed (bz #903432)
+- CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz
+  #905173)
+
 * Mon Dec 17 2012 Cole Robinson <crobinso at redhat.com> - 0.10.2.2-3
 - Fix scriplet warning when uninstalling libvirt-client (bz #888071)
 
diff --git a/sources b/sources
index 99be95a..1fcce42 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-940e42fe5b098eae8eec695d716be712  libvirt-0.10.2.2.tar.gz
+8ffff74a7e6674c782fec06c94c3381b  libvirt-0.10.2.3.tar.gz

More information about the scm-commits mailing list