November 2014 - openSUSE Commits - openSUSE Mailing Lists

commit gnutls for openSUSE:12.3:Update
by root＠hilbert.suse.de 21 Nov '14

21 Nov '14

Hello community, here is the log from the commit of package gnutls for openSUSE:12.3:Update checked in at 2014-11-21 09:28:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/gnutls (Old) and /work/SRC/openSUSE:12.3:Update/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gnutls" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.XJGYkN/_old 2014-11-21 09:28:40.000000000 +0100 +++ /var/tmp/diff_new_pack.XJGYkN/_new 2014-11-21 09:28:40.000000000 +0100 @@ -1 +1 @@ -<link package='gnutls.2852' cicount='copy' /> +<link package='gnutls.3193' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit gnutls.3193 for openSUSE:12.3:Update
by root＠hilbert.suse.de 21 Nov '14

21 Nov '14

Hello community, here is the log from the commit of package gnutls.3193 for openSUSE:12.3:Update checked in at 2014-11-21 09:28:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/gnutls.3193 (Old) and /work/SRC/openSUSE:12.3:Update/.gnutls.3193.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gnutls.3193" Changes: -------- New Changes file: --- /dev/null 2014-11-17 01:44:14.624034255 +0100 +++ /work/SRC/openSUSE:12.3:Update/.gnutls.3193.new/gnutls.changes 2014-11-21 09:28:38.000000000 +0100 @@ -0,0 +1,1284 @@ +------------------------------------------------------------------- +Wed Nov 12 17:41:30 UTC 2014 - meissner(a)suse.com + +- gnutls-CVE-2014-8564.patch: Fixed parsing problem in elliptic + curve blobs over TLS that could lead to remote crashes. + (bnc#904603 CVE-2014-8564) + +------------------------------------------------------------------- +Tue Jun 3 05:40:14 UTC 2014 - shchang(a)suse.com + +- Fixed bug[ bnc#880910], gnutls affected by libtasn1 vulnerabilities + Add patch files: CVE-2014-3467.patch, CVE-2014-3468.patch, CVE-2014-3469.patch + +------------------------------------------------------------------- +Mon Jun 2 05:24:26 UTC 2014 - citypw(a)gmail.com + +- Fixed bug[ bnc#880730], CVE-2014-3466: gnutls: Possible memory corruption during connect +- Fixed bug[ bnc#880733], CVE-2014-3465: gnutls: gnutls_x509_dn_oid_name NULL pointer dereference + Add patch files: CVE-2014-3466.patch, CVE-2014-3465.patch + +------------------------------------------------------------------- +Mon Mar 31 07:24:25 UTC 2014 - shchang(a)suse.com + +- Fix bug [ bnc#870551] 870551 - gnutls cannot access www.bsi.de + Add patch file: gnutls-3.2.10-supported-ecc.patch + +------------------------------------------------------------------- +Mon Mar 3 10:31:34 UTC 2014 - shchang(a)suse.com + +- Fixed bug [ bnc#865804] gnutls: CVE-2014-0092, insufficient X.509 certificate verification + Add patch file: CVE-2014-0092.patch + +------------------------------------------------------------------- +Tue Feb 5 17:03:26 UTC 2013 - meissner(a)suse.com + +- Updated to GnuTLS 3.0.28 + - libgnutls: Fixes in server side of DTLS-0.9. + - libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD + ciphers (i.e., AES-GCM). + - libgnutls: Fixes in record padding parsing to prevent a timing + attack. Issue reported by Kenny Patterson and Nadhem Alfardan. + bnc#802184 + - libgnutls: DN variable 'T' was expanded to 'title'. + +------------------------------------------------------------------- +Thu Jan 24 10:14:13 UTC 2013 - meissner(a)suse.com + +- Updated to GnuTLS 3.0.27 + - libgnutls: Fixed record padding parsing issue. + - libgnutls: Stricter RSA PKCS #1 1.5 encoding. + - libgnutls-guile: Fixed parallel compilation issue. + - API and ABI modifications: No changes since last version. + +------------------------------------------------------------------- +Tue Nov 27 20:31:26 UTC 2012 - crrodriguez(a)opensuse.org + +- Test suite breaks on qemu-arm some calls not implemented. + +------------------------------------------------------------------- +Sun Nov 25 10:52:46 UTC 2012 - andreas.stieger(a)gmx.de + +- include LGPL-3.0+ text in COPYING.LESSER +- run regression tests, but move "make check" to %check section +- add gnutls-3.0.26-skip-test-fwrite.patch to skip a failing test +- no longer manipulate doc/examples tree in %install section, the + deletion of Makefiles breaks "make check" in %check +- install documentation, reference and examples in %install section + to fetch them for the package without unneccessary files + +------------------------------------------------------------------- +Fri Nov 16 23:30:09 UTC 2012 - andreas.stieger(a)gmx.de + +- updated to GnuTLS 3.0.26: + - libgnutls: Always tolerate key usage violation errors from the + side of the peer, but also notify via an audit message. + - libgnutls: gnutls_x509_crl_verify() includes time checks. + - libgnutls: Increased maximum password length in the PKCS #12 + functions. + - API and ABI modifications: + GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added + GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added + +- includes changes from 3.0.25: + - libgnutls: Fixed the receipt of session tickets during session + resumption. + - libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the + OCSP response corresponds to the given certificate. + - libgnutls: Several updates in the OpenPGP code. The generating code + is fully RFC6091 compliant and RFC5081 support is only supported in + client mode. + - API and ABI modifications: + gnutls_ocsp_resp_check_crt: Added + +- includes changes form version 3.0.24: + - libgnutls: The %COMPAT keyword, if specified, will tolerate + key usage violation errors (they are far too common to ignore). + - libgnutls: Corrected bug in OpenPGP subpacket encoding. + - libgnutls: Added X.509 certificate verification flag + - GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification + of unsorted certificate chains and is enabled by default for + TLS certificate verification (if gnutls_certificate_set_verify_flags() + does not override it). + - libgnutls: Correctly restore gnutls_record_recv() in DTLS mode + if interrupted during the retrasmition of handshake data. + - libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), + which provides a tool to counter compression-related attacks where + parts of the data are controlled by the attacker _and_ are placed in + separate records (use with care - do not use compression if not sure). + - libgnutls: Depends on libtasn1 2.14 or later. + +- includes changes from version 3.0.23: + - gnutls-serv: Listens on IPv6 + - libgnutls: Be tolerant in ECDSA signature violations (e.g. using + SHA256 with a SECP384 curve instead of SHA-384), to interoperate with + openssl. +- libgnutls: Fixed DSA and ECDSA signature generation in smart cards. + +- includes changes from version 3.0.22 + - libgnutls: When verifying a certificate chain make sure it is chain. + If the chain is wronly interrupted at some point then truncate it, + and only try to verify the correct part. Patch by David Woodhouse + - libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8() + which now may (again) accept a NULL password. + - certtool: Allow the user to choose the hash algorithm + when signing certificate request or certificate revocation list. + +- Refresh gnutls-implement-trust-store-dir.diff, some parts are in + upstream sources + +------------------------------------------------------------------- +Mon Jul 16 06:00:52 UTC 2012 - gjhe(a)suse.com + +- update to latest stable version 3.0.21: + libgnutls: fixed bug in gnutls_x509_privkey_import() + that prevented the loading of EC private keys when DER + encoded. Reported by David Woodhouse. + + libgnutls: In DTLS larger to mtu records result to + GNUTLS_E_LARGE_PACKET instead of being truncated. + + libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based + on patch by David Woodhouse. + + libgnutls: Fixed memory leak in PKCS #8 key import. + + libgnutls: Added support for an old version of the DTLS protocol + used by openconnect vpn client for compatibility with Cisco's AnyConnect + SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols + as it has issues. + + libgnutls: Corrected bug that prevented resolving PKCS #11 URLs + if only the label is specified. Patch by David Woodhouse. + + libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET + is returned. + + API and ABI modifications: + gnutls_dtls_set_data_mtu: Added + gnutls_session_set_premaster: Added + +------------------------------------------------------------------- +Sun Jul 1 20:00:33 UTC 2012 - coolo(a)suse.com + +- merge am-1.12 patches into 1 + +------------------------------------------------------------------- +Sat Jun 30 17:24:48 UTC 2012 - i(a)marguerite.su + +- fix 12.2 builds. + * replace depreciated am_prog_mkdir_p with ac_prog_mkdir_p. + +------------------------------------------------------------------- +Thu Jun 21 08:02:43 UTC 2012 - meissner(a)suse.com + +- Updated to version 3.0.20: + libgnutls: Corrected bug which prevented the parsing of + handshake packets spanning multiple records. + + libgnutls: Check key identifiers when checking for an issuer. + + libgnutls: Added gnutls_pubkey_verify_hash2() + + libgnutls: Added gnutls_certificate_set_x509_system_trust() + that loads the trusted CA certificates from system locations + (e.g. trusted storage in windows and CA bundle files in other systems). + + certtool: Added support for the URI subject alternative + name type in certtool. + + certtool: Increase to 128 the maximum number of distinct options + (e.g. dns_names) allowed. + + gnutls-cli: If --print-cert is given, print the certificate, + even on verification failure. + + ** API and ABI modifications: + gnutls_pk_to_sign: Added ++++ 1087 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.gnutls.3193.new/gnutls.changes New: ---- CVE-2014-0092.patch CVE-2014-3465.patch CVE-2014-3466.patch CVE-2014-3467.patch CVE-2014-3468.patch CVE-2014-3469.patch automake-1.12.patch baselibs.conf gnutls-3.0.26-skip-test-fwrite.patch gnutls-3.0.28.tar.xz gnutls-3.2.10-supported-ecc.patch gnutls-CVE-2014-8564.patch gnutls-implement-trust-store-dir.diff gnutls.changes gnutls.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ # # spec file for package gnutls # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define gnutls_sover 28 %define gnutlsxx_sover 28 %define gnutls_ossl_sover 27 Name: gnutls Version: 3.0.28 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ and GPL-3.0+ Group: Productivity/Networking/Security Url: http://www.gnutls.org/ Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/%{name}-%{version}.tar.xz Source1: baselibs.conf # suse specific, add support for certificate directories -- lnussel Patch1: gnutls-implement-trust-store-dir.diff Patch2: automake-1.12.patch # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch andreas.stieger(a)gmx.de -- skip a failing test Patch3: gnutls-3.0.26-skip-test-fwrite.patch Patch4: CVE-2014-0092.patch Patch5: gnutls-3.2.10-supported-ecc.patch Patch6: CVE-2014-3466.patch Patch7: CVE-2014-3465.patch Patch8: CVE-2014-3467.patch Patch9: CVE-2014-3468.patch Patch10: CVE-2014-3469.patch Patch11: gnutls-CVE-2014-8564.patch BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: libidn-devel BuildRequires: libnettle-devel >= 2.2 BuildRequires: libtasn1-devel >= 2.14 BuildRequires: libtool BuildRequires: p11-kit-devel >= 0.11 BuildRequires: pkg-config BuildRequires: xz BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: gnutls-64bit %endif %description The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls%{gnutls_sover} Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls%{gnutls_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutlsxx%{gnutlsxx_sover} Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutlsxx%{gnutlsxx_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls-openssl%{gnutls_ossl_sover} Summary: The GNU Transport Layer Security Library License: GPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls-openssl%{gnutls_ossl_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls-devel Summary: Development package for gnutls License: LGPL-3.0+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq Requires: glibc-devel Requires: libgnutls%{gnutls_sover} = %{version} Provides: gnutls-devel = %{version}-%{release} %description -n libgnutls-devel Files needed for software development using gnutls. %package -n libgnutlsxx-devel Summary: Development package for gnutls License: LGPL-3.0+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq Requires: libgnutls-devel = %{version} Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libstdc++-devel %description -n libgnutlsxx-devel Files needed for software development using gnutls. %package -n libgnutls-openssl-devel Summary: Development package for gnutls License: GPL-3.0+ Group: Development/Libraries/C and C++ Requires: libgnutls-devel = %{version} Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} %description -n libgnutls-openssl-devel Files needed for software development using gnutls. %prep %setup -q %patch1 %patch2 -p1 %patch3 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 echo %{_includedir}/%{name}/abstract.h %build autoreconf -if %configure \ --disable-static \ --with-pic \ --disable-rpath \ --disable-silent-rules \ --with-default-trust-store-dir=/etc/ssl/certs \ --with-sysroot=/%{?_sysroot} %__make %{?_smp_mflags} %install %make_install rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot # Do not package static libs and libtool files rm -f %{buildroot}%{_libdir}/*.la # install docs %__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/ %__cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/ %__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference %__cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/ %__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples %__cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/ %find_lang libgnutls --all-name %check %if ! 0%{?qemu_user_space_build} %__make check %endif %clean rm -rf %{buildroot} %post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %install_info --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %postun -n libgnutls-devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %files -f libgnutls.lang %defattr(-, root, root) %doc THANKS README NEWS ChangeLog COPYING COPYING.LESSER AUTHORS doc/TODO %{_bindir}/certtool %{_bindir}/crywrap %{_bindir}/gnutls-cli %{_bindir}/gnutls-cli-debug %{_bindir}/gnutls-serv %{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool %{_bindir}/srptool %{_mandir}/man1/* %files -n libgnutls%{gnutls_sover} %defattr(-,root,root) %{_libdir}/libgnutls.so.%{gnutls_sover}* %files -n libgnutls-openssl%{gnutls_ossl_sover} %defattr(-,root,root) %{_libdir}/libgnutls-openssl.so.%{gnutls_ossl_sover}* %files -n libgnutlsxx%{gnutlsxx_sover} %defattr(-,root,root) %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel %defattr(-, root, root) %dir %{_includedir}/%{name} %{_includedir}/%{name}/abstract.h %{_includedir}/%{name}/crypto.h %{_includedir}/%{name}/compat.h %{_includedir}/%{name}/dtls.h %{_includedir}/%{name}/gnutls.h %{_includedir}/%{name}/openpgp.h %{_includedir}/%{name}/ocsp.h %{_includedir}/%{name}/pkcs11.h %{_includedir}/%{name}/pkcs12.h %{_includedir}/%{name}/x509.h %{_libdir}/libgnutls.so %{_libdir}/pkgconfig/gnutls.pc %{_mandir}/man3/* %{_infodir}/*.* %doc %{_docdir}/libgnutls-devel %files -n libgnutlsxx-devel %defattr(-, root, root) %{_libdir}/libgnutlsxx.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h %files -n libgnutls-openssl-devel %defattr(-, root, root) %{_libdir}/libgnutls-openssl.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/openssl.h %changelog ++++++ CVE-2014-0092.patch ++++++ Index: gnutls-3.0.28/lib/x509/verify.c =================================================================== --- gnutls-3.0.28.orig/lib/x509/verify.c +++ gnutls-3.0.28/lib/x509/verify.c @@ -132,7 +132,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -149,7 +149,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -157,7 +157,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } /* If the subject certificate is the same as the issuer @@ -197,6 +197,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu else gnutls_assert (); +fail: result = 0; cleanup: @@ -397,7 +398,7 @@ _gnutls_verify_certificate2 (gnutls_x509 gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t cert_signature = { NULL, 0 }; gnutls_x509_crt_t issuer = NULL; - int issuer_version, result, hash_algo; + int issuer_version, result = 0, hash_algo; unsigned int out = 0; if (output) @@ -435,14 +436,15 @@ _gnutls_verify_certificate2 (gnutls_x509 if (issuer_version < 0) { gnutls_assert (); - return issuer_version; + result = 0; + goto cleanup; } if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) || issuer_version != 1)) { - if (check_if_ca (cert, issuer, flags) == 0) + if (check_if_ca (cert, issuer, flags) != 1) { gnutls_assert (); out = GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; @@ -459,6 +461,7 @@ _gnutls_verify_certificate2 (gnutls_x509 if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -467,6 +470,7 @@ _gnutls_verify_certificate2 (gnutls_x509 if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -474,6 +478,7 @@ _gnutls_verify_certificate2 (gnutls_x509 if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -494,6 +499,7 @@ _gnutls_verify_certificate2 (gnutls_x509 else if (result < 0) { gnutls_assert(); + result = 0; goto cleanup; } @@ -665,7 +671,7 @@ _gnutls_x509_verify_certificate (const g ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1], trusted_cas, tcas_size, flags, &output, &issuer, now, func); - if (ret == 0) + if (ret != 1) { /* if the last certificate in the certificate * list is invalid, then the certificate is not @@ -693,7 +699,7 @@ _gnutls_x509_verify_certificate (const g if ((ret = _gnutls_verify_certificate2 (certificate_list[i - 1], &certificate_list[i], 1, flags, - &output, NULL, now, func)) == 0) + &output, NULL, now, func)) != 1) { status |= output; status |= GNUTLS_CERT_INVALID; ++++++ CVE-2014-3465.patch ++++++ Index: gnutls-3.0.28/lib/x509/common.c =================================================================== --- gnutls-3.0.28.orig/lib/x509/common.c +++ gnutls-3.0.28/lib/x509/common.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2003-2012 Free Software Foundation, Inc. + * Copyright (C) 2003-2014 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -192,7 +192,8 @@ gnutls_x509_dn_oid_name (const char *oid do { - if (strcmp (_oid2str[i].oid, oid) == 0) + + if (strcmp (_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL) return _oid2str[i].ldap_desc; i++; } ++++++ CVE-2014-3466.patch ++++++ Index: gnutls-3.0.28/lib/gnutls_handshake.c =================================================================== --- gnutls-3.0.28.orig/lib/gnutls_handshake.c +++ gnutls-3.0.28/lib/gnutls_handshake.c @@ -1605,7 +1605,8 @@ _gnutls_read_server_hello (gnutls_sessio DECR_LEN (len, 1); session_id_len = data[pos++]; - if (len < session_id_len) + + if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) { gnutls_assert (); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; ++++++ CVE-2014-3467.patch ++++++ Index: gnutls-3.2.4/lib/minitasn1/decoding.c =================================================================== --- gnutls-3.2.4.orig/lib/minitasn1/decoding.c +++ gnutls-3.2.4/lib/minitasn1/decoding.c @@ -149,7 +149,7 @@ asn1_get_tag_der (const unsigned char *d /* Long form */ punt = 1; ris = 0; - while (punt <= der_len && der[punt] & 128) + while (punt < der_len && der[punt] & 128) { last = ris; @@ -259,7 +259,7 @@ _asn1_get_time_der (const unsigned char if (der_len <= 0 || str == NULL) return ASN1_DER_ERROR; str_len = asn1_get_length_der (der, der_len, &len_len); - if (str_len < 0 || str_size < str_len) + if (str_len <= 0 || str_size < str_len) return ASN1_DER_ERROR; memcpy (str, der + len_len, str_len); str[str_len] = 0; @@ -285,7 +285,7 @@ _asn1_get_objectid_der (const unsigned c return ASN1_GENERIC_ERROR; len = asn1_get_length_der (der, der_len, &len_len); - if (len < 0 || len > der_len || len_len > der_len) + if (len <= 0 || len > der_len || len_len > der_len) return ASN1_DER_ERROR; val1 = der[len_len] / 40; ++++++ CVE-2014-3468.patch ++++++ Index: gnutls-3.2.4/lib/minitasn1/decoding.c =================================================================== --- gnutls-3.2.4.orig/lib/minitasn1/decoding.c +++ gnutls-3.2.4/lib/minitasn1/decoding.c @@ -226,7 +226,7 @@ asn1_get_octet_der (const unsigned char int *ret_len, unsigned char *str, int str_size, int *str_len) { - int len_len; + int len_len = 0; if (der_len <= 0) return ASN1_GENERIC_ERROR; @@ -347,7 +347,7 @@ asn1_get_bit_der (const unsigned char *d int *ret_len, unsigned char *str, int str_size, int *bit_len) { - int len_len, len_byte; + int len_len = 0, len_byte; if (der_len <= 0) return ASN1_GENERIC_ERROR; @@ -358,6 +358,9 @@ asn1_get_bit_der (const unsigned char *d *ret_len = len_byte + len_len + 1; *bit_len = len_byte * 8 - der[len_len]; + if (*bit_len <= 0) + return ASN1_DER_ERROR; + if (str_size >= len_byte) memcpy (str, der + len_len + 1, len_byte); else ++++++ CVE-2014-3469.patch ++++++ Index: gnutls-3.0.28/lib/minitasn1/decoding.c =================================================================== --- gnutls-3.0.28.orig/lib/minitasn1/decoding.c +++ gnutls-3.0.28/lib/minitasn1/decoding.c @@ -231,7 +231,6 @@ asn1_get_octet_der (const unsigned char if (der_len <= 0) return ASN1_GENERIC_ERROR; - /* if(str==NULL) return ASN1_SUCCESS; */ *str_len = asn1_get_length_der (der, der_len, &len_len); if (*str_len < 0) @@ -239,7 +238,10 @@ asn1_get_octet_der (const unsigned char *ret_len = *str_len + len_len; if (str_size >= *str_len) - memcpy (str, der + len_len, *str_len); + { + if (*str_len > 0 && str != NULL) + memcpy (str, der + len_len, *str_len); + } else { return ASN1_MEM_ERROR; @@ -358,11 +360,15 @@ asn1_get_bit_der (const unsigned char *d *ret_len = len_byte + len_len + 1; *bit_len = len_byte * 8 - der[len_len]; + if (*bit_len <= 0) return ASN1_DER_ERROR; if (str_size >= len_byte) - memcpy (str, der + len_len + 1, len_byte); + { + if (len_byte > 0 && str) + memcpy (str, der + len_len + 1, len_byte); + } else { return ASN1_MEM_ERROR; Index: gnutls-3.0.28/lib/minitasn1/element.c =================================================================== --- gnutls-3.0.28.orig/lib/minitasn1/element.c +++ gnutls-3.0.28/lib/minitasn1/element.c @@ -112,8 +112,11 @@ _asn1_convert_integer (const unsigned ch /* VALUE_OUT is too short to contain the value conversion */ return ASN1_MEM_ERROR; - for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) - value_out[k2 - k] = val[k2]; + if (value_out != NULL) + { + for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) + value_out[k2 - k] = val[k2]; + } #if 0 printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len); @@ -611,7 +614,8 @@ asn1_write_value (asn1_node node_root, c if (ptr_size < data_size) { \ return ASN1_MEM_ERROR; \ } else { \ - memcpy( ptr, data, data_size); \ + if (ptr && data_size > 0) \ + memcpy( ptr, data, data_size); \ } #define PUT_STR_VALUE( ptr, ptr_size, data) \ @@ -620,16 +624,19 @@ asn1_write_value (asn1_node node_root, c return ASN1_MEM_ERROR; \ } else { \ /* this strcpy is checked */ \ - _asn1_strcpy(ptr, data); \ + if (ptr) { \ + _asn1_strcpy(ptr, data); \ + } \ } #define ADD_STR_VALUE( ptr, ptr_size, data) \ - *len = (int) _asn1_strlen(data) + 1; \ - if (ptr_size < (int) _asn1_strlen(ptr)+(*len)) { \ + *len += _asn1_strlen(data); \ + if (ptr_size < (int) *len) { \ + (*len)++; \ return ASN1_MEM_ERROR; \ } else { \ /* this strcat is checked */ \ - _asn1_strcat(ptr, data); \ + if (ptr) _asn1_strcat (ptr, data); \ } /** @@ -786,7 +793,9 @@ asn1_read_value (asn1_node root, const c case TYPE_OBJECT_ID: if (node->type & CONST_ASSIGN) { - value[0] = 0; + *len = 0; + if (value) + value[0] = 0; p = node->down; while (p) { @@ -800,7 +809,7 @@ asn1_read_value (asn1_node root, const c } p = p->right; } - *len = _asn1_strlen (value) + 1; + (*len)++; } else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) { ++++++ automake-1.12.patch ++++++ Index: gnutls-3.0.20/configure.ac =================================================================== --- gnutls-3.0.20.orig/configure.ac 2012-07-01 21:50:17.000000000 +0200 +++ gnutls-3.0.20/configure.ac 2012-07-01 21:50:17.977499968 +0200 @@ -37,6 +37,7 @@ dnl Checks for programs. AC_PROG_CC AM_PROG_AS AC_PROG_CXX +AM_PROG_AR gl_EARLY # For includes/gnutls/gnutls.h.in. Index: gnutls-3.0.20/aclocal.m4 =================================================================== --- gnutls-3.0.20.orig/aclocal.m4 2012-06-05 19:10:14.000000000 +0200 +++ gnutls-3.0.20/aclocal.m4 2012-07-01 21:53:42.821893323 +0200 @@ -529,7 +529,7 @@ AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl -AC_REQUIRE([AM_PROG_MKDIR_P])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl @@ -773,10 +773,10 @@ fi # serial 1 -# AM_PROG_MKDIR_P +# AC_PROG_MKDIR_P # --------------- # Check for `mkdir -p'. -AC_DEFUN([AM_PROG_MKDIR_P], +AC_DEFUN([AC_PROG_MKDIR_P], [AC_PREREQ([2.60])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, Index: gnutls-3.0.20/gl/m4/gnulib-common.m4 =================================================================== --- gnutls-3.0.20.orig/gl/m4/gnulib-common.m4 2012-06-05 19:07:51.000000000 +0200 +++ gnutls-3.0.20/gl/m4/gnulib-common.m4 2012-07-01 21:53:42.821893323 +0200 @@ -301,7 +301,7 @@ m4_ifdef([AC_PROG_MKDIR_P], [ AC_SUBST([MKDIR_P])])], [ dnl For autoconf < 2.60: Backport of AC_PROG_MKDIR_P. AC_DEFUN_ONCE([AC_PROG_MKDIR_P], - [AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake + [AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake MKDIR_P='$(mkdir_p)' AC_SUBST([MKDIR_P])])]) Index: gnutls-3.0.20/m4/po.m4 =================================================================== --- gnutls-3.0.20.orig/m4/po.m4 2011-11-08 22:07:12.000000000 +0100 +++ gnutls-3.0.20/m4/po.m4 2012-07-01 21:53:42.822893277 +0200 @@ -24,7 +24,7 @@ AC_DEFUN([AM_PO_SUBDIRS], [ AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl - AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake + AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake AC_REQUIRE([AM_NLS])dnl dnl Release version of the gettext macros. This is used to ensure that ++++++ baselibs.conf ++++++ libgnutls28 obsoletes "gnutls-<targettype>" libgnutls-devel requires -libgnutls-<targettype> requires "libgnutls28-<targettype> = <version>" ++++++ gnutls-3.0.26-skip-test-fwrite.patch ++++++ Index: gl/tests/test-fwrite.c =================================================================== --- gl/tests/test-fwrite.c.orig 2012-04-12 21:05:11.000000000 +0100 +++ gl/tests/test-fwrite.c 2012-11-23 22:51:17.000000000 +0000 @@ -32,6 +32,8 @@ SIGNATURE_CHECK (fwrite, size_t, (const int main (int argc, char **argv) { + // skip test-fwrite + return 77; const char *filename = "test-fwrite.txt"; /* We don't have an fwrite() function that installs an invalid parameter @@ -50,6 +52,7 @@ main (int argc, char **argv) setvbuf (fp, NULL, _IONBF, 0); ASSERT (close (fileno (fp)) == 0); errno = 0; + // this fwrite returns 5 == sizeof (buf) in openSUSE Factory ASSERT (fwrite (buf, 1, sizeof (buf), fp) == 0); ASSERT (errno == EBADF); ASSERT (ferror (fp)); ++++++ gnutls-3.2.10-supported-ecc.patch ++++++ Index: gnutls-3.0.28/lib/ext/ecc.c =================================================================== --- gnutls-3.0.28.orig/lib/ext/ecc.c +++ gnutls-3.0.28/lib/ext/ecc.c @@ -91,8 +91,10 @@ _gnutls_supported_ecc_recv_params (gnutl if (session->security_parameters.entity == GNUTLS_CLIENT) { - /* A client shouldn't receive this extension */ - return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); + /* A client shouldn't receive this extension, but of course + there are servers out there that send it. Just ignore it. */ + _gnutls_debug_log("received SUPPORTED ECC extension on client side!!!\n"); + return 0; } else { /* SERVER SIDE - we must check if the sent supported ecc type is the right one ++++++ gnutls-CVE-2014-8564.patch ++++++ commit a737abecf1affa08469ca2e9804eb3b6e95027e9 Author: Nikos Mavrogiannopoulos <nmav(a)gnutls.org> Date: Mon Nov 10 07:44:11 2014 +0100 when exporting curve coordinates to X9.63 format, perform additional sanity checks on input Reported by Sean Burford. Index: gnutls-3.2.4/lib/gnutls_ecc.c =================================================================== --- gnutls-3.2.4.orig/lib/gnutls_ecc.c +++ gnutls-3.2.4/lib/gnutls_ecc.c @@ -53,20 +53,36 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc /* pad and store x */ byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + size = out->size - (1 + (numlen - byte_size)); ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size); - if (ret < 0) - return gnutls_assert_val (ret); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } size = out->size - (1 + (numlen + numlen - byte_size)); ret = _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size); - if (ret < 0) - return gnutls_assert_val (ret); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } /* pad and store y */ return 0; +cleanup: + _gnutls_free_datum(out); + return ret; } ++++++ gnutls-implement-trust-store-dir.diff ++++++ >From a6cef9220ae251e3b8f8d663c5fa7f888e3176d8 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nussel(a)suse.de> Date: Tue, 8 May 2012 15:47:02 +0200 Subject: [PATCH gnutls] implement trust store dir (since updated as some parts were introduced upstream) --- configure.ac | 18 ++++++++++++- lib/gnutls_x509.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 90 insertions(+), 2 deletions(-) Index: configure.ac =================================================================== --- configure.ac.orig 2012-11-08 23:05:32.000000000 +0000 +++ configure.ac 2012-11-16 23:18:51.000000000 +0000 @@ -301,9 +301,11 @@ AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) -if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x; then +if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x \ + -a "x$with_default_trust_store_dir" = x; then # auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html for i in \ + /etc/ssl/certs \ /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/cert.pem \ /usr/local/share/certs/ca-root-nss.crt \ @@ -321,6 +323,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi +if test "x$with_default_trust_store_dir" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], + ["$with_default_trust_store_dir"], [use the given directory default trust store]) +fi + if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) @@ -562,6 +569,7 @@ if features are disabled) Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Trust store dir: $with_default_trust_store_dir CRL file: $with_default_crl_file ]) Index: lib/gnutls_x509.c =================================================================== --- lib/gnutls_x509.c.orig 2012-09-22 01:01:26.000000000 +0100 +++ lib/gnutls_x509.c 2012-11-16 23:16:31.000000000 +0000 @@ -36,6 +36,7 @@ #include <gnutls_pk.h> #include <gnutls_str.h> #include <debug.h> +#include <dirent.h> #include <x509_b64.h> #include <gnutls_x509.h> #include "x509/common.h" @@ -1694,6 +1695,72 @@ set_x509_system_trust_file (gnutls_certi } #endif +#ifdef DEFAULT_TRUST_STORE_DIR +static int +_gnutls_certificate_set_x509_system_trust_dir (gnutls_certificate_credentials_t cred) +{ + DIR* dir; + struct dirent* buf, *de; + int ret, r = 0; + gnutls_datum_t cas; + size_t size; + char cafile[PATH_MAX]; + + dir = opendir(DEFAULT_TRUST_STORE_DIR); + if (dir == NULL) + { + gnutls_assert (); + return GNUTLS_E_FILE_ERROR; + } + + buf = alloca(offsetof(struct dirent, d_name) + pathconf(DEFAULT_TRUST_STORE_DIR, _PC_NAME_MAX) + 1); + + while (1) + { + if (readdir_r(dir, buf, &de)) + { + gnutls_assert(); + break; + } + if (de == NULL) + { + break; + } + if (strlen(de->d_name) < 4 || strcmp(de->d_name+strlen(de->d_name)-4, ".pem")) + { + continue; + } + + strcpy(cafile, DEFAULT_TRUST_STORE_DIR "/"); + strncat(cafile, de->d_name, sizeof(cafile)-strlen(cafile)-1); + cas.data = (void*)read_binary_file (cafile, &size); + if (cas.data == NULL) + { + gnutls_assert (); + continue; + } + + cas.size = size; + + ret = gnutls_certificate_set_x509_trust_mem(cred, &cas, GNUTLS_X509_FMT_PEM); + + free (cas.data); + + if (ret < 0) + { + gnutls_assert (); + } + else + { + r += ret; + } + } + closedir(dir); + + return r; +} +#endif + /** * gnutls_certificate_set_x509_system_trust: * @cred: is a #gnutls_certificate_credentials_t structure. @@ -1712,7 +1779,7 @@ set_x509_system_trust_file (gnutls_certi int gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) { -#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) +#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) && !defined(DEFAULT_TRUST_STORE_DIR) int r = GNUTLS_E_UNIMPLEMENTED_FEATURE; #else int ret, r = 0; @@ -1730,6 +1797,11 @@ gnutls_certificate_set_x509_system_trust r += ret; #endif +#ifdef DEFAULT_TRUST_STORE_DIR + ret = _gnutls_certificate_set_x509_system_trust_dir(cred); + if (ret > 0) + r += ret; +#endif return r; } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit libvirt for openSUSE:13.1:Update
by root＠hilbert.suse.de 21 Nov '14

21 Nov '14

Hello community, here is the log from the commit of package libvirt for openSUSE:13.1:Update checked in at 2014-11-21 09:15:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/libvirt (Old) and /work/SRC/openSUSE:13.1:Update/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvirt" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.61DMuO/_old 2014-11-21 09:15:19.000000000 +0100 +++ /var/tmp/diff_new_pack.61DMuO/_new 2014-11-21 09:15:19.000000000 +0100 @@ -1 +1 @@ -<link package='libvirt.3049' cicount='copy' /> +<link package='libvirt.3179' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit libvirt for openSUSE:12.3:Update
by root＠hilbert.suse.de 21 Nov '14

21 Nov '14

Hello community, here is the log from the commit of package libvirt for openSUSE:12.3:Update checked in at 2014-11-21 09:15:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/libvirt (Old) and /work/SRC/openSUSE:12.3:Update/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvirt" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.P7VGsm/_old 2014-11-21 09:15:14.000000000 +0100 +++ /var/tmp/diff_new_pack.P7VGsm/_new 2014-11-21 09:15:14.000000000 +0100 @@ -1 +1 @@ -<link package='libvirt.3047' cicount='copy' /> +<link package='libvirt.3179' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit libvirt.3179 for openSUSE:12.3:Update
by root＠hilbert.suse.de 21 Nov '14

21 Nov '14

Hello community, here is the log from the commit of package libvirt.3179 for openSUSE:12.3:Update checked in at 2014-11-21 09:15:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/libvirt.3179 (Old) and /work/SRC/openSUSE:12.3:Update/.libvirt.3179.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvirt.3179" Changes: -------- New Changes file: --- /dev/null 2014-11-17 01:44:14.624034255 +0100 +++ /work/SRC/openSUSE:12.3:Update/.libvirt.3179.new/libvirt.changes 2014-11-21 09:15:10.000000000 +0100 @@ -0,0 +1,1861 @@ +------------------------------------------------------------------- +Mon Nov 10 22:10:46 MST 2014 - jfehlig(a)suse.com + +- CVE-2014-7823: dumpxml: security hole with migratable flag + b1674ad5-CVE-2014-7823.patch + bsc#904176 + +------------------------------------------------------------------- +Thu Oct 2 10:00:28 MDT 2014 - jfehlig(a)suse.com + +- CVE-2014-3657: Fix domain deadlock + fc22b2e7-CVE-2014-3657.patch + bsc#899484 + +------------------------------------------------------------------- +Thu Sep 18 22:59:48 MDT 2014 - jfehlig(a)suse.com + +- CVE-2014-3633: Use correct definition when looking up disk in + qemu blkiotune + 3e745e8f-CVE-2014-3633.patch + bsc#897783 + +------------------------------------------------------------------- +Mon May 5 16:47:43 MDT 2014 - jfehlig(a)suse.com + +- CVE-2014-0179: Don't expand entities when parsing XML + d6b27d3e-CVE-2014-0179.patch + bnc#873705 + +------------------------------------------------------------------- +Mon Jan 27 11:45:33 MST 2014 - jfehlig(a)suse.com + +- CVE-2013-6458: Fix libvirtd crash when hot-plugging disks for + qemu domains + d0a4e249-CVE-2013-6458.patch, c5683680-CVE-2013-6458.patch, + c973eb03-CVE-2013-6458.patch, 324279f2-CVE-2013-6458.patch, + 561b03f9-CVE-2013-6458.patch + bnc#857492 + +------------------------------------------------------------------- +Fri Jan 24 16:06:00 MST 2014 - jfehlig(a)suse.com + +- CVE-2014-1447: Don't crash if a connection closes early + 173c2914-CVE-2014-1447.patch, 066c8ef6-CVE-2014-1447.patch + bnc#858817 + +------------------------------------------------------------------- +Wed Oct 2 10:41:43 MDT 2013 - jfehlig(a)suse.com + +- CVE-2013-4311: Add support for using 3-arg pkcheck syntax for + process + 979e9c56-polkit-starttime.patch, 922b7fda-CVE-2013-4311.patch + bnc#836931 + +------------------------------------------------------------------- +Thu Sep 5 12:09:41 MDT 2013 - jfehlig(a)suse.com + +- CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats + e7f400a1-CVE-2013-4296.patch + bnc#838638 + +------------------------------------------------------------------- +Tue Sep 3 09:28:17 MDT 2013 - jfehlig(a)suse.com + +- Fix virBitmapParse to avoid access beyond bounds of array + 47b9127e-CVE-2013-5651.patch, 536d3812-CVE-2013-5651.patch, + 7efd5fd1-CVE-2013-5651.patch + bnc#837999 + +------------------------------------------------------------------- +Tue Jun 11 15:07:29 MDT 2013 - jfehlig(a)suse.com + +- nwfilter: check for inverted ctdir + a6a04ea-nwfilter-ctdir.patch + bnc#810611 + +------------------------------------------------------------------- +Tue Jun 11 10:36:17 MDT 2013 - jfehlig(a)suse.com + +- Add xencommons as 'Wanted' in the systemd libvirtd service file + systemd-service-xen.patch + bnc#820888 + +------------------------------------------------------------------- +Mon May 20 14:41:16 MDT 2013 - jfehlig(a)suse.com + +- Don't mount selinux fs in LXC if selinux is disabled + 95c6cc34-selinux.patch + bnc#814680 + +------------------------------------------------------------------- +Sat May 18 08:49:25 MDT 2013 - jfehlig(a)suse.com + +- fix leak after listing all volumes - CVE-2013-1962 + ca697e90-CVE-2013-1962.patch + bnc#820397 + +------------------------------------------------------------------- +Thu Mar 21 18:09:21 MDT 2013 - jfehlig(a)suse.com + +- Fix parsing of bond interface XML + 5ba077dc-iface-bond.patch + bnc#810893 + +------------------------------------------------------------------- +Mon Feb 25 12:30:24 MST 2013 - jfehlig(a)suse.com + +- Fix detach of managed PCI devices from inactive domains. + Detected while running test cases for FATE #313570. + Modified xen-name-for-devid.patch + +------------------------------------------------------------------- +Thu Feb 21 15:48:39 MST 2013 - jfehlig(a)suse.com + +- spec: Fix installation of default network + +------------------------------------------------------------------- +Wed Feb 20 16:37:03 MST 2013 - jfehlig(a)suse.com + +- Fix default setting of backend field of libxl_device_disk + 567779e5-libxl-default-disk-backend.patch + rhb#912488 + +------------------------------------------------------------------- +Tue Feb 12 16:17:36 MST 2013 - jfehlig(a)suse.com + +- Fix build on IA64 + Modified clone.patch + +------------------------------------------------------------------- +Thu Feb 7 10:23:10 MST 2013 - jfehlig(a)suse.com + +- Fix error handling in python bindings + a6b8bae5-python-generator-fix1.patch + 25ea8e47-python-generator-fix2.patch + bnc#802619 + +------------------------------------------------------------------- +Sun Feb 3 14:42:19 UTC 2013 - crrodriguez(a)opensuse.org + +- Require modutils instead of module-init-tools. + +------------------------------------------------------------------- +Wed Jan 30 11:28:32 MST 2013 - jfehlig(a)suse.com + +- Update to libvirt 1.0.2 + - LXC improvements + - S390 architecture improvements + - Power architecture improvements + - large Coverity report cleanups and associated bug fixes + - virTypedParams* APIs to help with those data structures + - libxenlight driver improvements + - Fixes CVE-2013-0170, bnc#800976 + - Drop upstream patches: 68e7bc45-libxl-link-fix.patch, + 462a6962-script-fixes1.patch, cb854b8f-script-fixes2.patch, + 5ec4b22b-script-fixes3.patch, a1fd56cb-script-fixes4.patch, + 66ff2ddc-virtlockd-systemd-file-perms.patch + +------------------------------------------------------------------- +Mon Jan 21 20:59:16 MST 2013 - jfehlig(a)suse.com + +- Unconditionally build sanlock support + bnc#799262 + +------------------------------------------------------------------- +Mon Jan 21 20:54:39 MST 2013 - jfehlig(a)suse.com + +- Fix interface management functions that were broken when + rebasing libvirt-suse-netcontrol.patch + bnc#799444 (SLES bug that affect Factory too) + +------------------------------------------------------------------- +Sat Jan 5 11:39:02 MST 2013 - jfehlig(a)suse.com + +- Update to libvirt 1.0.1 + - Introduce virtlockd daemon + - parallels: add disk and network device support + - Add virDomainSendProcessSignal API + - Introduce virDomainFSTrim() public API + - add fuse support for libvirt lxc + - Add Gluster protocol as supported network disk backend + - various snapshot improvements +- Add upstream patches to fix bugs in 1.0.1 + 66ff2ddc-virtlockd-systemd-file-perms.patch, + 462a6962-script-fixes1.patch, cb854b8f-script-fixes2.patch, + 5ec4b22b-script-fixes3.patch, a1fd56cb-script-fixes4.patch, + 68e7bc45-libxl-link-fix.patch +- Rework SUSE patches for the various init scripts + Dropped use-init-script-redhat.patch and added + libvirtd-init-script.patch, libvirt-guests-init-script.patch, + and virtlockd-init-script.patch + +------------------------------------------------------------------- +Fri Nov 2 11:19:46 MDT 2012 - jfehlig(a)suse.com + +- Update to libvirt 1.0.0 + - virNodeGetCPUMap: Define public API ++++ 1664 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.libvirt.3179.new/libvirt.changes New: ---- 066c8ef6-CVE-2014-1447.patch 173c2914-CVE-2014-1447.patch 25ea8e47-python-generator-fix2.patch 324279f2-CVE-2013-6458.patch 3e745e8f-CVE-2014-3633.patch 47b9127e-CVE-2013-5651.patch 536d3812-CVE-2013-5651.patch 561b03f9-CVE-2013-6458.patch 567779e5-libxl-default-disk-backend.patch 5ba077dc-iface-bond.patch 7efd5fd1-CVE-2013-5651.patch 922b7fda-CVE-2013-4311.patch 95c6cc34-selinux.patch 979e9c56-polkit-starttime.patch AF_PACKET.patch a6a04ea-nwfilter-ctdir.patch a6b8bae5-python-generator-fix1.patch b1674ad5-CVE-2014-7823.patch baselibs.conf c5683680-CVE-2013-6458.patch c973eb03-CVE-2013-6458.patch ca697e90-CVE-2013-1962.patch clone.patch d0a4e249-CVE-2013-6458.patch d6b27d3e-CVE-2014-0179.patch e7f400a1-CVE-2013-4296.patch fc22b2e7-CVE-2014-3657.patch install-apparmor-profiles.patch libvirt-1.0.2.tar.bz2 libvirt-guests-init-script.patch libvirt-suse-netcontrol.patch libvirt.changes libvirt.spec libvirtd-defaults.patch libvirtd-init-script.patch libvirtd-relocation-server.fw libvirtd.init relax-qemu-usergroup-check.patch suse-qemu-conf.patch systemd-service-xen.patch virtlockd-init-script.patch xen-name-for-devid.patch xen-pv-cdrom.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ ++++ 1172 lines (skipped) ++++++ 066c8ef6-CVE-2014-1447.patch ++++++ commit 7fad864afa2f7137f5ebfa7874c70d2a2ca5c6b1 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Mon Jan 13 15:46:24 2014 +0100 Really don't crash if a connection closes early https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When writing commit 173c291, I missed the fact virNetServerClientClose unlocks the client object before actually clearing client->sock and thus it is possible to hit a window when client->keepalive is NULL while client->sock is not NULL. I was thinking client->sock == NULL was a better check for a closed connection but apparently we have to go with client->keepalive == NULL to actually fix the crash. Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> (cherry picked from commit 066c8ef6c18bc1faf8b3e10787b39796a7a06cc0) Index: libvirt-1.0.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.0.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.0.2/src/rpc/virnetserverclient.c @@ -1379,7 +1379,7 @@ virNetServerClientStartKeepAlive(virNetS /* The connection might have been closed before we got here and thus the * keepalive object could have been removed too. */ - if (!client->sock) { + if (!client->keepalive) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; ++++++ 173c2914-CVE-2014-1447.patch ++++++ commit e3ca9d3d62ca4a41b9acf99345c1333f24c3112e Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Thu Jan 9 22:26:40 2014 +0100 Don't crash if a connection closes early https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, the daemon's event loop delegates it to a worker thread. In case the event loop detects EOF on the connection and calls virNetServerClientClose before the worker thread starts to handle REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be disposed by the time virNetServerClientStartKeepAlive gets called from remoteDispatchConnectSupportsFeature. Because the flow is common for both authenticated and read-only connections, even unprivileged clients may cause the daemon to crash. To avoid the crash, virNetServerClientStartKeepAlive needs to check if the connection is still open before starting keep-alive protocol. Every libvirt release since 0.9.8 is affected by this bug. (cherry picked from commit 173c2914734eb5c32df6d35a82bf503e12261bcf) Index: libvirt-1.0.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.0.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.0.2/src/rpc/virnetserverclient.c @@ -1372,9 +1372,22 @@ cleanup: int virNetServerClientStartKeepAlive(virNetServerClientPtr client) { - int ret; + int ret = -1; + virObjectLock(client); + + /* The connection might have been closed before we got here and thus the + * keepalive object could have been removed too. + */ + if (!client->sock) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("connection not open")); + goto cleanup; + } + ret = virKeepAliveStart(client->keepalive, 0, 0); + +cleanup: virObjectUnlock(client); return ret; } ++++++ 25ea8e47-python-generator-fix2.patch ++++++ commit 25ea8e47e74def560bf89cd94dd54b75ca5ff4d6 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Tue Feb 5 12:55:09 2013 +0000 Fix missing error constants in libvirt python module The previous change to the generator, changed too much - only the functions are in 'virerror.c', the constants remained in 'virerror.h' which could not be renamed for API compat reasons. Add a test case to sanity check the generated python bindings Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.0.2/python/Makefile.am =================================================================== --- libvirt-1.0.2.orig/python/Makefile.am +++ libvirt-1.0.2/python/Makefile.am @@ -119,6 +119,11 @@ $(libvirtmod_la_OBJECTS): $(GENERATED) $(libvirtmod_qemu_la_OBJECTS): $(QEMU_GENERATED) $(libvirtmod_lxc_la_OBJECTS): $(LXC_GENERATED) +EXTRA_DIST += sanitytest.py + +check-local: + $(AM_V_GEN)PYTHONPATH=$(abs_topbuilddir):$(abs_topbuilddir)/.libs $(PYTHON) $(srcdir)/sanitytest.py + install-data-local: $(mkinstalldirs) $(DESTDIR)$(pyexecdir) $(INSTALL) -m 0644 libvirt.py $(DESTDIR)$(pyexecdir) Index: libvirt-1.0.2/python/generator.py =================================================================== --- libvirt-1.0.2.orig/python/generator.py +++ libvirt-1.0.2/python/generator.py @@ -122,8 +122,9 @@ class docParser(xml.sax.handler.ContentH if attrs.has_key('field'): self.function_return_field = attrs['field'] elif tag == 'enum': + # enums come from header files, hence virterror.h if (attrs['file'] == "libvirt" or - attrs['file'] == "virerror"): + attrs['file'] == "virterror"): enum(attrs['type'],attrs['name'],attrs['value']) elif attrs['file'] == "libvirt-lxc": lxc_enum(attrs['type'],attrs['name'],attrs['value']) @@ -134,6 +135,7 @@ class docParser(xml.sax.handler.ContentH if debug: print "end %s" % tag if tag == 'function': + # fuctions come from source files, hence 'virerror.c' if self.function != None: if (self.function_module == "libvirt" or self.function_module == "virevent" or Index: libvirt-1.0.2/python/sanitytest.py =================================================================== --- /dev/null +++ libvirt-1.0.2/python/sanitytest.py @@ -0,0 +1,31 @@ +#!/usr/bin/python + +import libvirt + +globals = dir(libvirt) + +# Sanity test that the generator hasn't gone wrong + +# Look for core classes +assert("virConnect" in globals) +assert("virDomain" in globals) +assert("virDomainSnapshot" in globals) +assert("virInterface" in globals) +assert("virNWFilter" in globals) +assert("virNodeDevice" in globals) +assert("virNetwork" in globals) +assert("virSecret" in globals) +assert("virStoragePool" in globals) +assert("virStorageVol" in globals) +assert("virStream" in globals) +assert("VIR_CONNECT_RO" in globals) + +# Error related bits +assert("libvirtError" in globals) +assert("VIR_ERR_AUTH_FAILED" in globals) +assert("virGetLastError" in globals) + +# Some misc methods +assert("virInitialize" in globals) +assert("virEventAddHandle" in globals) +assert("virEventRegisterDefaultImpl" in globals) ++++++ 324279f2-CVE-2013-6458.patch ++++++ commit 324279f2c867f404712c659adc4f399f8d343eda Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 14:50:02 2013 +0100 qemu: Avoid using stale data in virDomainGetBlockInfo CVE-2013-6458 Generally, every API that is going to begin a job should do that before fetching data from vm->def. However, qemuDomainGetBlockInfo does not know whether it will have to start a job or not before checking vm->def. To avoid using disk alias that might have been freed while we were waiting for a job, we use its copy. In case the disk was removed in the meantime, we will fail with "cannot find statistics for device '...'" error message. (cherry picked from commit b799259583bd65c0b2f5042e6c3ff19637ade881) Conflicts: src/qemu/qemu_driver.c - VIR_STRDUP not backported, context Index: libvirt-1.0.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.0.2/src/qemu/qemu_driver.c @@ -9215,10 +9215,12 @@ cleanup: } -static int qemuDomainGetBlockInfo(virDomainPtr dom, - const char *path, - virDomainBlockInfoPtr info, - unsigned int flags) { +static int +qemuDomainGetBlockInfo(virDomainPtr dom, + const char *path, + virDomainBlockInfoPtr info, + unsigned int flags) +{ virQEMUDriverPtr driver = dom->conn->privateData; virDomainObjPtr vm; int ret = -1; @@ -9229,6 +9231,7 @@ static int qemuDomainGetBlockInfo(virDom struct stat sb; int i; int format; + char *alias = NULL; virCheckFlags(0, -1); @@ -9332,13 +9335,18 @@ static int qemuDomainGetBlockInfo(virDom virDomainObjIsActive(vm)) { qemuDomainObjPrivatePtr priv = vm->privateData; + if (!(alias = strdup(disk->info.alias))) { + virReportOOMError(); + goto cleanup; + } + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) goto cleanup; if (virDomainObjIsActive(vm)) { qemuDomainObjEnterMonitor(driver, vm); ret = qemuMonitorGetBlockExtent(priv->mon, - disk->info.alias, + alias, &info->allocation); qemuDomainObjExitMonitor(driver, vm); } else { @@ -9352,6 +9360,7 @@ static int qemuDomainGetBlockInfo(virDom } cleanup: + VIR_FREE(alias); virStorageFileFreeMetadata(meta); VIR_FORCE_CLOSE(fd); if (vm) ++++++ 3e745e8f-CVE-2014-3633.patch ++++++ commit 3e745e8f775dfe6f64f18b5c2fe4791b35d3546b Author: Peter Krempa <pkrempa(a)redhat.com> Date: Thu Sep 11 16:35:53 2014 +0200 CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk Live definition was used to look up the disk index while persistent one was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the correct def and report a nice error. Unfortunately it's accessible via read-only connection, though it can only crash libvirtd in the cases where the guest is hot-plugging disks without reflecting those changes to the persistent definition. So avoiding hotplug, or doing hotplug where persistent is always modified alongside live definition, will avoid the out-of-bounds access. Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724 Reported-by: Luyao Huang <lhuang(a)redhat.com> Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> Index: libvirt-1.0.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.0.2/src/qemu/qemu_driver.c @@ -13828,9 +13828,13 @@ qemuDomainGetBlockIoTune(virDomainPtr do } if (flags & VIR_DOMAIN_AFFECT_CONFIG) { - int idx = virDomainDiskIndexByName(vm->def, disk, true); - if (idx < 0) + int idx = virDomainDiskIndexByName(persistentDef, disk, true); + if (idx < 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("disk '%s' was not found in the domain config"), + disk); goto endjob; + } reply = persistentDef->disks[idx]->blkdeviotune; } ++++++ 47b9127e-CVE-2013-5651.patch ++++++ commit 47b9127e883677a0d60d767030a147450e919a25 Author: Peter Krempa <pkrempa(a)redhat.com> Date: Fri Aug 16 12:22:32 2013 +0200 virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array The virBitmapParse function was calling virBitmapIsSet() function that requires the caller to check the bounds of the bitmap without checking them. This resulted into crashes when parsing a bitmap string that was exceeding the bounds used as argument. This patch refactors the function to use virBitmapSetBit without checking if the bit is set (this function does the checks internally) and then counts the bits in the bitmap afterwards (instead of keeping track while parsing the string). This patch also changes the "parse_error" label to a more common "error". The refactor should also get rid of the need to call sa_assert on the returned variable as the callpath should allow coverity to infer the possible return values. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367 Thanks to Alex Jia for tracking down the issue. This issue is introduced by commit 0fc8909. Index: libvirt-1.0.2/src/util/virbitmap.c =================================================================== --- libvirt-1.0.2.orig/src/util/virbitmap.c +++ libvirt-1.0.2/src/util/virbitmap.c @@ -290,7 +290,6 @@ virBitmapParse(const char *str, virBitmapPtr *bitmap, size_t bitmapSize) { - int ret = 0; bool neg = false; const char *cur; char *tmp; @@ -322,12 +321,12 @@ virBitmapParse(const char *str, } if (!c_isdigit(*cur)) - goto parse_error; + goto error; if (virStrToLong_i(cur, &tmp, 10, &start) < 0) - goto parse_error; + goto error; if (start < 0) - goto parse_error; + goto error; cur = tmp; @@ -335,35 +334,29 @@ virBitmapParse(const char *str, if (*cur == ',' || *cur == 0 || *cur == terminator) { if (neg) { - if (virBitmapIsSet(*bitmap, start)) { - ignore_value(virBitmapClearBit(*bitmap, start)); - ret--; - } + if (virBitmapClearBit(*bitmap, start) < 0) + goto error; } else { - if (!virBitmapIsSet(*bitmap, start)) { - ignore_value(virBitmapSetBit(*bitmap, start)); - ret++; - } + if (virBitmapSetBit(*bitmap, start) < 0) + goto error; } } else if (*cur == '-') { if (neg) - goto parse_error; + goto error; cur++; virSkipSpaces(&cur); if (virStrToLong_i(cur, &tmp, 10, &last) < 0) - goto parse_error; + goto error; if (last < start) - goto parse_error; + goto error; cur = tmp; for (i = start; i <= last; i++) { - if (!virBitmapIsSet(*bitmap, i)) { - ignore_value(virBitmapSetBit(*bitmap, i)); - ret++; - } + if (virBitmapSetBit(*bitmap, i) < 0) + goto error; } virSkipSpaces(&cur); @@ -376,14 +369,13 @@ virBitmapParse(const char *str, } else if (*cur == 0 || *cur == terminator) { break; } else { - goto parse_error; + goto error; } } - sa_assert(ret >= 0); - return ret; + return virBitmapCountBits(*bitmap); -parse_error: +error: virBitmapFree(*bitmap); *bitmap = NULL; return -1; ++++++ 536d3812-CVE-2013-5651.patch ++++++ commit 536d38128e749fa5b149b9e168224280c3ad348c Author: Peter Krempa <pkrempa(a)redhat.com> Date: Fri Aug 16 12:12:55 2013 +0200 virbitmaptest: Fix function header formatting Index: libvirt-1.0.2/tests/virbitmaptest.c =================================================================== --- libvirt-1.0.2.orig/tests/virbitmaptest.c +++ libvirt-1.0.2/tests/virbitmaptest.c @@ -1,4 +1,6 @@ /* + * virbitmaptest.c: Test the bitmap code + * * Copyright (C) 2012 Fujitsu. * * This library is free software; you can redistribute it and/or @@ -23,7 +25,8 @@ #include "virbitmap.h" -static int test1(const void *data ATTRIBUTE_UNUSED) +static int +test1(const void *data ATTRIBUTE_UNUSED) { virBitmapPtr bitmap; int size; @@ -77,7 +80,8 @@ testBit(virBitmapPtr bitmap, return -1; } -static int test2(const void *data ATTRIBUTE_UNUSED) +static int +test2(const void *data ATTRIBUTE_UNUSED) { const char *bitsString1 = "1-32,50,88-99,1021-1023"; char *bitsString2 = NULL; @@ -137,7 +141,8 @@ error: return ret; } -static int test3(const void *data ATTRIBUTE_UNUSED) +static int +test3(const void *data ATTRIBUTE_UNUSED) { virBitmapPtr bitmap = NULL; int ret = -1; @@ -161,7 +166,8 @@ error: } /* test for virBitmapNextSetBit */ -static int test4(const void *data ATTRIBUTE_UNUSED) +static int +test4(const void *data ATTRIBUTE_UNUSED) { const char *bitsString = "0, 2-4, 6-10, 12, 14-18, 20, 22, 25"; int size = 40; @@ -227,7 +233,8 @@ error: } /* test for virBitmapNewData/ToData */ -static int test5(const void *v ATTRIBUTE_UNUSED) +static int +test5(const void *v ATTRIBUTE_UNUSED) { char data[] = {0x01, 0x02, 0x00, 0x00, 0x04}; unsigned char *data2 = NULL; @@ -274,7 +281,8 @@ error: /* test for virBitmapFormat */ -static int test6(const void *v ATTRIBUTE_UNUSED) +static int +test6(const void *v ATTRIBUTE_UNUSED) { virBitmapPtr bitmap = NULL; char *str = NULL; @@ -355,7 +363,8 @@ error: return ret; } -static int test7(const void *v ATTRIBUTE_UNUSED) +static int +test7(const void *v ATTRIBUTE_UNUSED) { virBitmapPtr bitmap; size_t i; ++++++ 561b03f9-CVE-2013-6458.patch ++++++ commit 561b03f9165a860139edd3c03bb3e35a2c2f85ca Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Thu Dec 19 22:10:04 2013 +0100 qemu: Do not access stale data in virDomainBlockStats CVE-2013-6458 https://bugzilla.redhat.com/show_bug.cgi?id=1043069 When virDomainDetachDeviceFlags is called concurrently to virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats finds a disk in vm->def before getting a job on a domain and uses the disk pointer after getting the job. However, the domain in unlocked while waiting on a job condition and thus data behind the disk pointer may disappear. This happens when thread 1 runs virDomainDetachDeviceFlags and enters monitor to actually remove the disk. Then another thread starts running virDomainBlockStats, finds the disk in vm->def, and while it's waiting on the job condition (owned by the first thread), the first thread finishes the disk removal. When the second thread gets the job, the memory pointed to be the disk pointer is already gone. That said, every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit db86da5ca2109e4006c286a09b6c75bfe10676ad) Conflicts: src/qemu/qemu_driver.c - context: no ACLs Index: libvirt-1.0.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.0.2/src/qemu/qemu_driver.c @@ -8451,34 +8451,29 @@ qemuDomainBlockStats(virDomainPtr dom, if (!(vm = qemuDomObjFromDomain(dom))) goto cleanup; + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not running")); - goto cleanup; + goto endjob; } if ((i = virDomainDiskIndexByName(vm->def, path, false)) < 0) { virReportError(VIR_ERR_INVALID_ARG, _("invalid path: %s"), path); - goto cleanup; + goto endjob; } disk = vm->def->disks[i]; if (!disk->info.alias) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing disk device alias name for %s"), disk->dst); - goto cleanup; + goto endjob; } priv = vm->privateData; - if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) - goto cleanup; - - if (!virDomainObjIsActive(vm)) { - virReportError(VIR_ERR_OPERATION_INVALID, - "%s", _("domain is not running")); - goto endjob; - } qemuDomainObjEnterMonitor(driver, vm); ret = qemuMonitorGetBlockStatsInfo(priv->mon, ++++++ 567779e5-libxl-default-disk-backend.patch ++++++ commit 567779e51a7727b021dee095c9d75cf0cde0bd43 Author: Jim Fehlig <jfehlig(a)suse.com> Date: Wed Feb 20 13:02:28 2013 -0700 libxl: Fix setting of disk backend The libxl driver was setting the backend field of libxl_device_disk structure to LIBXL_DISK_BACKEND_TAP when the driver element of disk configuration was not specified. This needlessly forces the use of blktap driver, which may not be loaded in dom0 https://bugzilla.redhat.com/show_bug.cgi?id=912488 Ian Campbell suggested that LIBXL_DISK_BACKEND_UNKNOWN is a better default in this case https://www.redhat.com/archives/libvir-list/2013-February/msg01126.html Index: libvirt-1.0.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.0.2.orig/src/libxl/libxl_conf.c +++ libvirt-1.0.2/src/libxl/libxl_conf.c @@ -525,9 +525,13 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk return -1; } } else { - /* No driverName - default to raw/tap?? */ + /* + * If driverName is not specified, default to raw as per + * xl-disk-configuration.txt in the xen documentation and let + * libxl pick a suitable backend. + */ x_disk->format = LIBXL_DISK_FORMAT_RAW; - x_disk->backend = LIBXL_DISK_BACKEND_TAP; + x_disk->backend = LIBXL_DISK_BACKEND_UNKNOWN; } /* XXX is this right? */ ++++++ 5ba077dc-iface-bond.patch ++++++ commit 5ba077dcd0775d5fc5b8d3691c0a68b46e44ff9e Author: Jim Fehlig <jfehlig(a)suse.com> Date: Thu Mar 21 15:44:11 2013 -0600 Fix parsing of bond interface XML Noticed that parsing bond interface XML containing the miimon element fails <interface type="bond" name="bond0"> ... <bond mode="active-backup"> <miimon freq="100" carrier="netif"/> ... </bond> </interface> This configuration does not contain the optional updelay and downdelay attributes, but parsing will fail due to returning the result of virXPathULong (a -1 when the attribute doesn't exist) from virInterfaceDefParseBond after examining the updelay attribute. While fixing this bug, cleanup the function to use virXPathInt instead of virXPathULong, and store the result directly instead of using a tmp variable. Using virXPathInt actually fixes a potential silent truncation bug noted by Eric Blake. Also, there is no cleanup in the error label. Remove the label, returning failure where failure occurs and success if the end of the function is reached. Index: libvirt-1.0.2/src/conf/interface_conf.c =================================================================== --- libvirt-1.0.2.orig/src/conf/interface_conf.c +++ libvirt-1.0.2/src/conf/interface_conf.c @@ -572,81 +572,72 @@ error: static int virInterfaceDefParseBond(virInterfaceDefPtr def, xmlXPathContextPtr ctxt) { - int ret = -1; - unsigned long tmp; + int res; def->data.bond.mode = virInterfaceDefParseBondMode(ctxt); if (def->data.bond.mode < 0) - goto error; + return -1; - ret = virInterfaceDefParseBondItfs(def, ctxt); - if (ret != 0) - goto error; + if (virInterfaceDefParseBondItfs(def, ctxt) != 0) + return -1; if (virXPathNode("./miimon[1]", ctxt) != NULL) { def->data.bond.monit = VIR_INTERFACE_BOND_MONIT_MII; - ret = virXPathULong("string(./miimon/@freq)", ctxt, &tmp); - if ((ret == -2) || (ret == -1)) { + res = virXPathInt("string(./miimon/@freq)", ctxt, + &def->data.bond.frequency); + if ((res == -2) || (res == -1)) { virReportError(VIR_ERR_XML_ERROR, "%s", _("bond interface miimon freq missing or invalid")); - goto error; + return -1; } - def->data.bond.frequency = (int) tmp; - ret = virXPathULong("string(./miimon/@downdelay)", ctxt, &tmp); - if (ret == -2) { + res = virXPathInt("string(./miimon/@downdelay)", ctxt, + &def->data.bond.downdelay); + if (res == -2) { virReportError(VIR_ERR_XML_ERROR, "%s", _("bond interface miimon downdelay invalid")); - goto error; - } else if (ret == 0) { - def->data.bond.downdelay = (int) tmp; + return -1; } - ret = virXPathULong("string(./miimon/@updelay)", ctxt, &tmp); - if (ret == -2) { + res = virXPathInt("string(./miimon/@updelay)", ctxt, + &def->data.bond.updelay); + if (res == -2) { virReportError(VIR_ERR_XML_ERROR, "%s", _("bond interface miimon updelay invalid")); - goto error; - } else if (ret == 0) { - def->data.bond.updelay = (int) tmp; + return -1; } def->data.bond.carrier = virInterfaceDefParseBondMiiCarrier(ctxt); - if (def->data.bond.carrier < 0) { - ret = -1; - goto error; - } + if (def->data.bond.carrier < 0) + return -1; } else if (virXPathNode("./arpmon[1]", ctxt) != NULL) { def->data.bond.monit = VIR_INTERFACE_BOND_MONIT_ARP; - ret = virXPathULong("string(./arpmon/@interval)", ctxt, &tmp); - if ((ret == -2) || (ret == -1)) { + res = virXPathInt("string(./arpmon/@interval)", ctxt, + &def->data.bond.interval); + if ((res == -2) || (res == -1)) { virReportError(VIR_ERR_XML_ERROR, "%s", _("bond interface arpmon interval missing or invalid")); - goto error; + return -1; } - def->data.bond.interval = (int) tmp; def->data.bond.target = virXPathString("string(./arpmon/@target)", ctxt); if (def->data.bond.target == NULL) { virReportError(VIR_ERR_XML_ERROR, "%s", _("bond interface arpmon target missing")); - ret = -1; - goto error; + return -1; } def->data.bond.validate = virInterfaceDefParseBondArpValid(ctxt); - if (def->data.bond.validate < 0) { - ret = -1; - goto error; - } + if (def->data.bond.validate < 0) + return -1; } -error: - return ret; + + return 0; } static int ++++++ 7efd5fd1-CVE-2013-5651.patch ++++++ commit 7efd5fd1b0225436cbbae1181ab41c2d3eca43f9 Author: Peter Krempa <pkrempa(a)redhat.com> Date: Fri Aug 16 12:13:27 2013 +0200 virbitmaptest: Add test for out of bounds condition Previous patch fixed an issue where, when parsing a bitmap from the string, the bounds of the bitmap weren't checked. That flaw resulted into crashes. This test tests that case to avoid it in the future. Index: libvirt-1.0.2/tests/virbitmaptest.c =================================================================== --- libvirt-1.0.2.orig/tests/virbitmaptest.c +++ libvirt-1.0.2/tests/virbitmaptest.c @@ -399,6 +399,38 @@ error: return -1; } + +/* test out of bounds conditions on virBitmapParse */ +static int +test9(const void *opaque ATTRIBUTE_UNUSED) +{ + int ret = -1; + virBitmapPtr bitmap; + + if (virBitmapParse("100000000", 0, &bitmap, 20) != -1) + goto cleanup; + + if (bitmap) + goto cleanup; + + if (virBitmapParse("1-1000000000", 0, &bitmap, 20) != -1) + goto cleanup; + + if (bitmap) + goto cleanup; + + if (virBitmapParse("1-10^10000000000", 0, &bitmap, 20) != -1) + goto cleanup; + + if (bitmap) + goto cleanup; + + ret = 0; +cleanup: + return ret; + +} + static int mymain(void) { @@ -418,6 +450,8 @@ mymain(void) ret = -1; if (virtTestRun("test7", 1, test7, NULL) < 0) ret = -1; + if (virtTestRun("test9", 1, test9, NULL) < 0) + ret = -1; return ret; ++++++ 922b7fda-CVE-2013-4311.patch ++++++ commit 30cf3b74903da808bd1c8e5d79a7a4cb46e726c0 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Aug 28 15:25:40 2013 +0100 Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) With the existing pkcheck (pid, start time) tuple for identifying the process, there is a race condition, where a process can make a libvirt RPC call and in another thread exec a setuid application, causing it to change to effective UID 0. This in turn causes polkit to do its permission check based on the wrong UID. To address this, libvirt must get the UID the caller had at time of connect() (from SO_PEERCRED) and pass a (pid, start time, uid) triple to the pkcheck program. Signed-off-by: Colin Walters <walters(a)redhat.com> Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 922b7fda77b094dbf022d625238262ea05335666) Conflicts: src/access/viraccessdriverpolkit.c Resolution: Dropped file that does not exist in this branch. Index: libvirt-1.0.2/configure.ac =================================================================== --- libvirt-1.0.2.orig/configure.ac +++ libvirt-1.0.2/configure.ac @@ -1116,6 +1116,14 @@ if test "x$with_polkit" = "xyes" || test AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH]) if test "x$PKCHECK_PATH" != "x" ; then AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program]) + AC_MSG_CHECKING([whether pkcheck supports uid value]) + pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1` + if test "x$pkcheck_supports_uid" = "xtrue"; then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck]) + else + AC_MSG_RESULT([no]) + fi AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, [use PolicyKit for UNIX socket access checks]) AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1, Index: libvirt-1.0.2/daemon/remote.c =================================================================== --- libvirt-1.0.2.orig/daemon/remote.c +++ libvirt-1.0.2/daemon/remote.c @@ -2815,10 +2815,12 @@ remoteDispatchAuthPolkit(virNetServerPtr int status = -1; char *ident = NULL; bool authdismissed = 0; + bool supportsuid = false; char *pkout = NULL; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virCommandPtr cmd = NULL; + static bool polkitInsecureWarned; virMutexLock(&priv->lock); action = virNetServerClientGetReadonly(client) ? @@ -2840,14 +2842,28 @@ remoteDispatchAuthPolkit(virNetServerPtr goto authfail; } + if (timestamp == 0) { + VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time", + (long long)callerPid); + goto authfail; + } + VIR_INFO("Checking PID %lld running as %d", (long long) callerPid, callerUid); virCommandAddArg(cmd, "--process"); - if (timestamp != 0) { - virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); +# ifdef PKCHECK_SUPPORTS_UID + supportsuid = true; +# endif + if (supportsuid) { + virCommandAddArgFormat(cmd, "%lld,%llu,%lu", + (long long) callerPid, timestamp, (unsigned long) callerUid); } else { - virCommandAddArgFormat(cmd, "%lld", (long long) callerPid); + if (!polkitInsecureWarned) { + VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure."); + polkitInsecureWarned = true; + } + virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); } virCommandAddArg(cmd, "--allow-user-interaction"); Index: libvirt-1.0.2/libvirt.spec.in =================================================================== --- libvirt-1.0.2.orig/libvirt.spec.in +++ libvirt-1.0.2/libvirt.spec.in @@ -469,8 +469,7 @@ BuildRequires: cyrus-sasl-devel %endif %if %{with_polkit} %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 -# Only need the binary, not -devel -BuildRequires: polkit >= 0.93 +BuildRequires: polkit-devel >= 0.93 %else BuildRequires: PolicyKit-devel >= 0.6 %endif ++++++ 95c6cc34-selinux.patch ++++++ commit 95c6cc344bec8405636d2a59fc0c34e0581001ab Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed May 15 16:26:59 2013 +0100 Don't mount selinux fs in LXC if selinux is disabled Before trying to mount the selinux filesystem in a container use is_selinux_enabled() to check if the machine actually has selinux support (eg not booted with selinux=0) Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.0.2/src/lxc/lxc_container.c =================================================================== --- libvirt-1.0.2.orig/src/lxc/lxc_container.c +++ libvirt-1.0.2/src/lxc/lxc_container.c @@ -547,6 +547,12 @@ static int lxcContainerMountBasicFS(bool (access(srcpath, R_OK) < 0)) continue; +#if WITH_SELINUX + if (STREQ(mnts[i].src, SELINUX_MOUNT) && + !is_selinux_enabled()) + continue; +#endif + if (virFileMakePath(mnts[i].dst) < 0) { virReportSystemError(errno, _("Failed to mkdir %s"), ++++++ 979e9c56-polkit-starttime.patch ++++++ commit eec80bcde88e6e2729b0cc0821c0062e36fb4e03 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Thu Apr 25 17:05:00 2013 +0100 Include process start time when doing polkit checks Since PIDs can be reused, polkit prefers to be given a (PID,start time) pair. If given a PID on its own, it will attempt to lookup the start time in /proc/pid/stat, though this is subject to races. It is safer if the client app resolves the PID start time itself, because as long as the app has the client socket open, the client PID won't be reused. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 979e9c56a7aadf2dcfbddd1abfbad594b78b4468) Conflicts: src/util/virprocess.c src/util/virstring.c src/util/virstring.h src/rpc/virnetserverclient.c src/rpc/virnetsocket.h src/util/viridentity.h Index: libvirt-1.0.2/daemon/remote.c =================================================================== --- libvirt-1.0.2.orig/daemon/remote.c +++ libvirt-1.0.2/daemon/remote.c @@ -2372,6 +2372,7 @@ remoteDispatchAuthList(virNetServerPtr s uid_t callerUid; gid_t callerGid; pid_t callerPid; + unsigned long long timestamp; /* If the client is root then we want to bypass the * policykit auth to avoid root being denied if @@ -2379,7 +2380,7 @@ remoteDispatchAuthList(virNetServerPtr s */ if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) { if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid, - &callerPid) < 0) { + &callerPid, &timestamp) < 0) { /* Don't do anything on error - it'll be validated at next * phase of auth anyway */ virResetLastError(); @@ -2809,6 +2810,7 @@ remoteDispatchAuthPolkit(virNetServerPtr pid_t callerPid = -1; gid_t callerGid = -1; uid_t callerUid = -1; + unsigned long long timestamp; const char *action; int status = -1; char *ident = NULL; @@ -2834,7 +2836,7 @@ remoteDispatchAuthPolkit(virNetServerPtr } if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid, - &callerPid) < 0) { + &callerPid, &timestamp) < 0) { goto authfail; } @@ -2842,7 +2844,11 @@ remoteDispatchAuthPolkit(virNetServerPtr (long long) callerPid, callerUid); virCommandAddArg(cmd, "--process"); - virCommandAddArgFormat(cmd, "%lld", (long long) callerPid); + if (timestamp != 0) { + virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); + } else { + virCommandAddArgFormat(cmd, "%lld", (long long) callerPid); + } virCommandAddArg(cmd, "--allow-user-interaction"); if (virAsprintf(&ident, "pid:%lld,uid:%d", Index: libvirt-1.0.2/src/libvirt_private.syms =================================================================== --- libvirt-1.0.2.orig/src/libvirt_private.syms +++ libvirt-1.0.2/src/libvirt_private.syms @@ -1862,6 +1862,7 @@ virStrerror; # virstring.h virStringFreeList; virStringJoin; +virStringListLength; virStringSplit; Index: libvirt-1.0.2/src/locking/lock_daemon.c =================================================================== --- libvirt-1.0.2.orig/src/locking/lock_daemon.c +++ libvirt-1.0.2/src/locking/lock_daemon.c @@ -782,6 +782,7 @@ virLockDaemonClientNew(virNetServerClien virLockDaemonClientPtr priv; uid_t clientuid; gid_t clientgid; + unsigned long long timestamp; bool privileged = opaque != NULL; if (VIR_ALLOC(priv) < 0) { @@ -798,7 +799,8 @@ virLockDaemonClientNew(virNetServerClien if (virNetServerClientGetUNIXIdentity(client, &clientuid, &clientgid, - &priv->clientPid) < 0) + &priv->clientPid, + &timestamp) < 0) goto error; VIR_DEBUG("New client pid %llu uid %llu", Index: libvirt-1.0.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.0.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.0.2/src/rpc/virnetserverclient.c @@ -618,12 +618,15 @@ int virNetServerClientGetFD(virNetServer } int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client, - uid_t *uid, gid_t *gid, pid_t *pid) + uid_t *uid, gid_t *gid, pid_t *pid, + unsigned long long *timestamp) { int ret = -1; virObjectLock(client); if (client->sock) - ret = virNetSocketGetUNIXIdentity(client->sock, uid, gid, pid); + ret = virNetSocketGetUNIXIdentity(client->sock, + uid, gid, pid, + timestamp); virObjectUnlock(client); return ret; } Index: libvirt-1.0.2/src/rpc/virnetserverclient.h =================================================================== --- libvirt-1.0.2.orig/src/rpc/virnetserverclient.h +++ libvirt-1.0.2/src/rpc/virnetserverclient.h @@ -97,7 +97,8 @@ int virNetServerClientSetIdentity(virNet const char *virNetServerClientGetIdentity(virNetServerClientPtr client); int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client, - uid_t *uid, gid_t *gid, pid_t *pid); + uid_t *uid, gid_t *gid, pid_t *pid, + unsigned long long *timestamp); void *virNetServerClientGetPrivateData(virNetServerClientPtr client); Index: libvirt-1.0.2/src/rpc/virnetsocket.c =================================================================== --- libvirt-1.0.2.orig/src/rpc/virnetsocket.c +++ libvirt-1.0.2/src/rpc/virnetsocket.c @@ -1096,31 +1096,41 @@ int virNetSocketGetPort(virNetSocketPtr int virNetSocketGetUNIXIdentity(virNetSocketPtr sock, uid_t *uid, gid_t *gid, - pid_t *pid) + pid_t *pid, + unsigned long long *timestamp) { struct ucred cr; socklen_t cr_len = sizeof(cr); + int ret = -1; + virObjectLock(sock); if (getsockopt(sock->fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) { virReportSystemError(errno, "%s", _("Failed to get client socket identity")); - virObjectUnlock(sock); - return -1; + goto cleanup; } + if (virProcessGetStartTime(cr.pid, timestamp) < 0) + goto cleanup; + *pid = cr.pid; *uid = cr.uid; *gid = cr.gid; + ret = 0; + +cleanup: virObjectUnlock(sock); - return 0; + return ret; } #elif defined(LOCAL_PEERCRED) + int virNetSocketGetUNIXIdentity(virNetSocketPtr sock, uid_t *uid, gid_t *gid, - pid_t *pid) + pid_t *pid, + unsigned long long *timestamp ATTRIBUTE_UNUSED) { struct xucred cr; socklen_t cr_len = sizeof(cr); @@ -1144,7 +1154,8 @@ int virNetSocketGetUNIXIdentity(virNetSo int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED, uid_t *uid ATTRIBUTE_UNUSED, gid_t *gid ATTRIBUTE_UNUSED, - pid_t *pid ATTRIBUTE_UNUSED) + pid_t *pid ATTRIBUTE_UNUSED, + unsigned long long *timestamp ATTRIBUTE_UNUSED) { /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/ virReportSystemError(ENOSYS, "%s", Index: libvirt-1.0.2/src/rpc/virnetsocket.h =================================================================== --- libvirt-1.0.2.orig/src/rpc/virnetsocket.h +++ libvirt-1.0.2/src/rpc/virnetsocket.h @@ -113,7 +113,8 @@ int virNetSocketGetPort(virNetSocketPtr int virNetSocketGetUNIXIdentity(virNetSocketPtr sock, uid_t *uid, gid_t *gid, - pid_t *pid); + pid_t *pid, + unsigned long long *timestamp); int virNetSocketSetBlocking(virNetSocketPtr sock, bool blocking); Index: libvirt-1.0.2/src/util/virprocess.c =================================================================== --- libvirt-1.0.2.orig/src/util/virprocess.c +++ libvirt-1.0.2/src/util/virprocess.c @@ -29,12 +29,20 @@ #include <sys/wait.h> #include <sched.h> +#ifdef __FreeBSD__ +# include <sys/param.h> +# include <sys/sysctl.h> +# include <sys/user.h> +#endif + +#include "viratomic.h" #include "virprocess.h" #include "virerror.h" #include "viralloc.h" #include "virfile.h" #include "virlog.h" #include "virutil.h" +#include "virstring.h" #define VIR_FROM_THIS VIR_FROM_NONE @@ -605,3 +613,112 @@ int virProcessSetNamespaces(size_t nfdli return -1; } #endif /* ! HAVE_SETNS */ + +#ifdef __linux__ +/* + * Port of code from polkitunixprocess.c under terms + * of the LGPLv2+ + */ +int virProcessGetStartTime(pid_t pid, + unsigned long long *timestamp) +{ + char *filename = NULL; + char *buf = NULL; + char *tmp; + int ret = -1; + int len; + char **tokens = NULL; + + if (virAsprintf(&filename, "/proc/%llu/stat", + (unsigned long long)pid) < 0) { + virReportOOMError(); + return -1; + } + + if ((len = virFileReadAll(filename, 1024, &buf)) < 0) + goto cleanup; + + /* start time is the token at index 19 after the '(process name)' entry - since only this + * field can contain the ')' character, search backwards for this to avoid malicious + * processes trying to fool us + */ + + if (!(tmp = strrchr(buf, ')'))) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot find start time in %s"), + filename); + goto cleanup; + } + tmp += 2; /* skip ') ' */ + if ((tmp - buf) >= len) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot find start time in %s"), + filename); + goto cleanup; + } + + tokens = virStringSplit(tmp, " ", 0); + + if (virStringListLength(tokens) < 20) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot find start time in %s"), + filename); + goto cleanup; + } + + if (virStrToLong_ull(tokens[19], + NULL, + 10, + timestamp) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot parse start time %s in %s"), + tokens[19], filename); + goto cleanup; + } + + ret = 0; + +cleanup: + virStringFreeList(tokens); + VIR_FREE(filename); + VIR_FREE(buf); + return ret; +} +#elif defined(__FreeBSD__) +int virProcessGetStartTime(pid_t pid, + unsigned long long *timestamp) +{ + struct kinfo_proc p; + int mib[4]; + size_t len = 4; + + sysctlnametomib("kern.proc.pid", mib, &len); + + len = sizeof(struct kinfo_proc); + mib[3] = pid; + + if (sysctl(mib, 4, &p, &len, NULL, 0) < 0) { + virReportSystemError(errno, "%s", + _("Unable to query process ID start time")); + return -1; + } + + *timestamp = (unsigned long long)p.ki_start.tv_sec; + + return 0; + +} +#else +int virProcessGetStartTime(pid_t pid, + unsigned long long *timestamp) +{ + static int warned = 0; + if (virAtomicIntInc(&warned) == 1) { + VIR_WARN("Process start time of pid %llu not available on this platform", + (unsigned long long)pid); + warned = true; + } + *timestamp = 0; + return 0; +} +#endif Index: libvirt-1.0.2/src/util/virprocess.h =================================================================== --- libvirt-1.0.2.orig/src/util/virprocess.h +++ libvirt-1.0.2/src/util/virprocess.h @@ -47,6 +47,9 @@ int virProcessGetAffinity(pid_t pid, virBitmapPtr *map, int maxcpu); +int virProcessGetStartTime(pid_t pid, + unsigned long long *timestamp); + int virProcessGetNamespaces(pid_t pid, size_t *nfdlist, int **fdlist); Index: libvirt-1.0.2/src/util/virstring.c =================================================================== --- libvirt-1.0.2.orig/src/util/virstring.c +++ libvirt-1.0.2/src/util/virstring.c @@ -166,3 +166,13 @@ void virStringFreeList(char **strings) } VIR_FREE(strings); } + +size_t virStringListLength(char **strings) +{ + size_t i = 0; + + while (strings && strings[i]) + i++; + + return i; +} Index: libvirt-1.0.2/src/util/virstring.h =================================================================== --- libvirt-1.0.2.orig/src/util/virstring.h +++ libvirt-1.0.2/src/util/virstring.h @@ -35,4 +35,6 @@ char *virStringJoin(const char **strings void virStringFreeList(char **strings); +size_t virStringListLength(char **strings); + #endif /* __VIR_STRING_H__ */ ++++++ AF_PACKET.patch ++++++ Index: libvirt-1.0.2/src/util/virnetdev.c =================================================================== --- libvirt-1.0.2.orig/src/util/virnetdev.c +++ libvirt-1.0.2/src/util/virnetdev.c @@ -81,7 +81,7 @@ static int virNetDevSetupControlFull(con static int virNetDevSetupControl(const char *ifname, struct ifreq *ifr) { - return virNetDevSetupControlFull(ifname, ifr, AF_PACKET, SOCK_DGRAM); + return virNetDevSetupControlFull(ifname, ifr, AF_INET, SOCK_STREAM); } #endif Index: libvirt-1.0.2/src/util/virnetdevbridge.c =================================================================== --- libvirt-1.0.2.orig/src/util/virnetdevbridge.c +++ libvirt-1.0.2/src/util/virnetdevbridge.c @@ -85,7 +85,7 @@ static int virNetDevSetupControlFull(con static int virNetDevSetupControl(const char *ifname, struct ifreq *ifr) { - return virNetDevSetupControlFull(ifname, ifr, AF_PACKET, SOCK_DGRAM); + return virNetDevSetupControlFull(ifname, ifr, AF_INET, SOCK_STREAM); } #endif ++++++ a6a04ea-nwfilter-ctdir.patch ++++++ commit a6a04ea47a8143ba46150889d8dae1c861df6389 Author: Stefan Berger <stefanb(a)linux.vnet.ibm.com> Date: Wed May 15 21:02:11 2013 -0400 nwfilter: check for inverted ctdir Linux netfilter at some point (Linux 2.6.39) inverted the meaning of the '--ctdir reply' and newer netfilter implementations now expect '--ctdir original' instead and vice-versa. We check for the kernel version and assume that all Linux kernels with version 2.6.39 have the newer inverted logic. Any distro backporting the Linux kernel patch that inverts the --ctdir logic (Linux commit 96120d86f) must also backport this patch for Linux and adapt the kernel version being tested for. Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> Index: libvirt-1.0.2/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-1.0.2.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-1.0.2/src/nwfilter/nwfilter_ebiptables_driver.c @@ -27,6 +27,7 @@ #include <string.h> #include <sys/stat.h> #include <fcntl.h> +#include <sys/utsname.h> #include "internal.h" @@ -85,6 +86,17 @@ static char *iptables_cmd_path; static char *ip6tables_cmd_path; static char *grep_cmd_path; +/* + * --ctdir original vs. --ctdir reply's meaning was inverted in netfilter + * at some point (Linux 2.6.39) + */ +enum ctdirStatus { + CTDIR_STATUS_UNKNOWN = 0, + CTDIR_STATUS_CORRECTED = 1, + CTDIR_STATUS_OLD = 2, +}; +static enum ctdirStatus iptables_ctdir_corrected; + #define PRINT_ROOT_CHAIN(buf, prefix, ifname) \ snprintf(buf, sizeof(buf), "libvirt-%c-%s", prefix, ifname) #define PRINT_CHAIN(buf, prefix, ifname, suffix) \ @@ -1240,6 +1252,17 @@ iptablesEnforceDirection(int directionIn virNWFilterRuleDefPtr rule, virBufferPtr buf) { + switch (iptables_ctdir_corrected) { + case CTDIR_STATUS_UNKNOWN: + /* could not be determined or s.th. is seriously wrong */ + return; + case CTDIR_STATUS_CORRECTED: + directionIn = !directionIn; + break; + case CTDIR_STATUS_OLD: + break; + } + if (rule->tt != VIR_NWFILTER_RULE_DIRECTION_INOUT) virBufferAsprintf(buf, " -m conntrack --ctdir %s", (directionIn) ? "Original" @@ -4282,6 +4305,32 @@ ebiptablesDriverTestCLITools(void) return ret; } +static void +ebiptablesDriverProbeCtdir(void) +{ + struct utsname utsname; + unsigned long thisversion; + + iptables_ctdir_corrected = CTDIR_STATUS_UNKNOWN; + + if (uname(&utsname) < 0) { + VIR_ERROR(_("Call to utsname failed: %d"), errno); + return; + } + + /* following Linux lxr, the logic was inverted in 2.6.39 */ + if (virParseVersionString(utsname.release, &thisversion, true) < 0) { + VIR_ERROR(_("Could not determine kernel version from string %s"), + utsname.release); + return; + } + + if (thisversion >= 2 * 1000000 + 6 * 1000 + 39) + iptables_ctdir_corrected = CTDIR_STATUS_CORRECTED; + else + iptables_ctdir_corrected = CTDIR_STATUS_OLD; +} + static int ebiptablesDriverInit(bool privileged) { @@ -4319,6 +4368,9 @@ ebiptablesDriverInit(bool privileged) return -ENOTSUP; } + if (iptables_cmd_path) + ebiptablesDriverProbeCtdir(); + ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED; return 0; ++++++ a6b8bae5-python-generator-fix1.patch ++++++ commit a6b8bae5a6a4752926eba409202ec061d81c6c8a Author: Serge Hallyn <serge.hallyn(a)canonical.com> Date: Wed Jan 30 21:05:45 2013 -0600 complete virterror->virerror name change Without these two string changes in generator.py, the virGetLastError wrapper does not get created in /usr/share/pyshared/libvirt.py. Noticed when running tests with virt-install. Signed-off-by: Serge Hallyn <serge.hallyn(a)ubuntu.com> Index: libvirt-1.0.2/python/generator.py =================================================================== --- libvirt-1.0.2.orig/python/generator.py +++ libvirt-1.0.2/python/generator.py @@ -123,7 +123,7 @@ class docParser(xml.sax.handler.ContentH self.function_return_field = attrs['field'] elif tag == 'enum': if (attrs['file'] == "libvirt" or - attrs['file'] == "virterror"): + attrs['file'] == "virerror"): enum(attrs['type'],attrs['name'],attrs['value']) elif attrs['file'] == "libvirt-lxc": lxc_enum(attrs['type'],attrs['name'],attrs['value']) @@ -137,7 +137,7 @@ class docParser(xml.sax.handler.ContentH if self.function != None: if (self.function_module == "libvirt" or self.function_module == "virevent" or - self.function_module == "virterror"): + self.function_module == "virerror"): function(self.function, self.function_descr, self.function_return, self.function_args, self.function_file, self.function_module, ++++++ b1674ad5-CVE-2014-7823.patch ++++++ commit 7b334c1660e926da7c0644c945263ce40a80443f Author: Eric Blake <eblake(a)redhat.com> Date: Thu Nov 6 10:34:00 2014 +0100 CVE-2014-7823: dumpxml: security hole with migratable flag Commit 28f8dfd (v1.0.0) introduced a security hole: in at least the qemu implementation of virDomainGetXMLDesc, the use of the flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE prior to calling qemuDomainFormatXML. However, the use of VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write clients only. This patch treats the migratable flag as requiring the same permissions, rather than analyzing what might break if migratable xml no longer includes secret information. Fortunately, the information leak is low-risk: all that is gated by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password; but VNC passwords are already weak (FIPS forbids their use, and on a non-FIPS machine, anyone stupid enough to trust a max-8-byte password sent in plaintext over the network deserves what they get). SPICE offers better security than VNC, and all other secrets are properly protected by use of virSecret associations rather than direct output in domain XML. * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC): Tighten rules on use of migratable flag. * src/libvirt-domain.c (virDomainGetXMLDesc): Likewise. Signed-off-by: Eric Blake <eblake(a)redhat.com> (cherry picked from commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b) Conflicts: src/libvirt-domain.c - file split from older src/libvirt.c; context with older virLibConnError src/remote/remote_protocol.x - no fine-grained ACLs Signed-off-by: Eric Blake <eblake(a)redhat.com> Index: libvirt-1.0.2/src/libvirt.c =================================================================== --- libvirt-1.0.2.orig/src/libvirt.c +++ libvirt-1.0.2/src/libvirt.c @@ -4382,7 +4382,8 @@ virDomainGetXMLDesc(virDomainPtr domain, conn = domain->conn; - if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { + if ((conn->flags & VIR_CONNECT_RO) && + (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) { virLibConnError(VIR_ERR_OPERATION_DENIED, "%s", _("virDomainGetXMLDesc with secure flag")); goto error; ++++++ baselibs.conf ++++++ libvirt-client requires -libvirt-<targettype> libvirt-devel requires -libvirt-<targettype> ++++++ c5683680-CVE-2013-6458.patch ++++++ commit c5683680576aa624b7bc29a9c927dc9d5253fe44 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 15:08:06 2013 +0100 qemu: Fix job usage in qemuDomainBlockCopy Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit ff5f30b6bfa317f2a4c33f69289baf4e887eb048) Conflicts: src/qemu/qemu_driver.c - context Index: libvirt-1.0.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.0.2/src/qemu/qemu_driver.c @@ -13175,7 +13175,7 @@ qemuDomainBlockCopy(virDomainPtr dom, co virDomainObjPtr vm; qemuDomainObjPrivatePtr priv; char *device = NULL; - virDomainDiskDefPtr disk; + virDomainDiskDefPtr disk = NULL; int ret = -1; int idx; struct stat st; @@ -13191,10 +13191,13 @@ qemuDomainBlockCopy(virDomainPtr dom, co goto cleanup; priv = vm->privateData; + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not running")); - goto cleanup; + goto endjob; } if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES) && virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) < 0) { @@ -13206,21 +13209,21 @@ qemuDomainBlockCopy(virDomainPtr dom, co device = qemuDiskPathToAlias(vm, path, &idx); if (!device) { - goto cleanup; + goto endjob; } disk = vm->def->disks[idx]; if (disk->mirror) { virReportError(VIR_ERR_BLOCK_COPY_ACTIVE, _("disk '%s' already in active block copy job"), disk->dst); - goto cleanup; + goto endjob; } if (!(qemuCapsGet(priv->caps, QEMU_CAPS_DRIVE_MIRROR) && qemuCapsGet(priv->caps, QEMU_CAPS_BLOCKJOB_ASYNC))) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("block copy is not supported with this QEMU binary")); - goto cleanup; + goto endjob; } if (vm->persistent) { /* XXX if qemu ever lets us start a new domain with mirroring @@ -13229,17 +13232,9 @@ qemuDomainBlockCopy(virDomainPtr dom, co * this on persistent domains. */ virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not transient")); - goto cleanup; - } - - if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) - goto cleanup; - - if (!virDomainObjIsActive(vm)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("domain is not running")); goto endjob; } + if (qemuDomainDetermineDiskChain(driver, disk, false) < 0) goto endjob; @@ -13331,7 +13326,7 @@ qemuDomainBlockCopy(virDomainPtr dom, co endjob: if (need_unlink && unlink(dest)) VIR_WARN("unable to unlink just-created %s", dest); - if (ret < 0) + if (ret < 0 && disk) disk->mirrorFormat = VIR_STORAGE_FILE_NONE; VIR_FREE(mirror); if (qemuDomainObjEndJob(driver, vm) == 0) { ++++++ c973eb03-CVE-2013-6458.patch ++++++ commit c973eb035ee0d8863d0f2ed25f0523e3e7fee433 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 15:04:09 2013 +0100 qemu: Fix job usage in qemuDomainBlockJobImpl CVE-2013-6458 Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit f93d2caa070f6197ab50d372d286018b0ba6bbd8) Conflicts: src/qemu/qemu_driver.c - older style BeginJobWithDriver Index: libvirt-1.0.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.0.2/src/qemu/qemu_driver.c @@ -13018,16 +13018,25 @@ qemuDomainBlockJobImpl(virDomainPtr dom, goto cleanup; } + if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0) + goto cleanup; + + if (!virDomainObjIsActive(vm)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("domain is not running")); + goto endjob; + } + device = qemuDiskPathToAlias(vm, path, &idx); if (!device) - goto cleanup; + goto endjob; disk = vm->def->disks[idx]; if (mode == BLOCK_JOB_PULL && disk->mirror) { virReportError(VIR_ERR_BLOCK_COPY_ACTIVE, _("disk '%s' already in active block copy job"), disk->dst); - goto cleanup; + goto endjob; } if (mode == BLOCK_JOB_ABORT && (flags & VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT) && @@ -13035,15 +13044,6 @@ qemuDomainBlockJobImpl(virDomainPtr dom, virReportError(VIR_ERR_OPERATION_INVALID, _("pivot of disk '%s' requires an active copy job"), disk->dst); - goto cleanup; - } - - if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0) - goto cleanup; - - if (!virDomainObjIsActive(vm)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("domain is not running")); goto endjob; } ++++++ ca697e90-CVE-2013-1962.patch ++++++ commit ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739 Author: Ján Tomko <jtomko(a)redhat.com> Date: Fri Apr 12 17:30:56 2013 +0200 daemon: fix leak after listing all volumes CVE-2013-1962 remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. The pool also held a reference to the connection, preventing it from getting freed and closing the netcf interface driver, which held two sockets open. Index: libvirt-1.0.2/daemon/remote.c =================================================================== --- libvirt-1.0.2.orig/daemon/remote.c +++ libvirt-1.0.2/daemon/remote.c @@ -4233,6 +4233,8 @@ cleanup: virStorageVolFree(vols[i]); VIR_FREE(vols); } + if (pool) + virStoragePoolFree(pool); return rv; } ++++++ clone.patch ++++++ Index: src/lxc/lxc_container.c =================================================================== --- src/lxc/lxc_container.c.orig +++ src/lxc/lxc_container.c @@ -136,6 +136,7 @@ int lxcContainerHasReboot(void) int cmd, v; int status; char *tmp; + int stacksize = getpagesize() * 4; if (virFileReadAll("/proc/sys/kernel/ctrl-alt-del", 10, &buf) < 0) return -1; @@ -152,14 +153,21 @@ int lxcContainerHasReboot(void) VIR_FREE(buf); cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF; - if (VIR_ALLOC_N(stack, getpagesize() * 4) < 0) { +#ifdef __ia64__ + stacksize *= 2; +#endif + if (VIR_ALLOC_N(stack, stacksize) < 0) { virReportOOMError(); return -1; } - childStack = stack + (getpagesize() * 4); + childStack = stack + stacksize; +#ifdef __ia64__ + cpid = __clone2(lxcContainerRebootChild, stack, stacksize, flags, &cmd); +#else cpid = clone(lxcContainerRebootChild, childStack, flags, &cmd); +#endif VIR_FREE(stack); if (cpid < 0) { virReportSystemError(errno, "%s", @@ -2364,6 +2372,9 @@ int lxcContainerStart(virDomainDefPtr de ttyPaths, nttyPaths, handshakefd}; /* allocate a stack for the container */ +#ifdef __ia64__ + stacksize *= 2; +#endif if (VIR_ALLOC_N(stack, stacksize) < 0) { virReportOOMError(); return -1; @@ -2383,7 +2394,11 @@ int lxcContainerStart(virDomainDefPtr de cflags |= CLONE_NEWNET; } +#ifdef __ia64__ + pid = __clone2(lxcContainerChild, stack, stacksize, cflags, &args); +#else pid = clone(lxcContainerChild, stacktop, cflags, &args); +#endif VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); @@ -2409,6 +2424,7 @@ int lxcContainerAvailable(int features) int cpid; char *childStack; char *stack; + int stacksize = getpagesize() * 4; if (features & LXC_CONTAINER_FEATURE_USER) flags |= CLONE_NEWUSER; @@ -2416,14 +2432,21 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; - if (VIR_ALLOC_N(stack, getpagesize() * 4) < 0) { +#ifdef __ia64__ + stacksize *= 2; +#endif + if (VIR_ALLOC_N(stack, stacksize) < 0) { VIR_DEBUG("Unable to allocate stack"); return -1; } - childStack = stack + (getpagesize() * 4); + childStack = stack + stacksize; +#ifdef __ia64__ + cpid = __clone2(lxcContainerDummyChild, stack, stacksize, flags, NULL); +#else cpid = clone(lxcContainerDummyChild, childStack, flags, NULL); +#endif VIR_FREE(stack); if (cpid < 0) { char ebuf[1024] ATTRIBUTE_UNUSED; ++++++ d0a4e249-CVE-2013-6458.patch ++++++ commit d0a4e2498d7d3b1cf1683b0720b9bc6edabcd364 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 15:41:04 2013 +0100 qemu: Fix job usage in virDomainGetBlockIoTune CVE-2013-6458 Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit 3b56425938e2f97208d5918263efa0d6439e4ecd) Conflicts: src/qemu/qemu_driver.c - older BeginJobWithDriver Index: libvirt-1.0.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.0.2/src/qemu/qemu_driver.c @@ -13807,12 +13807,6 @@ qemuDomainGetBlockIoTune(virDomainPtr do goto cleanup; } - device = qemuDiskPathToAlias(vm, disk, NULL); - - if (!device) { - goto cleanup; - } - if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0) goto cleanup; @@ -13820,6 +13814,11 @@ qemuDomainGetBlockIoTune(virDomainPtr do &persistentDef) < 0) goto endjob; + device = qemuDiskPathToAlias(vm, disk, NULL); + if (!device) { + goto endjob; + } + if (flags & VIR_DOMAIN_AFFECT_LIVE) { priv = vm->privateData; qemuDomainObjEnterMonitorWithDriver(driver, vm); ++++++ d6b27d3e-CVE-2014-0179.patch ++++++ commit d6b27d3e4c40946efa79e91d134616b41b1666c4 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Tue Apr 15 11:20:29 2014 +0100 LSN-2014-0003: Don't expand entities when parsing XML If the XML_PARSE_NOENT flag is passed to libxml2, then any entities in the input document will be fully expanded. This allows the user to read arbitrary files on the host machine by creating an entity pointing to a local file. Removing the XML_PARSE_NOENT flag means that any entities are left unchanged by the parser, or expanded to "" by the XPath APIs. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.0.2/src/util/virxml.c =================================================================== --- libvirt-1.0.2.orig/src/util/virxml.c +++ libvirt-1.0.2/src/util/virxml.c @@ -739,11 +739,11 @@ virXMLParseHelper(int domcode, if (filename) { xml = xmlCtxtReadFile(pctxt, filename, NULL, - XML_PARSE_NOENT | XML_PARSE_NONET | + XML_PARSE_NONET | XML_PARSE_NOWARNING); } else { xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL, - XML_PARSE_NOENT | XML_PARSE_NONET | + XML_PARSE_NONET | XML_PARSE_NOWARNING); } if (!xml) ++++++ e7f400a1-CVE-2013-4296.patch ++++++ commit 9579f4576c066bc20a8dd952b08657b326f71052 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Tue Sep 3 16:52:06 2013 +0100 Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) The 'stats' variable was not initialized to NULL, so if some early validation of the RPC call fails, it is possible to jump to the 'cleanup' label and VIR_FREE an uninitialized pointer. This is a security flaw, since the API can be called from a readonly connection which can trigger the validation checks. This was introduced in release v0.9.1 onwards by commit 158ba8730e44b7dd07a21ab90499996c5dec080a Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Apr 13 16:21:35 2011 +0100 Merge all returns paths from dispatcher into single path Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit e7f400a110e2e3673b96518170bfea0855dd82c0) Conflicts: daemon/remote.c - context Index: libvirt-1.0.2/daemon/remote.c =================================================================== --- libvirt-1.0.2.orig/daemon/remote.c +++ libvirt-1.0.2/daemon/remote.c @@ -1165,7 +1165,7 @@ remoteDispatchDomainMemoryStats(virNetSe remote_domain_memory_stats_ret *ret) { virDomainPtr dom = NULL; - struct _virDomainMemoryStat *stats; + struct _virDomainMemoryStat *stats = NULL; int nr_stats, i; int rv = -1; struct daemonClientPrivate *priv = ++++++ fc22b2e7-CVE-2014-3657.patch ++++++ commit fc22b2e74890873848b43fffae43025d22053669 Author: Pavel Hrdina <phrdina(a)redhat.com> Date: Mon Sep 22 18:19:07 2014 +0200 domain_conf: fix domain deadlock If you use public api virConnectListAllDomains() with second parameter set to NULL to get only the number of domains you will lock out all other operations with domains. Introduced by commit 2c680804. Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> Index: libvirt-1.0.2/src/conf/domain_conf.c =================================================================== --- libvirt-1.0.2.orig/src/conf/domain_conf.c +++ libvirt-1.0.2/src/conf/domain_conf.c @@ -15947,7 +15947,7 @@ virDomainListPopulate(void *payload, /* just count the machines */ if (!data->domains) { data->ndomains++; - return; + goto cleanup; } if (!(dom = virGetDomain(data->conn, vm->def->name, vm->def->uuid))) { ++++++ install-apparmor-profiles.patch ++++++ Index: libvirt-1.0.2/examples/apparmor/Makefile.am =================================================================== --- libvirt-1.0.2.orig/examples/apparmor/Makefile.am +++ libvirt-1.0.2/examples/apparmor/Makefile.am @@ -1,8 +1,39 @@ ## Copyright (C) 2005-2011 Red Hat, Inc. ## See COPYING.LIB for the License of this software -EXTRA_DIST= \ - TEMPLATE \ - libvirt-qemu \ - usr.lib.libvirt.virt-aa-helper \ - usr.sbin.libvirtd +EXTRA_DIST= \ + TEMPLATE \ + libvirt-qemu \ + usr.lib.libvirt.virt-aa-helper.in \ + usr.sbin.libvirtd.in + +if WITH_SECDRIVER_APPARMOR + +usr.lib.libvirt.virt-aa-helper: usr.lib.libvirt.virt-aa-helper.in + sed \ + -e 's![@]libdir[@]!$(libdir)!g' \ + < $< > $@-t + mv $@-t $@ + +usr.sbin.libvirtd: usr.sbin.libvirtd.in + sed \ + -e 's![@]libdir[@]!$(libdir)!g' \ + < $< > $@-t + mv $@-t $@ + +install-data-local: usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper + mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/ + $(INSTALL_DATA) usr.lib.libvirt.virt-aa-helper $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper + $(INSTALL_DATA) usr.sbin.libvirtd $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd + mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt + $(INSTALL_DATA) TEMPLATE $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions + $(INSTALL_DATA) libvirt-qemu $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu + +uninstall-local:: + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + +endif Index: libvirt-1.0.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null +++ libvirt-1.0.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,40 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include <tunables/global> + +@libdir@/libvirt/virt-aa-helper { + #include <abstractions/base> + + # needed for searching directories + capability dac_override, + capability dac_read_search, + + # needed for when disk is on a network filesystem + network inet, + + deny @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, + + # for hostdev + /sys/devices/ r, + /sys/devices/** r, + + @libdir@/libvirt/virt-aa-helper mr, + /sbin/apparmor_parser Ux, + + /etc/apparmor.d/libvirt/* r, + /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, + + # for backingstore -- allow access to non-hidden files in @{HOME} as well + # as storage pools + audit deny @{HOME}/.* mrwkl, + audit deny @{HOME}/.*/ rw, + audit deny @{HOME}/.*/** mrwkl, + audit deny @{HOME}/bin/ rw, + audit deny @{HOME}/bin/** mrwkl, + @{HOME}/ r, + @{HOME}/** r, + /var/lib/libvirt/images/ r, + /var/lib/libvirt/images/** r, + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} Index: libvirt-1.0.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== --- libvirt-1.0.2.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 -#include <tunables/global> - -/usr/lib/libvirt/virt-aa-helper { - #include <abstractions/base> - - # needed for searching directories - capability dac_override, - capability dac_read_search, - - # needed for when disk is on a network filesystem - network inet, - - deny @{PROC}/[0-9]*/mounts r, - @{PROC}/filesystems r, - - # for hostdev - /sys/devices/ r, - /sys/devices/** r, - - /usr/lib/libvirt/virt-aa-helper mr, - /sbin/apparmor_parser Ux, - - /etc/apparmor.d/libvirt/* r, - /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, - - # for backingstore -- allow access to non-hidden files in @{HOME} as well - # as storage pools - audit deny @{HOME}/.* mrwkl, - audit deny @{HOME}/.*/ rw, - audit deny @{HOME}/.*/** mrwkl, - audit deny @{HOME}/bin/ rw, - audit deny @{HOME}/bin/** mrwkl, - @{HOME}/ r, - @{HOME}/** r, - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} Index: libvirt-1.0.2/examples/apparmor/usr.sbin.libvirtd =================================================================== --- libvirt-1.0.2.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 -#include <tunables/global> -@{LIBVIRT}="libvirt" - -/usr/sbin/libvirtd { - #include <abstractions/base> - - capability kill, - capability net_admin, - capability net_raw, - capability setgid, - capability sys_admin, - capability sys_module, - capability sys_ptrace, - capability sys_nice, - capability sys_chroot, - capability setuid, - capability dac_override, - capability dac_read_search, - capability fowner, - capability chown, - capability setpcap, - capability mknod, - capability fsetid, - - network inet stream, - network inet dgram, - network inet6 stream, - network inet6 dgram, - - # Very lenient profile for libvirtd since we want to first focus on confining - # the guests. Guests will have a very restricted profile. - /** rwmkl, - - /bin/* Ux, - /sbin/* Ux, - /usr/bin/* Ux, - /usr/sbin/* Ux, - - # force the use of virt-aa-helper - audit deny /sbin/apparmor_parser rwxl, - audit deny /etc/apparmor.d/libvirt/** wxl, - audit deny /sys/kernel/security/apparmor/features rwxl, - audit deny /sys/kernel/security/apparmor/matching rwxl, - audit deny /sys/kernel/security/apparmor/.* rwxl, - /sys/kernel/security/apparmor/profiles r, - /usr/lib/libvirt/* PUxr, - - # allow changing to our UUID-based named profiles - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} Index: libvirt-1.0.2/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null +++ libvirt-1.0.2/examples/apparmor/usr.sbin.libvirtd.in @@ -0,0 +1,57 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include <tunables/global> +@{LIBVIRT}="libvirt" + +/usr/sbin/libvirtd { + #include <abstractions/base> + + capability kill, + capability net_admin, + capability net_raw, + capability setgid, + capability sys_admin, + capability sys_module, + capability sys_ptrace, + capability sys_nice, + capability sys_chroot, + capability setuid, + capability dac_override, + capability dac_read_search, + capability fowner, + capability chown, + capability setpcap, + capability mknod, + capability fsetid, + capability ipc_lock, + + network inet stream, + network inet dgram, + network inet6 stream, + network inet6 dgram, + + # Very lenient profile for libvirtd since we want to first focus on confining + # the guests. Guests will have a very restricted profile. + /** rwmkl, + + /bin/* Ux, + /sbin/* Ux, + /usr/bin/* Ux, + /usr/sbin/* Ux, + /usr/lib/xen/bin/qemu-dm Ux, + /usr/lib/PolicyKit/polkit-read-auth-helper Px, + + # force the use of virt-aa-helper + audit deny /sbin/apparmor_parser rwxl, + audit deny /etc/apparmor.d/libvirt/** wxl, + audit deny /sys/kernel/security/apparmor/features rwxl, + audit deny /sys/kernel/security/apparmor/matching rwxl, + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, + @libdir@/libvirt/* Pxr, + @libdir@/libvirt/libvirt_parthelper Ux, + @libdir@/libvirt/libvirt_iohelper Ux, + + # allow changing to our UUID-based named profiles + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} Index: libvirt-1.0.2/examples/apparmor/libvirt-qemu =================================================================== --- libvirt-1.0.2.orig/examples/apparmor/libvirt-qemu +++ libvirt-1.0.2/examples/apparmor/libvirt-qemu @@ -52,6 +52,7 @@ # access to firmware's etc /usr/share/kvm/** r, /usr/share/qemu/** r, + /usr/share/qemu-kvm/** r, /usr/share/bochs/** r, /usr/share/openbios/** r, /usr/share/openhackware/** r, @@ -65,6 +66,7 @@ # the various binaries /usr/bin/kvm rmix, /usr/bin/qemu rmix, + /usr/bin/qemu-kvm rmix, /usr/bin/qemu-system-arm rmix, /usr/bin/qemu-system-cris rmix, /usr/bin/qemu-system-i386 rmix, ++++++ libvirt-guests-init-script.patch ++++++ Adjust libvirt-guests init files to conform to SUSE standards Index: libvirt-1.0.2/tools/libvirt-guests.init.in =================================================================== --- libvirt-1.0.2.orig/tools/libvirt-guests.init.in +++ libvirt-1.0.2/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # ### BEGIN INIT INFO -# Provides: libvirt-guests -# Required-Start: libvirtd -# Required-Stop: libvirtd -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 +# Provides: libvirt-guests +# Required-Start: $network $remote_fs libvirtd +# Required-Stop: $network $remote_fs libvirtd +# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 # Short-Description: suspend/resume libvirt guests on shutdown/boot -# Description: This is a script for suspending active libvirt guests -# on shutdown and resuming them on next boot -# See http://libvirt.org +# Description: This is a script for suspending active libvirt guests +# on shutdown and resuming them on next boot +# See http://libvirt.org ### END INIT INFO # the following is chkconfig init header Index: libvirt-1.0.2/tools/libvirt-guests.sh.in =================================================================== --- libvirt-1.0.2.orig/tools/libvirt-guests.sh.in +++ libvirt-1.0.2/tools/libvirt-guests.sh.in @@ -1,13 +1,12 @@ #!/bin/sh +. /etc/rc.status +rc_reset + sysconfdir="@sysconfdir@" localstatedir="@localstatedir@" libvirtd="@sbindir@"/libvirtd -# Source function library. -test ! -r "$sysconfdir"/rc.d/init.d/functions || - . "$sysconfdir"/rc.d/init.d/functions - # Source gettext library. # Make sure this file is recognized as having translations: _("dummy") . "@bindir@"/gettext.sh @@ -26,9 +25,11 @@ test -f "$sysconfdir"/sysconfig/libvirt- . "$sysconfdir"/sysconfig/libvirt-guests LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests -VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests - -RETVAL=0 +if [ -d "$localstatedir"/lock/subsys ]; then + VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests +else + VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/libvirt-guests +fi # retval COMMAND ARGUMENTS... # run command with arguments and convert non-zero return value to 1 and set @@ -36,7 +37,7 @@ RETVAL=0 retval() { "$@" if [ $? -ne 0 ]; then - RETVAL=1 + rc_failed 1 return 1 else return 0 @@ -65,6 +66,25 @@ run_virsh_c() { ( export LC_ALL=C; run_virsh "$@" ) } +await_daemon_up() +{ + uri=$1 + i=1 + rets=10 + run_virsh $uri list > /dev/null 2>&1 + while [ $? -ne 0 -a $i -lt $rets ]; do + sleep 1 + echo -n . + i=$(($i + 1)) + run_virsh $uri list > /dev/null 2>&1 + done + if [ $i -eq $rets ]; then + echo $"libvirt-guests unable to connect to URI: $uri" + return 1 + fi + return 0 +} + # test_connect URI # check if URI is reachable test_connect() @@ -91,7 +111,7 @@ list_guests() { list=$(run_virsh_c "$uri" list --uuid $persistent) if [ $? -ne 0 ]; then - RETVAL=1 + rc_failed 1 return 1 fi @@ -117,7 +137,7 @@ guest_is_on() { guest_running=false id=$(run_virsh "$uri" domid "$uuid") if [ $? -ne 0 ]; then - RETVAL=1 + rc_failed 1 return 1 fi @@ -165,6 +185,12 @@ start() { test_connect "$uri" || continue + await_daemon_up $uri + if [ $? -ne 0 ]; then + echo $"Ignoring guests on $uri URI, can't connect" + continue + fi + eval_gettext "Resuming guests on \$uri URI..."; echo for guest in $list; do name=$(guest_name "$uri" "$guest") @@ -377,7 +403,7 @@ shutdown_guests_parallel() timeout=$(($timeout - 1)) if [ $timeout -le 0 ]; then eval_gettext "Timeout expired while shutting down domains"; echo - RETVAL=1 + rc_failed 1 return fi else @@ -405,7 +431,7 @@ stop() { if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0" echo - RETVAL=6 + rc_failed 6 return fi fi @@ -453,14 +479,14 @@ stop() { if [ $? -ne 0 ]; then eval_gettext "Failed to list persistent guests on \$uri" echo - RETVAL=1 + rc_failed 1 set +f return fi else gettext "Failed to list transient guests" echo - RETVAL=1 + rc_failed 1 set +f return fi @@ -519,14 +545,13 @@ gueststatus() { rh_status() { if [ -f "$LISTFILE" ]; then gettext "stopped, with saved guests"; echo - RETVAL=3 + rc_failed 3 else if [ -f "$VAR_SUBSYS_LIBVIRT_GUESTS" ]; then gettext "started"; echo else gettext "stopped, with no saved guests"; echo fi - RETVAL=0 fi } @@ -570,4 +595,4 @@ case "$1" in usage ;; esac -exit $RETVAL +rc_exit Index: libvirt-1.0.2/tools/libvirt-guests.sysconf =================================================================== --- libvirt-1.0.2.orig/tools/libvirt-guests.sysconf +++ libvirt-1.0.2/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + +## Type: string +## Default: default # URIs to check for running guests # example: URIS='default xen:/// vbox+tcp://host/system lxc:///' -#URIS=default +URIS=default +## Type: string +## Default: start # action taken on host boot # - start all guests which were running on shutdown are started on boot # regardless on their autostart settings # - ignore libvirt-guests init script won't start any guest on boot, however, # guests marked as autostart will still be automatically started by # libvirtd -#ON_BOOT=start +ON_BOOT=start +## Type: integer +## Default: 0 # Number of seconds to wait between each guest start. Set to 0 to allow # parallel startup. -#START_DELAY=0 +START_DELAY=0 +## Type: string +## Default: suspend # action taken on host shutdown # - suspend all running guests are suspended using virsh managedsave # - shutdown all running guests are asked to shutdown. Please be careful with @@ -22,12 +32,16 @@ # which just needs a long time to shutdown. When setting # ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a # value suitable for your guests. -#ON_SHUTDOWN=suspend +ON_SHUTDOWN=suspend +## Type: integer +## Default: 0 # If set to non-zero, shutdown will suspend guests concurrently. Number of # guests on shutdown at any time will not exceed number set in this variable. -#PARALLEL_SHUTDOWN=0 +PARALLEL_SHUTDOWN=0 +## Type: integer +## Default: 300 # Number of seconds we're willing to wait for a guest to shut down. If parallel # shutdown is enabled, this timeout applies as a timeout for shutting down all # guests on a single URI defined in the variable URIS. If this is 0, then there @@ -35,7 +49,9 @@ # request). The default value is 300 seconds (5 minutes). #SHUTDOWN_TIMEOUT=300 +## Type: integer +## Default: 0 # If non-zero, try to bypass the file system cache when saving and # restoring guests, even though this may give slower operation for # some file systems. -#BYPASS_CACHE=0 +BYPASS_CACHE=0 ++++++ libvirt-suse-netcontrol.patch ++++++ Index: libvirt-1.0.2/configure.ac =================================================================== --- libvirt-1.0.2.orig/configure.ac +++ libvirt-1.0.2/configure.ac @@ -153,6 +153,7 @@ LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_HAL LIBVIRT_CHECK_NETCF +LIBVIRT_CHECK_NETCONTROL LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS @@ -2199,11 +2200,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi -dnl The interface driver depends on the netcf library or udev library -case $with_interface:$with_netcf:$with_udev in +dnl The interface driver depends on the netcf library, netcontrol library, or +dnl udev library +case $with_interface:$with_netcf:$with_netcontrol:$with_udev in check:*yes*) with_interface=yes ;; check:no:no) with_interface=no ;; - yes:no:no) AC_MSG_ERROR([Requested the Interface driver without netcf or udev support]) ;; + yes:no:no) AC_MSG_ERROR([Requested the Interface driver without netcf, netcontrol, or udev support]) ;; esac if test "$with_interface" = "yes" ; then @@ -2473,6 +2475,7 @@ LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF +LIBVIRT_RESULT_NETCONTROL LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS Index: libvirt-1.0.2/src/Makefile.am =================================================================== --- libvirt-1.0.2.orig/src/Makefile.am +++ libvirt-1.0.2/src/Makefile.am @@ -633,6 +633,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif +if WITH_NETCONTROL +INTERFACE_DRIVER_SOURCES += \ + interface/interface_backend_netcf.c +endif if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c @@ -1121,11 +1125,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else +if WITH_NETCONTROL +libvirt_driver_interface_la_CFLAGS += $(NETCONTROL_CFLAGS) +libvirt_driver_interface_la_LIBADD += $(NETCONTROL_LIBS) +else if WITH_UDEV libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS) libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS) endif endif +endif if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la libvirt_driver_interface_la_LDFLAGS += -module -avoid-version Index: libvirt-1.0.2/tools/virsh.c =================================================================== --- libvirt-1.0.2.orig/tools/virsh.c +++ libvirt-1.0.2/tools/virsh.c @@ -2741,6 +2741,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); +# elif defined(WITH_NETCONTROL) + vshPrint(ctl, " netcontrol"); # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif Index: libvirt-1.0.2/src/interface/interface_backend_netcf.c =================================================================== --- libvirt-1.0.2.orig/src/interface/interface_backend_netcf.c +++ libvirt-1.0.2/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include <config.h> -#include <netcf.h> +#ifdef WITH_NETCONTROL +# include <netcontrol/netcf.h> +# include <netcontrol/logger.h> +#else +# include <netcf.h> +#endif #include "virerror.h" #include "datatypes.h" @@ -52,6 +57,37 @@ static void interfaceDriverUnlock(struct virMutexUnlock(&driver->lock); } +#ifdef WITH_NETCONTROL +static void interface_nc_log_driver(const char *category, + int priority, + const char *func, + const char *file, + long long line, + const char *msg, + size_t len ATTRIBUTE_UNUSED) +{ + int vp; + + switch(priority) { + case NC_LOG_FATAL: + case NC_LOG_ERROR: + vp = VIR_LOG_ERROR; + break; + case NC_LOG_WARN: + vp = VIR_LOG_WARN; + break; + case NC_LOG_INFO: + vp = VIR_LOG_INFO; + break; + case NC_LOG_DEBUG: + default: + vp = VIR_LOG_DEBUG; + break; + } + virLogMessage(VIR_LOG_FROM_FILE, vp, file, line, func, 0, "%s", msg); +} +#endif + static int netcf_to_vir_err(int netcf_errcode) { switch (netcf_errcode) @@ -137,6 +173,10 @@ static virDrvOpenStatus interfaceOpenInt goto mutex_error; } +#ifdef WITH_NETCONTROL + nc_logger_redirect_to(interface_nc_log_driver); +#endif + /* open netcf */ if (ncf_init(&driverState->netcf, NULL) != 0) { Index: libvirt-1.0.2/src/interface/interface_driver.c =================================================================== --- libvirt-1.0.2.orig/src/interface/interface_driver.c +++ libvirt-1.0.2/src/interface/interface_driver.c @@ -28,8 +28,15 @@ interfaceRegister(void) { if (netcfIfaceRegister() == 0) return 0; #endif /* WITH_NETCF */ +#ifdef WITH_NETCONTROL + /* Attempt to load the netcontrol based backend, which is a slightly + patched netcf backend */ + if (netcfIfaceRegister() == 0) + return 0; +#endif /* WITH_NETCONTROL */ #if WITH_UDEV - /* If there's no netcf or it failed to load, register the udev backend */ + /* If there's no netcf or netcontrol, or it failed to load, register the + udev backend */ if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ Index: libvirt-1.0.2/m4/virt-netcontrol.m4 =================================================================== --- /dev/null +++ libvirt-1.0.2/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl +dnl Copyright (C) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl <http://www.gnu.org/licenses/>. +dnl + +AC_DEFUN([LIBVIRT_CHECK_NETCONTROL],[ + LIBVIRT_CHECK_PKG([NETCONTROL], [netcontrol], [0.2.0]) + + if test "$with_netcontrol" = "yes" ; then + old_CFLAGS="$CFLAGS" + old_LIBS="$CFLAGS" + CFLAGS="$CFLAGS $NETCONTROL_CFLAGS" + LIBS="$LIBS $NETCONTROL_LIBS" + CFLAGS="$old_CFLAGS" + LIBS="$old_LIBS" + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[ + LIBVIRT_RESULT_LIB([NETCONTROL]) +]) ++++++ libvirtd-defaults.patch ++++++ Index: libvirt-1.0.2/daemon/libvirtd.conf =================================================================== --- libvirt-1.0.2.orig/daemon/libvirtd.conf +++ libvirt-1.0.2/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. # -# This is enabled by default, uncomment this to disable it -#listen_tls = 0 +# This is disabled by default, uncomment this to enable it +#listen_tls = 1 # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to Index: libvirt-1.0.2/daemon/libvirtd-config.c =================================================================== --- libvirt-1.0.2.orig/daemon/libvirtd-config.c +++ libvirt-1.0.2/daemon/libvirtd-config.c @@ -233,7 +233,7 @@ daemonConfigNew(bool privileged ATTRIBUT return NULL; } - data->listen_tls = 1; + data->listen_tls = 0; data->listen_tcp = 0; if (!(data->tls_port = strdup(LIBVIRTD_TLS_PORT))) ++++++ libvirtd-init-script.patch ++++++ Adjust libvirtd sysconfig file to conform to SUSE standards Index: libvirt-1.0.2/daemon/libvirtd.sysconf =================================================================== --- libvirt-1.0.2.orig/daemon/libvirtd.sysconf +++ libvirt-1.0.2/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + +## Type: string +## Default: /etc/libvirt/libvirtd.conf # Override the default config file # NOTE: This setting is no longer honoured if using # systemd. Set '--config /etc/libvirt/libvirtd.conf' # in LIBVIRTD_ARGS instead. -#LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf +LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf -# Listen for TCP/IP connections -# NB. must setup TLS/SSL keys prior to using this -#LIBVIRTD_ARGS="--listen" +## Type: string +## Default: --listen +# Arguments to pass to libvirtd +LIBVIRTD_ARGS="--listen" +## Type: string +## Default: none # Override Kerberos service keytab for SASL/GSSAPI #KRB5_KTNAME=/etc/libvirt/krb5.tab +## Type: string +## Default: none # Override the QEMU/SDL default audio driver probing when # starting virtual machines using SDL graphics # @@ -20,5 +29,7 @@ # #SDL_AUDIODRIVER=pulse -# Override the maximum number of opened files -#LIBVIRTD_NOFILES_LIMIT=2048 +## Type: integer +## Default: 2048 +## Override the maximum number of opened files +LIBVIRTD_NOFILES_LIMIT=2048 ++++++ libvirtd-relocation-server.fw ++++++ ## Name: Libvirtd Relocation Server ## Description: Enables libvirtd plain relocation service TCP="49152:49215" ++++++ libvirtd.init ++++++ #!/bin/sh # the following is the LSB init header see # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-ge… # ### BEGIN INIT INFO # Provides: libvirtd # Required-Start: $network $remote_fs # Should-Start: xend cgconfig # Default-Start: 3 5 # Required-Stop: $network $remote_fs # Should-Stop: xend cgconfig # Default-Stop: 0 1 2 4 6 # Short-Description: daemon for libvirt virtualization API # Description: This is a daemon for managing QEMU guest instances # and libvirt virtual networks # See http://libvirt.org ### END INIT INFO LIBVIRTD_BIN=/usr/sbin/libvirtd LIBVIRTD_PIDFILE=/var/run/libvirtd.pid test -x $LIBVIRTD_BIN || { echo "$LIBVIRD_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } . /etc/rc.status rc_reset test -f /etc/sysconfig/libvirtd && . /etc/sysconfig/libvirtd LIBVIRTD_CONFIG_ARGS= if [ -n "$LIBVIRTD_CONFIG" ] then LIBVIRTD_CONFIG_ARGS="--config $LIBVIRTD_CONFIG" fi case "$1" in start) if [ -e $LIBVIRTD_PIDFILE ]; then if checkproc $LIBVIRTD_BIN ; then echo -n "libvirtd is already running." rc_status -v exit else echo "Removing stale PID file $LIBVIRTD_PIDFILE." rm -f $LIBVIRTD_PIDFILE fi fi echo -n "Starting libvirtd " mkdir -p /var/cache/libvirt rm -rf /var/cache/libvirt/* # LIBVIRTD_NOFILES_LIMIT from /etc/sysconfig/libvirtd is not handled # automatically if [ -n "$LIBVIRTD_NOFILES_LIMIT" ]; then ulimit -n "$LIBVIRTD_NOFILES_LIMIT" fi startproc $LIBVIRTD_BIN --daemon $LIBVIRTD_CONFIG_ARGS $LIBVIRTD_ARGS rc_status -v ;; stop) echo -n "Shutting down libvirtd " rm -f /var/lock/subsys/libvirtd rm -rf /var/cache/libvirt/* killproc -TERM $LIBVIRTD_BIN > /dev/null 2>&1 rm -f $LIBVIRTD_PIDFILE rc_status -v ;; try-restart) $0 status >/dev/null && $0 restart rc_status ;; restart) $0 stop $0 start rc_status ;; reload) killproc -HUP $LIBVIRTD_BIN rc_status -v ;; status) echo -n "Checking status of libvirtd " checkproc $LIBVIRTD_BIN rc_status -v ;; *) echo "Usage: $0 {start|stop|restart|try-restart|reload|status}" rc_failed 2 rc_exit ;; esac rc_exit ++++++ relax-qemu-usergroup-check.patch ++++++ Allow qemu driver (and hence libvirtd) to load when qemu user:group does not exist. The kvm package, which may not exist on a xen host, creates qemu user:group. A better (future) solution would be to build the libvirtd drivers as loadable modules instead of built-in to the daemon. Then the qemu driver would only be loaded when needed, which would never be the case on a xen-only configuration. Index: libvirt-1.0.2/src/qemu/qemu_conf.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_conf.c +++ libvirt-1.0.2/src/qemu/qemu_conf.c @@ -247,7 +247,7 @@ int qemuLoadDriverConfig(virQEMUDriverPt goto no_memory; if (virGetUserID(user, &driver->user) < 0) - goto cleanup; + VIR_WARN("User %s does not exist! Continuing...", user); p = virConfGetValue(conf, "group"); CHECK_TYPE("group", VIR_CONF_STRING); @@ -255,7 +255,7 @@ int qemuLoadDriverConfig(virQEMUDriverPt goto no_memory; if (virGetGroupID(group, &driver->group) < 0) - goto cleanup; + VIR_WARN("Group %s does not exist! Continuing...", group); GET_VALUE_LONG("dynamic_ownership", driver->dynamicOwnership); ++++++ suse-qemu-conf.patch ++++++ Index: libvirt-1.0.2/src/qemu/qemu.conf =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu.conf +++ libvirt-1.0.2/src/qemu/qemu.conf @@ -169,7 +169,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. # +# SUSE Note: +# Currently, Apparmor is the default security framework in SUSE +# distros. If Apparmor is enabled on the host, libvirtd is +# generously confined but users must opt-in to confine qemu +# instances. Change this to 'apparmor' to enable Apparmor +# confinement of qemu instances. +# #security_driver = "selinux" +# security_driver = "apparmor" +security_driver = "none" # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests @@ -357,6 +366,15 @@ #allow_disk_format_probing = 1 +# SUSE note: +# Many lock managers, sanlock included, will kill the resources +# they protect when terminated. E.g. the sanlock daemon will kill +# any virtual machines for which it holds disk leases when the +# daemon is stopped or restarted. Administrators must be vigilant +# when enabling a lock manager since simply updating the manager +# may cause it to be restarted, potentially killing the resources +# it protects. +# # To enable 'Sanlock' project based locking of the file # content (to prevent two VMs writing to the same # disk), uncomment this ++++++ systemd-service-xen.patch ++++++ Index: libvirt-1.0.2/daemon/libvirtd.service.in =================================================================== --- libvirt-1.0.2.orig/daemon/libvirtd.service.in +++ libvirt-1.0.2/daemon/libvirtd.service.in @@ -8,6 +8,8 @@ Description=Virtualization daemon Before=libvirt-guests.service After=network.target After=dbus.service +Wants=xencommons.service +After=xencommons.service [Service] EnvironmentFile=-/etc/sysconfig/libvirtd ++++++ virtlockd-init-script.patch ++++++ Adjust virtlockd init files to conform to SUSE standards Index: libvirt-1.0.2/src/locking/virtlockd.sysconf =================================================================== --- libvirt-1.0.2.orig/src/locking/virtlockd.sysconf +++ libvirt-1.0.2/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + +## Type: string +## Default: "" # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= Index: libvirt-1.0.2/src/locking/virtlockd.init.in =================================================================== --- libvirt-1.0.2.orig/src/locking/virtlockd.init.in +++ libvirt-1.0.2/src/locking/virtlockd.init.in @@ -4,11 +4,13 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-ge… # ### BEGIN INIT INFO -# Provides: virtlockd -# Default-Start: 3 4 5 +# Provides: virtlockd +# Required-Start: $network $remote_fs +# Default-Start: 3 4 5 +# Required-Stop: $network $remote_fs # Short-Description: virtual machine lock manager -# Description: This is a daemon for managing locks -# on virtual machine disk images +# Description: This is a daemon for managing locks +# on virtual machine disk images ### END INIT INFO # the following is chkconfig init header @@ -23,35 +25,39 @@ # pidfile: @localstatedir@/run/libvirt/virtlockd.pid # -# Source function library. -. @sysconfdir@/rc.d/init.d/functions +. @sysconfdir@/rc.status +rc_reset SERVICE=virtlockd -PROCESS=virtlockd +PROCESS=@sbindir@/virtlockd PIDFILE=@localstatedir@/run/libvirt/lockd/$SERVICE.pid VIRTLOCKD_ARGS= test -f @sysconfdir@/sysconfig/virtlockd && . @sysconfdir@/sysconfig/virtlockd -RETVAL=0 +if [ -d @localstatedir@/lock/subsys ]; then + VAR_SUBSYS_VIRTLOCKD=@localstatedir@/lock/subsys/$SERVICE +else + VAR_SUBSYS_VIRTLOCKD=@localstatedir@/lock/$SERVICE +fi start() { - echo -n $"Starting $SERVICE daemon: " - daemon --pidfile $PIDFILE --check $SERVICE $PROCESS --daemon $VIRTLOCKD_ARGS + echo -n $"Starting $SERVICE " + startproc $PROCESS --daemon $VIRTLOCKD_ARGS RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch @localstatedir@/lock/subsys/$SERVICE + rc_status -v + [ $RETVAL -eq 0 ] && touch $VAR_SUBSYS_VIRTLOCKD } stop() { - echo -n $"Stopping $SERVICE daemon: " + echo -n $"Stopping $SERVICE " - killproc -p $PIDFILE $PROCESS + killproc -p $PIDFILE $PROCESS > /dev/null 2>&1 RETVAL=$? - echo + rc_status -v if [ $RETVAL -eq 0 ]; then - rm -f @localstatedir@/lock/subsys/$SERVICE + rm -f $VAR_SUBSYS_VIRTLOCKD rm -f $PIDFILE fi } @@ -65,9 +71,7 @@ reload() { echo -n $"Reloading $SERVICE configuration: " killproc -p $PIDFILE $PROCESS -HUP - RETVAL=$? - echo - return $RETVAL + rc_status } # See how we were called. @@ -76,18 +80,20 @@ case "$1" in $1 ;; status) - status -p $PIDFILE $PROCESS - RETVAL=$? + echo -n "Checking status of $SERVICE " + checkproc $PROCESS + rc_status -v ;; force-reload) reload ;; condrestart|try-restart) - [ -f @localstatedir@/lock/subsys/$SERVICE ] && restart || : + [ -f $VAR_SUBSYS_VIRTLOCKD ] && restart || : ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload|try-restart}" - exit 2 + rc_failed 2 + rc_exit ;; esac -exit $RETVAL +rc_exit ++++++ xen-name-for-devid.patch ++++++ Do not search xenstore for disk/network/PCI device IDs Disk, network, and PCI devices can be referenced by name in Xen, e.g. when modifying their configuration or remvoving them. As such, don't search xenstore for a device ID corresponding to these devices. Instead, search the devices contained in the domain definition and use the devices's target name if found. Note that for network devices, the mac address is used for the device name. For PCI devices, the bdf (bus:dev:fun) specifier is used for the device name. This approach allows removing a disk/network/PCI device when domain is inactive. We obviously can't search xenstore when the domain is inactive. Index: libvirt-1.0.2/src/xen/xend_internal.c =================================================================== --- libvirt-1.0.2.orig/src/xen/xend_internal.c +++ libvirt-1.0.2/src/xen/xend_internal.c @@ -61,6 +61,7 @@ static int virDomainXMLDevID(virDomainPtr domain, + virDomainDefPtr domDef, virDomainDeviceDefPtr dev, char *class, char *ref, @@ -2760,7 +2761,7 @@ xenDaemonAttachDeviceFlags(virDomainPtr sexpr = virBufferContentAndReset(&buf); - if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref))) { + if (virDomainXMLDevID(domain, def, dev, class, ref, sizeof(ref))) { /* device doesn't exist, define it */ ret = xend_op(domain->conn, domain->name, "op", "device_create", "config", sexpr, NULL); @@ -2881,7 +2882,7 @@ xenDaemonUpdateDeviceFlags(virDomainPtr sexpr = virBufferContentAndReset(&buf); - if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref))) { + if (virDomainXMLDevID(domain, def, dev, class, ref, sizeof(ref))) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("requested device does not exist")); goto cleanup; @@ -2976,7 +2977,7 @@ xenDaemonDetachDeviceFlags(virDomainPtr def, xml, VIR_DOMAIN_XML_INACTIVE))) goto cleanup; - if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref))) + if (virDomainXMLDevID(domain, def, dev, class, ref, sizeof(ref))) goto cleanup; if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) { @@ -3912,18 +3913,18 @@ struct xenUnifiedDriver xenDaemonDriver * @dev: pointer to device config object * @class: Xen device class "vbd" or "vif" (OUT) * @ref: Xen device reference (OUT) + * @ref_len: Length of character buffer proviced by the ref parameter * * Set class according to XML root, and: * - if disk, copy in ref the target name from description - * - if network, get MAC address from description, scan XenStore and - * copy in ref the corresponding vif number. - * - if pci, get BDF from description, scan XenStore and - * copy in ref the corresponding dev number. + * - if network, copy in ref the target MAC address from description + * - if pci, copy in ref the target BDF from description * * Returns 0 in case of success, -1 in case of failure. */ static int virDomainXMLDevID(virDomainPtr domain, + virDomainDefPtr domDef, virDomainDeviceDefPtr dev, char *class, char *ref, @@ -3931,9 +3932,11 @@ virDomainXMLDevID(virDomainPtr domain, { xenUnifiedPrivatePtr priv = domain->conn->privateData; char *xref; - char *tmp; + unsigned int i; if (dev->type == VIR_DOMAIN_DEVICE_DISK) { + if (dev->data.disk->dst == NULL) + return -1; if (dev->data.disk->driverName && STREQ(dev->data.disk->driverName, "tap")) strcpy(class, "tap"); @@ -3943,19 +3946,17 @@ virDomainXMLDevID(virDomainPtr domain, else strcpy(class, "vbd"); - if (dev->data.disk->dst == NULL) - return -1; - xenUnifiedLock(priv); - xref = xenStoreDomainGetDiskID(domain->conn, domain->id, - dev->data.disk->dst); - xenUnifiedUnlock(priv); - if (xref == NULL) - return -1; - - tmp = virStrcpy(ref, xref, ref_len); - VIR_FREE(xref); - if (tmp == NULL) - return -1; + /* For disks, the device name can be used directly. */ + for (i = 0; i < domDef->ndisks; i++) { + virDomainDiskDefPtr disk = domDef->disks[i]; + if (STREQ(dev->data.disk->dst, disk->dst)) { + if (virStrcpy(ref, disk->dst, ref_len) == NULL) + return -1; + else + return 0; + } + } + return -1; } else if (dev->type == VIR_DOMAIN_DEVICE_NET) { char mac[30]; virDomainNetDefPtr def = dev->data.net; @@ -3965,17 +3966,22 @@ virDomainXMLDevID(virDomainPtr domain, strcpy(class, "vif"); - xenUnifiedLock(priv); - xref = xenStoreDomainGetNetworkID(domain->conn, domain->id, - mac); - xenUnifiedUnlock(priv); - if (xref == NULL) - return -1; - - tmp = virStrcpy(ref, xref, ref_len); - VIR_FREE(xref); - if (tmp == NULL) - return -1; + /* For nics, the mac address can be used directly. */ + for (i = 0; i < domDef->nnets; i++) { + char dst_mac[30]; + virDomainNetDefPtr dst_net = domDef->nets[i]; + snprintf(dst_mac, sizeof(dst_mac), "%02x:%02x:%02x:%02x:%02x:%02x", + dst_net->mac.addr[0], dst_net->mac.addr[1], + dst_net->mac.addr[2], dst_net->mac.addr[3], + dst_net->mac.addr[4], dst_net->mac.addr[5]); + if (STREQ(mac, dst_mac)) { + if (virStrcpy(ref, dst_mac, ref_len) == NULL) + return -1; + else + return 0; + } + } + return -1; } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV && dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { @@ -3993,17 +3999,44 @@ virDomainXMLDevID(virDomainPtr domain, strcpy(class, "pci"); - xenUnifiedLock(priv); - xref = xenStoreDomainGetPCIID(domain->conn, domain->id, bdf); - xenUnifiedUnlock(priv); - VIR_FREE(bdf); - if (xref == NULL) - return -1; + /* For PCI devices, the device BFD can be used directly. */ + for (i = 0 ; i < domDef->nhostdevs ; i++) { + char *dst_bdf; + virDomainHostdevDefPtr hostdev = domDef->hostdevs[i]; + + if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) + continue; + if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) + continue; + + if (virAsprintf(&dst_bdf, "%04x:%02x:%02x.%0x", + hostdev->source.subsys.u.pci.domain, + hostdev->source.subsys.u.pci.bus, + hostdev->source.subsys.u.pci.slot, + hostdev->source.subsys.u.pci.function) < 0) { + virReportOOMError(); + VIR_FREE(bdf); + return -1; + } - tmp = virStrcpy(ref, xref, ref_len); - VIR_FREE(xref); - if (tmp == NULL) - return -1; + if (STREQ(bdf, dst_bdf)) { + if (virStrcpy(ref, dst_bdf, ref_len) == NULL) { + virReportOOMError(); + VIR_FREE(dst_bdf); + VIR_FREE(bdf); + return -1; + } + else { + VIR_FREE(dst_bdf); + VIR_FREE(bdf); + return 0; + } + } + VIR_FREE(dst_bdf); + } + + VIR_FREE(bdf); + return -1; } else { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("hotplug of device type not supported")); ++++++ xen-pv-cdrom.patch ++++++ Index: libvirt-1.0.2/src/xenxs/xen_sxpr.c =================================================================== --- libvirt-1.0.2.orig/src/xenxs/xen_sxpr.c +++ libvirt-1.0.2/src/xenxs/xen_sxpr.c @@ -341,7 +341,7 @@ error: static int xenParseSxprDisks(virDomainDefPtr def, const struct sexpr *root, - int hvm, + int hvm ATTRIBUTE_UNUSED, int xendConfigVersion) { const struct sexpr *cur, *node; @@ -392,7 +392,6 @@ xenParseSxprDisks(virDomainDefPtr def, /* There is a case without the uname to the CD-ROM device */ offset = strchr(dst, ':'); if (!offset || - !hvm || STRNEQ(offset, ":cdrom")) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("domain information incomplete, vbd has no src")); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit lxdm for openSUSE:Factory
by root＠hilbert.suse.de 20 Nov '14

20 Nov '14

Hello community, here is the log from the commit of package lxdm for openSUSE:Factory checked in at 2014-11-20 18:44:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxdm (Old) and /work/SRC/openSUSE:Factory/.lxdm.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lxdm" Changes: -------- --- /work/SRC/openSUSE:Factory/lxdm/lxdm.changes 2014-11-19 20:31:03.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lxdm.new/lxdm.changes 2014-11-20 18:44:26.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Nov 20 15:20:43 UTC 2014 - dimstar(a)opensuse.org + +- Add lxdm-0.4.1-automake-1.14.patch: Fix bootstrapping with + automake 1.14. + +------------------------------------------------------------------- New: ---- lxdm-0.4.1-automake-1.14.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxdm.spec ++++++ --- /var/tmp/diff_new_pack.JiqjnX/_old 2014-11-20 18:44:27.000000000 +0100 +++ /var/tmp/diff_new_pack.JiqjnX/_new 2014-11-20 18:44:27.000000000 +0100 @@ -46,6 +46,8 @@ Patch6: %{name}-bnc-741454-d4e41ec.patch Patch7: %{name}-0.4.1-fix-gtk2-keyboard-list-empty.patch Patch8: %{name}-0.4.1-fix-small-bug-in-theme.patch +# PATCH-FIX-UPSTREAM lxdm-0.4.1-automake-1.14.patch dimstar(a)opensuse.org -- Backport automake 1.14 fix from git to 0.4.1 +Patch9: %{name}-0.4.1-automake-1.14.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: ConsoleKit-devel BuildRequires: autoconf @@ -86,6 +88,7 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 %__cp %{SOURCE1} . ++++++ lxdm-0.4.1-automake-1.14.patch ++++++ >From f8cce9cce3740433b3e2da3e15424f7eb7cda755 Mon Sep 17 00:00:00 2001 From: dgod <dgod.osa(a)gmail.com> Date: Sun, 7 Jul 2013 19:38:39 +0800 Subject: [PATCH 1/1] fix an automake error --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: lxdm-0.4.1/configure.ac =================================================================== --- lxdm-0.4.1.orig/configure.ac +++ lxdm-0.4.1/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) AC_INIT([lxdm], [0.4.1], [http://lxde.org/] -AM_INIT_AUTOMAKE([-Wall -Werror foreign]) +AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects]) AC_CONFIG_SRCDIR([src/lxdm.c]) AC_CONFIG_HEADERS([config.h]) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit chromium for openSUSE:Factory
by root＠hilbert.suse.de 20 Nov '14

20 Nov '14

Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2014-11-20 18:43:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "chromium" Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2014-11-05 15:55:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.chromium.new/chromium.changes 2014-11-20 18:43:53.000000000 +0100 @@ -1,0 +2,27 @@ +Wed Nov 19 12:51:03 UTC 2014 - tittiatcoke(a)gmail.com + +- Update to Chromium 39.0.2171.65 + * Security fixes: + - CVE-2014-7899: Address bar spoofing (boo#906320) + - CVE-2014-7900: Use-after-free in pdfium (boo#906317) + - CVE-2014-7901: Integer overflow in pdfium (boo#906322) + - CVE-2014-7902: Use-after-free in pdfium (boo#906328) + - CVE-2014-7903: Buffer overflow in pdfium (boo#906318) + - CVE-2014-7904: Buffer overflow in Skia (boo#906321) + - CVE-2014-7905: Flaw allowing navigation to intents that do + not have the BROWSABLE category (boo#906330) + - CVE-2014-7906: Use-after-free in pepper plugins (boo#906319) + - CVE-2014-0574: Double-free in Flash + - CVE-2014-7907: Use-after-free in blink (boo#906323) + - CVE-2014-7908: Integer overflow in media (boo#906324) + - CVE-2014-7909: Uninitialized memory read in Skia (boo#906326) + - CVE-2014-7910: Various fixes from internal audits, fuzzing + and other initiatives (boo#906327) + +------------------------------------------------------------------- +Fri Nov 14 07:53:38 UTC 2014 - tittiatcoke(a)gmail.com + +- Update to Chromium 38.0.2125.122 + * Several bugfixes + +------------------------------------------------------------------- Old: ---- chromium-38.0.2125.111.tar.xz New: ---- chromium-39.0.2171.65.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.fvrNlk/_old 2014-11-20 18:44:01.000000000 +0100 +++ /var/tmp/diff_new_pack.fvrNlk/_new 2014-11-20 18:44:01.000000000 +0100 @@ -20,7 +20,7 @@ %define chromium_system_libs 0 Name: chromium -Version: 38.0.2125.111 +Version: 39.0.2171.65 Release: 0 Summary: Google's opens source browser project License: BSD-3-Clause and LGPL-2.1+ ++++++ chromium-38.0.2125.111.tar.xz -> chromium-39.0.2171.65.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-38.0.2125.111.tar.xz /work/SRC/openSUSE:Factory/.chromium.new/chromium-39.0.2171.65.tar.xz differ: char 25, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit vpcs for openSUSE:Factory
by root＠hilbert.suse.de 20 Nov '14

20 Nov '14

Hello community, here is the log from the commit of package vpcs for openSUSE:Factory checked in at 2014-11-20 18:43:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vpcs (Old) and /work/SRC/openSUSE:Factory/.vpcs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "vpcs" Changes: -------- --- /work/SRC/openSUSE:Factory/vpcs/vpcs.changes 2014-07-10 14:55:08.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.vpcs.new/vpcs.changes 2014-11-20 18:43:32.000000000 +0100 @@ -1,0 +2,12 @@ +Thu Nov 20 09:08:16 UTC 2014 - andrea(a)opensuse.org + +- new upstream version 0.6 + * fix: commands with more than 20 arguments will cause core dump + * display the file name while running 'save' to save the configuration + * command string begins with '#' or ';' is considered as comment in CLI + * renew the dhcp4 lease automatically + * support ip fragmentation + * fix: use MAC of gateway while replying in the background + * fix: history list overflow + +------------------------------------------------------------------- Old: ---- vpcs-0.5b2.zip New: ---- vpcs-0.6.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vpcs.spec ++++++ --- /var/tmp/diff_new_pack.FoERzh/_old 2014-11-20 18:43:34.000000000 +0100 +++ /var/tmp/diff_new_pack.FoERzh/_new 2014-11-20 18:43:34.000000000 +0100 @@ -17,7 +17,7 @@ Name: vpcs -Version: 0.5b2 +Version: 0.6 Release: 0 Summary: Virtual PC Simulator License: BSD-2-Clause -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit youtube-dl for openSUSE:Factory
by root＠hilbert.suse.de 20 Nov '14

20 Nov '14

Hello community, here is the log from the commit of package youtube-dl for openSUSE:Factory checked in at 2014-11-20 18:43:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/youtube-dl (Old) and /work/SRC/openSUSE:Factory/.youtube-dl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "youtube-dl" Changes: -------- --- /work/SRC/openSUSE:Factory/youtube-dl/youtube-dl.changes 2014-11-11 01:11:33.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.youtube-dl.new/youtube-dl.changes 2014-11-20 18:43:31.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Nov 19 21:35:44 UTC 2014 - jengelh(a)inai.de + +- Update to new upstream release 2014.11.16 +* Modernize handlers for new URLs at spiegel.tv, blip.tv, + and some others. + +------------------------------------------------------------------- Old: ---- youtube-dl-2014.11.04.tar.gz youtube-dl-2014.11.04.tar.gz.sig New: ---- youtube-dl-2014.11.16.tar.gz youtube-dl-2014.11.16.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ youtube-dl.spec ++++++ --- /var/tmp/diff_new_pack.CXV4D2/_old 2014-11-20 18:43:32.000000000 +0100 +++ /var/tmp/diff_new_pack.CXV4D2/_new 2014-11-20 18:43:32.000000000 +0100 @@ -17,7 +17,7 @@ Name: youtube-dl -Version: 2014.11.04 +Version: 2014.11.16 Release: 0 Summary: A tool for downloading from Youtube License: SUSE-Public-Domain and CC-BY-SA-3.0 ++++++ youtube-dl-2014.11.04.tar.gz -> youtube-dl-2014.11.16.tar.gz ++++++ ++++ 1888 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit u-boot for openSUSE:Factory
by root＠hilbert.suse.de 20 Nov '14

20 Nov '14

Hello community, here is the log from the commit of package u-boot for openSUSE:Factory checked in at 2014-11-20 18:43:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/u-boot (Old) and /work/SRC/openSUSE:Factory/.u-boot.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "u-boot" Changes: -------- --- /work/SRC/openSUSE:Factory/u-boot/u-boot-am335xevm.changes 2014-11-19 20:30:26.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.u-boot.new/u-boot-am335xevm.changes 2014-11-20 18:43:27.000000000 +0100 @@ -1,0 +2,5 @@ +Wed Nov 19 21:44:17 CET 2014 - guillaume.gardet(a)opensuse.org + +- Fix mx53loco-bootscr.patch + +------------------------------------------------------------------- u-boot-arndale.changes: same change u-boot-colibrit20iris.changes: same change u-boot-cubieboard.changes: same change u-boot-cubieboard2.changes: same change u-boot-cubietruck.changes: same change u-boot-highbank.changes: same change u-boot-melea1000.changes: same change u-boot-mx53loco.changes: same change u-boot-mx6qsabrelite.changes: same change u-boot-omap3beagle.changes: same change u-boot-omap4panda.changes: same change u-boot-paz00.changes: same change u-boot-rpib.changes: same change u-boot-snow.changes: same change u-boot-vexpressaemv8a.changes: same change u-boot.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ u-boot-arndale.spec: same change u-boot-colibrit20iris.spec: same change u-boot-cubieboard.spec: same change u-boot-cubieboard2.spec: same change u-boot-cubietruck.spec: same change u-boot-highbank.spec: same change u-boot-melea1000.spec: same change u-boot-mx53loco.spec: same change u-boot-mx6qsabrelite.spec: same change u-boot-omap3beagle.spec: same change u-boot-omap4panda.spec: same change u-boot-paz00.spec: same change u-boot-rpib.spec: same change u-boot-snow.spec: same change u-boot-vexpressaemv8a.spec: same change u-boot.spec: same change ++++++ mx53loco-bootscr.patch ++++++ --- /var/tmp/diff_new_pack.8IRwQd/_old 2014-11-20 18:43:30.000000000 +0100 +++ /var/tmp/diff_new_pack.8IRwQd/_new 2014-11-20 18:43:30.000000000 +0100 @@ -15,13 +15,13 @@ "mmcargs=setenv bootargs console=ttymxc0,${baudrate} root=${mmcroot}\0" \ "loadbootscript=" \ - "fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ -+ "load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ ++ "ext2load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ "bootscript=echo Running bootscript from mmc ...; " \ "source\0" \ - "loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \ - "loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ -+ "loadimage=load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \ -+ "loadfdt=load mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ ++ "loadimage=ext2load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \ ++ "loadfdt=ext2load mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ "mmcboot=echo Booting from mmc ...; " \ "run mmcargs; " \ "if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0