diff --git a/0001-Cpu-Add-support-for-Power-LE-Architecture.patch b/0001-Cpu-Add-support-for-Power-LE-Architecture.patch index 409d636..6e8615a 100644 --- a/0001-Cpu-Add-support-for-Power-LE-Architecture.patch +++ b/0001-Cpu-Add-support-for-Power-LE-Architecture.patch @@ -19,10 +19,10 @@ Reviewed-by: Michal Privoznik 6 files changed, 20 insertions(+), 16 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index c23a1f5..2d31ac2 100644 +index 6b64f51..699ffb9 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c -@@ -9864,7 +9864,7 @@ virDomainVideoDefaultType(const virDomainDef *def) +@@ -9865,7 +9865,7 @@ virDomainVideoDefaultType(const virDomainDef *def) (STREQ(def->os.type, "xen") || STREQ(def->os.type, "linux"))) return VIR_DOMAIN_VIDEO_TYPE_XEN; @@ -45,7 +45,7 @@ index 67cb9ff..d591c18 100644 struct ppc_vendor { char *name; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c -index b931497..59a38b2 100644 +index e5ed50a..363e4e2 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -632,7 +632,7 @@ virQEMUCapsProbeCPUModels(virQEMUCapsPtr qemuCaps, uid_t runUid, gid_t runGid) @@ -76,7 +76,7 @@ index b931497..59a38b2 100644 return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 5ef3cbf..6cd0da6 100644 +index aeb4eec..c5c48bf 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -713,7 +713,7 @@ qemuSetSCSIControllerModel(virDomainDefPtr def, @@ -115,7 +115,7 @@ index 5ef3cbf..6cd0da6 100644 model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI; else model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI; -@@ -8453,7 +8453,7 @@ qemuBuildCommandLine(virConnectPtr conn, +@@ -8445,7 +8445,7 @@ qemuBuildCommandLine(virConnectPtr conn, !qemuDomainMachineIsQ35(def) && (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX3_USB_UHCI) || (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCI_OHCI) && @@ -124,7 +124,7 @@ index 5ef3cbf..6cd0da6 100644 if (usblegacy) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Multiple legacy USB controllers are " -@@ -9651,7 +9651,7 @@ qemuBuildCommandLine(virConnectPtr conn, +@@ -9643,7 +9643,7 @@ qemuBuildCommandLine(virConnectPtr conn, } if (def->nvram) { @@ -133,7 +133,7 @@ index 5ef3cbf..6cd0da6 100644 STRPREFIX(def->os.machine, "pseries")) { if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_NVRAM)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -@@ -9769,7 +9769,7 @@ qemuBuildSerialChrDeviceStr(char **deviceStr, +@@ -9761,7 +9761,7 @@ qemuBuildSerialChrDeviceStr(char **deviceStr, { virBuffer cmd = VIR_BUFFER_INITIALIZER; @@ -142,7 +142,7 @@ index 5ef3cbf..6cd0da6 100644 if (serial->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && serial->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO) { virBufferAsprintf(&cmd, "spapr-vty,chardev=char%s", -@@ -10191,7 +10191,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt, +@@ -10183,7 +10183,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt, if (VIR_ALLOC(def->src) < 0) goto error; @@ -151,7 +151,7 @@ index 5ef3cbf..6cd0da6 100644 dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) def->bus = VIR_DOMAIN_DISK_BUS_SCSI; else -@@ -10284,7 +10284,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt, +@@ -10276,7 +10276,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt, } else if (STREQ(keywords[i], "if")) { if (STREQ(values[i], "ide")) { def->bus = VIR_DOMAIN_DISK_BUS_IDE; @@ -160,7 +160,7 @@ index 5ef3cbf..6cd0da6 100644 dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("pseries systems do not support ide devices '%s'"), val); -@@ -11529,7 +11529,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps, +@@ -11521,7 +11521,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps, } if (STREQ(arg, "-cdrom")) { disk->device = VIR_DOMAIN_DISK_DEVICE_CDROM; @@ -169,7 +169,7 @@ index 5ef3cbf..6cd0da6 100644 def->os.machine && STRPREFIX(def->os.machine, "pseries"))) disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; if (VIR_STRDUP(disk->dst, "hdc") < 0) -@@ -11545,7 +11545,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps, +@@ -11537,7 +11537,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps, disk->bus = VIR_DOMAIN_DISK_BUS_IDE; else disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; diff --git a/0002-PowerPC-Add-support-for-launching-VM-in-compat-mode.patch b/0002-PowerPC-Add-support-for-launching-VM-in-compat-mode.patch index fa87886..20ee601 100644 --- a/0002-PowerPC-Add-support-for-launching-VM-in-compat-mode.patch +++ b/0002-PowerPC-Add-support-for-launching-VM-in-compat-mode.patch @@ -70,7 +70,7 @@ index d591c18..4ea1835 100644 const struct ppc_vendor *vnd; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 6cd0da6..9619d28 100644 +index c5c48bf..423692e 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6217,7 +6217,9 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, diff --git a/0006-qemu-Support-OVMF-on-armv7l-aarch64-guests.patch b/0006-qemu-Support-OVMF-on-armv7l-aarch64-guests.patch deleted file mode 100644 index 1221b88..0000000 --- a/0006-qemu-Support-OVMF-on-armv7l-aarch64-guests.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Michal Privoznik -Date: Wed, 19 Nov 2014 16:25:56 +0100 -Subject: [PATCH] qemu: Support OVMF on armv7l aarch64 guests - -Currently, we are whitelisting architectures, that we know how to run -OVMF on. So far, only x86_64 was enabled. However, looking at qemu -code, the same commandline can be used to enable OVMF for armv7l and -aarch64. - -Signed-off-by: Michal Privoznik -(cherry picked from commit 6d8054b68407a3385b33c867a425ad8278b0b8f0) ---- - src/qemu/qemu_command.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 9619d28..b12cf55 100644 ---- a/src/qemu/qemu_command.c -+++ b/src/qemu/qemu_command.c -@@ -7571,7 +7571,9 @@ qemuBuildDomainLoaderCommandLine(virCommandPtr cmd, - - case VIR_DOMAIN_LOADER_TYPE_PFLASH: - /* UEFI is supported only for x86_64 currently */ -- if (def->os.arch != VIR_ARCH_X86_64) { -+ if (def->os.arch != VIR_ARCH_X86_64 && -+ def->os.arch != VIR_ARCH_ARMV7L && -+ def->os.arch != VIR_ARCH_AARCH64) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("pflash is not supported for %s guest architecture"), - virArchToString(def->os.arch)); diff --git a/0007-qemu-Drop-OVMF-whitelist.patch b/0007-qemu-Drop-OVMF-whitelist.patch deleted file mode 100644 index 2b73c24..0000000 --- a/0007-qemu-Drop-OVMF-whitelist.patch +++ /dev/null @@ -1,84 +0,0 @@ -From: Michal Privoznik -Date: Wed, 19 Nov 2014 18:16:12 +0100 -Subject: [PATCH] qemu: Drop OVMF whitelist - -As discussed on the upstream list, it's better not to make this -kind of predictions in libvirt. It may happen that qemu learns -how to enable OVMF on other architectures too and we shouldn't -try to chase that. - -Signed-off-by: Michal Privoznik -(cherry picked from commit 36148120c1c1e6ad7f4eb6f0995eb7b18ba95922) ---- - src/qemu/qemu_capabilities.c | 9 +++------ - src/qemu/qemu_command.c | 10 ---------- - 2 files changed, 3 insertions(+), 16 deletions(-) - -diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c -index 59a38b2..363e4e2 100644 ---- a/src/qemu/qemu_capabilities.c -+++ b/src/qemu/qemu_capabilities.c -@@ -3627,7 +3627,6 @@ virQEMUCapsGetDefaultMachine(virQEMUCapsPtr qemuCaps) - static int - virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps, - virDomainCapsLoaderPtr capsLoader, -- virArch arch, - char **loader, - size_t nloader) - { -@@ -3655,8 +3654,7 @@ virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps, - VIR_DOMAIN_CAPS_ENUM_SET(capsLoader->type, - VIR_DOMAIN_LOADER_TYPE_ROM); - -- if (arch == VIR_ARCH_X86_64 && -- virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) && -+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) && - virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE_FORMAT)) - VIR_DOMAIN_CAPS_ENUM_SET(capsLoader->type, - VIR_DOMAIN_LOADER_TYPE_PFLASH); -@@ -3673,14 +3671,13 @@ virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps, - static int - virQEMUCapsFillDomainOSCaps(virQEMUCapsPtr qemuCaps, - virDomainCapsOSPtr os, -- virArch arch, - char **loader, - size_t nloader) - { - virDomainCapsLoaderPtr capsLoader = &os->loader; - - os->device.supported = true; -- if (virQEMUCapsFillDomainLoaderCaps(qemuCaps, capsLoader, arch, -+ if (virQEMUCapsFillDomainLoaderCaps(qemuCaps, capsLoader, - loader, nloader) < 0) - return -1; - return 0; -@@ -3776,7 +3773,7 @@ virQEMUCapsFillDomainCaps(virDomainCapsPtr domCaps, - - domCaps->maxvcpus = maxvcpus; - -- if (virQEMUCapsFillDomainOSCaps(qemuCaps, os, domCaps->arch, -+ if (virQEMUCapsFillDomainOSCaps(qemuCaps, os, - loader, nloader) < 0 || - virQEMUCapsFillDomainDeviceDiskCaps(qemuCaps, disk) < 0 || - virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0) -diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index b12cf55..423692e 100644 ---- a/src/qemu/qemu_command.c -+++ b/src/qemu/qemu_command.c -@@ -7570,16 +7570,6 @@ qemuBuildDomainLoaderCommandLine(virCommandPtr cmd, - break; - - case VIR_DOMAIN_LOADER_TYPE_PFLASH: -- /* UEFI is supported only for x86_64 currently */ -- if (def->os.arch != VIR_ARCH_X86_64 && -- def->os.arch != VIR_ARCH_ARMV7L && -- def->os.arch != VIR_ARCH_AARCH64) { -- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, -- _("pflash is not supported for %s guest architecture"), -- virArchToString(def->os.arch)); -- goto cleanup; -- } -- - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("this QEMU binary doesn't support -drive")); diff --git a/libvirt.spec b/libvirt.spec index d61f861..da7fc42 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -362,8 +362,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 1.2.9.1 -Release: 2%{?dist}%{?extra_release} +Version: 1.2.9.2 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -380,9 +380,6 @@ Patch0002: 0002-PowerPC-Add-support-for-launching-VM-in-compat-mode.patch Patch0003: 0003-PowerPC-Improve-PVR-handling-to-fall-back-to-cpu-gen.patch Patch0004: 0004-docs-Add-documentation-for-compat-mode.patch Patch0005: 0005-Test-Add-a-testcase-for-PowerPC-compat-mode-cpu-spec.patch -# Don't reject aarch64 + uefi -Patch0006: 0006-qemu-Support-OVMF-on-armv7l-aarch64-guests.patch -Patch0007: 0007-qemu-Drop-OVMF-whitelist.patch %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} @@ -1214,9 +1211,6 @@ driver %patch0003 -p1 %patch0004 -p1 %patch0005 -p1 -# Don't reject aarch64 + uefi -%patch0006 -p1 -%patch0007 -p1 %build %if ! %{with_xen} @@ -2294,6 +2288,16 @@ exit 0 %doc examples/systemtap %changelog +* Sat Feb 07 2015 Cole Robinson - 1.2.9.2-1 +- Rebased to version 1.2.9.2 +- CVE-2014-8131: deadlock and segfault in qemuConnectGetAllDomainStats (bz + #1172571) +- CVE-2015-0236: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save + images and snapshots objects (bz #1185769) +- CVE-2014-8136: local denial of service in qemu/qemu_driver.c (bz #1176179) +- Fix crash parsing nbd URIs (bz #1188644) +- Fix domain startup failing with 'strict' mode in numatune (bz #1168672) + * Tue Dec 02 2014 Cole Robinson - 1.2.9.1-2 - Don't reject aarch64 + uefi diff --git a/sources b/sources index 3d4e8b8..c254fca 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c0390a04b3b18d2ed965de89fa9c12dc libvirt-1.2.9.1.tar.gz +7417e2c4912d8b36841eadbb6eada3a7 libvirt-1.2.9.2.tar.gz