rpms
/
libvirt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rebased to version 1.2.9.2 

CVE-2014-8131: deadlock and segfault in qemuConnectGetAllDomainStats (bz #1172571)
CVE-2015-0236: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects (bz #1185769)
CVE-2014-8136: local denial of service in qemu/qemu_driver.c (bz #1176179)
Fix crash parsing nbd URIs (bz #1188644)
Fix domain startup failing with 'strict' mode in numatune (bz #1168672)
remotes/origin/f21
Cole Robinson 2015-02-07 22:00:40 -05:00
parent 0ceadbef50
commit 7415198273
6 changed files with 25 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
0001-Cpu-Add-support-for-Power-LE-Architecture.patch
View File

@ -19,10 +19,10 @@ Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
6 files changed, 20 insertions(+), 16 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c23a1f5..2d31ac2 100644
index 6b64f51..699ffb9 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9864,7 +9864,7 @@ virDomainVideoDefaultType(const virDomainDef *def)
@@ -9865,7 +9865,7 @@ virDomainVideoDefaultType(const virDomainDef *def)
(STREQ(def->os.type, "xen") ||
STREQ(def->os.type, "linux")))
return VIR_DOMAIN_VIDEO_TYPE_XEN;
@ -45,7 +45,7 @@ index 67cb9ff..d591c18 100644
struct ppc_vendor {
char *name;
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index b931497..59a38b2 100644
index e5ed50a..363e4e2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -632,7 +632,7 @@ virQEMUCapsProbeCPUModels(virQEMUCapsPtr qemuCaps, uid_t runUid, gid_t runGid)
@ -76,7 +76,7 @@ index b931497..59a38b2 100644
return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO);
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5ef3cbf..6cd0da6 100644
index aeb4eec..c5c48bf 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -713,7 +713,7 @@ qemuSetSCSIControllerModel(virDomainDefPtr def,
@ -115,7 +115,7 @@ index 5ef3cbf..6cd0da6 100644
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI;
else
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI;
@@ -8453,7 +8453,7 @@ qemuBuildCommandLine(virConnectPtr conn,
@@ -8445,7 +8445,7 @@ qemuBuildCommandLine(virConnectPtr conn,
!qemuDomainMachineIsQ35(def) &&
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX3_USB_UHCI) ||
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCI_OHCI) &&
@ -124,7 +124,7 @@ index 5ef3cbf..6cd0da6 100644
if (usblegacy) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Multiple legacy USB controllers are "
@@ -9651,7 +9651,7 @@ qemuBuildCommandLine(virConnectPtr conn,
@@ -9643,7 +9643,7 @@ qemuBuildCommandLine(virConnectPtr conn,
}
if (def->nvram) {
@ -133,7 +133,7 @@ index 5ef3cbf..6cd0da6 100644
STRPREFIX(def->os.machine, "pseries")) {
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_NVRAM)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -9769,7 +9769,7 @@ qemuBuildSerialChrDeviceStr(char **deviceStr,
@@ -9761,7 +9761,7 @@ qemuBuildSerialChrDeviceStr(char **deviceStr,
{
virBuffer cmd = VIR_BUFFER_INITIALIZER;
@ -142,7 +142,7 @@ index 5ef3cbf..6cd0da6 100644
if (serial->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
serial->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO) {
virBufferAsprintf(&cmd, "spapr-vty,chardev=char%s",
@@ -10191,7 +10191,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt,
@@ -10183,7 +10183,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt,
if (VIR_ALLOC(def->src) < 0)
goto error;
@ -151,7 +151,7 @@ index 5ef3cbf..6cd0da6 100644
dom->os.machine && STRPREFIX(dom->os.machine, "pseries")))
def->bus = VIR_DOMAIN_DISK_BUS_SCSI;
else
@@ -10284,7 +10284,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt,
@@ -10276,7 +10276,7 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt,
} else if (STREQ(keywords[i], "if")) {
if (STREQ(values[i], "ide")) {
def->bus = VIR_DOMAIN_DISK_BUS_IDE;
@ -160,7 +160,7 @@ index 5ef3cbf..6cd0da6 100644
dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("pseries systems do not support ide devices '%s'"), val);
@@ -11529,7 +11529,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps,
@@ -11521,7 +11521,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps,
}
if (STREQ(arg, "-cdrom")) {
disk->device = VIR_DOMAIN_DISK_DEVICE_CDROM;
@ -169,7 +169,7 @@ index 5ef3cbf..6cd0da6 100644
def->os.machine && STRPREFIX(def->os.machine, "pseries")))
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
if (VIR_STRDUP(disk->dst, "hdc") < 0)
@@ -11545,7 +11545,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps,
@@ -11537,7 +11537,7 @@ qemuParseCommandLine(virCapsPtr qemuCaps,
disk->bus = VIR_DOMAIN_DISK_BUS_IDE;
else
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;

2
0002-PowerPC-Add-support-for-launching-VM-in-compat-mode.patch
View File

@ -70,7 +70,7 @@ index d591c18..4ea1835 100644
const struct ppc_vendor *vnd;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6cd0da6..9619d28 100644
index c5c48bf..423692e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6217,7 +6217,9 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,

30
0006-qemu-Support-OVMF-on-armv7l-aarch64-guests.patch
View File

@ -1,30 +0,0 @@
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 19 Nov 2014 16:25:56 +0100
Subject: [PATCH] qemu: Support OVMF on armv7l aarch64 guests
Currently, we are whitelisting architectures, that we know how to run
OVMF on. So far, only x86_64 was enabled. However, looking at qemu
code, the same commandline can be used to enable OVMF for armv7l and
aarch64.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 6d8054b68407a3385b33c867a425ad8278b0b8f0)
---
src/qemu/qemu_command.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 9619d28..b12cf55 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7571,7 +7571,9 @@ qemuBuildDomainLoaderCommandLine(virCommandPtr cmd,
case VIR_DOMAIN_LOADER_TYPE_PFLASH:
/* UEFI is supported only for x86_64 currently */
- if (def->os.arch != VIR_ARCH_X86_64) {
+ if (def->os.arch != VIR_ARCH_X86_64 &&
+ def->os.arch != VIR_ARCH_ARMV7L &&
+ def->os.arch != VIR_ARCH_AARCH64) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("pflash is not supported for %s guest architecture"),
virArchToString(def->os.arch));

84
0007-qemu-Drop-OVMF-whitelist.patch
View File

@ -1,84 +0,0 @@
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 19 Nov 2014 18:16:12 +0100
Subject: [PATCH] qemu: Drop OVMF whitelist
As discussed on the upstream list, it's better not to make this
kind of predictions in libvirt. It may happen that qemu learns
how to enable OVMF on other architectures too and we shouldn't
try to chase that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 36148120c1c1e6ad7f4eb6f0995eb7b18ba95922)
---
src/qemu/qemu_capabilities.c | 9 +++------
src/qemu/qemu_command.c | 10 ----------
2 files changed, 3 insertions(+), 16 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 59a38b2..363e4e2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3627,7 +3627,6 @@ virQEMUCapsGetDefaultMachine(virQEMUCapsPtr qemuCaps)
static int
virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps,
virDomainCapsLoaderPtr capsLoader,
- virArch arch,
char **loader,
size_t nloader)
{
@@ -3655,8 +3654,7 @@ virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps,
VIR_DOMAIN_CAPS_ENUM_SET(capsLoader->type,
VIR_DOMAIN_LOADER_TYPE_ROM);
- if (arch == VIR_ARCH_X86_64 &&
- virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) &&
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE) &&
virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE_FORMAT))
VIR_DOMAIN_CAPS_ENUM_SET(capsLoader->type,
VIR_DOMAIN_LOADER_TYPE_PFLASH);
@@ -3673,14 +3671,13 @@ virQEMUCapsFillDomainLoaderCaps(virQEMUCapsPtr qemuCaps,
static int
virQEMUCapsFillDomainOSCaps(virQEMUCapsPtr qemuCaps,
virDomainCapsOSPtr os,
- virArch arch,
char **loader,
size_t nloader)
{
virDomainCapsLoaderPtr capsLoader = &os->loader;
os->device.supported = true;
- if (virQEMUCapsFillDomainLoaderCaps(qemuCaps, capsLoader, arch,
+ if (virQEMUCapsFillDomainLoaderCaps(qemuCaps, capsLoader,
loader, nloader) < 0)
return -1;
return 0;
@@ -3776,7 +3773,7 @@ virQEMUCapsFillDomainCaps(virDomainCapsPtr domCaps,
domCaps->maxvcpus = maxvcpus;
- if (virQEMUCapsFillDomainOSCaps(qemuCaps, os, domCaps->arch,
+ if (virQEMUCapsFillDomainOSCaps(qemuCaps, os,
loader, nloader) < 0 ||
virQEMUCapsFillDomainDeviceDiskCaps(qemuCaps, disk) < 0 ||
virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b12cf55..423692e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7570,16 +7570,6 @@ qemuBuildDomainLoaderCommandLine(virCommandPtr cmd,
break;
case VIR_DOMAIN_LOADER_TYPE_PFLASH:
- /* UEFI is supported only for x86_64 currently */
- if (def->os.arch != VIR_ARCH_X86_64 &&
- def->os.arch != VIR_ARCH_ARMV7L &&
- def->os.arch != VIR_ARCH_AARCH64) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("pflash is not supported for %s guest architecture"),
- virArchToString(def->os.arch));
- goto cleanup;
- }
-
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DRIVE)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("this QEMU binary doesn't support -drive"));

20
libvirt.spec
View File

@ -362,8 +362,8 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 1.2.9.1
Release: 2%{?dist}%{?extra_release}
Version: 1.2.9.2
Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -380,9 +380,6 @@ Patch0002: 0002-PowerPC-Add-support-for-launching-VM-in-compat-mode.patch
Patch0003: 0003-PowerPC-Improve-PVR-handling-to-fall-back-to-cpu-gen.patch
Patch0004: 0004-docs-Add-documentation-for-compat-mode.patch
Patch0005: 0005-Test-Add-a-testcase-for-PowerPC-compat-mode-cpu-spec.patch
# Don't reject aarch64 + uefi
Patch0006: 0006-qemu-Support-OVMF-on-armv7l-aarch64-guests.patch
Patch0007: 0007-qemu-Drop-OVMF-whitelist.patch
%if %{with_libvirtd}
Requires: libvirt-daemon = %{version}-%{release}
@ -1214,9 +1211,6 @@ driver
%patch0003 -p1
%patch0004 -p1
%patch0005 -p1
# Don't reject aarch64 + uefi
%patch0006 -p1
%patch0007 -p1
%build
%if ! %{with_xen}
@ -2294,6 +2288,16 @@ exit 0
%doc examples/systemtap
%changelog
* Sat Feb 07 2015 Cole Robinson <crobinso@redhat.com> - 1.2.9.2-1
- Rebased to version 1.2.9.2
- CVE-2014-8131: deadlock and segfault in qemuConnectGetAllDomainStats (bz
#1172571)
- CVE-2015-0236: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save
images and snapshots objects (bz #1185769)
- CVE-2014-8136: local denial of service in qemu/qemu_driver.c (bz #1176179)
- Fix crash parsing nbd URIs (bz #1188644)
- Fix domain startup failing with 'strict' mode in numatune (bz #1168672)
* Tue Dec 02 2014 Cole Robinson <crobinso@redhat.com> - 1.2.9.1-2
- Don't reject aarch64 + uefi

2
sources
View File

@ -1 +1 @@
c0390a04b3b18d2ed965de89fa9c12dc libvirt-1.2.9.1.tar.gz
7417e2c4912d8b36841eadbb6eada3a7 libvirt-1.2.9.2.tar.gz