Hello community, here is the log from the commit of package kvm for openSUSE:11.4 checked in at Mon Jan 16 15:04:56 CET 2012.
-------- --- old-versions/11.4/UPDATES/all/kvm/kvm.changes 2011-07-08 18:53:28.000000000 +0200 +++ 11.4/kvm/kvm.changes 2012-01-11 18:51:19.000000000 +0100 @@ -1,0 +2,10 @@ +Wed Jan 11 00:25:29 UTC 2012 - [email protected] + +- set groups properly for -runas (bnc#705304) + +------------------------------------------------------------------- +Tue Dec 13 12:57:56 UTC 2011 - [email protected] + +- Fix dictzip with long file names. + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- kvm-qemu-preXX-dictzip3.patch kvm-qemu-preXX-os-posix-set-groups-properly-for-runas.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kvm.spec ++++++ --- /var/tmp/diff_new_pack.Dk3KaX/_old 2012-01-16 15:02:42.000000000 +0100 +++ /var/tmp/diff_new_pack.Dk3KaX/_new 2012-01-16 15:02:42.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kvm # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild # icecream 0 %bcond_with vde @@ -47,7 +46,18 @@ %define using_buildservice 0%{?opensuse_bs} Name: kvm -BuildRequires: SDL-devel alsa alsa-devel gnutls-devel libaio-devel libcurl-devel libpulse-devel ncurses-devel pciutils-devel perl python texinfo +BuildRequires: SDL-devel +BuildRequires: alsa +BuildRequires: alsa-devel +BuildRequires: gnutls-devel +BuildRequires: libaio-devel +BuildRequires: libcurl-devel +BuildRequires: libpulse-devel +BuildRequires: ncurses-devel +BuildRequires: pciutils-devel +BuildRequires: perl +BuildRequires: python +BuildRequires: texinfo %if 0%{?suse_version} >= 1130 BuildRequires: brlapi-devel %endif @@ -74,12 +84,12 @@ %if 0%{?suse_version} < 1110 Requires: kvm-kmp %endif -License: BSD3c ; GPLv2 ; GPLv2+ ; LGPLv2.1+ ; MIT -Group: System/Kernel Summary: Kernel-based Virtual Machine +License: BSD-3-Clause ; GPL-2.0 ; GPL-2.0+ ; LGPL-2.1+ ; MIT +Group: System/Kernel Url: http://kvm.qumranet.com/ Version: %{package_base_version}%{package_extra_version} -Release: 1.<RELEASE10> +Release: 1.<RELEASE12> Source0: qemu-%{name}-%{package_base_version}.tar.bz2 Source1: 60-kvm.rules Source2: qemu-ifup @@ -154,6 +164,8 @@ Patch142: kvm-qemu-preXX-vnc-tight-Fix-crash-after-2GB-of-output.patch Patch143: kvm-qemu-preXX-virtio-guard-against-negative-vq-notifies.patch Patch144: kvm-qemu-preXX-validate-virtqueue.patch +Patch145: kvm-qemu-preXX-dictzip3.patch +Patch146: kvm-qemu-preXX-os-posix-set-groups-properly-for-runas.patch Patch200: qemu-img-vmdk-scsi.patch Patch201: kvm-studio-slirp-nooutgoing.patch @@ -291,6 +303,8 @@ %patch142 -p1 %patch143 -p1 %patch144 -p1 +%patch145 -p1 +%patch146 -p1 # Studio addons %patch200 -p1 ++++++ kvm-qemu-preXX-dictzip3.patch ++++++ Index: qemu-kvm-0.12.5/block/tar.c =================================================================== --- qemu-kvm-0.12.5.orig/block/tar.c +++ qemu-kvm-0.12.5/block/tar.c @@ -83,7 +83,8 @@ static int str_ends(char *str, const cha return !strncmp(str + str_len - end_len, end, end_len); } -static int is_target_file(BlockDriverState *bs, char *filename) +static int is_target_file(BlockDriverState *bs, char *filename, + char *header) { int retval = 0; @@ -99,10 +100,17 @@ static int is_target_file(BlockDriverSta if (str_ends(filename, ".vmdk")) retval = 1; + if (retval && + (header[OFFS_TYPE] != '0') && + (header[OFFS_TYPE] != 'S')) { + retval = 0; + } + dprintf("does filename %s match? %s\n", filename, retval ? "yes" : "no"); /* make sure we're not using this name again */ filename[0] = '\0'; + return retval; } @@ -201,12 +209,13 @@ static int tar_open(BlockDriverState *bs bdrv_pread(s->hd, header_offs - s->file_len, s->longfile, sizeof(s->longfile)); s->longfile[sizeof(s->longfile)-1] = '\0'; + real_file = header; } else if (s->longfile[0]) { real_file = s->longfile; } else { real_file = header; } - } while(!is_target_file(bs, real_file)); + } while(!is_target_file(bs, real_file, header)); /* We found an image! */ ++++++ kvm-qemu-preXX-os-posix-set-groups-properly-for-runas.patch ++++++ >From cc4662f9642995c78bed587707eeb9ad8500035b Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi <[email protected]> Date: Sat, 9 Jul 2011 10:22:07 +0100 Subject: [PATCH] os-posix: set groups properly for -runas Andrew Griffiths reports that -runas does not set supplementary group IDs. This means that gid 0 (root) is not dropped when switching to an unprivileged user. Add an initgroups(3) call to use the -runas user's /etc/groups membership to update the supplementary group IDs. Signed-off-by: Stefan Hajnoczi <[email protected]> Acked-by: Chris Wright <[email protected]> Signed-off-by: Blue Swirl <[email protected]> --- os-posix.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/os-posix.c b/os-posix.c index 7dfb278..6f8d488 100644 --- a/os-posix.c +++ b/os-posix.c @@ -31,6 +31,7 @@ /*needed for MAP_POPULATE before including qemu-options.h */ #include <sys/mman.h> #include <pwd.h> +#include <grp.h> #include <libgen.h> /* Needed early for CONFIG_BSD etc. */ @@ -199,6 +200,11 @@ static void change_process_uid(void) fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid); exit(1); } + if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { + fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n", + user_pwd->pw_name, user_pwd->pw_gid); + exit(1); + } if (setuid(user_pwd->pw_uid) < 0) { fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid); exit(1); -- 1.7.7 continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
