Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2019-04-15 13:59:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new.17052 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Mon Apr 15 13:59:03 2019 rev:278 rq:693775 version:5.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2019-03-26 15:37:55.324360372 +0100 +++ /work/SRC/openSUSE:Factory/.libvirt.new.17052/libvirt.changes 2019-04-15 13:59:10.748702573 +0200 @@ -1,0 +2,36 @@ +Thu Apr 11 23:00:48 UTC 2019 - James Fehlig <jfeh...@suse.com> + +- Fix and re-enable snapshot tests + f66f70ac-snapshot-fix-use-after-free.patch + +------------------------------------------------------------------- +Fri Apr 5 19:58:10 UTC 2019 - James Fehlig <jfeh...@suse.com> + +- CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime + for read-only connections and users + 2a07c990-api-CVE-2019-3886.patch, + ae076bb4-remote-CVE-2019-3886.patch + bsc#1131595 +- spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch + touches remote_protocol.x + +------------------------------------------------------------------- +Wed Apr 3 18:08:00 UTC 2019 - Jim Fehlig <jfeh...@suse.com> + +- Update to libvirt 5.2.0 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + 4ec3cf9a-apparmor-rules.patch, + f38ef0fa-no-RDMA-check.patch, + 411cdaf8-apparmor-check-profile-name.patch, + 696239ba-qemu-fix-query-cpus-fast.patch, + 09eb1ae0-conf-add-xenbus-controller.patch, + fb059757-libxl-add-xenbus-controller.patch, + ec5a1191-libxl-support-max-grant-frames.patch, + 5a64c202-xenconfig-support-max-grant-frames.patch + - Added patches: + ff376c62-tests-fix-mocking-stat-lstat.patch, + ebe9c6ea-qemu-firmware-dirent.patch + +------------------------------------------------------------------- Old: ---- 09eb1ae0-conf-add-xenbus-controller.patch 411cdaf8-apparmor-check-profile-name.patch 4ec3cf9a-apparmor-rules.patch 5a64c202-xenconfig-support-max-grant-frames.patch 696239ba-qemu-fix-query-cpus-fast.patch ec5a1191-libxl-support-max-grant-frames.patch f38ef0fa-no-RDMA-check.patch fb059757-libxl-add-xenbus-controller.patch libvirt-5.1.0.tar.xz libvirt-5.1.0.tar.xz.asc New: ---- 2a07c990-api-CVE-2019-3886.patch ae076bb4-remote-CVE-2019-3886.patch ebe9c6ea-qemu-firmware-dirent.patch f66f70ac-snapshot-fix-use-after-free.patch ff376c62-tests-fix-mocking-stat-lstat.patch libvirt-5.2.0.tar.xz libvirt-5.2.0.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.516703151 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.516703151 +0200 @@ -183,7 +183,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 5.1.0 +Version: 5.2.0 Release: 0 Summary: Library providing a virtualization API License: LGPL-2.1-or-later @@ -246,6 +246,8 @@ # perl XPath is needed since we have a patch touching files that cause # hvsupport.html to be regenerated BuildRequires: perl(XML::XPath) +# rpcgen is needed since we have a patch touching remote_protocol.x +BuildRequires: rpcgen # For pool-build probing for existing pools BuildRequires: libblkid-devel >= 2.17 BuildRequires: libpciaccess0-devel >= 0.10.9 @@ -285,6 +287,8 @@ BuildRequires: parted-devel # For Multipath support BuildRequires: device-mapper-devel +# For XFS reflink clone support +BuildRequires: xfsprogs-devel %if %{with_storage_rbd} BuildRequires: %{with_rbd_lib} %endif @@ -333,14 +337,11 @@ Source99: baselibs.conf Source100: %{name}-rpmlintrc # Upstream patches -Patch0: 4ec3cf9a-apparmor-rules.patch -Patch1: f38ef0fa-no-RDMA-check.patch -Patch2: 411cdaf8-apparmor-check-profile-name.patch -Patch3: 696239ba-qemu-fix-query-cpus-fast.patch -Patch4: 09eb1ae0-conf-add-xenbus-controller.patch -Patch5: fb059757-libxl-add-xenbus-controller.patch -Patch6: ec5a1191-libxl-support-max-grant-frames.patch -Patch7: 5a64c202-xenconfig-support-max-grant-frames.patch +Patch0: ff376c62-tests-fix-mocking-stat-lstat.patch +Patch1: ebe9c6ea-qemu-firmware-dirent.patch +Patch2: 2a07c990-api-CVE-2019-3886.patch +Patch3: ae076bb4-remote-CVE-2019-3886.patch +Patch4: f66f70ac-snapshot-fix-use-after-free.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -879,9 +880,6 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1 @@ -1640,6 +1638,7 @@ %{_datadir}/%{name}/schemas/secret.rng %{_datadir}/%{name}/schemas/storagecommon.rng %{_datadir}/%{name}/schemas/storagepool.rng +%{_datadir}/%{name}/schemas/storagepoolcaps.rng %{_datadir}/%{name}/schemas/storagevol.rng %{_datadir}/%{name}/cpu_map/*.xml %{_datadir}/%{name}/test-screenshot.png ++++++ 0001-Extract-stats-functions-from-the-qemu-driver.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.552703163 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.552703163 +0200 @@ -18,10 +18,10 @@ create mode 100644 src/conf/domain_stats.c create mode 100644 src/conf/domain_stats.h -Index: libvirt-5.1.0/src/conf/domain_stats.c +Index: libvirt-5.2.0/src/conf/domain_stats.c =================================================================== --- /dev/null -+++ libvirt-5.1.0/src/conf/domain_stats.c ++++ libvirt-5.2.0/src/conf/domain_stats.c @@ -0,0 +1,139 @@ +/* + * domain_stats.c: domain stats extraction helpers @@ -162,10 +162,10 @@ +} + +#undef STATS_ADD_NET_PARAM -Index: libvirt-5.1.0/src/conf/domain_stats.h +Index: libvirt-5.2.0/src/conf/domain_stats.h =================================================================== --- /dev/null -+++ libvirt-5.1.0/src/conf/domain_stats.h ++++ libvirt-5.2.0/src/conf/domain_stats.h @@ -0,0 +1,64 @@ +/* + * domain_stats.h: domain stats extraction helpers @@ -231,11 +231,11 @@ + int *maxparams); + +#endif /* __DOMAIN_STATS_H */ -Index: libvirt-5.1.0/src/libvirt_private.syms +Index: libvirt-5.2.0/src/libvirt_private.syms =================================================================== ---- libvirt-5.1.0.orig/src/libvirt_private.syms -+++ libvirt-5.1.0/src/libvirt_private.syms -@@ -662,6 +662,9 @@ virDomainConfNWFilterInstantiate; +--- libvirt-5.2.0.orig/src/libvirt_private.syms ++++ libvirt-5.2.0/src/libvirt_private.syms +@@ -671,6 +671,9 @@ virDomainConfNWFilterInstantiate; virDomainConfNWFilterTeardown; virDomainConfVMNWFilterTeardown; @@ -245,7 +245,7 @@ # conf/interface_conf.h virInterfaceDefFormat; -@@ -1547,6 +1550,7 @@ virCgroupGetMemoryUsage; +@@ -1583,6 +1586,7 @@ virCgroupGetMemoryUsage; virCgroupGetMemSwapHardLimit; virCgroupGetMemSwapUsage; virCgroupGetPercpuStats; @@ -253,10 +253,10 @@ virCgroupHasController; virCgroupHasEmptyTasks; virCgroupKillPainfully; -Index: libvirt-5.1.0/src/qemu/qemu_driver.c +Index: libvirt-5.2.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_driver.c -+++ libvirt-5.1.0/src/qemu/qemu_driver.c +--- libvirt-5.2.0.orig/src/qemu/qemu_driver.c ++++ libvirt-5.2.0/src/qemu/qemu_driver.c @@ -67,6 +67,7 @@ #include "virarptable.h" #include "viruuid.h" @@ -265,7 +265,7 @@ #include "domain_audit.h" #include "node_device_conf.h" #include "virpci.h" -@@ -20042,21 +20043,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr +@@ -19941,21 +19942,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr int *maxparams, unsigned int privflags ATTRIBUTE_UNUSED) { @@ -288,7 +288,7 @@ } -@@ -20246,37 +20233,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj +@@ -20145,37 +20132,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj int *maxparams) { qemuDomainObjPrivatePtr priv = dom->privateData; @@ -327,7 +327,7 @@ } -@@ -20470,44 +20427,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr +@@ -20369,44 +20326,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr return ret; } @@ -372,7 +372,7 @@ static int qemuDomainGetStatsInterface(virQEMUDriverPtr driver ATTRIBUTE_UNUSED, virDomainObjPtr dom, -@@ -20515,68 +20434,9 @@ qemuDomainGetStatsInterface(virQEMUDrive +@@ -20414,68 +20333,9 @@ qemuDomainGetStatsInterface(virQEMUDrive int *maxparams, unsigned int privflags ATTRIBUTE_UNUSED) { @@ -442,7 +442,7 @@ #define QEMU_ADD_BLOCK_PARAM_UI(record, maxparams, num, name, value) \ do { \ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \ -@@ -20809,10 +20669,10 @@ qemuDomainGetStatsBlockExportHeader(virD +@@ -20708,10 +20568,10 @@ qemuDomainGetStatsBlockExportHeader(virD { int ret = -1; @@ -455,7 +455,7 @@ if (src->id) QEMU_ADD_BLOCK_PARAM_UI(records, nrecords, recordnr, "backingIndex", src->id); -@@ -20966,7 +20826,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr +@@ -20865,7 +20725,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr * after the iteration than it is to iterate twice; but we still * want count listed first. */ count_index = record->nparams; @@ -464,7 +464,7 @@ for (i = 0; i < dom->def->ndisks; i++) { if (qemuDomainGetStatsBlockExportDisk(dom->def->disks[i], stats, nodestats, -@@ -20991,8 +20851,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr +@@ -20890,8 +20750,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr #undef QEMU_ADD_BLOCK_PARAM_ULL @@ -473,7 +473,7 @@ #define QEMU_ADD_IOTHREAD_PARAM_UI(record, maxparams, id, name, value) \ do { \ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \ -@@ -21044,7 +20902,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver +@@ -20943,7 +20801,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver if (niothreads == 0) return 0; @@ -482,7 +482,7 @@ for (i = 0; i < niothreads; i++) { if (iothreads[i]->poll_valid) { -@@ -21077,8 +20935,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver +@@ -20976,8 +20834,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver #undef QEMU_ADD_IOTHREAD_PARAM_ULL @@ -491,10 +491,10 @@ static int qemuDomainGetStatsPerfOneEvent(virPerfPtr perf, virPerfEventType type, -Index: libvirt-5.1.0/src/util/vircgroup.c +Index: libvirt-5.2.0/src/util/vircgroup.c =================================================================== ---- libvirt-5.1.0.orig/src/util/vircgroup.c -+++ libvirt-5.1.0/src/util/vircgroup.c +--- libvirt-5.2.0.orig/src/util/vircgroup.c ++++ libvirt-5.2.0/src/util/vircgroup.c @@ -2800,6 +2800,44 @@ virCgroupControllerAvailable(int control return ret; } @@ -556,10 +556,10 @@ int virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED, bool create ATTRIBUTE_UNUSED, -Index: libvirt-5.1.0/src/util/vircgroup.h +Index: libvirt-5.2.0/src/util/vircgroup.h =================================================================== ---- libvirt-5.1.0.orig/src/util/vircgroup.h -+++ libvirt-5.1.0/src/util/vircgroup.h +--- libvirt-5.2.0.orig/src/util/vircgroup.h ++++ libvirt-5.2.0/src/util/vircgroup.h @@ -284,4 +284,9 @@ int virCgroupSetOwner(virCgroupPtr cgrou int virCgroupHasEmptyTasks(virCgroupPtr cgroup, int controller); @@ -570,10 +570,10 @@ + int *maxparams); + #endif /* LIBVIRT_VIRCGROUP_H */ -Index: libvirt-5.1.0/src/conf/Makefile.inc.am +Index: libvirt-5.2.0/src/conf/Makefile.inc.am =================================================================== ---- libvirt-5.1.0.orig/src/conf/Makefile.inc.am -+++ libvirt-5.1.0/src/conf/Makefile.inc.am +--- libvirt-5.2.0.orig/src/conf/Makefile.inc.am ++++ libvirt-5.2.0/src/conf/Makefile.inc.am @@ -20,6 +20,8 @@ DOMAIN_CONF_SOURCES = \ conf/domain_audit.h \ conf/domain_nwfilter.c \ @@ -582,4 +582,4 @@ + conf/domain_stats.h \ conf/virsavecookie.c \ conf/virsavecookie.h \ - conf/snapshot_conf.c \ + conf/moment_conf.c \ ++++++ 0001-libxl-add-support-for-BlockResize-API.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.556703164 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.556703164 +0200 @@ -19,11 +19,11 @@ src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) -Index: libvirt-5.1.0/src/libxl/libxl_driver.c +Index: libvirt-5.2.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.1.0/src/libxl/libxl_driver.c -@@ -5252,6 +5252,97 @@ libxlDomainMemoryStats(virDomainPtr dom, +--- libvirt-5.2.0.orig/src/libxl/libxl_driver.c ++++ libvirt-5.2.0/src/libxl/libxl_driver.c +@@ -5245,6 +5245,97 @@ libxlDomainMemoryStats(virDomainPtr dom, #undef LIBXL_SET_MEMSTAT @@ -121,7 +121,7 @@ static int libxlDomainGetJobInfo(virDomainPtr dom, virDomainJobInfoPtr info) -@@ -6636,6 +6727,7 @@ static virHypervisorDriver libxlHypervis +@@ -6629,6 +6720,7 @@ static virHypervisorDriver libxlHypervis #endif .nodeGetFreeMemory = libxlNodeGetFreeMemory, /* 0.9.0 */ .nodeGetCellsFreeMemory = libxlNodeGetCellsFreeMemory, /* 1.1.1 */ ++++++ 0002-lxc-implement-connectGetAllDomainStats.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.560703166 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.564703167 +0200 @@ -9,10 +9,10 @@ src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) -Index: libvirt-5.1.0/src/lxc/lxc_driver.c +Index: libvirt-5.2.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/lxc/lxc_driver.c -+++ libvirt-5.1.0/src/lxc/lxc_driver.c +--- libvirt-5.2.0.orig/src/lxc/lxc_driver.c ++++ libvirt-5.2.0/src/lxc/lxc_driver.c @@ -75,6 +75,7 @@ #include "viraccessapichecklxc.h" #include "virhostdev.h" @@ -21,7 +21,7 @@ #define VIR_FROM_THIS VIR_FROM_LXC -@@ -5396,6 +5397,142 @@ lxcDomainHasManagedSaveImage(virDomainPt +@@ -5374,6 +5375,142 @@ lxcDomainHasManagedSaveImage(virDomainPt return ret; } @@ -164,7 +164,7 @@ /* Function Tables */ static virHypervisorDriver lxcHypervisorDriver = { -@@ -5491,6 +5628,7 @@ static virHypervisorDriver lxcHypervisor +@@ -5469,6 +5606,7 @@ static virHypervisorDriver lxcHypervisor .nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */ .nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */ .domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */ ++++++ 2a07c990-api-CVE-2019-3886.patch ++++++ commit 2a07c990bd9143d7a0fe8d1b6b7c763c52185240 Author: Daniel P. Berrangé <berra...@redhat.com> Date: Wed Mar 27 10:59:58 2019 +0000 api: disallow virDomainGetHostname for read-only connections The virDomainGetHostname API is fetching guest information and this may involve use of an untrusted guest agent. As such its use must be forbidden on a read-only connection to libvirt. Fixes CVE-2019-3886 Reviewed-by: Jim Fehlig <jfeh...@suse.com> Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> Index: libvirt-5.2.0/src/libvirt-domain.c =================================================================== --- libvirt-5.2.0.orig/src/libvirt-domain.c +++ libvirt-5.2.0/src/libvirt-domain.c @@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain virCheckDomainReturn(domain, NULL); conn = domain->conn; + virCheckReadOnlyGoto(domain->conn->flags, error); + if (conn->driver->domainGetHostname) { char *ret; ret = conn->driver->domainGetHostname(domain, flags); ++++++ ae076bb4-remote-CVE-2019-3886.patch ++++++ commit ae076bb40e0e150aef41361b64001138d04d6c60 Author: Daniel P. Berrangé <berra...@redhat.com> Date: Wed Mar 27 11:22:49 2019 +0000 remote: enforce ACL write permission for getting guest time & hostname Getting the guest time and hostname both require use of guest agent commands. These must not be allowed for read-only users, so the permissions check must validate "write" permission not "read". Fixes CVE-2019-3886 Reviewed-by: Jim Fehlig <jfeh...@suse.com> Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> Index: libvirt-5.2.0/src/remote/remote_protocol.x =================================================================== --- libvirt-5.2.0.orig/src/remote/remote_protocol.x +++ libvirt-5.2.0/src/remote/remote_protocol.x @@ -5513,7 +5513,7 @@ enum remote_procedure { /** * @generate: both - * @acl: domain:read + * @acl: domain:write */ REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277, @@ -5908,7 +5908,7 @@ enum remote_procedure { /** * @generate: none - * @acl: domain:read + * @acl: domain:write */ REMOTE_PROC_DOMAIN_GET_TIME = 337, ++++++ blockcopy-check-dst-identical-device.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.596703177 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.596703177 +0200 @@ -11,11 +11,11 @@ src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-5.1.0/src/qemu/qemu_driver.c +Index: libvirt-5.2.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_driver.c -+++ libvirt-5.1.0/src/qemu/qemu_driver.c -@@ -17836,6 +17836,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt +--- libvirt-5.2.0.orig/src/qemu/qemu_driver.c ++++ libvirt-5.2.0/src/qemu/qemu_driver.c +@@ -17735,6 +17735,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt goto endjob; } ++++++ ebe9c6ea-qemu-firmware-dirent.patch ++++++ commit ebe9c6eab77e2da500c24430addfcd9f10b1676d Author: Daniel P. Berrangé <berra...@redhat.com> Date: Tue Apr 2 13:27:44 2019 +0100 qemu: don't rely on the non-portable d_type field in dirent d_type is a non-portable extension to the struct dirent and even if it exists, its value may be DT_UNKNOWN if the filesystem doesn't support it. This is common with older versions of XFS which have ftype=0 feature. Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> Index: libvirt-5.2.0/src/qemu/qemu_firmware.c =================================================================== --- libvirt-5.2.0.orig/src/qemu/qemu_firmware.c +++ libvirt-5.2.0/src/qemu/qemu_firmware.c @@ -924,9 +924,7 @@ qemuFirmwareBuildFileList(virHashTablePt while ((rc = virDirRead(dirp, &ent, dir)) > 0) { VIR_AUTOFREE(char *) filename = NULL; VIR_AUTOFREE(char *) path = NULL; - - if (ent->d_type != DT_REG && ent->d_type != DT_LNK) - continue; + struct stat sb; if (STRPREFIX(ent->d_name, ".")) continue; @@ -937,6 +935,14 @@ qemuFirmwareBuildFileList(virHashTablePt if (virAsprintf(&path, "%s/%s", dir, filename) < 0) goto cleanup; + if (stat(path, &sb) < 0) { + virReportSystemError(errno, _("Unable to access %s"), path); + goto cleanup; + } + + if (!S_ISREG(sb.st_mode) && !S_ISLNK(sb.st_mode)) + continue; + if (virHashUpdateEntry(files, filename, path) < 0) goto cleanup; ++++++ f66f70ac-snapshot-fix-use-after-free.patch ++++++ commit f66f70acbe22527423b781cb6178859309843706 Author: Eric Blake <ebl...@redhat.com> Date: Mon Apr 8 11:45:47 2019 -0500 snapshot: Fix use-after-free during snapshot delete Commit b647d2195 introduced a use-after-free situation when the caller is trying to delete a snapshot and its children: if the callback function deletes the parent, it is no longer safe to query the parent to learn which children also need to be deleted (where we previously saved deleting the parent for last). To fix the problem, while still maintaining support for topological visits of callback functions, we have to stash off any information needed for later traversal prior to using a callback function (virDomainMomentForEachChild already does this, it is only virDomainMomentActOnDescendant that was running into problems). Sadly, the testsuite did not cover the problem at the time. Worse, even though I later added commit 280a2b41e to catch problems like this, and even though that test is indeed sufficient to detect the problem when run under valgrind or suitable MALLOC_PERTURB_ settings, I'm guilty of not running the test in such an environment. Thus, v5.2.0 has a regression that could have been prevented had we used the testsuite to its full power. On the bright side, deleting snapshots requires ACL domain:snapshot, which is arguably as powerful as domain:write, so I don't think this use-after-free forms a security hole. At some point, it would be nice to convert virDomainMomentObj into a virObject, at which point, the solution is even simpler: add virObjectRef/Unref around the callback. But as that will require auditing even more places in the code, I went with the simplest patch for the regression fix. Fixes: b647d2195 Reported-by: Roman Bogorodskiy <bogorods...@gmail.com> Signed-off-by: Eric Blake <ebl...@redhat.com> Tested-by: Roman Bogorodskiy <bogorods...@gmail.com> Index: libvirt-5.2.0/src/conf/virdomainmomentobjlist.c =================================================================== --- libvirt-5.2.0.orig/src/conf/virdomainmomentobjlist.c +++ libvirt-5.2.0/src/conf/virdomainmomentobjlist.c @@ -80,9 +80,11 @@ virDomainMomentActOnDescendant(void *pay { virDomainMomentObjPtr obj = payload; struct moment_act_on_descendant *curr = data; + virDomainMomentObj tmp = *obj; + /* Careful: curr->iter can delete obj, hence the need for tmp */ (curr->iter)(payload, name, curr->data); - curr->number += 1 + virDomainMomentForEachDescendant(obj, + curr->number += 1 + virDomainMomentForEachDescendant(&tmp, curr->iter, curr->data); return 0; ++++++ ff376c62-tests-fix-mocking-stat-lstat.patch ++++++ ++++ 1276 lines (skipped) ++++++ libvirt-5.1.0.tar.xz -> libvirt-5.2.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/libvirt/libvirt-5.1.0.tar.xz /work/SRC/openSUSE:Factory/.libvirt.new.17052/libvirt-5.2.0.tar.xz differ: char 15, line 1 ++++++ libvirt-power8-models.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.628703188 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.628703188 +0200 @@ -2,10 +2,10 @@ From: <r...@suse.de> -Index: libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml +Index: libvirt-5.2.0/src/cpu_map/ppc64_POWER8.xml =================================================================== ---- libvirt-5.1.0.orig/src/cpu_map/ppc64_POWER8.xml -+++ libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml +--- libvirt-5.2.0.orig/src/cpu_map/ppc64_POWER8.xml ++++ libvirt-5.2.0/src/cpu_map/ppc64_POWER8.xml @@ -4,5 +4,7 @@ <pvr value='0x004b0000' mask='0xffff0000'/> <pvr value='0x004c0000' mask='0xffff0000'/> ++++++ libvirt-suse-netcontrol.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.644703193 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.644703193 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-5.1.0/configure.ac +Index: libvirt-5.2.0/configure.ac =================================================================== ---- libvirt-5.1.0.orig/configure.ac -+++ libvirt-5.1.0/configure.ac +--- libvirt-5.2.0.orig/configure.ac ++++ libvirt-5.2.0/configure.ac @@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH LIBVIRT_ARG_LIBXML LIBVIRT_ARG_MACVTAP @@ -18,7 +18,7 @@ LIBVIRT_CHECK_NLS LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_NWFILTER -@@ -1015,6 +1017,7 @@ LIBVIRT_RESULT_LIBXL +@@ -998,6 +1000,7 @@ LIBVIRT_RESULT_LIBXL LIBVIRT_RESULT_LIBXML LIBVIRT_RESULT_MACVTAP LIBVIRT_RESULT_NETCF @@ -26,10 +26,10 @@ LIBVIRT_RESULT_NLS LIBVIRT_RESULT_NSS LIBVIRT_RESULT_NUMACTL -Index: libvirt-5.1.0/tools/virsh.c +Index: libvirt-5.2.0/tools/virsh.c =================================================================== ---- libvirt-5.1.0.orig/tools/virsh.c -+++ libvirt-5.1.0/tools/virsh.c +--- libvirt-5.2.0.orig/tools/virsh.c ++++ libvirt-5.2.0/tools/virsh.c @@ -563,6 +563,8 @@ virshShowVersion(vshControl *ctl ATTRIBU vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) @@ -39,10 +39,10 @@ # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-5.1.0/src/interface/interface_backend_netcf.c +Index: libvirt-5.2.0/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-5.1.0.orig/src/interface/interface_backend_netcf.c -+++ libvirt-5.1.0/src/interface/interface_backend_netcf.c +--- libvirt-5.2.0.orig/src/interface/interface_backend_netcf.c ++++ libvirt-5.2.0/src/interface/interface_backend_netcf.c @@ -21,7 +21,12 @@ #include <config.h> @@ -126,10 +126,10 @@ if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0) return -1; if (virSetSharedInterfaceDriver(&interfaceDriver) < 0) -Index: libvirt-5.1.0/src/interface/interface_driver.c +Index: libvirt-5.2.0/src/interface/interface_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/interface/interface_driver.c -+++ libvirt-5.1.0/src/interface/interface_driver.c +--- libvirt-5.2.0.orig/src/interface/interface_driver.c ++++ libvirt-5.2.0/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -147,10 +147,10 @@ if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-5.1.0/m4/virt-netcontrol.m4 +Index: libvirt-5.2.0/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-5.1.0/m4/virt-netcontrol.m4 ++++ libvirt-5.2.0/m4/virt-netcontrol.m4 @@ -0,0 +1,39 @@ +dnl The libnetcontrol library +dnl @@ -191,10 +191,10 @@ +AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[ + LIBVIRT_RESULT_LIB([NETCONTROL]) +]) -Index: libvirt-5.1.0/src/interface/Makefile.inc.am +Index: libvirt-5.2.0/src/interface/Makefile.inc.am =================================================================== ---- libvirt-5.1.0.orig/src/interface/Makefile.inc.am -+++ libvirt-5.1.0/src/interface/Makefile.inc.am +--- libvirt-5.2.0.orig/src/interface/Makefile.inc.am ++++ libvirt-5.2.0/src/interface/Makefile.inc.am @@ -4,6 +4,7 @@ INTERFACE_DRIVER_SOURCES = \ $(NULL) ++++++ libxl-dom-reset.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.676703204 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.676703204 +0200 @@ -8,11 +8,11 @@ option, but domainReset can be implemented in the libxl driver by forcibly destroying the domain and starting it again. -Index: libvirt-5.1.0/src/libxl/libxl_driver.c +Index: libvirt-5.2.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.1.0/src/libxl/libxl_driver.c -@@ -1350,6 +1350,61 @@ libxlDomainReboot(virDomainPtr dom, unsi +--- libvirt-5.2.0.orig/src/libxl/libxl_driver.c ++++ libvirt-5.2.0/src/libxl/libxl_driver.c +@@ -1343,6 +1343,61 @@ libxlDomainReboot(virDomainPtr dom, unsi } static int @@ -74,7 +74,7 @@ libxlDomainDestroyFlags(virDomainPtr dom, unsigned int flags) { -@@ -6511,6 +6566,7 @@ static virHypervisorDriver libxlHypervis +@@ -6504,6 +6559,7 @@ static virHypervisorDriver libxlHypervis .domainShutdown = libxlDomainShutdown, /* 0.9.0 */ .domainShutdownFlags = libxlDomainShutdownFlags, /* 0.9.10 */ .domainReboot = libxlDomainReboot, /* 0.9.0 */ ++++++ libxl-set-cach-mode.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.684703206 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.684703206 +0200 @@ -3,11 +3,11 @@ src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) -Index: libvirt-5.1.0/src/libxl/libxl_conf.c +Index: libvirt-5.2.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_conf.c -+++ libvirt-5.1.0/src/libxl/libxl_conf.c -@@ -893,6 +893,30 @@ libxlDiskSetDiscard(libxl_device_disk *x +--- libvirt-5.2.0.orig/src/libxl/libxl_conf.c ++++ libvirt-5.2.0/src/libxl/libxl_conf.c +@@ -895,6 +895,30 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } @@ -38,7 +38,7 @@ static char * libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src, const char *username, -@@ -1141,6 +1165,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk +@@ -1143,6 +1167,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0; if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0) return -1; ++++++ libxl-set-migration-constraints.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.688703208 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.688703208 +0200 @@ -16,13 +16,13 @@ tools/virsh.pod | 8 ++++++++ 6 files changed, 125 insertions(+), 6 deletions(-) -Index: libvirt-5.1.0/include/libvirt/libvirt-domain.h +Index: libvirt-5.2.0/include/libvirt/libvirt-domain.h =================================================================== ---- libvirt-5.1.0.orig/include/libvirt/libvirt-domain.h -+++ libvirt-5.1.0/include/libvirt/libvirt-domain.h -@@ -1025,6 +1025,31 @@ typedef enum { +--- libvirt-5.2.0.orig/include/libvirt/libvirt-domain.h ++++ libvirt-5.2.0/include/libvirt/libvirt-domain.h +@@ -1039,6 +1039,31 @@ typedef enum { */ - # define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment" + # define VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS "parallel.connections" +/** + * VIR_MIGRATE_PARAM_SUSE_MAX_ITERS: @@ -52,11 +52,11 @@ /* Domain migration. */ virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn, unsigned long flags, const char *dname, -Index: libvirt-5.1.0/src/libxl/libxl_driver.c +Index: libvirt-5.2.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.1.0/src/libxl/libxl_driver.c -@@ -6118,6 +6118,9 @@ libxlDomainMigratePerform3Params(virDoma +--- libvirt-5.2.0.orig/src/libxl/libxl_driver.c ++++ libvirt-5.2.0/src/libxl/libxl_driver.c +@@ -6111,6 +6111,9 @@ libxlDomainMigratePerform3Params(virDoma const char *dname = NULL; const char *uri = NULL; int ret = -1; @@ -66,7 +66,7 @@ #ifdef LIBXL_HAVE_NO_SUSPEND_RESUME virReportUnsupportedError(); -@@ -6134,6 +6137,18 @@ libxlDomainMigratePerform3Params(virDoma +@@ -6127,6 +6130,18 @@ libxlDomainMigratePerform3Params(virDoma virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_DEST_NAME, &dname) < 0 || @@ -85,7 +85,7 @@ virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_URI, &uri) < 0) -@@ -6148,11 +6163,11 @@ libxlDomainMigratePerform3Params(virDoma +@@ -6141,11 +6156,11 @@ libxlDomainMigratePerform3Params(virDoma if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) { if (libxlDomainMigrationSrcPerformP2P(driver, vm, dom->conn, dom_xml, @@ -99,10 +99,10 @@ goto cleanup; } -Index: libvirt-5.1.0/src/libxl/libxl_migration.c +Index: libvirt-5.2.0/src/libxl/libxl_migration.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_migration.c -+++ libvirt-5.1.0/src/libxl/libxl_migration.c +--- libvirt-5.2.0.orig/src/libxl/libxl_migration.c ++++ libvirt-5.2.0/src/libxl/libxl_migration.c @@ -342,18 +342,39 @@ libxlMigrateDstReceive(virNetSocketPtr s static int libxlDoMigrateSrcSend(libxlDriverPrivatePtr driver, @@ -264,10 +264,10 @@ virObjectLock(vm); if (ret < 0) { -Index: libvirt-5.1.0/src/libxl/libxl_migration.h +Index: libvirt-5.2.0/src/libxl/libxl_migration.h =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_migration.h -+++ libvirt-5.1.0/src/libxl/libxl_migration.h +--- libvirt-5.2.0.orig/src/libxl/libxl_migration.h ++++ libvirt-5.2.0/src/libxl/libxl_migration.h @@ -36,6 +36,10 @@ VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \ VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \ @@ -312,13 +312,13 @@ virDomainPtr libxlDomainMigrationDstFinish(virConnectPtr dconn, -Index: libvirt-5.1.0/tools/virsh-domain.c +Index: libvirt-5.2.0/tools/virsh-domain.c =================================================================== ---- libvirt-5.1.0.orig/tools/virsh-domain.c -+++ libvirt-5.1.0/tools/virsh-domain.c -@@ -10562,6 +10562,22 @@ static const vshCmdOptDef opts_migrate[] +--- libvirt-5.2.0.orig/tools/virsh-domain.c ++++ libvirt-5.2.0/tools/virsh-domain.c +@@ -10570,6 +10570,22 @@ static const vshCmdOptDef opts_migrate[] .type = VSH_OT_INT, - .help = N_("post-copy migration bandwidth limit in MiB/s") + .help = N_("number of connections for parallel migration") }, + {.name = "max_iters", + .type = VSH_OT_INT, @@ -339,7 +339,7 @@ {.name = NULL} }; -@@ -10585,6 +10601,7 @@ doMigrate(void *opaque) +@@ -10593,6 +10609,7 @@ doMigrate(void *opaque) unsigned long long ullOpt = 0; int rv; virConnectPtr dconn = data->dconn; @@ -347,7 +347,7 @@ sigemptyset(&sigmask); sigaddset(&sigmask, SIGINT); -@@ -10704,6 +10721,27 @@ doMigrate(void *opaque) +@@ -10712,6 +10729,27 @@ doMigrate(void *opaque) goto save_error; } @@ -375,13 +375,13 @@ if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0) goto out; if (opt) { -Index: libvirt-5.1.0/tools/virsh.pod +Index: libvirt-5.2.0/tools/virsh.pod =================================================================== ---- libvirt-5.1.0.orig/tools/virsh.pod -+++ libvirt-5.1.0/tools/virsh.pod -@@ -1998,6 +1998,14 @@ Providing I<--tls> causes the migration - the migration of the domain. Usage requires proper TLS setup for both source - and target. +--- libvirt-5.2.0.orig/tools/virsh.pod ++++ libvirt-5.2.0/tools/virsh.pod +@@ -2019,6 +2019,14 @@ I<--parallel-connections>. Parallel conn + network link between the source and the target and thus speeding up the + migration. +SUSE-specific options for Xen: I<--max_iters> B<num> allows specifying the maximum +number of iterations before final suspend. Default is 30. I<--max_factor> B<num> ++++++ libxl-support-block-script.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.692703209 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.696703210 +0200 @@ -7,11 +7,11 @@ For more details, see bsc#954872 and FATE#319810 -Index: libvirt-5.1.0/src/libxl/libxl_conf.c +Index: libvirt-5.2.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_conf.c -+++ libvirt-5.1.0/src/libxl/libxl_conf.c -@@ -893,6 +893,25 @@ libxlDiskSetDiscard(libxl_device_disk *x +--- libvirt-5.2.0.orig/src/libxl/libxl_conf.c ++++ libvirt-5.2.0/src/libxl/libxl_conf.c +@@ -895,6 +895,25 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } @@ -37,7 +37,7 @@ static void libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode) { -@@ -1038,6 +1057,7 @@ libxlMakeNetworkDiskSrc(virStorageSource +@@ -1040,6 +1059,7 @@ libxlMakeNetworkDiskSrc(virStorageSource int libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk *x_disk) { @@ -45,7 +45,7 @@ const char *driver = virDomainDiskGetDriver(l_disk); int format = virDomainDiskGetFormat(l_disk); int actual_type = virStorageSourceGetActualType(l_disk->src); -@@ -1053,7 +1073,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk +@@ -1055,7 +1075,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0) return -1; } else { @@ -54,7 +54,7 @@ return -1; } -@@ -1166,6 +1186,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk +@@ -1168,6 +1188,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0) return -1; libxlDiskSetCacheMode(x_disk, l_disk->cachemode); ++++++ lxc-wait-after-eth-del.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.700703211 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.700703211 +0200 @@ -13,10 +13,10 @@ src/lxc/lxc_process.c | 1 + 3 files changed, 4 insertions(+) -Index: libvirt-5.1.0/src/lxc/lxc_controller.c +Index: libvirt-5.2.0/src/lxc/lxc_controller.c =================================================================== ---- libvirt-5.1.0.orig/src/lxc/lxc_controller.c -+++ libvirt-5.1.0/src/lxc/lxc_controller.c +--- libvirt-5.2.0.orig/src/lxc/lxc_controller.c ++++ libvirt-5.2.0/src/lxc/lxc_controller.c @@ -69,6 +69,7 @@ #include "rpc/virnetdaemon.h" #include "virstring.h" @@ -33,10 +33,10 @@ return ret; } -Index: libvirt-5.1.0/src/lxc/lxc_driver.c +Index: libvirt-5.2.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/lxc/lxc_driver.c -+++ libvirt-5.1.0/src/lxc/lxc_driver.c +--- libvirt-5.2.0.orig/src/lxc/lxc_driver.c ++++ libvirt-5.2.0/src/lxc/lxc_driver.c @@ -70,6 +70,7 @@ #include "virtime.h" #include "virtypedparam.h" @@ -45,7 +45,7 @@ #include "virstring.h" #include "viraccessapicheck.h" #include "viraccessapichecklxc.h" -@@ -3930,6 +3931,7 @@ lxcDomainAttachDeviceNetLive(virConnectP +@@ -3908,6 +3909,7 @@ lxcDomainAttachDeviceNetLive(virConnectP case VIR_DOMAIN_NET_TYPE_NETWORK: case VIR_DOMAIN_NET_TYPE_ETHERNET: ignore_value(virNetDevVethDelete(veth)); @@ -53,7 +53,7 @@ break; case VIR_DOMAIN_NET_TYPE_DIRECT: -@@ -4373,6 +4375,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb +@@ -4351,6 +4353,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } @@ -61,10 +61,10 @@ break; /* It'd be nice to support this, but with macvlan -Index: libvirt-5.1.0/src/lxc/lxc_process.c +Index: libvirt-5.2.0/src/lxc/lxc_process.c =================================================================== ---- libvirt-5.1.0.orig/src/lxc/lxc_process.c -+++ libvirt-5.1.0/src/lxc/lxc_process.c +--- libvirt-5.2.0.orig/src/lxc/lxc_process.c ++++ libvirt-5.2.0/src/lxc/lxc_process.c @@ -51,6 +51,7 @@ #include "viratomic.h" #include "virprocess.h" ++++++ network-don-t-use-dhcp-authoritative-on-static-netwo.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.708703214 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.708703214 +0200 @@ -17,11 +17,11 @@ tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 - 2 files changed, 8 insertions(+), 2 deletions(-) -Index: libvirt-5.1.0/src/network/bridge_driver.c +Index: libvirt-5.2.0/src/network/bridge_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/network/bridge_driver.c -+++ libvirt-5.1.0/src/network/bridge_driver.c -@@ -1378,7 +1378,14 @@ networkDnsmasqConfContents(virNetworkObj +--- libvirt-5.2.0.orig/src/network/bridge_driver.c ++++ libvirt-5.2.0/src/network/bridge_driver.c +@@ -1365,7 +1365,14 @@ networkDnsmasqConfContents(virNetworkObj if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) { if (ipdef->nranges || ipdef->nhosts) { virBufferAddLit(&configbuf, "dhcp-no-override\n"); @@ -37,10 +37,10 @@ } if (ipdef->tftproot) { -Index: libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +Index: libvirt-5.2.0/tests/networkxml2confdata/dhcp6host-routed-network.conf =================================================================== ---- libvirt-5.1.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf -+++ libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +--- libvirt-5.2.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf ++++ libvirt-5.2.0/tests/networkxml2confdata/dhcp6host-routed-network.conf @@ -10,7 +10,6 @@ bind-dynamic interface=virbr1 dhcp-range=192.168.122.1,static ++++++ ppc64le-canonical-name.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.712703215 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.712703215 +0200 @@ -2,10 +2,10 @@ See bnc#894956 -Index: libvirt-5.1.0/src/util/virarch.c +Index: libvirt-5.2.0/src/util/virarch.c =================================================================== ---- libvirt-5.1.0.orig/src/util/virarch.c -+++ libvirt-5.1.0/src/util/virarch.c +--- libvirt-5.2.0.orig/src/util/virarch.c ++++ libvirt-5.2.0/src/util/virarch.c @@ -172,6 +172,8 @@ virArch virArchFromHost(void) arch = VIR_ARCH_I686; } else if (STREQ(ut.machine, "amd64")) { ++++++ qemu-apparmor-screenshot.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.716703217 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.720703218 +0200 @@ -1,8 +1,8 @@ -Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu +Index: libvirt-5.2.0/src/security/apparmor/libvirt-qemu =================================================================== ---- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu -+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu -@@ -222,3 +222,6 @@ +--- libvirt-5.2.0.orig/src/security/apparmor/libvirt-qemu ++++ libvirt-5.2.0/src/security/apparmor/libvirt-qemu +@@ -227,3 +227,6 @@ # required for sasl GSSAPI plugin /etc/gss/mech.d/ r, /etc/gss/mech.d/* r, ++++++ support-managed-pci-xen-driver.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.724703220 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.724703220 +0200 @@ -8,10 +8,10 @@ src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-5.1.0/src/xenconfig/xen_common.c +Index: libvirt-5.2.0/src/xenconfig/xen_common.c =================================================================== ---- libvirt-5.1.0.orig/src/xenconfig/xen_common.c -+++ libvirt-5.1.0/src/xenconfig/xen_common.c +--- libvirt-5.2.0.orig/src/xenconfig/xen_common.c ++++ libvirt-5.2.0/src/xenconfig/xen_common.c @@ -386,12 +386,19 @@ xenParsePCI(char *entry) int busID; int slotID; @@ -64,10 +64,10 @@ hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; hostdev->source.subsys.u.pci.addr.domain = domainID; hostdev->source.subsys.u.pci.addr.bus = busID; -Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c +Index: libvirt-5.2.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c +--- libvirt-5.2.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-5.2.0/src/xenconfig/xen_sxpr.c @@ -1053,6 +1053,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; ++++++ suse-apparmor-libnl-paths.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.728703220 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.728703220 +0200 @@ -8,10 +8,10 @@ to squelch a denial when starting confined domains. Found while investigating bsc#1058847 -Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu +Index: libvirt-5.2.0/src/security/apparmor/libvirt-qemu =================================================================== ---- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu -+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu +--- libvirt-5.2.0.orig/src/security/apparmor/libvirt-qemu ++++ libvirt-5.2.0/src/security/apparmor/libvirt-qemu @@ -63,6 +63,7 @@ #/dev/fb* rw, @@ -20,10 +20,10 @@ @{HOME}/.pulse-cookie rwk, owner /root/.pulse-cookie rwk, owner /root/.pulse/ rw, -Index: libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-5.2.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-5.1.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper -+++ libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-5.2.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper ++++ libvirt-5.2.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper @@ -17,7 +17,7 @@ profile virt-aa-helper /usr/{lib,lib64}/ owner @{PROC}/[0-9]*/status r, @{PROC}/filesystems r, ++++++ suse-libvirt-guests-service.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.736703223 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.736703223 +0200 @@ -1,55 +1,9 @@ Adjust libvirt-guests service to conform to SUSE standards -Index: libvirt-5.1.0/tools/libvirt-guests.init.in +Index: libvirt-5.2.0/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-5.1.0.orig/tools/libvirt-guests.init.in -+++ libvirt-5.1.0/tools/libvirt-guests.init.in -@@ -4,27 +4,27 @@ - # http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html - # - ### BEGIN INIT INFO --# Provides: libvirt-guests --# Default-Start: 3 4 5 --# Default-Stop: 0 1 2 6 --# Required-Start: libvirtd --# Required-Stop: libvirtd -+# Provides: libvirt-guests -+# Required-Start: $network $remote_fs libvirtd -+# Required-Stop: $network $remote_fs libvirtd -+# Default-Start: 3 5 -+# Default-Stop: 0 1 2 4 6 - # Should-Start: - # Should-Stop: - # Short-Description: suspend/resume libvirt guests on shutdown/boot --# Description: This is a script for suspending active libvirt guests --# on shutdown and resuming them on next boot --# See https://libvirt.org -+# Description: This is a script for suspending active libvirt guests -+# on shutdown and resuming them on next boot -+# See https://libvirt.org - ### END INIT INFO - - # the following is chkconfig init header - # --# libvirt-guests: suspend/resume libvirt guests on shutdown/boot --# --# chkconfig: 345 99 01 --# description: This is a script for suspending active libvirt guests \ --# on shutdown and resuming them on next boot \ --# See https://libvirt.org -+# libvirt-guests: suspend/resume libvirt guests on shutdown/boot - # -+# chkconfig: 345 99 01 -+# description: This is a script for suspending active libvirt guests \ -+# on shutdown and resuming them on next boot \ -+# See https://libvirt.org -+ - - exec @libexecdir@/libvirt-guests.sh "$@" -Index: libvirt-5.1.0/tools/libvirt-guests.sh.in -=================================================================== ---- libvirt-5.1.0.orig/tools/libvirt-guests.sh.in -+++ libvirt-5.1.0/tools/libvirt-guests.sh.in +--- libvirt-5.2.0.orig/tools/libvirt-guests.sh.in ++++ libvirt-5.2.0/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # <http://www.gnu.org/licenses/>. @@ -209,10 +163,10 @@ esac -exit $RETVAL +rc_exit -Index: libvirt-5.1.0/tools/libvirt-guests.sysconf +Index: libvirt-5.2.0/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-5.1.0.orig/tools/libvirt-guests.sysconf -+++ libvirt-5.1.0/tools/libvirt-guests.sysconf +--- libvirt-5.2.0.orig/tools/libvirt-guests.sysconf ++++ libvirt-5.2.0/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + ++++++ suse-libvirtd-disable-tls.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.740703225 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.744703226 +0200 @@ -3,10 +3,10 @@ On SUSE distros, the default is for libvirtd to listen only on the Unix Domain Socket. The libvirt client still provides remote access via a SSH tunnel. -Index: libvirt-5.1.0/src/remote/libvirtd.conf +Index: libvirt-5.2.0/src/remote/libvirtd.conf =================================================================== ---- libvirt-5.1.0.orig/src/remote/libvirtd.conf -+++ libvirt-5.1.0/src/remote/libvirtd.conf +--- libvirt-5.2.0.orig/src/remote/libvirtd.conf ++++ libvirt-5.2.0/src/remote/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -18,10 +18,10 @@ # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-5.1.0/src/remote/remote_daemon_config.c +Index: libvirt-5.2.0/src/remote/remote_daemon_config.c =================================================================== ---- libvirt-5.1.0.orig/src/remote/remote_daemon_config.c -+++ libvirt-5.1.0/src/remote/remote_daemon_config.c +--- libvirt-5.2.0.orig/src/remote/remote_daemon_config.c ++++ libvirt-5.2.0/src/remote/remote_daemon_config.c @@ -108,7 +108,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; @@ -31,10 +31,10 @@ data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || -Index: libvirt-5.1.0/src/remote/test_libvirtd.aug.in +Index: libvirt-5.2.0/src/remote/test_libvirtd.aug.in =================================================================== ---- libvirt-5.1.0.orig/src/remote/test_libvirtd.aug.in -+++ libvirt-5.1.0/src/remote/test_libvirtd.aug.in +--- libvirt-5.2.0.orig/src/remote/test_libvirtd.aug.in ++++ libvirt-5.2.0/src/remote/test_libvirtd.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd = ::CONFIG:: ++++++ suse-libvirtd-service-xen.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.748703227 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.748703227 +0200 @@ -7,10 +7,10 @@ tools. If a user installs libvirt on their SUSE Xen host, then libvirt should be king and override xendomains. See bsc#1015348 -Index: libvirt-5.1.0/src/remote/libvirtd.service.in +Index: libvirt-5.2.0/src/remote/libvirtd.service.in =================================================================== ---- libvirt-5.1.0.orig/src/remote/libvirtd.service.in -+++ libvirt-5.1.0/src/remote/libvirtd.service.in +--- libvirt-5.2.0.orig/src/remote/libvirtd.service.in ++++ libvirt-5.2.0/src/remote/libvirtd.service.in @@ -17,6 +17,8 @@ After=local-fs.target After=remote-fs.target After=systemd-logind.service ++++++ suse-libvirtd-sysconfig-settings.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.752703229 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.752703229 +0200 @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-5.1.0/src/remote/libvirtd.sysconf +Index: libvirt-5.2.0/src/remote/libvirtd.sysconf =================================================================== ---- libvirt-5.1.0.orig/src/remote/libvirtd.sysconf -+++ libvirt-5.1.0/src/remote/libvirtd.sysconf +--- libvirt-5.2.0.orig/src/remote/libvirtd.sysconf ++++ libvirt-5.2.0/src/remote/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + ++++++ suse-libxl-disable-autoballoon.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.760703231 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.760703231 +0200 @@ -6,10 +6,10 @@ by default. It can only be enabled with the 'autoballoon' setting in libxl.conf. See jsc#SLE-3059 for more details. -Index: libvirt-5.1.0/src/libxl/libxl.conf +Index: libvirt-5.2.0/src/libxl/libxl.conf =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl.conf -+++ libvirt-5.1.0/src/libxl/libxl.conf +--- libvirt-5.2.0.orig/src/libxl/libxl.conf ++++ libvirt-5.2.0/src/libxl/libxl.conf @@ -4,12 +4,11 @@ # Enable autoballooning of domain0 @@ -27,10 +27,10 @@ # In order to prevent accidentally starting two domains that -Index: libvirt-5.1.0/src/libxl/libxl_conf.c +Index: libvirt-5.2.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_conf.c -+++ libvirt-5.1.0/src/libxl/libxl_conf.c +--- libvirt-5.2.0.orig/src/libxl/libxl_conf.c ++++ libvirt-5.2.0/src/libxl/libxl_conf.c @@ -22,7 +22,6 @@ #include <config.h> @@ -39,7 +39,7 @@ #include <libxl.h> #include <sys/types.h> #include <sys/socket.h> -@@ -1760,14 +1759,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa +@@ -1762,14 +1761,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa /* * Get domain0 autoballoon configuration. Honor user-specified * setting in libxl.conf first. If not specified, autoballooning @@ -55,7 +55,7 @@ int res; res = virConfGetValueBool(conf, "autoballoon", &cfg->autoballoon); -@@ -1776,21 +1773,8 @@ libxlGetAutoballoonConf(libxlDriverConfi +@@ -1778,21 +1775,8 @@ libxlGetAutoballoonConf(libxlDriverConfi else if (res == 1) return 0; ++++++ suse-ovmf-paths.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.764703232 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.764703232 +0200 @@ -1,9 +1,9 @@ Adjust paths of OVMF firmwares on SUSE distros -Index: libvirt-5.1.0/src/qemu/qemu.conf +Index: libvirt-5.2.0/src/qemu/qemu.conf =================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu.conf -+++ libvirt-5.1.0/src/qemu/qemu.conf +--- libvirt-5.2.0.orig/src/qemu/qemu.conf ++++ libvirt-5.2.0/src/qemu/qemu.conf @@ -773,10 +773,9 @@ security_default_confined = 0 # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default # follows this scheme. @@ -18,10 +18,10 @@ #] # The backend to use for handling stdout/stderr output from -Index: libvirt-5.1.0/src/qemu/qemu_conf.c +Index: libvirt-5.2.0/src/qemu/qemu_conf.c =================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_conf.c -+++ libvirt-5.1.0/src/qemu/qemu_conf.c +--- libvirt-5.2.0.orig/src/qemu/qemu_conf.c ++++ libvirt-5.2.0/src/qemu/qemu_conf.c @@ -116,10 +116,9 @@ void qemuDomainCmdlineDefFree(qemuDomain #ifndef DEFAULT_LOADER_NVRAM @@ -36,10 +36,10 @@ #endif -Index: libvirt-5.1.0/src/security/virt-aa-helper.c +Index: libvirt-5.2.0/src/security/virt-aa-helper.c =================================================================== ---- libvirt-5.1.0.orig/src/security/virt-aa-helper.c -+++ libvirt-5.1.0/src/security/virt-aa-helper.c +--- libvirt-5.2.0.orig/src/security/virt-aa-helper.c ++++ libvirt-5.2.0/src/security/virt-aa-helper.c @@ -506,7 +506,8 @@ valid_path(const char *path, const bool "/usr/share/ovmf/", /* for OVMF images */ "/usr/share/AAVMF/", /* for AAVMF images */ ++++++ suse-qemu-conf.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.772703235 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.772703235 +0200 @@ -7,10 +7,10 @@ etc.), but for now they are all lumped together in this single patch. -Index: libvirt-5.1.0/src/qemu/qemu.conf +Index: libvirt-5.2.0/src/qemu/qemu.conf =================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu.conf -+++ libvirt-5.1.0/src/qemu/qemu.conf +--- libvirt-5.2.0.orig/src/qemu/qemu.conf ++++ libvirt-5.2.0/src/qemu/qemu.conf @@ -420,11 +420,20 @@ # isolation, but it cannot appear in a list of drivers. # ++++++ suse-virtlockd-sysconfig-settings.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.784703239 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.784703239 +0200 @@ -1,9 +1,9 @@ Adjust virtlockd sysconfig file to conform to SUSE standards -Index: libvirt-5.1.0/src/locking/virtlockd.sysconf +Index: libvirt-5.2.0/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-5.1.0.orig/src/locking/virtlockd.sysconf -+++ libvirt-5.1.0/src/locking/virtlockd.sysconf +--- libvirt-5.2.0.orig/src/locking/virtlockd.sysconf ++++ libvirt-5.2.0/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + ++++++ suse-virtlogd-sysconfig-settings.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.792703241 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.792703241 +0200 @@ -1,9 +1,9 @@ Adjust virtlogd sysconfig file to conform to SUSE standards -Index: libvirt-5.1.0/src/logging/virtlogd.sysconf +Index: libvirt-5.2.0/src/logging/virtlogd.sysconf =================================================================== ---- libvirt-5.1.0.orig/src/logging/virtlogd.sysconf -+++ libvirt-5.1.0/src/logging/virtlogd.sysconf +--- libvirt-5.2.0.orig/src/logging/virtlogd.sysconf ++++ libvirt-5.2.0/src/logging/virtlogd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlogd + ++++++ xen-pv-cdrom.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.800703244 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.800703244 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c +Index: libvirt-5.2.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c +--- libvirt-5.2.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-5.2.0/src/xenconfig/xen_sxpr.c @@ -383,7 +383,7 @@ xenParseSxprVifRate(const char *rate, un static int xenParseSxprDisks(virDomainDefPtr def, ++++++ xen-sxpr-disk-type.patch ++++++ --- /var/tmp/diff_new_pack.waAJzu/_old 2019-04-15 13:59:12.804703246 +0200 +++ /var/tmp/diff_new_pack.waAJzu/_new 2019-04-15 13:59:12.804703246 +0200 @@ -6,10 +6,10 @@ https://bugzilla.suse.com/show_bug.cgi?id=938228 -Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c +Index: libvirt-5.2.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c +--- libvirt-5.2.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-5.2.0/src/xenconfig/xen_sxpr.c @@ -497,10 +497,11 @@ xenParseSxprDisks(virDomainDefPtr def, omnipotent, we can revisit this, perhaps stat()'ing the src file in question */