Merge branch 'c8-beta-stream-rhel' into a8-beta-stream-rhel
This commit is contained in:
commit
1f5472e5b3
86
SOURCES/0020-appliance-Use-cpu-max.patch
Normal file
86
SOURCES/0020-appliance-Use-cpu-max.patch
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
From fbb053fc71c0c072acb3fbf6e5fbbfc3b0667fd2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 28 Jan 2021 12:20:49 +0000
|
||||||
|
Subject: [PATCH] appliance: Use -cpu max.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
QEMU has a newish feature (from about 2017 / qemu 2.9) called -cpu max
|
||||||
|
which is supposed to select the best CPU, ideal for libguestfs.
|
||||||
|
|
||||||
|
After this change, on x86-64:
|
||||||
|
|
||||||
|
KVM TCG
|
||||||
|
|
||||||
|
Direct -cpu max -cpu max
|
||||||
|
(non-libvirt)
|
||||||
|
|
||||||
|
Libvirt <cpu mode="host-passthrough"> <cpu mode="host-model">
|
||||||
|
<model fallback="allow"/> <model fallback="allow"/>
|
||||||
|
</cpu> </cpu>
|
||||||
|
|
||||||
|
Thanks: Daniel Berrangé
|
||||||
|
(cherry picked from commit 30f74f38bd6e42e783ba80895f4d6826abddd417)
|
||||||
|
---
|
||||||
|
lib/appliance-cpu.c | 16 ++++++++--------
|
||||||
|
lib/launch-libvirt.c | 9 +++++++++
|
||||||
|
2 files changed, 17 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/appliance-cpu.c b/lib/appliance-cpu.c
|
||||||
|
index 5ef9f5c72..54ac6e2e3 100644
|
||||||
|
--- a/lib/appliance-cpu.c
|
||||||
|
+++ b/lib/appliance-cpu.c
|
||||||
|
@@ -38,6 +38,11 @@
|
||||||
|
*
|
||||||
|
* The literal string C<"host"> means use C<-cpu host>.
|
||||||
|
*
|
||||||
|
+ * =item C<"max">
|
||||||
|
+ *
|
||||||
|
+ * The literal string C<"max"> means use C<-cpu max> (the best
|
||||||
|
+ * possible). This requires awkward translation for libvirt.
|
||||||
|
+ *
|
||||||
|
* =item some string
|
||||||
|
*
|
||||||
|
* Some string such as C<"cortex-a57"> means use C<-cpu cortex-a57>.
|
||||||
|
@@ -80,14 +85,9 @@ guestfs_int_get_cpu_model (int kvm)
|
||||||
|
/* See discussion in https://bugzilla.redhat.com/show_bug.cgi?id=1605071 */
|
||||||
|
return NULL;
|
||||||
|
#else
|
||||||
|
- /* On most architectures, it is faster to pass the CPU host model to
|
||||||
|
- * the appliance, allowing maximum speed for things like checksums
|
||||||
|
- * and encryption. Only do this with KVM. It is broken in subtle
|
||||||
|
- * ways on TCG, and fairly pointless when you're emulating anyway.
|
||||||
|
+ /* On most architectures we can use "max" to get the best possible CPU.
|
||||||
|
+ * For recent qemu this should work even on TCG.
|
||||||
|
*/
|
||||||
|
- if (kvm)
|
||||||
|
- return "host";
|
||||||
|
- else
|
||||||
|
- return NULL;
|
||||||
|
+ return "max";
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
|
||||||
|
index f6bb39d99..e3ff1ffe0 100644
|
||||||
|
--- a/lib/launch-libvirt.c
|
||||||
|
+++ b/lib/launch-libvirt.c
|
||||||
|
@@ -1169,6 +1169,15 @@ construct_libvirt_xml_cpu (guestfs_h *g,
|
||||||
|
attribute ("fallback", "allow");
|
||||||
|
} end_element ();
|
||||||
|
}
|
||||||
|
+ else if (STREQ (cpu_model, "max")) {
|
||||||
|
+ if (params->data->is_kvm)
|
||||||
|
+ attribute ("mode", "host-passthrough");
|
||||||
|
+ else
|
||||||
|
+ attribute ("mode", "host-model");
|
||||||
|
+ start_element ("model") {
|
||||||
|
+ attribute ("fallback", "allow");
|
||||||
|
+ } end_element ();
|
||||||
|
+ }
|
||||||
|
else
|
||||||
|
single_element ("model", cpu_model);
|
||||||
|
} end_element ();
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From 7dde1007525ec235e769351be15ca5de34eeda4a Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 18 Mar 2021 12:32:26 +0000
|
||||||
|
Subject: [PATCH] appliance: Use <cpu mode="maximum"/> for -cpu max on libvirt.
|
||||||
|
|
||||||
|
Note this requires libvirt >= 7.1.0 which was only released in March 2021.
|
||||||
|
|
||||||
|
With an older libvirt you will see this error:
|
||||||
|
|
||||||
|
Original error from libvirt: unsupported configuration: Invalid mode attribute 'maximum' [code=67 int1=-1]
|
||||||
|
|
||||||
|
In theory we could check if this is supported by looking at the
|
||||||
|
libvirt capabilities and fall back, but this commit does not do that,
|
||||||
|
in the expectation that most people will be using the default backend
|
||||||
|
(direct) and on Fedora/RHEL we will add an explicit minimum version
|
||||||
|
dependency to the package.
|
||||||
|
|
||||||
|
qemu support has been around quite a bit longer (at least since 2017).
|
||||||
|
|
||||||
|
Fixes: commit 30f74f38bd6e42e783ba80895f4d6826abddd417
|
||||||
|
(cherry picked from commit 13ceb6a87b2869909a6a0e3c8caa962b72e4cb0e)
|
||||||
|
---
|
||||||
|
lib/launch-libvirt.c | 9 ++-------
|
||||||
|
1 file changed, 2 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
|
||||||
|
index e3ff1ffe0..db619910f 100644
|
||||||
|
--- a/lib/launch-libvirt.c
|
||||||
|
+++ b/lib/launch-libvirt.c
|
||||||
|
@@ -1170,13 +1170,8 @@ construct_libvirt_xml_cpu (guestfs_h *g,
|
||||||
|
} end_element ();
|
||||||
|
}
|
||||||
|
else if (STREQ (cpu_model, "max")) {
|
||||||
|
- if (params->data->is_kvm)
|
||||||
|
- attribute ("mode", "host-passthrough");
|
||||||
|
- else
|
||||||
|
- attribute ("mode", "host-model");
|
||||||
|
- start_element ("model") {
|
||||||
|
- attribute ("fallback", "allow");
|
||||||
|
- } end_element ();
|
||||||
|
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1935572#c11 */
|
||||||
|
+ attribute ("mode", "maximum");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
single_element ("model", cpu_model);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,92 @@
|
|||||||
|
From bb19cc0cdd43619ccf830e1e608f79e46f8ddf86 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 12 May 2022 08:36:37 +0100
|
||||||
|
Subject: [PATCH] lib: Disable 5-level page tables when using -cpu max
|
||||||
|
|
||||||
|
In https://bugzilla.redhat.com/show_bug.cgi?id=2082806 we've been
|
||||||
|
tracking an insidious qemu bug which intermittently prevents the
|
||||||
|
libguestfs appliance from starting. The symptoms are that SeaBIOS
|
||||||
|
starts and displays its messages, but the kernel isn't reached. We
|
||||||
|
found that the kernel does in fact start, but when it tries to set up
|
||||||
|
page tables and jump to protected mode it gets a triple fault which
|
||||||
|
causes the emulated CPU in qemu to reset (qemu exits).
|
||||||
|
|
||||||
|
This seems to only affect TCG (not KVM).
|
||||||
|
|
||||||
|
Yesterday I found that this is caused by using -cpu max which enables
|
||||||
|
the "la57" feature (5-level page tables[0]), and that we can make the
|
||||||
|
problem go away using -cpu max,la57=off. Note that I still don't
|
||||||
|
fully understand the qemu bug, so this is only a workaround.
|
||||||
|
|
||||||
|
I chose to disable 5-level page tables for both TCG and KVM, partly to
|
||||||
|
make the patch simpler, and partly because I guess it's not a feature
|
||||||
|
(ie. 57 bit linear addresses) that is useful for the libguestfs
|
||||||
|
appliance case, where we have limited physical memory and no need to
|
||||||
|
run any programs with huge address spaces.
|
||||||
|
|
||||||
|
I tested this by running both the direct & libvirt paths overnight. I
|
||||||
|
expect that this patch will fail with old qemu/libvirt which doesn't
|
||||||
|
understand the "la57" feature, but this is only intended as a
|
||||||
|
temporary workaround.
|
||||||
|
|
||||||
|
[0] Article about 5-level page tables as background:
|
||||||
|
https://lwn.net/Articles/717293/
|
||||||
|
|
||||||
|
Thanks: Laszlo Ersek
|
||||||
|
Fixes: https://answers.launchpad.net/ubuntu/+source/libguestfs/+question/701625
|
||||||
|
|
||||||
|
[RHEL 8.7: Patch is not upstream. This is the initial patch as posted
|
||||||
|
to the mailing list here:
|
||||||
|
https://listman.redhat.com/archives/libguestfs/2022-May/028853.html]
|
||||||
|
---
|
||||||
|
lib/launch-direct.c | 15 +++++++++++++--
|
||||||
|
lib/launch-libvirt.c | 7 +++++++
|
||||||
|
2 files changed, 20 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/launch-direct.c b/lib/launch-direct.c
|
||||||
|
index de17d2167..6b28e4724 100644
|
||||||
|
--- a/lib/launch-direct.c
|
||||||
|
+++ b/lib/launch-direct.c
|
||||||
|
@@ -534,8 +534,19 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
|
||||||
|
} end_list ();
|
||||||
|
|
||||||
|
cpu_model = guestfs_int_get_cpu_model (has_kvm && !force_tcg);
|
||||||
|
- if (cpu_model)
|
||||||
|
- arg ("-cpu", cpu_model);
|
||||||
|
+ if (cpu_model) {
|
||||||
|
+#if defined(__x86_64__)
|
||||||
|
+ /* Temporary workaround for RHBZ#2082806 */
|
||||||
|
+ if (STREQ (cpu_model, "max")) {
|
||||||
|
+ start_list ("-cpu") {
|
||||||
|
+ append_list (cpu_model);
|
||||||
|
+ append_list ("la57=off");
|
||||||
|
+ } end_list ();
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+#endif
|
||||||
|
+ arg ("-cpu", cpu_model);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (g->smp > 1)
|
||||||
|
arg_format ("-smp", "%d", g->smp);
|
||||||
|
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
|
||||||
|
index db619910f..bad4a54ea 100644
|
||||||
|
--- a/lib/launch-libvirt.c
|
||||||
|
+++ b/lib/launch-libvirt.c
|
||||||
|
@@ -1172,6 +1172,13 @@ construct_libvirt_xml_cpu (guestfs_h *g,
|
||||||
|
else if (STREQ (cpu_model, "max")) {
|
||||||
|
/* https://bugzilla.redhat.com/show_bug.cgi?id=1935572#c11 */
|
||||||
|
attribute ("mode", "maximum");
|
||||||
|
+#if defined(__x86_64__)
|
||||||
|
+ /* Temporary workaround for RHBZ#2082806 */
|
||||||
|
+ start_element ("feature") {
|
||||||
|
+ attribute ("policy", "disable");
|
||||||
|
+ attribute ("name", "la57");
|
||||||
|
+ } end_element ();
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
else
|
||||||
|
single_element ("model", cpu_model);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
103
SOURCES/0023-docs-guestfs-security-document-CVE-2022-2211.patch
Normal file
103
SOURCES/0023-docs-guestfs-security-document-CVE-2022-2211.patch
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
From 22d779d5982dc82d629710d41973ed6545707bd9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 28 Jun 2022 13:54:16 +0200
|
||||||
|
Subject: [PATCH] docs/guestfs-security: document CVE-2022-2211
|
||||||
|
|
||||||
|
Short log for the common submodule, commit range
|
||||||
|
f8de5508fe75..35467027f657:
|
||||||
|
|
||||||
|
Laszlo Ersek (2):
|
||||||
|
mlcustomize: factor out pkg install/update/uninstall from guestfs-tools
|
||||||
|
options: fix buffer overflow in get_keys() [CVE-2022-2211]
|
||||||
|
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20220628115418.5376-2-lersek@redhat.com>
|
||||||
|
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
||||||
|
|
||||||
|
Cherry picked from commit 99844660b48ed809e37378262c65d63df6ce4a53.
|
||||||
|
For the cherry pick I only added one submodule commit:
|
||||||
|
|
||||||
|
options: fix buffer overflow in get_keys() [CVE-2022-2211]
|
||||||
|
---
|
||||||
|
common | 2 +-
|
||||||
|
docs/guestfs-security.pod | 28 ++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 29 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Submodule common be09523d6..1174b443a:
|
||||||
|
diff --git a/common/options/keys.c b/common/options/keys.c
|
||||||
|
index 798315c..d27a712 100644
|
||||||
|
--- a/common/options/keys.c
|
||||||
|
+++ b/common/options/keys.c
|
||||||
|
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
|
||||||
|
char **
|
||||||
|
get_keys (struct key_store *ks, const char *device, const char *uuid)
|
||||||
|
{
|
||||||
|
- size_t i, j, len;
|
||||||
|
+ size_t i, j, nmemb;
|
||||||
|
char **r;
|
||||||
|
char *s;
|
||||||
|
|
||||||
|
/* We know the returned list must have at least one element and not
|
||||||
|
* more than ks->nr_keys.
|
||||||
|
*/
|
||||||
|
- len = 1;
|
||||||
|
- if (ks)
|
||||||
|
- len = MIN (1, ks->nr_keys);
|
||||||
|
- r = calloc (len+1, sizeof (char *));
|
||||||
|
+ nmemb = 1;
|
||||||
|
+ if (ks && ks->nr_keys > nmemb)
|
||||||
|
+ nmemb = ks->nr_keys;
|
||||||
|
+
|
||||||
|
+ /* make room for the terminating NULL */
|
||||||
|
+ if (nmemb == (size_t)-1)
|
||||||
|
+ error (EXIT_FAILURE, 0, _("size_t overflow"));
|
||||||
|
+ nmemb++;
|
||||||
|
+
|
||||||
|
+ r = calloc (nmemb, sizeof (char *));
|
||||||
|
if (r == NULL)
|
||||||
|
error (EXIT_FAILURE, errno, "calloc");
|
||||||
|
|
||||||
|
diff --git a/docs/guestfs-security.pod b/docs/guestfs-security.pod
|
||||||
|
index 9ceef5623..efa35b29d 100644
|
||||||
|
--- a/docs/guestfs-security.pod
|
||||||
|
+++ b/docs/guestfs-security.pod
|
||||||
|
@@ -406,6 +406,34 @@ The libvirt backend is not affected.
|
||||||
|
The solution is to update qemu to a version containing the fix (see
|
||||||
|
L<https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html>).
|
||||||
|
|
||||||
|
+=head2 CVE-2022-2211
|
||||||
|
+
|
||||||
|
+L<https://bugzilla.redhat.com/CVE-2022-2211>
|
||||||
|
+
|
||||||
|
+The C<get_keys> function in F<libguestfs-common/options/keys.c> collects
|
||||||
|
+those I<--key> options from the command line into a new array that match
|
||||||
|
+a particular block device that's being decrypted for inspection. The
|
||||||
|
+function intends to size the result array such that potentially all
|
||||||
|
+I<--key> options, plus a terminating C<NULL> element, fit into it. The
|
||||||
|
+code mistakenly uses the C<MIN> macro instead of C<MAX>, and therefore
|
||||||
|
+only one element is allocated before the C<NULL> terminator.
|
||||||
|
+
|
||||||
|
+Passing precisely two I<--key ID:...> options on the command line for
|
||||||
|
+the encrypted block device C<ID> causes C<get_keys> to overwrite the
|
||||||
|
+terminating C<NULL>, leading to an out-of-bounds read in
|
||||||
|
+C<decrypt_mountables>, file F<libguestfs-common/options/decrypt.c>.
|
||||||
|
+
|
||||||
|
+Passing more than two I<--key ID:...> options on the command line for
|
||||||
|
+the encrypted block device C<ID> causes C<get_keys> itself to perform
|
||||||
|
+out-of-bounds writes. The most common symptom is a crash with C<SIGSEGV>
|
||||||
|
+later on.
|
||||||
|
+
|
||||||
|
+This issue affects -- broadly speaking -- all libguestfs-based utilities
|
||||||
|
+that accept I<--key>, namely: C<guestfish>, C<guestmount>, C<virt-cat>,
|
||||||
|
+C<virt-customize>, C<virt-diff>, C<virt-edit>, C<virt-get-kernel>,
|
||||||
|
+C<virt-inspector>, C<virt-log>, C<virt-ls>, C<virt-sparsify>,
|
||||||
|
+C<virt-sysprep>, C<virt-tail>, C<virt-v2v>.
|
||||||
|
+
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
L<guestfs(3)>,
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -6,7 +6,7 @@ set -e
|
|||||||
# directory. Use it like this:
|
# directory. Use it like this:
|
||||||
# ./copy-patches.sh
|
# ./copy-patches.sh
|
||||||
|
|
||||||
rhel_version=8.6.0
|
rhel_version=8.7.0
|
||||||
|
|
||||||
# Check we're in the right directory.
|
# Check we're in the right directory.
|
||||||
if [ ! -f libguestfs.spec ]; then
|
if [ ! -f libguestfs.spec ]; then
|
||||||
|
@ -32,7 +32,7 @@ Summary: Access and modify virtual machine disk images
|
|||||||
Name: libguestfs
|
Name: libguestfs
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 1.44.0
|
Version: 1.44.0
|
||||||
Release: 5%{?dist}.alma
|
Release: 9%{?dist}.alma
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
|
|
||||||
ExclusiveArch: x86_64 %{power64} aarch64 s390x
|
ExclusiveArch: x86_64 %{power64} aarch64 s390x
|
||||||
@ -45,7 +45,7 @@ Source1: http://libguestfs.org/download/%{source_directory}/%{name}-%{vers
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
# RHEL 8 git repository is:
|
# RHEL 8 git repository is:
|
||||||
# https://github.com/libguestfs/libguestfs/tree/rhel-8.6.0
|
# https://github.com/libguestfs/libguestfs/tree/rhel-8.7.0
|
||||||
# Use 'copy-patches.sh' to copy the patches from the git repo
|
# Use 'copy-patches.sh' to copy the patches from the git repo
|
||||||
# to the current directory.
|
# to the current directory.
|
||||||
|
|
||||||
@ -69,6 +69,10 @@ Patch0016: 0016-test-data-phony-guests-Fix-phony-RPM-database-fix-vi.patch
|
|||||||
Patch0017: 0017-launch-libvirt-place-our-virtio-net-pci-device-in-sl.patch
|
Patch0017: 0017-launch-libvirt-place-our-virtio-net-pci-device-in-sl.patch
|
||||||
Patch0018: 0018-lib-extract-NETWORK_ADDRESS-and-NETWORK_PREFIX-as-ma.patch
|
Patch0018: 0018-lib-extract-NETWORK_ADDRESS-and-NETWORK_PREFIX-as-ma.patch
|
||||||
Patch0019: 0019-launch-libvirt-add-virtio-net-via-the-standard-inter.patch
|
Patch0019: 0019-launch-libvirt-add-virtio-net-via-the-standard-inter.patch
|
||||||
|
Patch0020: 0020-appliance-Use-cpu-max.patch
|
||||||
|
Patch0021: 0021-appliance-Use-cpu-mode-maximum-for-cpu-max-on-libvir.patch
|
||||||
|
Patch0022: 0022-lib-Disable-5-level-page-tables-when-using-cpu-max.patch
|
||||||
|
Patch0023: 0023-docs-guestfs-security-document-CVE-2022-2211.patch
|
||||||
|
|
||||||
# AlmaLinux detection patch
|
# AlmaLinux detection patch
|
||||||
Patch1000: 1000-Add-AlmaLinux-detection.patch
|
Patch1000: 1000-Add-AlmaLinux-detection.patch
|
||||||
@ -132,7 +136,8 @@ BuildRequires: systemd-units
|
|||||||
BuildRequires: netpbm-progs
|
BuildRequires: netpbm-progs
|
||||||
BuildRequires: icoutils
|
BuildRequires: icoutils
|
||||||
# RHBZ#1710713 (RHBZ#1661940)
|
# RHBZ#1710713 (RHBZ#1661940)
|
||||||
BuildRequires: libvirt-daemon-kvm >= 5.3.0
|
# libvirt must support -cpu max
|
||||||
|
BuildRequires: libvirt-daemon-kvm >= 8.0.0
|
||||||
BuildRequires: libacl-devel
|
BuildRequires: libacl-devel
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1836094
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1836094
|
||||||
@ -230,7 +235,7 @@ BuildRequires: iputils
|
|||||||
%if !0%{?rhel}
|
%if !0%{?rhel}
|
||||||
BuildRequires: jfsutils
|
BuildRequires: jfsutils
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: kernel
|
BuildRequires: (kernel without kernel-debug-core)
|
||||||
BuildRequires: kmod
|
BuildRequires: kmod
|
||||||
BuildRequires: kpartx
|
BuildRequires: kpartx
|
||||||
BuildRequires: less
|
BuildRequires: less
|
||||||
@ -300,6 +305,12 @@ BuildRequires: zfs-fuse
|
|||||||
# to replace it with (eg) a fixed appliance.
|
# to replace it with (eg) a fixed appliance.
|
||||||
Requires: (%{name}-appliance = %{epoch}:%{version}-%{release} or %{name}-noappliance)
|
Requires: (%{name}-appliance = %{epoch}:%{version}-%{release} or %{name}-noappliance)
|
||||||
|
|
||||||
|
# libguestfs-benchmarking was accidentally present in RHEL AV 8.5 and
|
||||||
|
# removed in RHEL 8.6+. Add an Obsoletes to smooth the upgrade path
|
||||||
|
# for anyone who had this package installed.
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2091597
|
||||||
|
Obsoletes: %{name}-benchmarking < %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
# The daemon dependencies are not included automatically, because it
|
# The daemon dependencies are not included automatically, because it
|
||||||
# is buried inside the appliance, so list them here.
|
# is buried inside the appliance, so list them here.
|
||||||
Requires: augeas-libs%{?_isa}
|
Requires: augeas-libs%{?_isa}
|
||||||
@ -332,7 +343,8 @@ Requires: /usr/bin/qemu-img
|
|||||||
|
|
||||||
# For libvirt backend.
|
# For libvirt backend.
|
||||||
# RHBZ#1500870, RHBZ#1501239, RHBZ#1508299
|
# RHBZ#1500870, RHBZ#1501239, RHBZ#1508299
|
||||||
Requires: libvirt-daemon-kvm >= 5.3.0
|
# libvirt must support -cpu max
|
||||||
|
Requires: libvirt-daemon-kvm >= 8.0.0
|
||||||
%ifarch aarch64
|
%ifarch aarch64
|
||||||
Requires: edk2-aarch64
|
Requires: edk2-aarch64
|
||||||
%endif
|
%endif
|
||||||
@ -1185,9 +1197,25 @@ rm ocaml/html/.gitignore
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Apr 08 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 1:1.44.0-5.alma
|
* Tue Sep 27 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 1:1.44.0-9.alma.plus
|
||||||
- Fix build for AlmaLinux
|
- Fix build for AlmaLinux
|
||||||
|
|
||||||
|
* Tue Jul 05 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.44.0-9
|
||||||
|
- Fix CVE-2022-2211 Denial of Service in --key parameter
|
||||||
|
resolves: rhbz#2101280
|
||||||
|
* Tue Jun 07 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.44.0-8
|
||||||
|
- Obsolete old libguestfs-benchmarking subpackage
|
||||||
|
resolves: rhbz#2091597
|
||||||
|
|
||||||
|
* Thu May 12 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.44.0-7
|
||||||
|
- Disable 5-level page tables when using -cpu max
|
||||||
|
resolves: rhbz#2084566
|
||||||
|
related: rhbz#2075424
|
||||||
|
|
||||||
|
* Thu Apr 14 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.44.0-6
|
||||||
|
- Backport support for -cpu max to allow RHEL 9 guests to be modified
|
||||||
|
resolves: rhbz#2075424
|
||||||
|
|
||||||
* Fri Dec 24 2021 Richard W.M. Jones <rjones@redhat.com> - 1:1.44.0-5
|
* Fri Dec 24 2021 Richard W.M. Jones <rjones@redhat.com> - 1:1.44.0-5
|
||||||
- Fix libguestfs failure with qemu 6.2, libvirt 7.10
|
- Fix libguestfs failure with qemu 6.2, libvirt 7.10
|
||||||
resolves: rhbz#2035177
|
resolves: rhbz#2035177
|
||||||
|
Loading…
Reference in New Issue
Block a user