From ed6c49f874e2692f6b3d534d772dfe8707dac68f Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Thu, 7 Apr 2011 15:47:13 +0800 Subject: [PATCH] Update to release 0.9.0 --- libvirt-0.8.8-kernel-boot-index.patch | 27 ----- libvirt-read-only-checks.patch | 95 ---------------- libvirt.spec | 152 +++++++++++++++++++++----- sources | 2 +- 4 files changed, 128 insertions(+), 148 deletions(-) delete mode 100644 libvirt-0.8.8-kernel-boot-index.patch delete mode 100644 libvirt-read-only-checks.patch diff --git a/libvirt-0.8.8-kernel-boot-index.patch b/libvirt-0.8.8-kernel-boot-index.patch deleted file mode 100644 index afa5de6..0000000 --- a/libvirt-0.8.8-kernel-boot-index.patch +++ /dev/null @@ -1,27 +0,0 @@ -commit efc2594b4e0cbcdd6947fafeeed41accd5b611e0 -Author: Jim Fehlig -Date: Thu Feb 17 14:22:55 2011 -0700 - - Do not add drive 'boot=on' param when a kernel is specified - - libvirt-tck was failing several domain tests [1] with qemu 0.14, which - is now less tolerable of specifying 2 bootroms with the same boot index [2]. - - Drop the 'boot=on' param if kernel has been specfied. - - [1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html - [2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html - -diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 371a7ed..0db2843 100644 ---- a/src/qemu/qemu_command.c -+++ b/src/qemu/qemu_command.c -@@ -3173,7 +3173,7 @@ qemuBuildCommandLine(virConnectPtr conn, - int bootCD = 0, bootFloppy = 0, bootDisk = 0; - - /* If QEMU supports boot=on for -drive param... */ -- if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT) { -+ if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT && !def->os.kernel) { - for (i = 0 ; i < def->os.nBootDevs ; i++) { - switch (def->os.bootDevs[i]) { - case VIR_DOMAIN_BOOT_CDROM: diff --git a/libvirt-read-only-checks.patch b/libvirt-read-only-checks.patch deleted file mode 100644 index 3981764..0000000 --- a/libvirt-read-only-checks.patch +++ /dev/null @@ -1,95 +0,0 @@ -From: Guido Günther -Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800) -Subject: Add missing checks for read only connections -X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad - -Add missing checks for read only connections - -As pointed on CVE-2011-1146, some API forgot to check the read-only -status of the connection for entry point which modify the state -of the system or may lead to a remote execution using user data. -The entry points concerned are: - - virConnectDomainXMLToNative - - virNodeDeviceDettach - - virNodeDeviceReAttach - - virNodeDeviceReset - - virDomainRevertToSnapshot - - virDomainSnapshotDelete - -* src/libvirt.c: fix the above set of entry points to error on read-only - connections ---- - -diff --git a/src/libvirt.c b/src/libvirt.c -index caa109d..713291f 100644 ---- a/src/libvirt.c -+++ b/src/libvirt.c -@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn, - virDispatchError(NULL); - return NULL; - } -+ if (conn->flags & VIR_CONNECT_RO) { -+ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); -+ goto error; -+ } - - if (nativeFormat == NULL || domainXml == NULL) { - virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__); -@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev) - return -1; - } - -+ if (dev->conn->flags & VIR_CONNECT_RO) { -+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); -+ goto error; -+ } -+ - if (dev->conn->driver->nodeDeviceDettach) { - int ret; - ret = dev->conn->driver->nodeDeviceDettach (dev); -@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev) - return -1; - } - -+ if (dev->conn->flags & VIR_CONNECT_RO) { -+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); -+ goto error; -+ } -+ - if (dev->conn->driver->nodeDeviceReAttach) { - int ret; - ret = dev->conn->driver->nodeDeviceReAttach (dev); -@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev) - return -1; - } - -+ if (dev->conn->flags & VIR_CONNECT_RO) { -+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); -+ goto error; -+ } -+ - if (dev->conn->driver->nodeDeviceReset) { - int ret; - ret = dev->conn->driver->nodeDeviceReset (dev); -@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, - } - - conn = snapshot->domain->conn; -+ if (conn->flags & VIR_CONNECT_RO) { -+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); -+ goto error; -+ } - - if (conn->driver->domainRevertToSnapshot) { - int ret = conn->driver->domainRevertToSnapshot(snapshot, flags); -@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot, - } - - conn = snapshot->domain->conn; -+ if (conn->flags & VIR_CONNECT_RO) { -+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); -+ goto error; -+ } - - if (conn->driver->domainSnapshotDelete) { - int ret = conn->driver->domainSnapshotDelete(snapshot, flags); diff --git a/libvirt.spec b/libvirt.spec index 6a64c75..a70e2d8 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,5 +1,13 @@ # -*- rpm-spec -*- +# If neither fedora nor rhel was defined, try to guess them from %{dist} +%if !0%{?rhel} && !0%{?fedora} +%{expand:%(echo "%{?dist}" | \ + sed -ne 's/^\.el\([0-9]\+\).*/%%define rhel \1/p')} +%{expand:%(echo "%{?dist}" | \ + sed -ne 's/^\.fc\?\([0-9]\+\).*/%%define fedora \1/p')} +%endif + # A client only build will create a libvirt.so only containing # the generic RPC driver, and test driver and no libvirtd # Default to a full server + client build @@ -37,8 +45,7 @@ %define with_vbox 0%{!?_without_vbox:%{server_drivers}} %define with_uml 0%{!?_without_uml:%{server_drivers}} %define with_xenapi 0%{!?_without_xenapi:%{server_drivers}} -# XXX this shouldn't be here, but it mistakenly links into libvirtd -%define with_one 0%{!?_without_one:%{server_drivers}} +%define with_libxl 0%{!?_without_libxl:%{server_drivers}} # Then the hypervisor drivers that talk a native remote protocol %define with_phyp 0%{!?_without_phyp:1} @@ -87,16 +94,16 @@ %define with_numactl 0 %endif -# RHEL doesn't ship OpenVZ, VBox, UML, OpenNebula, PowerHypervisor, -# VMWare, or libxenserver (xenapi) +# RHEL doesn't ship OpenVZ, VBox, UML, PowerHypervisor, +# VMWare, libxenserver (xenapi), or libxenlight (Xen 4.1 and newer) %if 0%{?rhel} %define with_openvz 0 %define with_vbox 0 %define with_uml 0 -%define with_one 0 %define with_phyp 0 %define with_vmware 0 %define with_xenapi 0 +%define with_libxl 0 %endif # RHEL-5 has restricted QEMU to x86_64 only and is too old for LXC @@ -123,6 +130,11 @@ %endif %endif +# Fedora doesn't have new enough Xen for libxl until F16 +%if 0%{?fedora} < 16 +%define with_libxl 0 +%endif + # PolicyKit was introduced in Fedora 8 / RHEL-6 or newer %if 0%{?fedora} >= 8 || 0%{?rhel} >= 6 %define with_polkit 0%{!?_without_polkit:1} @@ -203,16 +215,16 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 0.8.8 -Release: 3%{?dist}%{?extra_release} +Version: 0.9.0 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz -Patch1: %{name}-%{version}-kernel-boot-index.patch -Patch2: %{name}-read-only-checks.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root URL: http://libvirt.org/ -BuildRequires: python-devel + +# All runtime requirements for the libvirt package (runtime requrements +# for subpackages are listed later in those subpackages) # The client side, i.e. shared libs and virsh are in a subpackage Requires: %{name}-client = %{version}-%{release} @@ -221,15 +233,21 @@ Requires: %{name}-client = %{version}-%{release} # daemon is present %if %{with_libvirtd} Requires: bridge-utils +# for modprobe of pci devices +Requires: module-init-tools +# for /sbin/ip +Requires: iproute %endif %if %{with_network} Requires: dnsmasq >= 2.41 +Requires: radvd +%endif +%if %{with_network} || %{with_nwfilter} Requires: iptables +Requires: iptables-ipv6 %endif %if %{with_nwfilter} Requires: ebtables -Requires: iptables -Requires: iptables-ipv6 %endif # needed for device enumeration %if %{with_hal} @@ -246,10 +264,6 @@ Requires: PolicyKit >= 0.6 %endif %endif %if %{with_storage_fs} -# For mount/umount in FS driver -BuildRequires: util-linux -# For showmount in FS driver (netfs discovery) -BuildRequires: nfs-utils Requires: nfs-utils # For glusterfs %if 0%{?fedora} >= 11 @@ -281,6 +295,7 @@ Requires: iscsi-initiator-utils %if %{with_storage_disk} # For disk driver Requires: parted +Requires: device-mapper %endif %if %{with_storage_mpath} # For multipath support @@ -289,18 +304,24 @@ Requires: device-mapper %if %{with_cgconfig} Requires: libcgroup %endif + +# All build-time requirements +BuildRequires: python-devel + %if %{with_xen} BuildRequires: xen-devel %endif -%if %{with_one} -BuildRequires: xmlrpc-c-devel >= 1.14.0 -%endif BuildRequires: libxml2-devel BuildRequires: xhtml1-dtds +BuildRequires: libxslt BuildRequires: readline-devel BuildRequires: ncurses-devel BuildRequires: gettext BuildRequires: gnutls-devel +%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +# for augparse, optionally used in testing +BuildRequires: augeas +%endif %if %{with_hal} BuildRequires: hal-devel %endif @@ -325,8 +346,15 @@ BuildRequires: libselinux-devel %endif %if %{with_network} BuildRequires: dnsmasq >= 2.41 +BuildRequires: iptables +BuildRequires: iptables-ipv6 +BuildRequires: radvd +%endif +%if %{with_nwfilter} +BuildRequires: ebtables %endif BuildRequires: bridge-utils +BuildRequires: module-init-tools %if %{with_sasl} BuildRequires: cyrus-sasl-devel %endif @@ -390,7 +418,11 @@ BuildRequires: libssh2-devel BuildRequires: netcf-devel >= 0.1.4 %endif %if %{with_esx} +%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6 BuildRequires: libcurl-devel +%else +BuildRequires: curl-devel +%endif %endif %if %{with_audit} BuildRequires: audit-libs-devel @@ -400,6 +432,12 @@ BuildRequires: audit-libs-devel BuildRequires: systemtap-sdt-devel %endif +%if %{with_storage_fs} +# For mount/umount in FS driver +BuildRequires: util-linux +# For showmount in FS driver (netfs discovery) +BuildRequires: nfs-utils +%endif # Fedora build root suckage BuildRequires: gawk @@ -417,6 +455,10 @@ Requires: ncurses # So remote clients can access libvirt over SSH tunnel # (client invokes 'nc' against the UNIX socket on the server) Requires: nc +# Needed by libvirt-guests init script. +Requires: gettext +# Needed by virt-pki-validate script. +Requires: gnutls-utils %if %{with_sasl} Requires: cyrus-sasl # Not technically required, but makes 'out-of-box' config @@ -456,8 +498,6 @@ of recent versions of Linux (and other OSes). %prep %setup -q -%patch1 -p1 -%patch2 -p1 %build %if ! %{with_xen} @@ -484,6 +524,10 @@ of recent versions of Linux (and other OSes). %define _without_xenapi --without-xenapi %endif +%if ! %{with_libxl} +%define _without_libxl --without-libxl +%endif + %if ! %{with_sasl} %define _without_sasl --without-sasl %endif @@ -520,10 +564,6 @@ of recent versions of Linux (and other OSes). %define _without_uml --without-uml %endif -%if ! %{with_one} -%define _without_one --without-one -%endif - %if %{with_rhel5} %define _with_rhel5_api --with-rhel5-api %endif @@ -754,6 +794,46 @@ then > %{_sysconfdir}/libvirt/qemu/networks/default.xml ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml fi + +# All newly defined networks will have a mac address for the bridge +# auto-generated, but networks already existing at the time of upgrade +# will not. We need to go through all the network configs, look for +# those that don't have a mac address, and add one. + +network_files=$( (cd %{_localstatedir}/lib/libvirt/network && \ + grep -L "mac address" *.xml; \ + cd %{_sysconfdir}/libvirt/qemu/networks && \ + grep -L "mac address" *.xml) 2>/dev/null \ + | sort -u) + +for file in $network_files +do + # each file exists in either the config or state directory (or both) and + # does not have a mac address specified in either. We add the same mac + # address to both files (or just one, if the other isn't there) + + mac4=`printf '%X' $(($RANDOM % 256))` + mac5=`printf '%X' $(($RANDOM % 256))` + mac6=`printf '%X' $(($RANDOM % 256))` + for dir in %{_localstatedir}/lib/libvirt/network \ + %{_sysconfdir}/libvirt/qemu/networks + do + if test -f $dir/$file + then + sed -i.orig -e \ + "s|\(|" \ + $dir/$file + if test $? != 0 + then + echo "failed to add " \ + "to $dir/$file" + mv -f $dir/$file.orig $dir/$file + else + rm -f $dir/$file.orig + fi + fi + done +done %endif %if %{with_cgconfig} @@ -823,7 +903,11 @@ fi %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/ +%if %{with_libxl} +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ +%endif +%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd %if %{with_qemu} %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu @@ -862,6 +946,10 @@ fi %dir %{_localstatedir}/run/libvirt/uml/ %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/ %endif +%if %{with_libxl} +%dir %{_localstatedir}/run/libvirt/libxl/ +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ +%endif %if %{with_network} %dir %{_localstatedir}/run/libvirt/network/ %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/network/ @@ -896,6 +984,7 @@ fi %endif %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper +%attr(0755, root, root) %{_libexecdir}/libvirt_iohelper %attr(0755, root, root) %{_sbindir}/libvirtd %{_mandir}/man8/libvirtd.8* @@ -977,6 +1066,19 @@ fi %endif %changelog +* Thu Apr 7 2011 Daniel Veillard - 0.9.0-1 +- Support cputune cpu usage tuning +- Add public APIs for storage volume upload/download +- Add public API for setting migration speed on the fly +- Add libxenlight driver +- qemu: support migration to fd +- libvirt: add virDomain{Get,Set}BlkioParameters +- setmem: introduce a new libvirt API (virDomainSetMemoryFlags) +- Expose event loop implementation as a public API +- Dump the debug buffer to libvirtd.log on fatal signal +- Audit support +- Various improvements and bug fixes + * Mon Mar 14 2011 Daniel Veillard - 0.8.8-3 - fix a lack of API check on read-only connections - CVE-2011-1146 diff --git a/sources b/sources index 42512b8..a136cf0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ac9235576352b84b8cb17df7456bbdfc libvirt-0.8.8.tar.gz +53d005e6f3732aba1fd6b2718f9cec99 libvirt-0.9.0.tar.gz