~ubuntu-virt/libvirt/+git/libvirt-lp-import:v1.3.5-maint

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

5632ca0... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden> on 2019-06-14

api: disallow virConnectGetDomainCapabilities on read-only connections

This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
Signed-off-by: Ján Tomko <email address hidden>

70e8315... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden> on 2019-06-14

api: disallow virDomainSaveImageGetXMLDesc on read-only connections

The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <email address hidden>
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
Signed-off-by: Ján Tomko <email address hidden>

Conflicts:
  src/libvirt-domain.c
  src/remote/remote_protocol.x

Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
alias for VIR_DOMAIN_XML_SECURE is not backported.
Just skip the commit since we now disallow the whole API on read-only
connections, regardless of the flag.

Signed-off-by: Ján Tomko <email address hidden>

6ea0447... by Andrea Bolognani <email address hidden> on 2016-07-13

spec: Fix indentation

Commit ffc49e579c14 broke syntax-check:

  cppi: libvirt.spec.in: line 622: not properly indented
  cppi: libvirt.spec.in: line 624: not properly indented
  cppi: libvirt.spec.in: line 640: not properly indented
  cppi: libvirt.spec.in: line 642: not properly indented
  maint.mk: incorrect preprocessor indentation
  cfg.mk:697: recipe for target 'sc_spec_indentation' failed

Indent the new conditionals properly.

(cherry picked from commit 55d8daa07e7419a929efd677923a428e3d76345b)

135ae6d... by Martin Kletzander on 2016-09-23

qemu: Only use memory-backend-file with NUMA if needed

If this reminds you of a commit message from around a year ago, it's
41c2aa729f0af084ede95ee9a06219a2dd5fb5df and yes, we're dealing with
"the same thing" again. Or f309db1f4d51009bad0d32e12efc75530b66836b and
it's similar.

There is a logic in place that if there is no real need for
memory-backend-file, qemuBuildMemoryBackendStr() returns 0. However
that wasn't the case with hugepage backing. The reason for that was
that we abused the 'pagesize' variable for storing that information, but
we should rather have a separate one that specifies whether we really
need the new object for hugepage backing. And that variable should be
set only if this particular NUMA cell needs special treatment WRT
hugepages.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153

Signed-off-by: Martin Kletzander <email address hidden>
(cherry picked from commit 4372a7845acbc6974f6027ef68e7dd3eeb47f425)

cbdeac8... by John Ferlan <email address hidden> on 2016-08-16

qemu: Fix the command line generation for rbd auth using aes secrets

https://bugzilla.redhat.com/show_bug.cgi?id=1182074

Since libvirt still uses a legacy qemu arg format to add a disk, the
manner in which the 'password-secret' argument is passed to qemu needs
to change to prepend a 'file.' If in the future, usage of the more
modern disk format, then the prepended 'file.' can be removed.

Fix based on Jim Fehlig <email address hidden> posting and subsequent
upstream list followups, see:

http://www.redhat.com/archives/libvir-list/2016-August/msg00777.html

for details. Introduced by commit id 'a1344f70'.

(cherry picked from commit d53d465083edeb64cc7b78249c030734c0d91c6b)

Fixed some conflicts due to upstream commits not yet present in this
maintenance branch.

c5c392d... by Daniel Berrange on 2016-07-12

libvirt.spec.in: require systemd-container on >= f24

The systemd-machined tools libvirt uses were split into a
systemd-container RPM. Without depending on this, libvirt
may silently fallback to the non-systemd cgroup impl which
is not desirable.

Signed-off-by: Daniel P. Berrange <email address hidden>
(cherry picked from commit ffc49e579c14b1d3f24af8d004ded6e3a0e8900f)

46d27cd... by Jiri Denemark <email address hidden> on 2016-06-28

qemu: Let empty default VNC password work as documented

CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092

Signed-off-by: Jiri Denemark <email address hidden>
(cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3)

7324444... by Daniel Veillard <email address hidden> on 2016-06-04

Release of libvirt-1.3.5

* docs/news.html.in: update with 1.3.5 data

d57e73d... by Daniel Berrange on 2016-06-03

Refresh po files from zanata

Signed-off-by: Daniel P. Berrange <email address hidden>

3470cd8... by Martin Kletzander on 2016-06-03

Fix building with -Og

When building using -Og, gcc sees that some variables can be used
uninitialized It can be debatable whether it is possible with our
codeflow, but functions should be self-contained and initializations are
always good. The return instead of goto is due to actualType being used
in the cleanup.

Signed-off-by: Martin Kletzander <email address hidden>