~ubuntu-virt/libvirt/+git/libvirt-lp-import:v2.0-maint

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

1e51b78... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden> on 2019-06-14

api: disallow virConnectGetDomainCapabilities on read-only connections

This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
Signed-off-by: Ján Tomko <email address hidden>

a9e40f2... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden> on 2019-06-14

api: disallow virDomainSaveImageGetXMLDesc on read-only connections

The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <email address hidden>
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
Signed-off-by: Ján Tomko <email address hidden>

Conflicts:
  src/libvirt-domain.c
  src/remote/remote_protocol.x

Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
alias for VIR_DOMAIN_XML_SECURE is not backported.
Just skip the commit since we now disallow the whole API on read-only
connections, regardless of the flag.

Signed-off-by: Ján Tomko <email address hidden>

c998537... by Andrea Bolognani <email address hidden> on 2016-07-13

spec: Fix indentation

Commit ffc49e579c14 broke syntax-check:

  cppi: libvirt.spec.in: line 622: not properly indented
  cppi: libvirt.spec.in: line 624: not properly indented
  cppi: libvirt.spec.in: line 640: not properly indented
  cppi: libvirt.spec.in: line 642: not properly indented
  maint.mk: incorrect preprocessor indentation
  cfg.mk:697: recipe for target 'sc_spec_indentation' failed

Indent the new conditionals properly.

(cherry picked from commit 55d8daa07e7419a929efd677923a428e3d76345b)

8b7b450... by Martin Kletzander on 2016-09-23

qemu: Only use memory-backend-file with NUMA if needed

If this reminds you of a commit message from around a year ago, it's
41c2aa729f0af084ede95ee9a06219a2dd5fb5df and yes, we're dealing with
"the same thing" again. Or f309db1f4d51009bad0d32e12efc75530b66836b and
it's similar.

There is a logic in place that if there is no real need for
memory-backend-file, qemuBuildMemoryBackendStr() returns 0. However
that wasn't the case with hugepage backing. The reason for that was
that we abused the 'pagesize' variable for storing that information, but
we should rather have a separate one that specifies whether we really
need the new object for hugepage backing. And that variable should be
set only if this particular NUMA cell needs special treatment WRT
hugepages.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153

Signed-off-by: Martin Kletzander <email address hidden>
(cherry picked from commit 4372a7845acbc6974f6027ef68e7dd3eeb47f425)

b9fed35... by John Ferlan <email address hidden> on 2016-08-16

qemu: Fix the command line generation for rbd auth using aes secrets

https://bugzilla.redhat.com/show_bug.cgi?id=1182074

Since libvirt still uses a legacy qemu arg format to add a disk, the
manner in which the 'password-secret' argument is passed to qemu needs
to change to prepend a 'file.' If in the future, usage of the more
modern disk format, then the prepended 'file.' can be removed.

Fix based on Jim Fehlig <email address hidden> posting and subsequent
upstream list followups, see:

http://www.redhat.com/archives/libvir-list/2016-August/msg00777.html

for details. Introduced by commit id 'a1344f70'.

(cherry picked from commit d53d465083edeb64cc7b78249c030734c0d91c6b)

Resolved a couple of conflicts due to upstream commits not present
in the v2.0-maint branch

f3cac03... by Daniel Berrange on 2016-07-12

libvirt.spec.in: require systemd-container on >= f24

The systemd-machined tools libvirt uses were split into a
systemd-container RPM. Without depending on this, libvirt
may silently fallback to the non-systemd cgroup impl which
is not desirable.

Signed-off-by: Daniel P. Berrange <email address hidden>
(cherry picked from commit ffc49e579c14b1d3f24af8d004ded6e3a0e8900f)

7a2d92f... by Daniel Veillard <email address hidden> on 2016-07-01

Libvirt 2.0.0 release

* docs/news.html.in: update documentation
* po/*.po*: regenerate

e8a5939... by Martin Kletzander on 2016-06-30

dist: Speed up distribution compression

This almost reverts b7200d723648. The size is increased from 11M to 13M
and the compression is sped up from 2 minutes to 17 seconds. The
compression level is removed because -9 doesn't allow multiple threads
to be spawned. Effectively speeds up distcheck as well.

Signed-off-by: Martin Kletzander <email address hidden>

cbe4c04... by Peter Krempa on 2016-06-30

conf: Don't free the constructed string in virDomainGetBlkioParametersAssignFromDef

virTypedParameterAssign steals the string rather than copying it into
the typed parameter and thus freeing it leads to a crash when attempting
to serialize the results.

This was introduced in commit 9f50f6e2 and later made an universal
helper in 32e6339c.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351473

d7c40d5... by Peter Krempa on 2016-06-28

conf: def: Avoid unnecessary allocation of 'perf' events definition

Some code paths already assume that it is allocated since it was always
allocated by virDomainPerfDefParseXML. Make it member of virDomainDef
directly so that we don't have to allocate it all the time.

This fixes crash when attempting to connect to an existing process via
virDomainQemuAttach since we would not allocate it in that code path.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1350688