diff --git a/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch b/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch deleted file mode 100644 index ad476d2..0000000 --- a/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f38c8185f97720ecae7ef2291fbaa5d6b0209e17 Mon Sep 17 00:00:00 2001 -Message-Id: -From: =?UTF-8?q?J=C3=A1n=20Tomko?= -Date: Tue, 2 Jul 2013 15:17:09 +0200 -Subject: [PATCH] Fix crash when multiple event callbacks were registered - -CVE-2013-2230 - -Don't overwrite the callback ID returned by -virDomainEventStateRegisterID in ret by 0. - -Introduced by abf75aea. ---- - src/qemu/qemu_driver.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 571d1f8..b0180c9 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -10043,9 +10043,7 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn, - driver->domainEventState, - dom, eventID, - callback, opaque, freecb, &ret) < 0) -- goto cleanup; -- -- ret = 0; -+ ret = -1; - - cleanup: - return ret; --- -1.8.3.1 - diff --git a/0002-qemu-Fix-double-free-of-returned-JSON-array-in-qemuA.patch b/0002-qemu-Fix-double-free-of-returned-JSON-array-in-qemuA.patch deleted file mode 100644 index 85bb8e0..0000000 --- a/0002-qemu-Fix-double-free-of-returned-JSON-array-in-qemuA.patch +++ /dev/null @@ -1,32 +0,0 @@ -From dfc692350a04a70b4ca65667c30869b3bfdaf034 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Peter Krempa -Date: Tue, 16 Jul 2013 15:39:06 +0200 -Subject: [PATCH] qemu: Fix double free of returned JSON array in - qemuAgentGetVCPUs() - -A part of the returned monitor response was freed twice and caused -crashes of the daemon when using guest agent cpu count retrieval. - - # virsh vcpucount dom --guest - -Introduced in v1.0.6-48-gc6afcb0 ---- - src/qemu/qemu_agent.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c -index aca5ff3..72bf211 100644 ---- a/src/qemu/qemu_agent.c -+++ b/src/qemu/qemu_agent.c -@@ -1529,7 +1529,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon, - cleanup: - virJSONValueFree(cmd); - virJSONValueFree(reply); -- virJSONValueFree(data); - return ret; - } - --- -1.8.3.1 - diff --git a/0003-qemu-Prevent-crash-of-libvirtd-without-guest-agent-c.patch b/0003-qemu-Prevent-crash-of-libvirtd-without-guest-agent-c.patch deleted file mode 100644 index 1cd931a..0000000 --- a/0003-qemu-Prevent-crash-of-libvirtd-without-guest-agent-c.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 96518d4316b711c72205117f8d5c967d5127bbb6 Mon Sep 17 00:00:00 2001 -Message-Id: <96518d4316b711c72205117f8d5c967d5127bbb6.1374788370.git.crobinso@redhat.com> -From: Alex Jia -Date: Tue, 16 Jul 2013 17:30:20 +0800 -Subject: [PATCH] qemu: Prevent crash of libvirtd without guest agent - configuration - -If users haven't configured guest agent then qemuAgentCommand() will -dereference a NULL 'mon' pointer, which causes crash of libvirtd when -using agent based cpu (un)plug. - -With the patch, when the qemu-ga service isn't running in the guest, -a expected error "error: Guest agent is not responding: Guest agent -not available for now" will be raised, and the error "error: argument -unsupported: QEMU guest agent is not configured" is raised when the -guest hasn't configured guest agent. - -GDB backtrace: - - (gdb) bt - #0 virNetServerFatalSignal (sig=11, siginfo=, context=) at rpc/virnetserver.c:326 - #1 - #2 qemuAgentCommand (mon=0x0, cmd=0x7f39300017b0, reply=0x7f394b090910, seconds=-2) at qemu/qemu_agent.c:975 - #3 0x00007f39429507f6 in qemuAgentGetVCPUs (mon=0x0, info=0x7f394b0909b8) at qemu/qemu_agent.c:1475 - #4 0x00007f39429d9857 in qemuDomainGetVcpusFlags (dom=, flags=9) at qemu/qemu_driver.c:4849 - #5 0x00007f3957dffd8d in virDomainGetVcpusFlags (domain=0x7f39300009c0, flags=8) at libvirt.c:9843 - -How to reproduce? - - # To start a guest without guest agent configuration - # then run the following cmdline - - # virsh vcpucount foobar --guest - error: End of file while reading data: Input/output error - error: One or more references were leaked after disconnect from the hypervisor - error: Failed to reconnect to the hypervisor - -RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=984821 - -Signed-off-by: Alex Jia -Signed-off-by: Peter Krempa ---- - src/qemu/qemu_driver.c | 26 ++++++++++++++++++++++++++ - 1 file changed, 26 insertions(+) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index b4a668a..95dd591 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -4122,6 +4122,19 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus, - goto endjob; - } - -+ if (priv->agentError) { -+ virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s", -+ _("QEMU guest agent is not " -+ "available due to an error")); -+ goto endjob; -+ } -+ -+ if (!priv->agent) { -+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", -+ _("QEMU guest agent is not configured")); -+ goto endjob; -+ } -+ - qemuDomainObjEnterAgent(vm); - ncpuinfo = qemuAgentGetVCPUs(priv->agent, &cpuinfo); - qemuDomainObjExitAgent(vm); -@@ -4839,6 +4852,19 @@ qemuDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags) - if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) - goto cleanup; - -+ if (priv->agentError) { -+ virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s", -+ _("QEMU guest agent is not " -+ "available due to an error")); -+ goto endjob; -+ } -+ -+ if (!priv->agent) { -+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", -+ _("QEMU guest agent is not configured")); -+ goto endjob; -+ } -+ - if (!virDomainObjIsActive(vm)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("domain is not running")); --- -1.8.3.1 - diff --git a/libvirt-1.1.0-python-docpath.patch b/libvirt-1.1.0-python-docpath.patch deleted file mode 100644 index 723b8ca..0000000 --- a/libvirt-1.1.0-python-docpath.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libvirt-1.1.0/python/Makefile.in.orig 2013-07-28 22:24:30.722757408 -0500 -+++ libvirt-1.1.0/python/Makefile.in 2013-07-28 22:24:44.735934794 -0500 -@@ -1912,7 +1912,7 @@ - $(GETTEXT_CPPFLAGS) - - AM_CFLAGS = $(WARN_CFLAGS) --DOCS_DIR = $(datadir)/doc/libvirt-python-$(VERSION) -+DOCS_DIR = $(datadir)/doc/libvirt-python - DOCS = ${srcdir}/TODO - CLASSES_EXTRA = \ - libvirt-override-virConnect.py \ diff --git a/libvirt.spec b/libvirt.spec index e0a4397..42c4237 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -349,8 +349,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 1.1.0 -Release: 5%{?dist}%{?extra_release} +Version: 1.1.1 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -361,17 +361,6 @@ URL: http://libvirt.org/ %endif Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz -# CVE-2013-2230 libvirt: multiple registered events crash -Patch0001: 0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch -# CVE-2013-4153: Fix double free of returned JSON (bz #986408, bz -# #986383) -Patch0002: 0002-qemu-Fix-double-free-of-returned-JSON-array-in-qemuA.patch -# CVE-2013-4154: Crash of libvirtd if guest agent not configured (bz -# #986386, bz #986406) -Patch0003: 0003-qemu-Prevent-crash-of-libvirtd-without-guest-agent-c.patch - -Patch4: libvirt-1.1.0-python-docpath.patch - %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} %if %{with_network} @@ -1142,16 +1131,6 @@ of recent versions of Linux (and other OSes). %prep %setup -q -# CVE-2013-2230 libvirt: multiple registered events crash -%patch0001 -p1 -# CVE-2013-4153: Fix double free of returned JSON (bz #986408, bz -# #986383) -%patch0002 -p1 -# CVE-2013-4154: Crash of libvirtd if guest agent not configured (bz -# #986386, bz #986406) -%patch0003 -p1 -%patch4 -p1 - %build %if ! %{with_xen} %define _without_xen --without-xen @@ -1461,12 +1440,6 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_lxc.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug %endif -%if ! %{with_python} -rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version} -%else -rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version}/examples -%endif - %if ! %{with_qemu} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu @@ -1509,7 +1482,11 @@ do printf '#!/bin/sh\nexit 0\n' > $i chmod +x $i done -make check +if ! make check VIR_TEST_DEBUG=1 +then + cat test-suite.log || true + exit 1 +fi %if %{with_libvirtd} %pre daemon @@ -2081,12 +2058,14 @@ fi %{_libdir}/python*/site-packages/libvirt_lxc.py* %{_libdir}/python*/site-packages/libvirtmod* %doc python/tests/*.py -%doc python/TODO %doc examples/python %doc examples/domain-events/events-python %endif %changelog +* Tue Jul 30 2013 Daniel P. Berrange - 1.1.1-1 +- Update to 1.1.1 release + * Sun Jul 28 2013 Dennis Gilmore - 1.1.0-5 - fix doc path in libvirt-python diff --git a/sources b/sources index fdd3fb0..55136e3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f980a84719033e9efca01048da505dfb libvirt-1.1.0.tar.gz +632f30a2f22fbb404b8e10702d7f55ca libvirt-1.1.1.tar.gz