diff --git a/SOURCES/libvirt-cpu-define-the-virt-ssbd-CPUID-feature-bit-CVE-2018-3639.patch b/SOURCES/libvirt-cpu-define-the-virt-ssbd-CPUID-feature-bit-CVE-2018-3639.patch new file mode 100644 index 0000000..a04fd30 --- /dev/null +++ b/SOURCES/libvirt-cpu-define-the-virt-ssbd-CPUID-feature-bit-CVE-2018-3639.patch @@ -0,0 +1,49 @@ +From 6fff75c304d9403ac7c36c436ddf53497f6417ef Mon Sep 17 00:00:00 2001 +Message-Id: <6fff75c304d9403ac7c36c436ddf53497f6417ef@dist-git> +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 21 May 2018 23:05:08 +0100 +Subject: [PATCH] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some AMD processors only support a non-architectural means of +enabling Speculative Store Bypass Disable. To allow simplified +handling in virtual environments, hypervisors will expose an +architectural definition through CPUID bit 0x80000008_EBX[25]. +This needs to be exposed to guest OS running on AMD x86 hosts to +allow them to protect against CVE-2018-3639. + +Note that since this CPUID bit won't be present in the host CPUID +results on physical hosts, it will not be enabled automatically +in guests configured with "host-model" CPU unless using QEMU +version >= 2.9.0. Thus for older versions of QEMU, this feature +must be manually enabled using policy=force. Guests using the +"host-passthrough" CPU mode do not need special handling. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Jiri Denemark +(cherry picked from commit 9267342206ce17f6933d57a3128cdc504d5945c9) +Signed-off-by: Jiri Denemark +Reviewed-by: Erik Skultety +--- + src/cpu/cpu_map.xml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml +index cee3541d24..e0c39bb690 100644 +--- a/src/cpu/cpu_map.xml ++++ b/src/cpu/cpu_map.xml +@@ -436,6 +436,9 @@ + + + ++ ++ ++ + + + +-- +2.17.1 + diff --git a/SOURCES/libvirt-logging-Don-t-inhibit-shutdown-in-system-daemon.patch b/SOURCES/libvirt-logging-Don-t-inhibit-shutdown-in-system-daemon.patch new file mode 100644 index 0000000..f391ec4 --- /dev/null +++ b/SOURCES/libvirt-logging-Don-t-inhibit-shutdown-in-system-daemon.patch @@ -0,0 +1,47 @@ +From 601fbd22bbf812cb0ef60b039fc8214dadbdffaa Mon Sep 17 00:00:00 2001 +Message-Id: <601fbd22bbf812cb0ef60b039fc8214dadbdffaa@dist-git> +From: Martin Kletzander +Date: Tue, 1 May 2018 15:54:22 +0200 +Subject: [PATCH] logging: Don't inhibit shutdown in system daemon +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +That is a job of libvirtd and virtlogd has a dependency on it, so that will +prevent it properly. Doing it one extra time in virtlogd might also cause AVC +denials because it is not allowed to call that dbus method. + +Caused by commit df34363d58bb. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1547250 + +Signed-off-by: Martin Kletzander +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit f94e5b215720c91c60219f1694783a603f0b619c) + +https: //bugzilla.redhat.com/show_bug.cgi?id=1573268 +Reviewed-by: Erik Skultety +--- + src/logging/log_daemon.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/logging/log_daemon.c b/src/logging/log_daemon.c +index 5a136c59d1..b00b37878a 100644 +--- a/src/logging/log_daemon.c ++++ b/src/logging/log_daemon.c +@@ -129,6 +129,12 @@ virLogDaemonInhibitor(bool inhibit, void *opaque) + { + virLogDaemonPtr dmn = opaque; + ++ /* virtlogd uses inhibition only to stop session daemon being killed after ++ * the specified timeout, for the system daemon this is taken care of by ++ * libvirtd and the dependencies between the services. */ ++ if (virNetDaemonIsPrivileged(dmn->dmn)) ++ return; ++ + if (inhibit) + virNetDaemonAddShutdownInhibition(dmn->dmn); + else +-- +2.17.1 + diff --git a/SOURCES/libvirt-util-don-t-check-for-parallel-iteration-in-hash-related-functions.patch b/SOURCES/libvirt-util-don-t-check-for-parallel-iteration-in-hash-related-functions.patch new file mode 100644 index 0000000..fcacdc8 --- /dev/null +++ b/SOURCES/libvirt-util-don-t-check-for-parallel-iteration-in-hash-related-functions.patch @@ -0,0 +1,269 @@ +From fa01d1d69ceeb4da685e6f39d11e9f5d05201589 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Vincent Bernat +Date: Wed, 23 May 2018 12:45:29 +0200 +Subject: [PATCH] util: don't check for parallel iteration in hash-related + functions + +RHEL-7.6: https://bugzilla.redhat.com/show_bug.cgi?id=1576464 +RHEL-7.5.z: https://bugzilla.redhat.com/show_bug.cgi?id=1581364 + +This is the responsability of the caller to apply the correct lock +before using these functions. Moreover, the use of a simple boolean +was still racy: two threads may check the boolean and "lock" it +simultaneously. + +Users of functions from src/util/virhash.c have to be checked for +correctness. Lookups and iteration should hold a RO +lock. Modifications should hold a RW lock. + +Most important uses seem to be covered. Callers have now a greater +responsability, notably the ability to execute some operations while +iterating were reliably forbidden before are now accepted. + +Signed-off-by: Vincent Bernat +(cherry picked from commit 4d7384eb9ddef2008cb0cc165eb808f74bc83d6b) +Signed-off-by: Michal Privoznik + +Conflicts: src/util/virhash.c: Since + 3e7db8d3e8538bcd5deb1b111fb1233fc18831aa isn't backported, + macro that is being removed has misaligned line breaks. It + needs to be removed regardless. +Signed-off-by: Michal Privoznik +Reviewed-by: Jiri Denemark +--- + src/util/virhash.c | 37 -------------------- + tests/virhashtest.c | 83 --------------------------------------------- + 2 files changed, 120 deletions(-) + +diff --git a/src/util/virhash.c b/src/util/virhash.c +index 7fa2992f18..475c2b0281 100644 +--- a/src/util/virhash.c ++++ b/src/util/virhash.c +@@ -41,12 +41,6 @@ VIR_LOG_INIT("util.hash"); + + /* #define DEBUG_GROW */ + +-#define virHashIterationError(ret) \ +- do { \ +- VIR_ERROR(_("Hash operation not allowed during iteration")); \ +- return ret; \ +- } while (0) +- + /* + * A single entry in the hash table + */ +@@ -66,10 +60,6 @@ struct _virHashTable { + uint32_t seed; + size_t size; + size_t nbElems; +- /* True iff we are iterating over hash entries. */ +- bool iterating; +- /* Pointer to the current entry during iteration. */ +- virHashEntryPtr current; + virHashDataFree dataFree; + virHashKeyCode keyCode; + virHashKeyEqual keyEqual; +@@ -339,9 +329,6 @@ virHashAddOrUpdateEntry(virHashTablePtr table, const void *name, + if ((table == NULL) || (name == NULL)) + return -1; + +- if (table->iterating) +- virHashIterationError(-1); +- + key = virHashComputeKey(table, name); + + /* Check for duplicate entry */ +@@ -551,9 +538,6 @@ virHashRemoveEntry(virHashTablePtr table, const void *name) + nextptr = table->table + virHashComputeKey(table, name); + for (entry = *nextptr; entry; entry = entry->next) { + if (table->keyEqual(entry->name, name)) { +- if (table->iterating && table->current != entry) +- virHashIterationError(-1); +- + if (table->dataFree) + table->dataFree(entry->payload, entry->name); + if (table->keyFree) +@@ -593,18 +577,11 @@ virHashForEach(virHashTablePtr table, virHashIterator iter, void *data) + if (table == NULL || iter == NULL) + return -1; + +- if (table->iterating) +- virHashIterationError(-1); +- +- table->iterating = true; +- table->current = NULL; + for (i = 0; i < table->size; i++) { + virHashEntryPtr entry = table->table[i]; + while (entry) { + virHashEntryPtr next = entry->next; +- table->current = entry; + ret = iter(entry->payload, entry->name, data); +- table->current = NULL; + + if (ret < 0) + goto cleanup; +@@ -615,7 +592,6 @@ virHashForEach(virHashTablePtr table, virHashIterator iter, void *data) + + ret = 0; + cleanup: +- table->iterating = false; + return ret; + } + +@@ -643,11 +619,6 @@ virHashRemoveSet(virHashTablePtr table, + if (table == NULL || iter == NULL) + return -1; + +- if (table->iterating) +- virHashIterationError(-1); +- +- table->iterating = true; +- table->current = NULL; + for (i = 0; i < table->size; i++) { + virHashEntryPtr *nextptr = table->table + i; + +@@ -667,7 +638,6 @@ virHashRemoveSet(virHashTablePtr table, + } + } + } +- table->iterating = false; + + return count; + } +@@ -723,23 +693,16 @@ void *virHashSearch(const virHashTable *ctable, + if (table == NULL || iter == NULL) + return NULL; + +- if (table->iterating) +- virHashIterationError(NULL); +- +- table->iterating = true; +- table->current = NULL; + for (i = 0; i < table->size; i++) { + virHashEntryPtr entry; + for (entry = table->table[i]; entry; entry = entry->next) { + if (iter(entry->payload, entry->name, data)) { +- table->iterating = false; + if (name) + *name = table->keyCopy(entry->name); + return entry->payload; + } + } + } +- table->iterating = false; + + return NULL; + } +diff --git a/tests/virhashtest.c b/tests/virhashtest.c +index 9407f98c4b..77d724c4c6 100644 +--- a/tests/virhashtest.c ++++ b/tests/virhashtest.c +@@ -221,32 +221,6 @@ testHashRemoveForEachAll(void *payload ATTRIBUTE_UNUSED, + } + + +-const int testHashCountRemoveForEachForbidden = ARRAY_CARDINALITY(uuids); +- +-static int +-testHashRemoveForEachForbidden(void *payload ATTRIBUTE_UNUSED, +- const void *name, +- void *data) +-{ +- virHashTablePtr hash = data; +- size_t i; +- +- for (i = 0; i < ARRAY_CARDINALITY(uuids_subset); i++) { +- if (STREQ(uuids_subset[i], name)) { +- int next = (i + 1) % ARRAY_CARDINALITY(uuids_subset); +- +- if (virHashRemoveEntry(hash, uuids_subset[next]) == 0) { +- VIR_TEST_VERBOSE( +- "\nentry \"%s\" should not be allowed to be removed", +- uuids_subset[next]); +- } +- break; +- } +- } +- return 0; +-} +- +- + static int + testHashRemoveForEach(const void *data) + { +@@ -303,61 +277,6 @@ testHashSteal(const void *data ATTRIBUTE_UNUSED) + } + + +-static int +-testHashIter(void *payload ATTRIBUTE_UNUSED, +- const void *name ATTRIBUTE_UNUSED, +- void *data ATTRIBUTE_UNUSED) +-{ +- return 0; +-} +- +-static int +-testHashForEachIter(void *payload ATTRIBUTE_UNUSED, +- const void *name ATTRIBUTE_UNUSED, +- void *data) +-{ +- virHashTablePtr hash = data; +- +- if (virHashAddEntry(hash, uuids_new[0], NULL) == 0) +- VIR_TEST_VERBOSE("\nadding entries in ForEach should be forbidden"); +- +- if (virHashUpdateEntry(hash, uuids_new[0], NULL) == 0) +- VIR_TEST_VERBOSE("\nupdating entries in ForEach should be forbidden"); +- +- if (virHashSteal(hash, uuids_new[0]) != NULL) +- VIR_TEST_VERBOSE("\nstealing entries in ForEach should be forbidden"); +- +- if (virHashSteal(hash, uuids_new[0]) != NULL) +- VIR_TEST_VERBOSE("\nstealing entries in ForEach should be forbidden"); +- +- if (virHashForEach(hash, testHashIter, NULL) >= 0) +- VIR_TEST_VERBOSE("\niterating through hash in ForEach" +- " should be forbidden"); +- return 0; +-} +- +-static int +-testHashForEach(const void *data ATTRIBUTE_UNUSED) +-{ +- virHashTablePtr hash; +- int ret = -1; +- +- if (!(hash = testHashInit(0))) +- return -1; +- +- if (virHashForEach(hash, testHashForEachIter, hash)) { +- VIR_TEST_VERBOSE("\nvirHashForEach didn't go through all entries"); +- goto cleanup; +- } +- +- ret = 0; +- +- cleanup: +- virHashFree(hash); +- return ret; +-} +- +- + static int + testHashRemoveSetIter(const void *payload ATTRIBUTE_UNUSED, + const void *name, +@@ -628,9 +547,7 @@ mymain(void) + DO_TEST("Remove", Remove); + DO_TEST_DATA("Remove in ForEach", RemoveForEach, Some); + DO_TEST_DATA("Remove in ForEach", RemoveForEach, All); +- DO_TEST_DATA("Remove in ForEach", RemoveForEach, Forbidden); + DO_TEST("Steal", Steal); +- DO_TEST("Forbidden ops in ForEach", ForEach); + DO_TEST("RemoveSet", RemoveSet); + DO_TEST("Search", Search); + DO_TEST("GetItems", GetItems); +-- +2.17.1 + diff --git a/SOURCES/libvirt-virNumaGetHugePageInfo-Return-page_avail-and-page_free-as-ULL.patch b/SOURCES/libvirt-virNumaGetHugePageInfo-Return-page_avail-and-page_free-as-ULL.patch new file mode 100644 index 0000000..4064ce1 --- /dev/null +++ b/SOURCES/libvirt-virNumaGetHugePageInfo-Return-page_avail-and-page_free-as-ULL.patch @@ -0,0 +1,232 @@ +From 0c98909e23aa8d3340b5752f2e774c9c966ff131 Mon Sep 17 00:00:00 2001 +Message-Id: <0c98909e23aa8d3340b5752f2e774c9c966ff131@dist-git> +From: Michal Privoznik +Date: Fri, 25 May 2018 14:44:04 +0200 +Subject: [PATCH] virNumaGetHugePageInfo: Return page_avail and page_free as + ULL +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RHEL-7.6: https://bugzilla.redhat.com/show_bug.cgi?id=1569678 +RHEL-7.5.z: https://bugzilla.redhat.com/show_bug.cgi?id=1582418 + +On some large systems (with ~400GB of RAM) it is possible for +unsigned int to overflow in which case we report invalid number +of 4K pages pool size. Switch to unsigned long long. + +We hit overflow in virNumaGetPages when doing: + + huge_page_sum += 1024 * page_size * page_avail; + +because although 'huge_page_sum' is an unsigned long long, the +page_size and page_avail are both unsigned int, so the promotion +to unsigned long long doesn't happen until the sum has been +calculated, by which time we've already overflowed. + +Turning page_avail into a unsigned long long is not strictly +needed until we need ability to represent more than 2^32 +4k pages, which equates to 16 TB of RAM. That's not +outside the realm of possibility, so makes sense that we +change it to unsigned long long to avoid future problems. + +Signed-off-by: Michal Privoznik +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 31daccf5a550e7ede35532004006b34ba5c5b92e) +Signed-off-by: Michal Privoznik +--- + src/conf/capabilities.c | 5 +++-- + src/conf/capabilities.h | 2 +- + src/util/virhostmem.c | 2 +- + src/util/virnuma.c | 32 ++++++++++++++++++-------------- + src/util/virnuma.h | 8 ++++---- + tests/virnumamock.c | 4 ++-- + 6 files changed, 29 insertions(+), 24 deletions(-) + +diff --git a/src/conf/capabilities.c b/src/conf/capabilities.c +index edf9f54f77..66e2ecd151 100644 +--- a/src/conf/capabilities.c ++++ b/src/conf/capabilities.c +@@ -819,7 +819,7 @@ virCapabilitiesFormatNUMATopology(virBufferPtr buf, + cells[i]->mem); + + for (j = 0; j < cells[i]->npageinfo; j++) { +- virBufferAsprintf(buf, "%zu\n", ++ virBufferAsprintf(buf, "%llu\n", + cells[i]->pageinfo[j].size, + cells[i]->pageinfo[j].avail); + } +@@ -1354,7 +1354,8 @@ virCapabilitiesGetNUMAPagesInfo(int node, + int *npageinfo) + { + int ret = -1; +- unsigned int *pages_size = NULL, *pages_avail = NULL; ++ unsigned int *pages_size = NULL; ++ unsigned long long *pages_avail = NULL; + size_t npages, i; + + if (virNumaGetPages(node, &pages_size, &pages_avail, NULL, &npages) < 0) +diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h +index 694a3590bf..f0a06a24df 100644 +--- a/src/conf/capabilities.h ++++ b/src/conf/capabilities.h +@@ -107,7 +107,7 @@ typedef struct _virCapsHostNUMACellPageInfo virCapsHostNUMACellPageInfo; + typedef virCapsHostNUMACellPageInfo *virCapsHostNUMACellPageInfoPtr; + struct _virCapsHostNUMACellPageInfo { + unsigned int size; /* page size in kibibytes */ +- size_t avail; /* the size of pool */ ++ unsigned long long avail; /* the size of pool */ + }; + + typedef struct _virCapsHostNUMACell virCapsHostNUMACell; +diff --git a/src/util/virhostmem.c b/src/util/virhostmem.c +index a9ba2784ac..a795720954 100644 +--- a/src/util/virhostmem.c ++++ b/src/util/virhostmem.c +@@ -775,7 +775,7 @@ virHostMemGetFreePages(unsigned int npages, + for (cell = startCell; cell <= lastCell; cell++) { + for (i = 0; i < npages; i++) { + unsigned int page_size = pages[i]; +- unsigned int page_free; ++ unsigned long long page_free; + + if (virNumaGetPageInfo(cell, page_size, 0, NULL, &page_free) < 0) + goto cleanup; +diff --git a/src/util/virnuma.c b/src/util/virnuma.c +index bebe301f8d..784db0a7ce 100644 +--- a/src/util/virnuma.c ++++ b/src/util/virnuma.c +@@ -563,8 +563,8 @@ virNumaGetHugePageInfoDir(char **path, int node) + static int + virNumaGetHugePageInfo(int node, + unsigned int page_size, +- unsigned int *page_avail, +- unsigned int *page_free) ++ unsigned long long *page_avail, ++ unsigned long long *page_free) + { + int ret = -1; + char *path = NULL; +@@ -579,7 +579,7 @@ virNumaGetHugePageInfo(int node, + if (virFileReadAll(path, 1024, &buf) < 0) + goto cleanup; + +- if (virStrToLong_ui(buf, &end, 10, page_avail) < 0 || ++ if (virStrToLong_ull(buf, &end, 10, page_avail) < 0 || + *end != '\n') { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unable to parse: %s"), +@@ -598,7 +598,7 @@ virNumaGetHugePageInfo(int node, + if (virFileReadAll(path, 1024, &buf) < 0) + goto cleanup; + +- if (virStrToLong_ui(buf, &end, 10, page_free) < 0 || ++ if (virStrToLong_ull(buf, &end, 10, page_free) < 0 || + *end != '\n') { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unable to parse: %s"), +@@ -645,8 +645,8 @@ int + virNumaGetPageInfo(int node, + unsigned int page_size, + unsigned long long huge_page_sum, +- unsigned int *page_avail, +- unsigned int *page_free) ++ unsigned long long *page_avail, ++ unsigned long long *page_free) + { + int ret = -1; + long system_page_size = virGetSystemPageSize(); +@@ -709,8 +709,8 @@ virNumaGetPageInfo(int node, + int + virNumaGetPages(int node, + unsigned int **pages_size, +- unsigned int **pages_avail, +- unsigned int **pages_free, ++ unsigned long long **pages_avail, ++ unsigned long long **pages_free, + size_t *npages) + { + int ret = -1; +@@ -718,7 +718,9 @@ virNumaGetPages(int node, + DIR *dir = NULL; + int direrr = 0; + struct dirent *entry; +- unsigned int *tmp_size = NULL, *tmp_avail = NULL, *tmp_free = NULL; ++ unsigned int *tmp_size = NULL; ++ unsigned long long *tmp_avail = NULL; ++ unsigned long long *tmp_free = NULL; + unsigned int ntmp = 0; + size_t i; + bool exchange; +@@ -744,7 +746,9 @@ virNumaGetPages(int node, + + while (dir && (direrr = virDirRead(dir, &entry, path)) > 0) { + const char *page_name = entry->d_name; +- unsigned int page_size, page_avail = 0, page_free = 0; ++ unsigned int page_size; ++ unsigned long long page_avail = 0; ++ unsigned long long page_free = 0; + char *end; + + /* Just to give you a hint, we're dealing with this: +@@ -934,8 +938,8 @@ int + virNumaGetPageInfo(int node ATTRIBUTE_UNUSED, + unsigned int page_size ATTRIBUTE_UNUSED, + unsigned long long huge_page_sum ATTRIBUTE_UNUSED, +- unsigned int *page_avail ATTRIBUTE_UNUSED, +- unsigned int *page_free ATTRIBUTE_UNUSED) ++ unsigned long long *page_avail ATTRIBUTE_UNUSED, ++ unsigned long long *page_free ATTRIBUTE_UNUSED) + { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("page info is not supported on this platform")); +@@ -946,8 +950,8 @@ virNumaGetPageInfo(int node ATTRIBUTE_UNUSED, + int + virNumaGetPages(int node ATTRIBUTE_UNUSED, + unsigned int **pages_size ATTRIBUTE_UNUSED, +- unsigned int **pages_avail ATTRIBUTE_UNUSED, +- unsigned int **pages_free ATTRIBUTE_UNUSED, ++ unsigned long long **pages_avail ATTRIBUTE_UNUSED, ++ unsigned long long **pages_free ATTRIBUTE_UNUSED, + size_t *npages ATTRIBUTE_UNUSED) + { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", +diff --git a/src/util/virnuma.h b/src/util/virnuma.h +index e4e1fd0b97..a3ffb6d6c7 100644 +--- a/src/util/virnuma.h ++++ b/src/util/virnuma.h +@@ -52,12 +52,12 @@ int virNumaGetNodeCPUs(int node, virBitmapPtr *cpus) ATTRIBUTE_NOINLINE; + int virNumaGetPageInfo(int node, + unsigned int page_size, + unsigned long long huge_page_sum, +- unsigned int *page_avail, +- unsigned int *page_free); ++ unsigned long long *page_avail, ++ unsigned long long *page_free); + int virNumaGetPages(int node, + unsigned int **pages_size, +- unsigned int **pages_avail, +- unsigned int **pages_free, ++ unsigned long long **pages_avail, ++ unsigned long long **pages_free, + size_t *npages) + ATTRIBUTE_NONNULL(5) ATTRIBUTE_NOINLINE; + int virNumaSetPagePoolSize(int node, +diff --git a/tests/virnumamock.c b/tests/virnumamock.c +index d8f90b81b3..475efc1f34 100644 +--- a/tests/virnumamock.c ++++ b/tests/virnumamock.c +@@ -125,8 +125,8 @@ virNumaGetDistances(int node ATTRIBUTE_UNUSED, + int + virNumaGetPages(int node, + unsigned int **pages_size, +- unsigned int **pages_avail, +- unsigned int **pages_free, ++ unsigned long long **pages_avail, ++ unsigned long long **pages_free, + size_t *npages) + { + const int pages_def[] = { 4, 2 * 1024, 1 * 1024 * 1024}; +-- +2.17.1 + diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec index e2f0c77..14a34ad 100644 --- a/SPECS/libvirt.spec +++ b/SPECS/libvirt.spec @@ -240,7 +240,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 3.9.0 -Release: 14%{?dist}.5%{?extra_release} +Release: 14%{?dist}.6%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -457,6 +457,10 @@ Patch203: libvirt-qemu-Use-dynamic-buffer-for-storing-PTY-aliases.patch Patch204: libvirt-qemu-avoid-denial-of-service-reading-from-QEMU-monitor-CVE-2018-5748.patch Patch205: libvirt-qemu-avoid-denial-of-service-reading-from-QEMU-guest-agent-CVE-2018-1064.patch Patch206: libvirt-cpu-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch +Patch207: libvirt-logging-Don-t-inhibit-shutdown-in-system-daemon.patch +Patch208: libvirt-util-don-t-check-for-parallel-iteration-in-hash-related-functions.patch +Patch209: libvirt-cpu-define-the-virt-ssbd-CPUID-feature-bit-CVE-2018-3639.patch +Patch210: libvirt-virNumaGetHugePageInfo-Return-page_avail-and-page_free-as-ULL.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2370,6 +2374,12 @@ exit 0 %changelog +* Tue Jun 5 2018 Jiri Denemark - 3.9.0-14.el7_5.6 +- logging: Don't inhibit shutdown in system daemon (rhbz#1573268) +- util: don't check for parallel iteration in hash-related functions (rhbz#1581364) +- cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) +- virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) + * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)