dist-git conversion

Fix crash on bad LXC URI (bz 554191)
Add qemu.conf options for audio workaround
Fix permissions of storage backing stores (bz 579067)
Fix parsing certain USB sysfs files (bz 598272)
Improve migration error reporting (bz 499750)
Sanitize pool target paths (bz 494005)
Add qemu.conf for clear emulator capabilities

branch

@@ -1 +1 @@
-F-13
+F-12

libvirt-0.8.2-avoid-resetting-errors.patch

@@ -1,51 +0,0 @@
-From 66aaaf1af42d6f1e9f9b75bd1514c0c097e244e6 Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 25 Mar 2011 16:45:45 +0100
-Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
-
-https://bugzilla.redhat.com/show_bug.cgi?id=690733
-
-Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
-*Free) is called before remoteDispatchConnError() is called on error.
-However, the patch missed two instances.
-(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
----
- daemon/remote.c |    6 ++++--
- 1 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/daemon/remote.c b/daemon/remote.c
-index abf9cf3..8a25f05 100644
---- a/daemon/remote.c
-+++ b/daemon/remote.c
-@@ -4531,12 +4531,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
-     ret->names.names_len =
-         virStoragePoolListVolumes (pool,
-                                    ret->names.names_val, args->maxnames);
--    virStoragePoolFree(pool);
-     if (ret->names.names_len == -1) {
-         VIR_FREE(ret->names.names_val);
-         remoteDispatchConnError(rerr, conn);
-+        virStoragePoolFree(pool);
-         return -1;
-     }
-+    virStoragePoolFree(pool);
- 
-     return 0;
- }
-@@ -4560,11 +4561,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
-     }
- 
-     ret->num = virStoragePoolNumOfVolumes (pool);
--    virStoragePoolFree(pool);
-     if (ret->num == -1) {
-         remoteDispatchConnError(rerr, conn);
-+        virStoragePoolFree(pool);
-         return -1;
-     }
-+    virStoragePoolFree(pool);
- 
-     return 0;
- }
--- 
-1.7.3.4
-

libvirt-0.8.2-fix-var-lib-libvirt-permissions.patch

@@ -1,44 +0,0 @@
-From f970d802ab805f1a37af384f148f34e108714034 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 3 Nov 2010 15:20:24 -0600
-Subject: [PATCH] rpm: fix /var/lib/libvirt permissions
-
-https://bugzilla.redhat.com/show_bug.cgi?id=649511
-
-Regression of forcing 0700 permissions (which breaks guest startup
-because the qemu user can't see /var/lib/libvirt/*.monitor) was
-introduced in commit 66823690e, as part of libvirt 0.8.2.
-
-* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
-since libvirt depends on libvirt-client.
-(%files client): Guarantee 755 permissions on
-%(_localstatedir}/lib/libvirt, since the qemu user must be able to
-do pathname resolution to a subdirectory.
----
- libvirt.spec.in |    3 +--
- 1 files changed, 1 insertions(+), 2 deletions(-)
-
-diff --git a/libvirt.spec.in b/libvirt.spec.in
-index 813e0c0..f77626e 100644
---- a/libvirt.spec.in
-+++ b/libvirt.spec.in
-@@ -770,7 +770,6 @@ fi
- 
- %dir %{_localstatedir}/run/libvirt/
- 
--%dir %{_localstatedir}/lib/libvirt/
- %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
- %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
- %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
-@@ -862,7 +861,7 @@ fi
- 
- %{_sysconfdir}/rc.d/init.d/libvirt-guests
- %config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
--%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt
-+%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
- 
- %if %{with_sasl}
- %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
--- 
-1.7.3.4
-

libvirt-0.8.2-read-only-checks.patch

@@ -1,95 +0,0 @@
-From: Guido Günther <agx@sigxcpu.org>
-Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
-Subject: Add missing checks for read only connections
-X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
-
-Add missing checks for read only connections
-
-As pointed on CVE-2011-1146, some API forgot to check the read-only
-status of the connection for entry point which modify the state
-of the system or may lead to a remote execution using user data.
-The entry points concerned are:
-  - virConnectDomainXMLToNative
-  - virNodeDeviceDettach
-  - virNodeDeviceReAttach
-  - virNodeDeviceReset
-  - virDomainRevertToSnapshot
-  - virDomainSnapshotDelete
-
-* src/libvirt.c: fix the above set of entry points to error on read-only
-                 connections
-
-Rebased to 0.8.2, mostly changed the call of the error routines
----
-
---- src/libvirt.c.orig	2011-03-14 17:03:45.000000000 +0800
-+++ src/libvirt.c	2011-03-14 17:10:41.000000000 +0800
-@@ -3190,6 +3190,10 @@ char *virConnectDomainXMLToNative(virCon
-         virDispatchError(NULL);
-         return (NULL);
-     }
-+    if (conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
- 
-     if (nativeFormat == NULL || domainXml == NULL) {
-         virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
-@@ -9432,6 +9436,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
-         return (-1);
-     }
- 
-+    if (dev->conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
-+
-     if (dev->conn->driver->nodeDeviceDettach) {
-         int ret;
-         ret = dev->conn->driver->nodeDeviceDettach (dev);
-@@ -9475,6 +9484,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
-         return (-1);
-     }
- 
-+    if (dev->conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
-+
-     if (dev->conn->driver->nodeDeviceReAttach) {
-         int ret;
-         ret = dev->conn->driver->nodeDeviceReAttach (dev);
-@@ -9520,6 +9534,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
-         return (-1);
-     }
- 
-+    if (dev->conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
-+
-     if (dev->conn->driver->nodeDeviceReset) {
-         int ret;
-         ret = dev->conn->driver->nodeDeviceReset (dev);
-@@ -12775,6 +12794,10 @@ virDomainRevertToSnapshot(virDomainSnaps
-     }
- 
-     conn = snapshot->domain->conn;
-+    if (conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
- 
-     if (conn->driver->domainRevertToSnapshot) {
-         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
-@@ -12821,6 +12844,10 @@ virDomainSnapshotDelete(virDomainSnapsho
-     }
- 
-     conn = snapshot->domain->conn;
-+    if (conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
- 
-     if (conn->driver->domainSnapshotDelete) {
-         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

libvirt.spec

@@ -185,7 +185,7 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.8.2
-Release: 6%{?dist}%{?extra_release}
+Release: 1%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
@@ -203,13 +203,6 @@ Patch10: libvirt-0.8.2-10-qemu-img-format-handling.patch
 Patch11: libvirt-0.8.2-11-storage-vol-backing.patch
 # CVE-2010-2242
 Patch12: libvirt-0.8.2-apply-iptables-sport-mapping.patch
-# CVE-2011-1146
-Patch13: libvirt-0.8.2-read-only-checks.patch
-Patch14: libvirt-0.8.2-fix-var-lib-libvirt-permissions.patch
-# Patches 15, 16  CVE-2011-1486
-Patch15: libvirt-0.8.2-threadsafe-libvirtd-error-reporting.patch
-Patch16: libvirt-0.8.2-avoid-resetting-errors.patch
-
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
 BuildRequires: python-devel
@@ -457,10 +450,6 @@ of recent versions of Linux (and other OSes).
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
-%patch13 -p0
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
 
 %build
 %if ! %{with_xen}
@@ -815,6 +804,7 @@ fi
 
 %dir %{_localstatedir}/run/libvirt/
 
+%dir %{_localstatedir}/lib/libvirt/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
 %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
@@ -906,7 +896,7 @@ fi
 
 %{_sysconfdir}/rc.d/init.d/libvirt-guests
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
-%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt
+%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt
 
 %if %{with_sasl}
 %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
@@ -947,110 +937,51 @@ fi
 %endif
 
 %changelog
-* Tue Apr  5 2011 Laine Stump <laine@redhat.com> 0.8.2-6
-- Add changes to fedora-specific libvirt.spec forgotten in 0.8.2-4
+* Mon Jul 12 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.2-1
+- Update to 0.8.2 release
+- CVE-2010-2237 ignoring defined main disk format when looking up disk backing stores
+- CVE-2010-2238 ignoring defined disk backing store format when recursing into disk
+  image backing stores
+- CVE-2010-2239 not setting user defined backing store format when creating new image
+- CVE-2010-2242 libvirt: improperly mapped source privileged ports may allow for
+  obtaining privileged resources on the host
 
-* Tue Apr  5 2011 Laine Stump <laine@redhat.com> 0.8.2-5
-- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
-  bug 693457
 
-* Mon Apr  4 2011 Laine Stump <laine@redhat.com> 0.8.2-4
-- fix permissions on /var/lib/libvirt
+* Thu Jun 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.1-18.fc12
+- Actually apply all previous patches
 
-* Wed Mar 16 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-3
-- fix one crash in the the error handling for previous patch
-
-* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-2
-- Fix for CVE-2011-1146, missing checks on read-only connections bug 683655
-
-* Thu Jun 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-5.fc13
+* Tue Jun 15 2010 Cole Robinson <crobinso@redhat.com> - 0.7.1-17.fc12
+- Fix attach-device crash on cgroup cleanup (bz 556791)
+- Fix crash on bad LXC URI (bz 554191)
 - Add qemu.conf options for audio workaround
+- Fix permissions of storage backing stores (bz 579067)
 - Fix parsing certain USB sysfs files (bz 598272)
+- Improve migration error reporting (bz 499750)
 - Sanitize pool target paths (bz 494005)
 - Add qemu.conf for clear emulator capabilities
 - Prevent libvirtd inside a VM from breaking network access (bz 235961)
 - Mention --all in 'virsh list' docs (bz 575512)
-- Initscript fixes (bz 565238)
-- List wireless interfaces via nodedev-list (bz 596928)
 
-* Tue May 18 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-4.fc13
-- Fix nodedev XML conversion errors (bz 591262)
-- Fix PCI xml decimal parsing (bz 582752)
-- Fix CDROM media connect/eject (bz 582005)
-- Always report qemu startup output on error (bz 581381)
-- Fix crash from 'virsh dominfo' if secdriver disabled (bz 581166)
+* Mon May 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.1-16.fc12
+- Fix crash with invalid QEmu URI (bz 566070)
+- Fix VNC TLS crash (bz 544305)
+- Fix USB devices with high bus/addr values (bz 542639)
+- Fix save/restore with non-root guests (bz 534143, bz 532654)
+- Fix USB devices attached via virt-manager (bz 537227)
 
-* Tue Apr 20 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-3.fc13
-- Fix slow storage volume allocation (bz 582356)
-
-* Mon Mar 22 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-2.fc13
-- Fix USB devices by product with security enabled (bz 574136)
-- Set kernel/initrd in security driver, fixes some URL installs (bz 566425)
-
-* Fri Mar  5 2010 Daniel Veillard <veillard@redhat.com> - 0.7.7-1
-- macvtap support
-- async job handling
-- virtio channel
-- computing baseline CPU
-- virDomain{Attach,Detach}DeviceFlags
-- assorted bug fixes and lots of cleanups
-
-* Tue Feb 16 2010 Adam Jackson <ajax@redhat.com> 0.7.6-2
-- libvirt-0.7.6-add-needed.patch: Fix FTBFS from --no-add-needed
-- Add BuildRequires: xmlrpc-c-client for libxmlrpc_client.so
-
-* Wed Feb  3 2010 Daniel Veillard <veillard@redhat.com> - 0.7.6-1
-- upstream release of 0.7.6
-- Use QEmu new device adressing when possible
-- Implement CPU topology support for QEMU driver
-- Implement SCSI controller hotplug/unplug for QEMU
-- Implement support for multi IQN
-- a lot of fixes and improvements
-
-* Thu Jan 14 2010 Chris Weyl <cweyl@alumni.drew.edu> 0.7.5-3
-- bump for libssh2 rebuild
-
-* Tue Jan 12 2010 Daniel P. Berrange <berrange@redhat.com> - 0.7.5-2
-- Rebuild for libparted soname change
-
-* Wed Dec 23 2009 Daniel Veillard <veillard@redhat.com> - 0.7.5-1
-- Add new API virDomainMemoryStats
-- Public API and domain extension for CPU flags
-- vbox: Add support for version 3.1
-- Support QEMU's virtual FAT block device driver
-- a lot of fixes
-
-* Fri Nov 20 2009 Daniel Veillard <veillard@redhat.com> - 0.7.4-1
-- upstream release of 0.7.4
-- udev node device backend
-- API to check object properties
-- better QEmu monitor processing
-- MAC address based port filtering for qemu
-- support IPv6 and multiple addresses per interfaces
-- a lot of fixes
-
-* Thu Nov 19 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-6
-- Really fix restore file labelling this time
-
-* Wed Nov 11 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-5
-- Disable numactl on s390[x]. Again.
-
-* Wed Nov 11 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-4
-- Fix QEMU save/restore permissions / labelling
-
-* Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.2-3
+* Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-15
 - Avoid compressing small log files (#531030)
 
-* Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.2-2
+* Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-14
 - Make libvirt-devel require libvirt-client, not libvirt
-- Fix qemu machine types handling
+- Fix xen driver recounting (#531429)
+- Fix crash on virsh error (#531429)
+- Fix segfault where XML parsing fails in qemu disk hotplug
+- Fix segfault where interface target device name is ommitted (#523418)
 
-* Wed Oct 14 2009 Daniel Veillard <veillard@redhat.com> - 0.7.2-1
-- Upstream release of 0.7.2
-- Allow to define ESX domains
-- Allows suspend and resulme of LXC domains
-- API for data streams
-- many bug fixes
+* Mon Oct 19 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-13
+- Misc fixes to qemu machine types handling
+- A couple of XML formatting fixes
 
 * Tue Oct 13 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-12
 - Fix restore of qemu guest using raw save format (#523158)