libvirt-6.1.0-4

Fix libxl driver startup crash (bz #1842318)
libvirt-6.1.0-3
2020-06-02 13:46:51 -04:00 · 2020-05-26 11:44:02 -04:00 · 2020-03-24 11:34:46 +01:00 · 2020-03-04 08:25:20 -05:00 · 2020-02-25 14:47:54 -05:00 · 2020-01-29 10:43:22 +00:00
24 changed files with 1004 additions and 2718 deletions
@@ -0,0 +1,31 @@
+[suppress_function]
+symbol_version_regexp = LIBVIRT_PRIVATE.*
+soname_regexp = libvirt\\.so.*
+
+[suppress_function]
+symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
+soname_regexp = libvirt-admin\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = LIBVIRT_PRIVATE.*
+soname_regexp = libvirt\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
+soname_regexp = libvirt-admin\\.so.*
+
+[suppress_function]
+symbol_version_regexp = .*
+soname_regexp = libvirt_storage_.*\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = .*
+soname_regexp = libvirt_storage_.*\\.so.*
+
+[suppress_function]
+symbol_version_regexp = .*
+soname_regexp = libvirt_driver_.*\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = .*
+soname_regexp = libvirt_driver_.*\\.so.*
@@ -1,32 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 21 May 2018 23:05:07 +0100
-Subject: [PATCH] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-New microcode introduces the "Speculative Store Bypass Disable"
-CPUID feature bit. This needs to be exposed to guest OS to allow
-them to protect against CVE-2018-3639.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 1dbca2eccad58d91a5fd33962854f1a653638182)
---
- src/cpu/cpu_map.xml | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
-index 00a43b172c..245aec3309 100644
--- a/src/cpu/cpu_map.xml
-+++ b/src/cpu/cpu_map.xml
-@@ -298,6 +298,9 @@
-     <feature name='spec-ctrl'>
-       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
-     </feature>
-+    <feature name='ssbd'>
-+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
-+    </feature>
- 
-     <!-- Processor Extended State Enumeration sub leaf 1 -->
-     <feature name='xsaveopt'>
@@ -0,0 +1,36 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 9 Mar 2020 16:40:57 +0100
+Subject: [PATCH] virDomainDiskTranslateSourcePool: Check for disk type
+ correctly
+
+When rewriting the virDomainDiskTranslateSourcePool() function in
+v6.1.0-rc1~184 a typo was introduced. Previously, we allowed
+startup policy only for those volumes which translated to
+VIR_STORAGE_TYPE_FILE. But starting with the referenced commit,
+the value we checked for was changed to VIR_STORAGE_VOL_FILE
+which comes from a different enum and has a different value too.
+This is wrong, because virStorageSourceGetActualType() returns a
+value from the original enum.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1811728
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+(cherry picked from commit 3918dbd84e4951b43f93fbf50ef52be00274850c)
+---
+ src/conf/domain_conf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 17867eeece..fd2e8f4eb5 100644
+--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
+@@ -31746,7 +31746,7 @@ virDomainDiskTranslateSourcePool(virDomainDiskDefPtr def)
+     }
+ 
+     if (def->startupPolicy != 0 &&
+-        virStorageSourceGetActualType(def->src) != VIR_STORAGE_VOL_FILE) {
+        virStorageSourceGetActualType(def->src) != VIR_STORAGE_TYPE_FILE) {
+         virReportError(VIR_ERR_XML_ERROR, "%s",
+                        _("'startupPolicy' is only valid for "
+                          "'file' type volume"));
@@ -0,0 +1,55 @@
+From: Laine Stump <laine@redhat.com>
+Date: Thu, 7 May 2020 22:32:59 -0400
+Subject: [PATCH] network: make it safe to call networkSetupPrivateChains()
+ multiple times
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+networkSetupPrivateChains() is currently called only once per run of
+libvirtd, so it can assume that errInitV4 and errInitV6 are empty/null
+when it is called. In preparation for potentially calling this
+function multiple times during one run, this patch moves the reset of
+errInitV[46] to the top of the function, to assure no memory is
+leaked.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit de110f110fb917a31b9f33ad8e4b3c1d3284766a)
+---
+ src/network/bridge_driver_linux.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
+index 7bbde5c6a9..80bd2409e1 100644
+--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
+@@ -48,6 +48,10 @@ static void networkSetupPrivateChains(void)
+     VIR_DEBUG("Setting up global firewall chains");
+ 
+     createdChains = false;
+    virFreeError(errInitV4);
+    errInitV4 = NULL;
+    virFreeError(errInitV6);
+    errInitV6 = NULL;
+ 
+     rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
+     if (rc < 0) {
+@@ -56,8 +60,6 @@ static void networkSetupPrivateChains(void)
+         errInitV4 = virSaveLastError();
+         virResetLastError();
+     } else {
+-        virFreeError(errInitV4);
+-        errInitV4 = NULL;
+         if (rc) {
+             VIR_DEBUG("Created global IPv4 chains");
+             createdChains = true;
+@@ -73,8 +75,6 @@ static void networkSetupPrivateChains(void)
+         errInitV6 = virSaveLastError();
+         virResetLastError();
+     } else {
+-        virFreeError(errInitV6);
+-        errInitV6 = NULL;
+         if (rc) {
+             VIR_DEBUG("Created global IPv6 chains");
+             createdChains = true;
@@ -1,65 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 5 Mar 2018 12:46:16 +0000
-Subject: [PATCH] tests: force use of "NORMAL" TLS priority in test suite
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When generating certificates we rely on GNUTLS' built-in default setup
-for the ciphers used in the certs. We then currently run with the distro
-specific TLS priority setup which can be much stronger, to the extent
-that the certificates we generate are considered untrustworthy. We don't
-care about the quality of the ciphers we use in the test suite, so just
-force the priority to "NORMAL" which should ensure our certs are
-accepted by GNUTLS.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- tests/virnettlscontexttest.c | 4 ++--
- tests/virnettlssessiontest.c | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
-index 089c10e964..86647f3014 100644
--- a/tests/virnettlscontexttest.c
-+++ b/tests/virnettlscontexttest.c
-@@ -72,7 +72,7 @@ static int testTLSContextInit(const void *opaque)
-                                          data->crt,
-                                          KEYFILE,
-                                          NULL,
-                                         NULL,
-+                                         "NORMAL",
-                                          true,
-                                          true);
-     } else {
-@@ -80,7 +80,7 @@ static int testTLSContextInit(const void *opaque)
-                                          NULL,
-                                          data->crt,
-                                          KEYFILE,
-                                         NULL,
-+                                         "NORMAL",
-                                          true,
-                                          true);
-     }
-diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c
-index 6d639e5b16..7e85607181 100644
--- a/tests/virnettlssessiontest.c
-+++ b/tests/virnettlssessiontest.c
-@@ -113,7 +113,7 @@ static int testTLSSessionInit(const void *opaque)
-                                            data->servercrt,
-                                            KEYFILE,
-                                            data->wildcards,
-                                           NULL,
-+                                           "NORMAL",
-                                            false,
-                                            true);
- 
-@@ -121,7 +121,7 @@ static int testTLSSessionInit(const void *opaque)
-                                            NULL,
-                                            data->clientcrt,
-                                            KEYFILE,
-                                           NULL,
-+                                           "NORMAL",
-                                            false,
-                                            true);
- 
@@ -1,42 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 21 May 2018 23:05:08 +0100
-Subject: [PATCH] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some AMD processors only support a non-architectural means of
-enabling Speculative Store Bypass Disable. To allow simplified
-handling in virtual environments, hypervisors will expose an
-architectural definition through CPUID bit 0x80000008_EBX[25].
-This needs to be exposed to guest OS running on AMD x86 hosts to
-allow them to protect against CVE-2018-3639.
-
-Note that since this CPUID bit won't be present in the host CPUID
-results on physical hosts, it will not be enabled automatically
-in guests configured with "host-model" CPU unless using QEMU
-version >= 2.9.0. Thus for older versions of QEMU, this feature
-must be manually enabled using policy=force. Guests using the
-"host-passthrough" CPU mode do not need special handling.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 9267342206ce17f6933d57a3128cdc504d5945c9)
---
- src/cpu/cpu_map.xml | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
-index 245aec3309..96daa0f9af 100644
--- a/src/cpu/cpu_map.xml
-+++ b/src/cpu/cpu_map.xml
-@@ -433,6 +433,9 @@
-     <feature name='ibpb'>
-       <cpuid eax_in='0x80000008' ebx='0x00001000'/>
-     </feature>
-+    <feature name='virt-ssbd'>
-+      <cpuid eax_in='0x80000008' ebx='0x02000000'/>
-+    </feature>
- 
-     <!-- models -->
-     <model name='486'>
@@ -0,0 +1,265 @@
+From: Laine Stump <laine@redhat.com>
+Date: Thu, 7 May 2020 21:54:39 -0400
+Subject: [PATCH] network: force re-creation of iptables private chains on
+ firewalld restart
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When firewalld is stopped, it removes *all* iptables rules and chains,
+including those added by libvirt. Since restarting firewalld means
+stopping and then starting it, any time it is restarted, libvirt needs
+to recreate all the private iptables chains it uses, along with all
+the rules it adds.
+
+We already have code in place to call networkReloadFirewallRules() any
+time we're notified of a firewalld start, and
+networkReloadFirewallRules() will call
+networkPreReloadFirewallRules(), which calls
+networkSetupPrivateChains(); unfortunately that last call is called
+using virOnce(), meaning that it will only be called the first time
+through networkPreReloadFirewallRules() after libvirtd starts - so of
+course when firewalld is later restarted, the call to
+networkSetupPrivateChains() is skipped.
+
+The neat and tidy way to fix this would be if there was a standard way
+to reset a pthread_once_t object so that the next time virOnce was
+called, it would think the function hadn't been called, and call it
+again. Unfortunately, there isn't any official way of doing that (we
+*could* just fill it with 0 and hope for the best, but that doesn't
+seem very safe.
+
+So instead, this patch just adds a static variable called
+chainInitDone, which is set to true after networkSetupPrivateChains()
+is called for the first time, and then during calls to
+networkPreReloadFirewallRules(), if chainInitDone is set, we call
+networkSetupPrivateChains() directly instead of via virOnce().
+
+It may seem unsafe to directly call a function that is meant to be
+called only once, but I think in this case we're safe - there's
+nothing in the function that is inherently "once only" - it doesn't
+initialize anything that can't safely be re-initialized (as long as
+two threads don't try to do it at the same time), and it only happens
+when responding to a dbus message that firewalld has been started (and
+I don't think it's possible for us to be processing two of those at
+once), and even then only if the initial call to the function has
+already been completed (so we're safe if we receive a firewalld
+restart call at a time when we haven't yet called it, or even if
+another thread is already in the process of executing it. The only
+problematic bit I can think of is if another thread is in the process
+of adding an iptable rule at the time we're executing this function,
+but 1) none of those threads will be trying to add chains, and 2) if
+there was a concurrency problem with other threads adding iptables
+rules while firewalld was being restarted, it would still be a problem
+even without this change.
+
+This is yet another patch that fixes an occurrence of this error:
+
+COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --insert LIBVIRT_INP --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: No chain/target/match by that name.
+
+In particular, this resolves: https://bugzilla.redhat.com/1813830
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit f5418b427e7d2f26803880309478de9103680826)
+---
+ src/network/bridge_driver.c          | 16 ++++---
+ src/network/bridge_driver_linux.c    | 69 ++++++++++++++++++----------
+ src/network/bridge_driver_nop.c      |  3 +-
+ src/network/bridge_driver_platform.h |  2 +-
+ 4 files changed, 58 insertions(+), 32 deletions(-)
+
+diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
+index 369e80a889..aaf14defe4 100644
+--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
+@@ -273,7 +273,9 @@ static int
+ networkShutdownNetworkExternal(virNetworkObjPtr obj);
+ 
+ static void
+-networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup);
+networkReloadFirewallRules(virNetworkDriverStatePtr driver,
+                           bool startup,
+                           bool force);
+ 
+ static void
+ networkRefreshDaemons(virNetworkDriverStatePtr driver);
+@@ -689,7 +691,7 @@ firewalld_dbus_filter_bridge(DBusConnection *connection G_GNUC_UNUSED,
+ 
+     if (reload) {
+         VIR_DEBUG("Reload in bridge_driver because of firewalld.");
+-        networkReloadFirewallRules(driver, false);
+        networkReloadFirewallRules(driver, false, true);
+     }
+ 
+     return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+@@ -798,7 +800,7 @@ networkStateInitialize(bool privileged,
+     virNetworkObjListPrune(network_driver->networks,
+                            VIR_CONNECT_LIST_NETWORKS_INACTIVE |
+                            VIR_CONNECT_LIST_NETWORKS_TRANSIENT);
+-    networkReloadFirewallRules(network_driver, true);
+    networkReloadFirewallRules(network_driver, true, false);
+     networkRefreshDaemons(network_driver);
+ 
+     if (virDriverShouldAutostart(network_driver->stateDir, &autostart) < 0)
+@@ -868,7 +870,7 @@ networkStateReload(void)
+                                 network_driver->networkConfigDir,
+                                 network_driver->networkAutostartDir,
+                                 network_driver->xmlopt);
+-    networkReloadFirewallRules(network_driver, false);
+    networkReloadFirewallRules(network_driver, false, false);
+     networkRefreshDaemons(network_driver);
+     virNetworkObjListForEach(network_driver->networks,
+                              networkAutostartConfig,
+@@ -2236,14 +2238,16 @@ networkReloadFirewallRulesHelper(virNetworkObjPtr obj,
+ 
+ 
+ static void
+-networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
+networkReloadFirewallRules(virNetworkDriverStatePtr driver,
+                           bool startup,
+                           bool force)
+ {
+     VIR_INFO("Reloading iptables rules");
+     /* Ideally we'd not even register the driver when unprivilegd
+      * but until we untangle the virt driver that's not viable */
+     if (!driver->privileged)
+         return;
+-    networkPreReloadFirewallRules(driver, startup);
+    networkPreReloadFirewallRules(driver, startup, force);
+     virNetworkObjListForEach(driver->networks,
+                              networkReloadFirewallRulesHelper,
+                              NULL);
+diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
+index 80bd2409e1..b0bd207250 100644
+--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
+@@ -36,11 +36,14 @@ VIR_LOG_INIT("network.bridge_driver_linux");
+ #define PROC_NET_ROUTE "/proc/net/route"
+ 
+ static virOnceControl createdOnce;
+-static bool createdChains;
+static bool chainInitDone; /* true iff networkSetupPrivateChains was ever called */
+static bool createdChains; /* true iff networkSetupPrivateChains created chains during most recent call */
+ static virErrorPtr errInitV4;
+ static virErrorPtr errInitV6;
+ 
+-/* Only call via virOnce */
+/* Usually only called via virOnce, but can also be called directly in
+ * response to firewalld reload (if chainInitDone == true)
+ */
+ static void networkSetupPrivateChains(void)
+ {
+     int rc;
+@@ -82,6 +85,8 @@ static void networkSetupPrivateChains(void)
+             VIR_DEBUG("Global IPv6 chains already exist");
+         }
+     }
+
+    chainInitDone = true;
+ }
+ 
+ 
+@@ -111,7 +116,10 @@ networkHasRunningNetworks(virNetworkDriverStatePtr driver)
+ }
+ 
+ 
+-void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
+void
+networkPreReloadFirewallRules(virNetworkDriverStatePtr driver,
+                              bool startup,
+                              bool force)
+ {
+     /*
+      * If there are any running networks, we need to
+@@ -130,29 +138,42 @@ void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup
+      * of starting the network though as that makes them
+      * more likely to be seen by a human
+      */
+-    if (!networkHasRunningNetworks(driver)) {
+-        VIR_DEBUG("Delayed global rule setup as no networks are running");
+-        return;
+-    }
+    if (chainInitDone && force) {
+        /* The Private chains have already been initialized once
+         * during this run of libvirtd, so 1) we can't do it again via
+         * virOnce(), and 2) we need to re-add the private chains even
+         * if there are currently no running networks, because the
+         * next time a network is started, libvirt will expect that
+         * the chains have already been added. So we call directly
+         * instead of via virOnce().
+         */
+        networkSetupPrivateChains();
+ 
+-    ignore_value(virOnce(&createdOnce, networkSetupPrivateChains));
+    } else {
+        if (!networkHasRunningNetworks(driver)) {
+            VIR_DEBUG("Delayed global rule setup as no networks are running");
+            return;
+        }
+ 
+-    /*
+-     * If this is initial startup, and we just created the
+-     * top level private chains we either
+-     *
+-     *   - upgraded from old libvirt
+-     *   - freshly booted from clean state
+-     *
+-     * In the first case we must delete the old rules from
+-     * the built-in chains, instead of our new private chains.
+-     * In the second case it doesn't matter, since no existing
+-     * rules will be present. Thus we can safely just tell it
+-     * to always delete from the builin chain
+-     */
+-    if (startup && createdChains) {
+-        VIR_DEBUG("Requesting cleanup of legacy firewall rules");
+-        iptablesSetDeletePrivate(false);
+        ignore_value(virOnce(&createdOnce, networkSetupPrivateChains));
+
+        /*
+         * If this is initial startup, and we just created the
+         * top level private chains we either
+         *
+         *   - upgraded from old libvirt
+         *   - freshly booted from clean state
+         *
+         * In the first case we must delete the old rules from
+         * the built-in chains, instead of our new private chains.
+         * In the second case it doesn't matter, since no existing
+         * rules will be present. Thus we can safely just tell it
+         * to always delete from the builin chain
+         */
+        if (startup && createdChains) {
+            VIR_DEBUG("Requesting cleanup of legacy firewall rules");
+            iptablesSetDeletePrivate(false);
+        }
+     }
+ }
+ 
+diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
+index 08d737511f..db89c10023 100644
+--- a/src/network/bridge_driver_nop.c
+++ b/src/network/bridge_driver_nop.c
+@@ -20,7 +20,8 @@
+ #include <config.h>
+ 
+ void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver G_GNUC_UNUSED,
+-                                   bool startup G_GNUC_UNUSED)
+                                   bool startup G_GNUC_UNUSED,
+                                   bool force G_GNUC_UNUSED)
+ {
+ }
+ 
+diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
+index 169417a6c0..48ab52c160 100644
+--- a/src/network/bridge_driver_platform.h
+++ b/src/network/bridge_driver_platform.h
+@@ -62,7 +62,7 @@ struct _virNetworkDriverState {
+ typedef struct _virNetworkDriverState virNetworkDriverState;
+ typedef virNetworkDriverState *virNetworkDriverStatePtr;
+ 
+-void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup);
+void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup, bool force);
+ void networkPostReloadFirewallRules(bool startup);
+ 
+ int networkCheckRouteCollision(virNetworkDefPtr def);
@@ -1,31 +0,0 @@
-From: Jim Fehlig <jfehlig@suse.com>
-Date: Wed, 14 Mar 2018 16:42:39 -0600
-Subject: [PATCH] lockd: fix typo in virtlockd-admin.socket
-
-Commit ce7ae55ea1 introduced a typo in virtlockd-admin socket file
-
-/usr/lib/systemd/system/virtlockd-admin.socket:7: Unknown lvalue
-'Server' in section 'Socket'
-
-Change 'Server' to 'Service'.
-
-Signed-off-by: Jim Fehlig <jfehlig@suse.com>
-Reviewed-by: Erik Skultety <eskultet@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- src/locking/virtlockd-admin.socket.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
-index 1fa0a3dc33..2a7500f3d0 100644
--- a/src/locking/virtlockd-admin.socket.in
-+++ b/src/locking/virtlockd-admin.socket.in
-@@ -4,7 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
-Server=virtlockd.service
-+Service=virtlockd.service
- 
- [Install]
- WantedBy=sockets.target
@@ -0,0 +1,100 @@
+From: Laine Stump <laine@redhat.com>
+Date: Fri, 1 May 2020 00:05:50 -0400
+Subject: [PATCH] systemd: start libvirtd after firewalld/iptables services
+
+When a system has enabled the iptables/ip6tables services rather than
+firewalld, there is no explicit ordering of the start of those
+services vs. libvirtd. This creates a problem when libvirtd.service is
+started before ip[6]tables, as the latter, when it finally is started,
+will remove all of the iptables rules that had previously been added
+by libvirt, including the custom chains where libvirt's rules are
+kept. This results in an error message similar to the following when a
+user subsequently tries to start a new libvirt network:
+
+ "Error while activating network: Call to virNetworkCreate failed:
+ internal error: Failed to apply firewall rules
+ /usr/sbin/ip6tables -w --table filter --insert LIBVIRT_FWO \
+   --in-interface virbr2 --jump REJECT:
+ ip6tables: No chain/target/match by that name."
+
+(Prior to logging this error, it also would have caused failure to
+forward (or block) traffic in some cases, e.g. for guests on a NATed
+network, since libvirt's rules to forward/block had all been deleted
+and libvirt didn't know about it, so it couldn't fix the problem)
+
+When this happens, the problem can be remedied by simply restarting
+libvirtd.service (which has the side-effect of reloading all
+libvirt-generated firewall rules)
+
+Instead, we can just explicitly stating in the libvirtd.service file
+that libvirtd.service should start after ip6tables.service and
+ip6tables.service, eliminating the race condition that leads to the
+error.
+
+There is also nothing (that I can see) in the systemd .service files
+to guarantee that firewalld.service will be started (if enabled) prior
+to libvirtd.service. The same error scenario given above would occur
+if libvirtd.service started before firewalld.service.  Even before
+that, though libvirtd would have detected that firewalld.service was
+disabled, and then turn off all firewalld support. So, for example,
+firewalld's libvirt zone wouldn't be used, and most likely traffic
+from guests would therefore be blocked (all with no external
+indication of the source of the problem other than a debug-level log
+when libvirtd was started saying that firewalld wasn't in use); also
+libvirtd wouldn't notice when firewalld reloaded its rules (which also
+simultaneously deletes all of libvirt's rules).
+
+I'm not aware of any reports that have been traced back to
+libvirtd.service starting before firewalld.service, but have seen that
+error reported multiple times, and also don't see an existing
+dependency that would guarantee firewalld.service starts before
+libvirtd.service, so it's possible it's been happening and we just
+haven't gotten to the bottom of it.
+
+This patch adds an After= line to the libvirtd.service file for each
+of iptables.service, ip6tables.service, and firewalld.servicee, which
+should guarantee that libvirtd.service isn't started until systemd has
+started whichever of the others is enabled.
+
+This race was diagnosed, and patch proposed, by Jason Montleon in
+https://bugzilla.redhat.com/1723698 . At the time (April 2019) danpb
+agreed with him that this change to libvirtd.service was a reasonable
+thing to do, but I guess everyone thought someone else was going to
+post a patch, so in the end nobody did.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 0756415f147dda15a417bd79eef9a62027d176e6)
+---
+ src/network/virtnetworkd.service.in | 3 +++
+ src/remote/libvirtd.service.in      | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in
+index 656e8b4f84..56182e1693 100644
+--- a/src/network/virtnetworkd.service.in
+++ b/src/network/virtnetworkd.service.in
+@@ -5,6 +5,9 @@ Requires=virtnetworkd.socket
+ Requires=virtnetworkd-ro.socket
+ Requires=virtnetworkd-admin.socket
+ After=network.target
+After=firewalld.service
+After=iptables.service
+After=ip6tables.service
+ After=dbus.service
+ After=apparmor.service
+ After=local-fs.target
+diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
+index 90b2cad5b0..cc0d4e3693 100644
+--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
+@@ -11,6 +11,9 @@ Wants=libvirtd-admin.socket
+ Wants=systemd-machined.service
+ Before=libvirt-guests.service
+ After=network.target
+After=firewalld.service
+After=iptables.service
+After=ip6tables.service
+ After=dbus.service
+ After=iscsid.service
+ After=apparmor.service
@@ -0,0 +1,43 @@
+From: Jim Fehlig <jfehlig@suse.com>
+Date: Fri, 3 Apr 2020 15:51:48 -0600
+Subject: [PATCH] libxl: fix crash when initializing driver
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit 54a401af478 split out DriverConfigInit from DriverConfigNew, but
+then called it a bit late from libxlStateInitialize. The cfg is used in
+libxlDriverConfigLoadFile and when uninitialized results in a crash.
+Calling DriverConfigInit immediately after DriverConfigNew fixes the
+crash.
+
+Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 88011ed280c4f946a7b8e7ffcea2335eb075de60)
+---
+ src/libxl/libxl_driver.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
+index f2387e2a20..c4fb791fa0 100644
+--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
+@@ -703,14 +703,14 @@ libxlStateInitialize(bool privileged,
+     if (!(cfg = libxlDriverConfigNew()))
+         goto error;
+ 
+    if (libxlDriverConfigInit(cfg) < 0)
+        goto error;
+
+     driverConf = g_strdup_printf("%s/libxl.conf", cfg->configBaseDir);
+ 
+     if (libxlDriverConfigLoadFile(cfg, driverConf) < 0)
+         goto error;
+ 
+-    if (libxlDriverConfigInit(cfg) < 0)
+-        goto error;
+-
+     /* Register the callbacks providing access to libvirt's event loop */
+     libxl_osevent_register_hooks(cfg->ctx, &libxl_osevent_callbacks, cfg->ctx);
+ 
@@ -1,105 +0,0 @@
-From: Laine Stump <laine@laine.org>
-Date: Wed, 25 Apr 2018 17:12:03 -0400
-Subject: [PATCH] nwfilter: increase pcap buffer size to be compatible with
- TPACKET_V3
-
-When an nwfilter rule sets the parameter CTRL_IP_LEARNING to "dhcp",
-this turns on the "dhcpsnoop" thread, which uses libpcap to monitor
-traffic on the domain's tap device and extract the IP address from the
-DHCP response.
-
-If libpcap on the host is built with HAVE_TPACKET3 defined (to enable
-support for TPACKET_V3), the dhcpsnoop code's initialization of the
-libpcap socket would fail with the following error:
-
-  virNWFilterSnoopDHCPOpen:1134 : internal error: pcap_setfilter: can't remove kernel filter: Bad file descriptor
-
-It turns out that this was because TPACKET_V3 requires a larger buffer
-size than libvirt was setting (we were setting it to 128k). Changing
-the buffer size to 256k eliminates the error, and the dhcpsnoop thread
-once again works properly.
-
-A fuller explanation of why TPACKET_V3 requires such a large buffer,
-for future git spelunkers:
-
-libpcap calls setsockopt(... SOL_PACKET, PACKET_RX_RING...) to setup a
-ring buffer for receiving packets; two of the attributes sent to this
-API are called tp_frame_size, and tp_frame_nr. If libpcap was built
-with HAVE_TPACKET3 defined, tp_trame_size is set to MAXIMUM_SNAPLEN
-(defined in libpcap sources as 262144) and tp_frame_nr is set to:
-
- [the buffer size we set, i.e. PCAP_BUFFERSIZE i.e. 262144] / tp_frame_size.
-
-So if PCAP_BUFFERSIZE < MAXIMUM_SNAPLEN, then tp_frame_nr (the number
-of frames in the ring buffer) is 0, which is nonsensical. This same
-value is later used as a multiplier to determine the size for a call
-to malloc() (which would also fail).
-
-(NB: if HAVE_TPACKET3 is *not* defined, then tp_frame_size is set to
-the snaplen set by the user (in our case 576) plus a small amount to
-account for ethernet headers, so 256k is far more than adequate)
-
-Since the TPACKET_V3 code in libpcap actually reads multiple packets
-into each frame, it's not a problem to have only a single frame
-(especially when we are monitoring such infrequent traffic), so it's
-okay to set this relatively small buffer size (in comparison to the
-default, which is 2MB), which is important since every guest using
-dhcp snooping in a nwfilter rule will hold 2 of these buffers for the
-entire life of the guest.
-
-Thanks to Christian Ehrhardt for discovering that buffer size was the
-problem (this was not at all obvious from the error that was logged!)
-
-Resolves: https://bugzilla.redhat.com/1547237
-Fixes: https://bugs.launchpad.net/libvirt/+bug/1758037
-
-Signed-off-by: Laine Stump <laine@laine.org>
-Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> (V1)
-Reviewed-by: John Ferlan <jferlan@redhat.com>
-Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- src/nwfilter/nwfilter_dhcpsnoop.c | 22 +++++++++++++++++++---
- 1 file changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
-index 6069e70460..50cfb944a2 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
-+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
-@@ -256,10 +256,21 @@ struct _virNWFilterDHCPDecodeJob {
- # define DHCP_BURST_INTERVAL_S  10 /* sec */
- 
- /*
- * libpcap 1.5 requires a 128kb buffer
- * 128 kb is bigger than (DHCP_PKT_BURST * PCAP_PBUFSIZE / 2)
-+ * NB: Any libpcap built with HAVE_TPACKET3 will require
-+ * PCAP_BUFFERSIZE to be at least 262144 (although
-+ * pcap_set_buffer_size() with a lower value will succeed, and the
-+ * error will only show up later when pcap_setfilter() is called).
-+ *
-+ * It is possible that in the future libpcap could increase the
-+ * minimum size even further, but due to the fact that each guest
-+ * using dhcp snooping keeps 2 pcap sockets open (and thus 2 buffers
-+ * allocated) for the life of the guest, we want to minimize the
-+ * length of the buffer, so instead of leaving it at the default size
-+ * (2MB), we are setting it to the minimum viable size and including
-+ * this clue in the source to help quickly resolve the problem when/if
-+ * it reoccurs.
-  */
-# define PCAP_BUFFERSIZE        (128 * 1024)
-+# define PCAP_BUFFERSIZE        (256 * 1024)
- 
- # define MAX_QUEUED_JOBS        (DHCP_PKT_BURST + 2 * DHCP_PKT_RATE)
- 
-@@ -1114,6 +1125,11 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac,
-         goto cleanup_nohandle;
-     }
- 
-+    /* IMPORTANT: If there is any failure of *any* pcap_* function
-+     * during setup of the socket, look to the comment where
-+     * PCAP_BUFFERSIZE is defined. It may be too small, even if the
-+     * generated error doesn't imply that.
-+     */
-     if (pcap_set_snaplen(handle, PCAP_PBUFSIZE) < 0 ||
-         pcap_set_buffer_size(handle, PCAP_BUFFERSIZE) < 0 ||
-         pcap_activate(handle) < 0) {
@@ -1,253 +0,0 @@
-From: Vincent Bernat <vincent@bernat.im>
-Date: Tue, 10 Apr 2018 08:27:15 +0200
-Subject: [PATCH] util: don't check for parallel iteration in hash-related
- functions
-
-This is the responsability of the caller to apply the correct lock
-before using these functions. Moreover, the use of a simple boolean
-was still racy: two threads may check the boolean and "lock" it
-simultaneously.
-
-Users of functions from src/util/virhash.c have to be checked for
-correctness. Lookups and iteration should hold a RO
-lock. Modifications should hold a RW lock.
-
-Most important uses seem to be covered. Callers have now a greater
-responsability, notably the ability to execute some operations while
-iterating were reliably forbidden before are now accepted.
-
-Signed-off-by: Vincent Bernat <vincent@bernat.im>
-(cherry picked from commit 4d7384eb9ddef2008cb0cc165eb808f74bc83d6b)
---
- src/util/virhash.c  | 37 --------------------
- tests/virhashtest.c | 83 ---------------------------------------------
- 2 files changed, 120 deletions(-)
-
-diff --git a/src/util/virhash.c b/src/util/virhash.c
-index 0ffbfcce2c..475c2b0281 100644
--- a/src/util/virhash.c
-+++ b/src/util/virhash.c
-@@ -41,12 +41,6 @@ VIR_LOG_INIT("util.hash");
- 
- /* #define DEBUG_GROW */
- 
-#define virHashIterationError(ret) \
-    do { \
-        VIR_ERROR(_("Hash operation not allowed during iteration")); \
-        return ret; \
-    } while (0)
-
- /*
-  * A single entry in the hash table
-  */
-@@ -66,10 +60,6 @@ struct _virHashTable {
-     uint32_t seed;
-     size_t size;
-     size_t nbElems;
-    /* True iff we are iterating over hash entries. */
-    bool iterating;
-    /* Pointer to the current entry during iteration. */
-    virHashEntryPtr current;
-     virHashDataFree dataFree;
-     virHashKeyCode keyCode;
-     virHashKeyEqual keyEqual;
-@@ -339,9 +329,6 @@ virHashAddOrUpdateEntry(virHashTablePtr table, const void *name,
-     if ((table == NULL) || (name == NULL))
-         return -1;
- 
-    if (table->iterating)
-        virHashIterationError(-1);
-
-     key = virHashComputeKey(table, name);
- 
-     /* Check for duplicate entry */
-@@ -551,9 +538,6 @@ virHashRemoveEntry(virHashTablePtr table, const void *name)
-     nextptr = table->table + virHashComputeKey(table, name);
-     for (entry = *nextptr; entry; entry = entry->next) {
-         if (table->keyEqual(entry->name, name)) {
-            if (table->iterating && table->current != entry)
-                virHashIterationError(-1);
-
-             if (table->dataFree)
-                 table->dataFree(entry->payload, entry->name);
-             if (table->keyFree)
-@@ -593,18 +577,11 @@ virHashForEach(virHashTablePtr table, virHashIterator iter, void *data)
-     if (table == NULL || iter == NULL)
-         return -1;
- 
-    if (table->iterating)
-        virHashIterationError(-1);
-
-    table->iterating = true;
-    table->current = NULL;
-     for (i = 0; i < table->size; i++) {
-         virHashEntryPtr entry = table->table[i];
-         while (entry) {
-             virHashEntryPtr next = entry->next;
-            table->current = entry;
-             ret = iter(entry->payload, entry->name, data);
-            table->current = NULL;
- 
-             if (ret < 0)
-                 goto cleanup;
-@@ -615,7 +592,6 @@ virHashForEach(virHashTablePtr table, virHashIterator iter, void *data)
- 
-     ret = 0;
-  cleanup:
-    table->iterating = false;
-     return ret;
- }
- 
-@@ -643,11 +619,6 @@ virHashRemoveSet(virHashTablePtr table,
-     if (table == NULL || iter == NULL)
-         return -1;
- 
-    if (table->iterating)
-        virHashIterationError(-1);
-
-    table->iterating = true;
-    table->current = NULL;
-     for (i = 0; i < table->size; i++) {
-         virHashEntryPtr *nextptr = table->table + i;
- 
-@@ -667,7 +638,6 @@ virHashRemoveSet(virHashTablePtr table,
-             }
-         }
-     }
-    table->iterating = false;
- 
-     return count;
- }
-@@ -723,23 +693,16 @@ void *virHashSearch(const virHashTable *ctable,
-     if (table == NULL || iter == NULL)
-         return NULL;
- 
-    if (table->iterating)
-        virHashIterationError(NULL);
-
-    table->iterating = true;
-    table->current = NULL;
-     for (i = 0; i < table->size; i++) {
-         virHashEntryPtr entry;
-         for (entry = table->table[i]; entry; entry = entry->next) {
-             if (iter(entry->payload, entry->name, data)) {
-                table->iterating = false;
-                 if (name)
-                     *name = table->keyCopy(entry->name);
-                 return entry->payload;
-             }
-         }
-     }
-    table->iterating = false;
- 
-     return NULL;
- }
-diff --git a/tests/virhashtest.c b/tests/virhashtest.c
-index 3b85b62c30..e9c03c1afb 100644
--- a/tests/virhashtest.c
-+++ b/tests/virhashtest.c
-@@ -221,32 +221,6 @@ testHashRemoveForEachAll(void *payload ATTRIBUTE_UNUSED,
- }
- 
- 
-const int testHashCountRemoveForEachForbidden = ARRAY_CARDINALITY(uuids);
-
-static int
-testHashRemoveForEachForbidden(void *payload ATTRIBUTE_UNUSED,
-                               const void *name,
-                               void *data)
-{
-    virHashTablePtr hash = data;
-    size_t i;
-
-    for (i = 0; i < ARRAY_CARDINALITY(uuids_subset); i++) {
-        if (STREQ(uuids_subset[i], name)) {
-            int next = (i + 1) % ARRAY_CARDINALITY(uuids_subset);
-
-            if (virHashRemoveEntry(hash, uuids_subset[next]) == 0) {
-                VIR_TEST_VERBOSE(
-                        "\nentry \"%s\" should not be allowed to be removed",
-                        uuids_subset[next]);
-            }
-            break;
-        }
-    }
-    return 0;
-}
-
-
- static int
- testHashRemoveForEach(const void *data)
- {
-@@ -303,61 +277,6 @@ testHashSteal(const void *data ATTRIBUTE_UNUSED)
- }
- 
- 
-static int
-testHashIter(void *payload ATTRIBUTE_UNUSED,
-             const void *name ATTRIBUTE_UNUSED,
-             void *data ATTRIBUTE_UNUSED)
-{
-    return 0;
-}
-
-static int
-testHashForEachIter(void *payload ATTRIBUTE_UNUSED,
-                    const void *name ATTRIBUTE_UNUSED,
-                    void *data)
-{
-    virHashTablePtr hash = data;
-
-    if (virHashAddEntry(hash, uuids_new[0], NULL) == 0)
-        VIR_TEST_VERBOSE("\nadding entries in ForEach should be forbidden");
-
-    if (virHashUpdateEntry(hash, uuids_new[0], NULL) == 0)
-        VIR_TEST_VERBOSE("\nupdating entries in ForEach should be forbidden");
-
-    if (virHashSteal(hash, uuids_new[0]) != NULL)
-        VIR_TEST_VERBOSE("\nstealing entries in ForEach should be forbidden");
-
-    if (virHashSteal(hash, uuids_new[0]) != NULL)
-        VIR_TEST_VERBOSE("\nstealing entries in ForEach should be forbidden");
-
-    if (virHashForEach(hash, testHashIter, NULL) >= 0)
-        VIR_TEST_VERBOSE("\niterating through hash in ForEach"
-                " should be forbidden");
-    return 0;
-}
-
-static int
-testHashForEach(const void *data ATTRIBUTE_UNUSED)
-{
-    virHashTablePtr hash;
-    int ret = -1;
-
-    if (!(hash = testHashInit(0)))
-        return -1;
-
-    if (virHashForEach(hash, testHashForEachIter, hash)) {
-        VIR_TEST_VERBOSE("\nvirHashForEach didn't go through all entries");
-        goto cleanup;
-    }
-
-    ret = 0;
-
- cleanup:
-    virHashFree(hash);
-    return ret;
-}
-
-
- static int
- testHashRemoveSetIter(const void *payload ATTRIBUTE_UNUSED,
-                       const void *name,
-@@ -628,9 +547,7 @@ mymain(void)
-     DO_TEST("Remove", Remove);
-     DO_TEST_DATA("Remove in ForEach", RemoveForEach, Some);
-     DO_TEST_DATA("Remove in ForEach", RemoveForEach, All);
-    DO_TEST_DATA("Remove in ForEach", RemoveForEach, Forbidden);
-     DO_TEST("Steal", Steal);
-    DO_TEST("Forbidden ops in ForEach", ForEach);
-     DO_TEST("RemoveSet", RemoveSet);
-     DO_TEST("Search", Search);
-     DO_TEST("GetItems", GetItems);
@@ -1,64 +0,0 @@
-From: Matthias Bolte <matthias.bolte@googlemail.com>
-Date: Thu, 2 Aug 2018 17:33:37 +0200
-Subject: [PATCH] esx: Fix double-free and freeing static strings in
- esxDomainSetAutostart
-
-Since commit ae83e02f3dd7fe99fed5d8159a35b666fafeafd5#l3393 the
-newPowerInfo pointer itself is used to track the ownership of the
-AutoStartPowerInfo object to make Coverity understand the code better.
-This broke the code that unset some members of the AutoStartPowerInfo
-object that should not be freed the normal way.
-
-Instead, transfer ownership of the AutoStartPowerInfo object to the
-HostAutoStartManagerConfig object before filling in the values that
-need special handling. This allows to free the AutoStartPowerInfo
-directly without having to deal with the special values, or to let
-the old (now restored) logic handle the special values again.
-
-Signed-off-by: Matthias Bolte <matthias.bolte@googlemail.com>
-Tested-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
-Reviewed-by: John Ferlan <jferlan@redhat.com>
-(cherry picked from commit 3ad77f853230f870efa396636e008292c7f2b1c0)
---
- src/esx/esx_driver.c | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
-index b065cdc513..9a7006c6e5 100644
--- a/src/esx/esx_driver.c
-+++ b/src/esx/esx_driver.c
-@@ -3422,7 +3422,10 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart)
-     if (esxVI_AutoStartPowerInfo_Alloc(&newPowerInfo) < 0 ||
-         esxVI_Int_Alloc(&newPowerInfo->startOrder) < 0 ||
-         esxVI_Int_Alloc(&newPowerInfo->startDelay) < 0 ||
-        esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0) {
-+        esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0 ||
-+        esxVI_AutoStartPowerInfo_AppendToList(&spec->powerInfo,
-+                                              newPowerInfo) < 0) {
-+        esxVI_AutoStartPowerInfo_Free(&newPowerInfo);
-         goto cleanup;
-     }
- 
-@@ -3434,13 +3437,6 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart)
-     newPowerInfo->stopDelay->value = -1; /* use system default */
-     newPowerInfo->stopAction = (char *)"none";
- 
-    if (esxVI_AutoStartPowerInfo_AppendToList(&spec->powerInfo,
-                                              newPowerInfo) < 0) {
-        goto cleanup;
-    }
-
-    newPowerInfo = NULL;
-
-     if (esxVI_ReconfigureAutostart
-           (priv->primary,
-            priv->primary->hostSystem->configManager->autoStartManager,
-@@ -3462,8 +3458,6 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart)
-     esxVI_AutoStartDefaults_Free(&defaults);
-     esxVI_AutoStartPowerInfo_Free(&powerInfoList);
- 
-    esxVI_AutoStartPowerInfo_Free(&newPowerInfo);
-
-     return result;
- }
- 
@@ -1,55 +0,0 @@
-From 8d6ab7976fa691763fc05a154f2bab865d435b00 Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 5 Apr 2019 11:33:32 +0200
-Subject: [PATCH 1/4] cpu_x86: Do not cache microcode version
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The microcode version checks are used to invalidate cached CPU data we
-get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
-was only read when libvirtd started and cached for the daemon's
-lifetime. However, the CPU microcode can change anytime (updating the
-microcode package can automatically upload it to the CPU) and we need to
-stop caching it to avoid using stale CPU model data.
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
---
- src/cpu/cpu_x86.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
-index b2398c5ad2..38cab15c59 100644
--- a/src/cpu/cpu_x86.c
-+++ b/src/cpu/cpu_x86.c
-@@ -154,7 +154,6 @@ struct _virCPUx86Map {
- };
- 
- static virCPUx86MapPtr cpuMap;
-static unsigned int microcodeVersion;
- 
- int virCPUx86DriverOnceInit(void);
- VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
-@@ -1413,8 +1412,6 @@ virCPUx86DriverOnceInit(void)
-     if (!(cpuMap = virCPUx86LoadMap()))
-         return -1;
- 
-    microcodeVersion = virHostCPUGetMicrocodeVersion();
-
-     return 0;
- }
- 
-@@ -2454,7 +2451,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
-         goto cleanup;
- 
-     ret = x86DecodeCPUData(cpu, cpuData, models);
-    cpu->microcodeVersion = microcodeVersion;
-+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
- 
-  cleanup:
-     virCPUx86DataFree(cpuData);
-- 
-2.21.0
-
@@ -1,155 +0,0 @@
-From cb6bcb0312a33a0b6a48d0ee1f368c9080e4a13d Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 12 Apr 2019 21:21:05 +0200
-Subject: [PATCH 2/4] qemu: Don't cache microcode version
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-My earlier commit be46f61326 was incomplete. It removed caching of
-microcode version in the CPU driver, which means the capabilities XML
-will see the correct microcode version. But it is also cached in the
-QEMU capabilities cache where it is used to detect whether we need to
-reprobe QEMU. By missing the second place, the original commit
-be46f61326 made the situation even worse since libvirt would report
-correct microcode version while still using the old host CPU model
-(visible in domain capabilities XML).
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
-
-CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
-
-Conflicts:
-	src/qemu/qemu_capabilities.c
-            - virQEMUCapsCacheLookupByArch refactoring (commits
-              7948ad4129a and 1a3de67001c) are missing
-            - commit a7424faff0f "Force QMP capability probing" is
-              missing downstream
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/qemu/qemu_capabilities.c | 12 ++++++++----
- src/qemu/qemu_capabilities.h |  3 +--
- src/qemu/qemu_driver.c       |  9 +--------
- tests/testutilsqemu.c        |  2 +-
- 4 files changed, 11 insertions(+), 15 deletions(-)
-
-diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
-index b5eb8cf46a..17eb6579bf 100644
--- a/src/qemu/qemu_capabilities.c
-+++ b/src/qemu/qemu_capabilities.c
-@@ -5343,7 +5343,7 @@ virQEMUCapsNewData(const char *binary,
-                                            priv->libDir,
-                                            priv->runUid,
-                                            priv->runGid,
-                                           priv->microcodeVersion,
-+                                           virHostCPUGetMicrocodeVersion(),
-                                            priv->kernelVersion,
-                                            false);
- }
-@@ -5427,8 +5427,7 @@ virFileCachePtr
- virQEMUCapsCacheNew(const char *libDir,
-                     const char *cacheDir,
-                     uid_t runUid,
-                    gid_t runGid,
-                    unsigned int microcodeVersion)
-+                    gid_t runGid)
- {
-     char *capsCacheDir = NULL;
-     virFileCachePtr cache = NULL;
-@@ -5452,7 +5451,6 @@ virQEMUCapsCacheNew(const char *libDir,
- 
-     priv->runUid = runUid;
-     priv->runGid = runGid;
-    priv->microcodeVersion = microcodeVersion;
- 
-     if (uname(&uts) == 0 &&
-         virAsprintf(&priv->kernelVersion, "%s %s", uts.release, uts.version) < 0)
-@@ -5473,8 +5471,11 @@ virQEMUCapsPtr
- virQEMUCapsCacheLookup(virFileCachePtr cache,
-                        const char *binary)
- {
-+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
-     virQEMUCapsPtr ret = NULL;
- 
-+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
-+
-     ret = virFileCacheLookup(cache, binary);
- 
-     VIR_DEBUG("Returning caps %p for %s", ret, binary);
-@@ -5520,10 +5521,13 @@ virQEMUCapsPtr
- virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
-                              virArch arch)
- {
-+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
-     virQEMUCapsPtr ret = NULL;
-     virArch target;
-     struct virQEMUCapsSearchData data = { .arch = arch };
- 
-+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
-+
-     ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data);
-     if (!ret) {
-         /* If the first attempt at finding capabilities has failed, try
-diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
-index c2ec2be193..7fd51f5fa0 100644
--- a/src/qemu/qemu_capabilities.h
-+++ b/src/qemu/qemu_capabilities.h
-@@ -524,8 +524,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
- virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
-                                     const char *cacheDir,
-                                     uid_t uid,
-                                    gid_t gid,
-                                    unsigned int microcodeVersion);
-+                                    gid_t gid);
- virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
-                                       const char *binary);
- virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 96454c17c0..bb38904090 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -610,8 +610,6 @@ qemuStateInitialize(bool privileged,
-     char *hugepagePath = NULL;
-     char *memoryBackingPath = NULL;
-     size_t i;
-    virCPUDefPtr hostCPU = NULL;
-    unsigned int microcodeVersion = 0;
- 
-     if (VIR_ALLOC(qemu_driver) < 0)
-         return -1;
-@@ -831,15 +829,10 @@ qemuStateInitialize(bool privileged,
-         run_gid = cfg->group;
-     }
- 
-    if ((hostCPU = virCPUProbeHost(virArchFromHost())))
-        microcodeVersion = hostCPU->microcodeVersion;
-    virCPUDefFree(hostCPU);
-
-     qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
-                                                      cfg->cacheDir,
-                                                      run_uid,
-                                                     run_gid,
-                                                     microcodeVersion);
-+                                                     run_gid);
-     if (!qemu_driver->qemuCapsCache)
-         goto error;
- 
-diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
-index f8182033fc..2c7124bf26 100644
--- a/tests/testutilsqemu.c
-+++ b/tests/testutilsqemu.c
-@@ -603,7 +603,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
- 
-     /* Using /dev/null for libDir and cacheDir automatically produces errors
-      * upon attempt to use any of them */
-    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
-+    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
-     if (!driver->qemuCapsCache)
-         goto error;
- 
-- 
-2.21.0
-
@@ -1,886 +0,0 @@
-From 36151b10d3e1f8f92f4ad6b8200ce5355b7f96f0 Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 5 Apr 2019 11:19:30 +0200
-Subject: [PATCH 3/4] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee)
-
-CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-
-Conflicts:
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-            - intel-pt feature is missing
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- tests/cputest.c                               |   1 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml |   7 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  |   8 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    |  27 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml     |  28 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml     |  11 +
- .../x86_64-cpuid-Xeon-E3-1225-v5.json         | 652 ++++++++++++++++++
- .../x86_64-cpuid-Xeon-E3-1225-v5.sig          |   4 +
- .../x86_64-cpuid-Xeon-E3-1225-v5.xml          |  47 ++
- 9 files changed, 785 insertions(+)
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-
-diff --git a/tests/cputest.c b/tests/cputest.c
-index 1e79edbef7..2df1d28e39 100644
--- a/tests/cputest.c
-+++ b/tests/cputest.c
-@@ -1189,6 +1189,7 @@ mymain(void)
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE);
-+    DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS);
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
-new file mode 100644
-index 0000000000..ce51903e53
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
-@@ -0,0 +1,7 @@
-+<!-- Features disabled by QEMU -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
-+</cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-new file mode 100644
-index 0000000000..0deca9fba6
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-@@ -0,0 +1,8 @@
-+<!-- Features enabled by QEMU -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
-+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
-+</cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-new file mode 100644
-index 0000000000..141c01c841
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -0,0 +1,27 @@
-+<cpu mode='custom' match='exact'>
-+  <model fallback='forbid'>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature policy='require' name='ds'/>
-+  <feature policy='require' name='acpi'/>
-+  <feature policy='require' name='ss'/>
-+  <feature policy='require' name='ht'/>
-+  <feature policy='require' name='tm'/>
-+  <feature policy='require' name='pbe'/>
-+  <feature policy='require' name='dtes64'/>
-+  <feature policy='require' name='monitor'/>
-+  <feature policy='require' name='ds_cpl'/>
-+  <feature policy='require' name='vmx'/>
-+  <feature policy='require' name='smx'/>
-+  <feature policy='require' name='est'/>
-+  <feature policy='require' name='tm2'/>
-+  <feature policy='require' name='xtpr'/>
-+  <feature policy='require' name='pdcm'/>
-+  <feature policy='require' name='osxsave'/>
-+  <feature policy='require' name='tsc_adjust'/>
-+  <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='stibp'/>
-+  <feature policy='require' name='ssbd'/>
-+  <feature policy='require' name='xsaves'/>
-+  <feature policy='require' name='pdpe1gb'/>
-+  <feature policy='require' name='invtsc'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-new file mode 100644
-index 0000000000..53bfc9728d
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -0,0 +1,28 @@
-+<cpu>
-+  <arch>x86_64</arch>
-+  <model>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature name='ds'/>
-+  <feature name='acpi'/>
-+  <feature name='ss'/>
-+  <feature name='ht'/>
-+  <feature name='tm'/>
-+  <feature name='pbe'/>
-+  <feature name='dtes64'/>
-+  <feature name='monitor'/>
-+  <feature name='ds_cpl'/>
-+  <feature name='vmx'/>
-+  <feature name='smx'/>
-+  <feature name='est'/>
-+  <feature name='tm2'/>
-+  <feature name='xtpr'/>
-+  <feature name='pdcm'/>
-+  <feature name='osxsave'/>
-+  <feature name='tsc_adjust'/>
-+  <feature name='clflushopt'/>
-+  <feature name='stibp'/>
-+  <feature name='ssbd'/>
-+  <feature name='xsaves'/>
-+  <feature name='pdpe1gb'/>
-+  <feature name='invtsc'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-new file mode 100644
-index 0000000000..1f321db273
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -0,0 +1,11 @@
-+<cpu mode='custom' match='exact'>
-+  <model fallback='forbid'>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature policy='require' name='ss'/>
-+  <feature policy='require' name='hypervisor'/>
-+  <feature policy='require' name='tsc_adjust'/>
-+  <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='stibp'/>
-+  <feature policy='require' name='ssbd'/>
-+  <feature policy='require' name='pdpe1gb'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
-new file mode 100644
-index 0000000000..084747556b
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
-@@ -0,0 +1,652 @@
-+{
-+  "return": {
-+    "model": {
-+      "name": "base",
-+      "props": {
-+        "phys-bits": 0,
-+        "core-id": -1,
-+        "xlevel": 2147483656,
-+        "cmov": true,
-+        "ia64": false,
-+        "aes": true,
-+        "mmx": true,
-+        "rdpid": false,
-+        "arat": true,
-+        "gfni": false,
-+        "pause-filter": false,
-+        "xsavec": true,
-+        "intel-pt": false,
-+        "osxsave": false,
-+        "hv-frequencies": false,
-+        "tsc-frequency": 0,
-+        "xd": true,
-+        "hv-vendor-id": "",
-+        "kvm-asyncpf": true,
-+        "kvm_asyncpf": true,
-+        "perfctr_core": false,
-+        "perfctr-core": false,
-+        "mpx": true,
-+        "pbe": false,
-+        "decodeassists": false,
-+        "avx512cd": false,
-+        "sse4_1": true,
-+        "sse4.1": true,
-+        "sse4-1": true,
-+        "family": 6,
-+        "legacy-cache": true,
-+        "vmware-cpuid-freq": true,
-+        "avx512f": false,
-+        "msr": true,
-+        "mce": true,
-+        "mca": true,
-+        "hv-runtime": false,
-+        "xcrypt": false,
-+        "thread-id": -1,
-+        "min-level": 13,
-+        "xgetbv1": true,
-+        "cid": false,
-+        "hv-relaxed": false,
-+        "hv-crash": false,
-+        "ds": false,
-+        "fxsr": true,
-+        "xsaveopt": true,
-+        "xtpr": false,
-+        "avx512vl": false,
-+        "avx512-vpopcntdq": false,
-+        "phe": false,
-+        "extapic": false,
-+        "3dnowprefetch": true,
-+        "avx512vbmi2": false,
-+        "cr8legacy": false,
-+        "stibp": true,
-+        "cpuid-0xb": true,
-+        "xcrypt-en": false,
-+        "kvm_pv_eoi": true,
-+        "apic-id": 4294967295,
-+        "pn": false,
-+        "dca": false,
-+        "vendor": "GenuineIntel",
-+        "pku": false,
-+        "smx": false,
-+        "cmp_legacy": false,
-+        "cmp-legacy": false,
-+        "node-id": -1,
-+        "avx512-4fmaps": false,
-+        "vmcb_clean": false,
-+        "vmcb-clean": false,
-+        "3dnowext": false,
-+        "hle": true,
-+        "npt": false,
-+        "memory": "/machine/unattached/system[0]",
-+        "clwb": false,
-+        "lbrv": false,
-+        "adx": true,
-+        "ss": true,
-+        "pni": true,
-+        "svm_lock": false,
-+        "svm-lock": false,
-+        "pfthreshold": false,
-+        "smep": true,
-+        "smap": true,
-+        "x2apic": true,
-+        "avx512vbmi": false,
-+        "avx512vnni": false,
-+        "hv-stimer": false,
-+        "i64": true,
-+        "flushbyasid": false,
-+        "f16c": true,
-+        "ace2-en": false,
-+        "pat": true,
-+        "pae": true,
-+        "sse": true,
-+        "phe-en": false,
-+        "kvm_nopiodelay": true,
-+        "kvm-nopiodelay": true,
-+        "tm": false,
-+        "kvmclock-stable-bit": true,
-+        "hypervisor": true,
-+        "socket-id": -1,
-+        "pcommit": false,
-+        "syscall": true,
-+        "level": 13,
-+        "avx512dq": false,
-+        "svm": false,
-+        "full-cpuid-auto-level": true,
-+        "hv-reset": false,
-+        "invtsc": false,
-+        "sse3": true,
-+        "sse2": true,
-+        "ssbd": true,
-+        "est": false,
-+        "avx512ifma": false,
-+        "tm2": false,
-+        "kvm-pv-eoi": true,
-+        "cx8": true,
-+        "kvm_mmu": false,
-+        "kvm-mmu": false,
-+        "sse4_2": true,
-+        "sse4.2": true,
-+        "sse4-2": true,
-+        "pge": true,
-+        "fill-mtrr-mask": true,
-+        "avx512bitalg": false,
-+        "nodeid_msr": false,
-+        "pdcm": false,
-+        "movbe": true,
-+        "model": 94,
-+        "nrip_save": false,
-+        "nrip-save": false,
-+        "kvm_pv_unhalt": true,
-+        "ssse3": true,
-+        "sse4a": false,
-+        "invpcid": true,
-+        "pdpe1gb": true,
-+        "tsc-deadline": true,
-+        "fma": true,
-+        "cx16": true,
-+        "de": true,
-+        "enforce": false,
-+        "stepping": 3,
-+        "xsave": true,
-+        "clflush": true,
-+        "skinit": false,
-+        "tsc": true,
-+        "tce": false,
-+        "fpu": true,
-+        "ibs": false,
-+        "ds_cpl": false,
-+        "ds-cpl": false,
-+        "host-phys-bits": true,
-+        "fma4": false,
-+        "la57": false,
-+        "osvw": false,
-+        "check": true,
-+        "hv-spinlocks": -1,
-+        "pmu": false,
-+        "pmm": false,
-+        "apic": true,
-+        "spec-ctrl": true,
-+        "min-xlevel2": 0,
-+        "tsc-adjust": true,
-+        "tsc_adjust": true,
-+        "kvm-steal-time": true,
-+        "kvm_steal_time": true,
-+        "kvmclock": true,
-+        "l3-cache": true,
-+        "lwp": false,
-+        "ibpb": false,
-+        "xop": false,
-+        "avx": true,
-+        "ospke": false,
-+        "ace2": false,
-+        "avx512bw": false,
-+        "acpi": false,
-+        "hv-vapic": false,
-+        "fsgsbase": true,
-+        "ht": false,
-+        "nx": true,
-+        "pclmulqdq": true,
-+        "mmxext": false,
-+        "vaes": false,
-+        "popcnt": true,
-+        "xsaves": false,
-+        "tcg-cpuid": true,
-+        "lm": true,
-+        "umip": false,
-+        "pse": true,
-+        "avx2": true,
-+        "sep": true,
-+        "pclmuldq": true,
-+        "virt-ssbd": false,
-+        "x-hv-max-vps": -1,
-+        "nodeid-msr": false,
-+        "md-clear": true,
-+        "kvm": true,
-+        "misalignsse": false,
-+        "min-xlevel": 2147483656,
-+        "kvm-pv-unhalt": true,
-+        "bmi2": true,
-+        "bmi1": true,
-+        "realized": false,
-+        "tsc_scale": false,
-+        "tsc-scale": false,
-+        "topoext": false,
-+        "hv-vpindex": false,
-+        "xlevel2": 0,
-+        "clflushopt": true,
-+        "kvm-no-smi-migration": false,
-+        "monitor": false,
-+        "avx512er": false,
-+        "pmm-en": false,
-+        "pcid": true,
-+        "3dnow": false,
-+        "erms": true,
-+        "lahf-lm": true,
-+        "lahf_lm": true,
-+        "vpclmulqdq": false,
-+        "fxsr-opt": false,
-+        "hv-synic": false,
-+        "xstore": false,
-+        "fxsr_opt": false,
-+        "kvm-hint-dedicated": false,
-+        "rtm": true,
-+        "lmce": true,
-+        "hv-time": false,
-+        "perfctr-nb": false,
-+        "perfctr_nb": false,
-+        "ffxsr": false,
-+        "rdrand": true,
-+        "rdseed": true,
-+        "avx512-4vnniw": false,
-+        "vmx": false,
-+        "vme": true,
-+        "dtes64": false,
-+        "mtrr": true,
-+        "rdtscp": true,
-+        "pse36": true,
-+        "kvm-pv-tlb-flush": false,
-+        "tbm": false,
-+        "wdt": false,
-+        "pause_filter": false,
-+        "sha-ni": false,
-+        "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz",
-+        "abm": true,
-+        "avx512pf": false,
-+        "xstore-en": false
-+      }
-+    }
-+  },
-+  "id": "model-expansion"
-+}
-+
-+{
-+  "return": [
-+    {
-+      "name": "max",
-+      "typename": "max-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": false
-+    },
-+    {
-+      "name": "host",
-+      "typename": "host-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": false
-+    },
-+    {
-+      "name": "base",
-+      "typename": "base-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": true,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "qemu64",
-+      "typename": "qemu64-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "qemu32",
-+      "typename": "qemu32-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "phenom",
-+      "typename": "phenom-x86_64-cpu",
-+      "unavailable-features": [
-+        "mmxext",
-+        "fxsr-opt",
-+        "3dnowext",
-+        "3dnow",
-+        "sse4a",
-+        "npt"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium3",
-+      "typename": "pentium3-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium2",
-+      "typename": "pentium2-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium",
-+      "typename": "pentium-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "n270",
-+      "typename": "n270-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "kvm64",
-+      "typename": "kvm64-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "kvm32",
-+      "typename": "kvm32-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "cpu64-rhel6",
-+      "typename": "cpu64-rhel6-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "coreduo",
-+      "typename": "coreduo-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "core2duo",
-+      "typename": "core2duo-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "athlon",
-+      "typename": "athlon-x86_64-cpu",
-+      "unavailable-features": [
-+        "mmxext",
-+        "3dnowext",
-+        "3dnow"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Westmere",
-+      "typename": "Westmere-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Westmere-IBRS",
-+      "typename": "Westmere-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Server",
-+      "typename": "Skylake-Server-x86_64-cpu",
-+      "unavailable-features": [
-+        "avx512f",
-+        "avx512dq",
-+        "clwb",
-+        "avx512cd",
-+        "avx512bw",
-+        "avx512vl",
-+        "avx512f",
-+        "avx512f",
-+        "avx512f"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Server-IBRS",
-+      "typename": "Skylake-Server-IBRS-x86_64-cpu",
-+      "unavailable-features": [
-+        "avx512f",
-+        "avx512dq",
-+        "clwb",
-+        "avx512cd",
-+        "avx512bw",
-+        "avx512vl",
-+        "avx512f",
-+        "avx512f",
-+        "avx512f"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Client",
-+      "typename": "Skylake-Client-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Client-IBRS",
-+      "typename": "Skylake-Client-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "SandyBridge",
-+      "typename": "SandyBridge-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "SandyBridge-IBRS",
-+      "typename": "SandyBridge-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Penryn",
-+      "typename": "Penryn-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G5",
-+      "typename": "Opteron_G5-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse",
-+        "xop",
-+        "fma4",
-+        "tbm"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G4",
-+      "typename": "Opteron_G4-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse",
-+        "xop",
-+        "fma4"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G3",
-+      "typename": "Opteron_G3-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G2",
-+      "typename": "Opteron_G2-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G1",
-+      "typename": "Opteron_G1-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Nehalem",
-+      "typename": "Nehalem-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Nehalem-IBRS",
-+      "typename": "Nehalem-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "IvyBridge",
-+      "typename": "IvyBridge-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "IvyBridge-IBRS",
-+      "typename": "IvyBridge-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell",
-+      "typename": "Haswell-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-noTSX",
-+      "typename": "Haswell-noTSX-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-noTSX-IBRS",
-+      "typename": "Haswell-noTSX-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-IBRS",
-+      "typename": "Haswell-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "EPYC",
-+      "typename": "EPYC-x86_64-cpu",
-+      "unavailable-features": [
-+        "sha-ni",
-+        "mmxext",
-+        "fxsr-opt",
-+        "cr8legacy",
-+        "sse4a",
-+        "misalignsse",
-+        "osvw"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "EPYC-IBPB",
-+      "typename": "EPYC-IBPB-x86_64-cpu",
-+      "unavailable-features": [
-+        "sha-ni",
-+        "mmxext",
-+        "fxsr-opt",
-+        "cr8legacy",
-+        "sse4a",
-+        "misalignsse",
-+        "osvw",
-+        "ibpb"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Conroe",
-+      "typename": "Conroe-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell",
-+      "typename": "Broadwell-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-noTSX",
-+      "typename": "Broadwell-noTSX-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-noTSX-IBRS",
-+      "typename": "Broadwell-noTSX-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-IBRS",
-+      "typename": "Broadwell-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "486",
-+      "typename": "486-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    }
-+  ],
-+  "id": "definitions"
-+}
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
-new file mode 100644
-index 0000000000..7e57c2ded6
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
-@@ -0,0 +1,4 @@
-+0506e3
-+family:     6 (0x06)
-+model:     94 (0x5e)
-+stepping:   3 (0x03)
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-new file mode 100644
-index 0000000000..437429d61d
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-@@ -0,0 +1,47 @@
-+<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/>
-+  <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/>
-+  <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/>
-+  <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/>
-+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/>
-+  <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/>
-+  <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/>
-+  <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/>
-+  <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
-+  <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/>
-+  <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/>
-+  <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
-+  <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+  <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+</cpudata>
-- 
-2.21.0
-
@@ -1,105 +0,0 @@
-From 7bde733e906a9eb513448fd58201a333a1793811 Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 5 Apr 2019 15:11:20 +0200
-Subject: [PATCH 4/4] cpu_map: Define md-clear CPUID bit
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
-
-The bit is set when microcode provides the mechanism to invoke a flush
-of various exploitable CPU buffers by invoking the VERW instruction.
-
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)
-
-Conflicts:
-	src/cpu_map/x86_features.xml
-            - no CPU map split downstream
-
-	tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
-	tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
-            - test data missing downstream
-
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-            - intel-pt feature is missing downstream
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/cpu/cpu_map.xml                                        | 3 +++
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +-
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml   | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml    | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml    | 1 +
- 5 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
-index 96daa0f9af..250e241df9 100644
--- a/src/cpu/cpu_map.xml
-+++ b/src/cpu/cpu_map.xml
-@@ -295,6 +295,9 @@
-     <feature name='avx512-4fmaps'>
-       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
-     </feature>
-+    <feature name='md-clear'> <!-- md_clear -->
-+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
-+    </feature>
-     <feature name='spec-ctrl'>
-       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
-     </feature>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-index 0deca9fba6..74763a462b 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-@@ -2,7 +2,7 @@
- <cpudata arch='x86'>
-   <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
-   <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
-   <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-   <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
- </cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-index 141c01c841..3b3472742e 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -19,6 +19,7 @@
-   <feature policy='require' name='osxsave'/>
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='md-clear'/>
-   <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='xsaves'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-index 53bfc9728d..df4f97417c 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -20,6 +20,7 @@
-   <feature name='osxsave'/>
-   <feature name='tsc_adjust'/>
-   <feature name='clflushopt'/>
-+  <feature name='md-clear'/>
-   <feature name='stibp'/>
-   <feature name='ssbd'/>
-   <feature name='xsaves'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-index 1f321db273..a5591278df 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -5,6 +5,7 @@
-   <feature policy='require' name='hypervisor'/>
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='md-clear'/>
-   <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='pdpe1gb'/>
-- 
-2.21.0
-
@@ -1,56 +0,0 @@
-From 4cb90fa2335b75a0fc39440853bd681955b326a4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 14 May 2019 21:09:59 +0100
-Subject: [PATCH] cputest: remove stibp flag from test data
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-stibp flag doesn't exist in this maint branch.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 -
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml  | 1 -
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml  | 1 -
- 3 files changed, 3 deletions(-)
-
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-index 3b3472742e..29c1fdb80a 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -20,7 +20,6 @@
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-   <feature policy='require' name='md-clear'/>
-  <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='xsaves'/>
-   <feature policy='require' name='pdpe1gb'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-index df4f97417c..2003ca9ef6 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -21,7 +21,6 @@
-   <feature name='tsc_adjust'/>
-   <feature name='clflushopt'/>
-   <feature name='md-clear'/>
-  <feature name='stibp'/>
-   <feature name='ssbd'/>
-   <feature name='xsaves'/>
-   <feature name='pdpe1gb'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-index a5591278df..d6529c59a3 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -6,7 +6,6 @@
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-   <feature policy='require' name='md-clear'/>
-  <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='pdpe1gb'/>
- </cpu>
-- 
-2.21.0
-
@@ -1,58 +0,0 @@
-From 39fb5ab3125d1669344bab94ccb71bce814d9ae2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 17:26:13 +0100
-Subject: [PATCH 1/3] admin: reject clients unless their UID matches the
- current UID
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The admin protocol RPC messages are only intended for use by the user
-running the daemon. As such they should not be allowed for any client
-UID that does not match the server UID.
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
---
- src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
-index b78ff902c0..9f25813ae3 100644
--- a/src/admin/admin_server_dispatch.c
-+++ b/src/admin/admin_server_dispatch.c
-@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                    void *opaque)
- {
-     struct daemonAdmClientPrivate *priv;
-+    uid_t clientuid;
-+    gid_t clientgid;
-+    pid_t clientpid;
-+    unsigned long long timestamp;
-+
-+    if (virNetServerClientGetUNIXIdentity(client,
-+                                          &clientuid,
-+                                          &clientgid,
-+                                          &clientpid,
-+                                          &timestamp) < 0)
-+        return NULL;
-+
-+    VIR_DEBUG("New client pid %lld uid %lld",
-+              (long long)clientpid,
-+              (long long)clientuid);
-+
-+    if (geteuid() != clientuid) {
-+        virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
-+                                 (long long)clientpid,
-+                                 (long long)clientuid);
-+        return NULL;
-+    }
- 
-     if (VIR_ALLOC(priv) < 0)
-         return NULL;
-- 
-2.21.0
-
@@ -1,51 +0,0 @@
-From 41f06e6095e17b61b2af35821d204afc5c34777c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 16:51:37 +0100
-Subject: [PATCH 2/3] locking: restrict sockets to mode 0600
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virtlockd daemon's only intended client is the libvirtd daemon. As
-such it should never allow clients from other user accounts to connect.
-The code already enforces this and drops clients from other UIDs, but
-we can get earlier (and thus stronger) protection against DoS by setting
-the socket permissions to 0600
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)
---
- src/locking/virtlockd-admin.socket.in | 1 +
- src/locking/virtlockd.socket.in       | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
-index 2a7500f3d0..f674c492f7 100644
--- a/src/locking/virtlockd-admin.socket.in
-+++ b/src/locking/virtlockd-admin.socket.in
-@@ -5,6 +5,7 @@ Before=libvirtd.service
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
- Service=virtlockd.service
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
-index 45e0f20235..d701b27516 100644
--- a/src/locking/virtlockd.socket.in
-+++ b/src/locking/virtlockd.socket.in
-@@ -4,6 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-- 
-2.21.0
-
@@ -1,51 +0,0 @@
-From f0e014133104cdb5af5c7d96a7aa6dc0f1bbb03c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 17:27:41 +0100
-Subject: [PATCH 3/3] logging: restrict sockets to mode 0600
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virtlogd daemon's only intended client is the libvirtd daemon. As
-such it should never allow clients from other user accounts to connect.
-The code already enforces this and drops clients from other UIDs, but
-we can get earlier (and thus stronger) protection against DoS by setting
-the socket permissions to 0600
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
---
- src/logging/virtlogd-admin.socket.in | 1 +
- src/logging/virtlogd.socket.in       | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in
-index 595e6c4c4b..5c41dfeb7b 100644
--- a/src/logging/virtlogd-admin.socket.in
-+++ b/src/logging/virtlogd-admin.socket.in
-@@ -5,6 +5,7 @@ Before=libvirtd.service
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
- Service=virtlogd.service
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
-index 22b9360c8d..ae48cdab9a 100644
--- a/src/logging/virtlogd.socket.in
-+++ b/src/logging/virtlogd.socket.in
-@@ -4,6 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-- 
-2.21.0
-
@@ -1,21 +0,0 @@
-# Makefile for source rpm: libvirt
-# $Id$
-NAME := libvirt
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)
@@ -1 +1 @@
-SHA512 (libvirt-4.1.0.tar.xz) = 62d1a228adf3270cc6defe3cbf92dac8c4ce2c434c4d97219571ccef799a4f6304cfd1ba9938338356641285f53ac71145d7b398523021c5ea1dc8e3d49cf894
+SHA512 (libvirt-6.1.0.tar.xz) = 17a2641f300a4a05149261bae74ac856e9a2511a259146595d2e2412c4a0601d88369b0544ba86edc80e433a47cf828317d8de38c6ec86a1b3efaca75294a606
Author	SHA1	Message	Date
Cole Robinson	0aea5c88f2	libvirt-6.1.0-4 Fix libxl driver startup crash (bz #1842318)	2020-06-02 13:46:51 -04:00
Cole Robinson	1ab72850ed	libvirt-6.1.0-3 Fix iptables No chain/target/match by that name (bz #1813830) systemd: start libvirtd after firewalld/iptables services (bz #1697636)	2020-05-26 11:44:02 -04:00
Felipe Borges	401f9087bc	libvirt-6.1.0-2.fc32 Check for disk type correctly in virDomainDiskTranslateSourcePool Signed-off-by: Felipe Borges <feborges@redhat.com>	2020-03-24 11:34:46 +01:00
Cole Robinson	dd3698988e	libvirt-6.1.0-1.fc33 Update to version 6.1.0	2020-03-04 08:25:20 -05:00
Cole Robinson	3df49002c2	libvirt-6.0.0-3.fc33 Rebuild for libiscsi soname bump	2020-02-25 14:47:54 -05:00
Fedora Release Engineering	1bf0aedb9f	- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2020-01-29 10:43:22 +00:00
Cole Robinson	79accd5a6e	libvirt-6.0.0-1.fc32 Update to version 6.0.0	2020-01-15 11:17:10 -05:00
Adam Williamson	422d548fce	Rebuild for new xen-libs	2019-12-19 09:02:02 -08:00
Daniel P. Berrangé	20ec6e955c	Add abigail suppressions list Stop abigail complaining about libvirt private symbols or any of the loadable driver modules. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-12-03 18:01:54 +00:00
Cole Robinson	406a235cbc	Fix test suite Signed-off-by: Cole Robinson <crobinso@redhat.com>	2019-12-03 10:22:18 -05:00
Cole Robinson	4d15e56a38	libvirt-5.10.0-1.fc32 Update to version 5.10.0	2019-12-03 09:54:02 -05:00
Cole Robinson	8693111790	libvirt-5.9.0-1.fc32 Update to version 5.9.0	2019-11-11 13:36:07 -05:00
Cole Robinson	8461a521f2	libvirt-5.8.0-1.fc32 Update to version 5.8.0	2019-10-07 16:35:23 -04:00
Cole Robinson	511e2c5124	libvirt-5.7.0-3.fc32 Fix VM startup when legacy cgroups are defined (bz #1612383)	2019-09-26 15:47:05 -04:00
Daniel P. Berrangé	749dc3d3cb	Fix systemd socket activation with TLS socket	2019-09-20 10:14:22 +01:00
Cole Robinson	73c9e38f2c	Remove old Makefile Signed-off-by: Cole Robinson <crobinso@redhat.com>	2019-09-17 10:54:06 -04:00
Cole Robinson	afe8184d3f	libvirt-5.7.0-1.fc32 Update to version 5.7.0	2019-09-03 12:35:57 -04:00
Cole Robinson	7d77bf76aa	libvirt-5.6.0-1.fc31 Update to version 5.6.0	2019-08-06 13:23:41 -04:00
Fedora Release Engineering	7f0f1b831e	- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2019-07-25 14:40:37 +00:00
Cole Robinson	d964be0097	libvirt-5.5.0-1.fc31 Rebased to version 5.5.0	2019-07-03 11:25:28 -04:00
Cole Robinson	a2479f539e	libvirt-5.4.0-2.fc31 CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (bz #1722463, bz #1720115) CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients (bz #1722462, bz #1720114) CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API (bz #1722464, bz #1720117) CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz #1722466, bz #1720118)	2019-06-20 12:30:57 -04:00
Daniel P. Berrangé	c2c89ec6a3	Update to 5.4.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-06-12 11:29:13 +02:00
Daniel P. Berrangé	d61e2404ba	Fix systemd socket permissions (CVE-2019-10132) Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-05-21 16:58:15 +01:00
Daniel P. Berrangé	a2be167dfe	Define md-clear CPUID bit CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-05-14 19:17:13 +01:00
Daniel P. Berrangé	15ca09e1da	Update to 5.3.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-05-07 14:50:34 +01:00
Cole Robinson	2cc07e6366	libvirt-5.2.0-2.fc31 Rebuild for xen 4.12 soname bump	2019-04-08 10:24:27 -04:00
Daniel P. Berrangé	4dd4fe78a4	Remove patch chunk touching Makefile.am We don't need to run make dist from a build and the filename is broken and would require re-running autotools anyway. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-04-03 13:59:48 +01:00
Daniel P. Berrangé	0bc22fb6f7	Remove patching on mock-noinline.pl which is missing in dist Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-04-03 11:47:23 +01:00
Daniel P. Berrangé	76097a6961	Add fix for mocking tests on 32-bit Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-04-03 11:35:55 +01:00
Daniel P. Berrangé	98cbf39fd3	Update to 5.2.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-04-03 11:06:44 +01:00
Daniel P. Berrangé	d670e246d0	Fix rbd upgrade compat & deprecations and networking Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-03-20 17:42:59 +00:00
Igor Gnatenko	50e7b9a91d	Remove obsolete scriptlets Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>	2019-03-06 09:47:43 +01:00
Daniel P. Berrangé	5cbc0451ce	Update to 5.1.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-03-04 10:57:08 +00:00
Igor Gnatenko	b420054636	Rebuild for readline 8.0	2019-02-17 09:30:51 +01:00
Fedora Release Engineering	143fedee46	- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2019-02-01 08:30:03 +00:00
Daniel P. Berrangé	88887cac0f	Update to 5.0.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2019-01-21 12:19:06 +00:00
Daniel P. Berrangé	579afc99f2	Disable RBD on 32-bit arches Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-12-10 18:33:58 +00:00
Daniel P. Berrangé	7f5808b9d0	Update to 4.10.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-12-03 13:55:36 +00:00
Daniel P. Berrangé	4df5f77071	Update to 4.9.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-11-12 14:53:44 +00:00
Daniel P. Berrangé	1bdd527daf	Update to 4.8.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-10-05 14:25:26 +01:00
Daniel P. Berrangé	e5fa1c00d2	Update to 4.7.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-09-04 10:43:47 +01:00
David Abdurachmanov	18f7b8c79c	Add support for RISC-V (riscv64)	2018-08-19 19:41:56 +01:00
Daniel P. Berrangé	782468f8e9	Update to 4.6.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-08-06 14:07:24 +01:00
Fedora Release Engineering	202e7d9569	- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2018-07-13 09:01:16 +00:00
Daniel P. Berrangé	0676a07265	Fix regressions in chardev handling Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-07-06 11:30:44 +01:00
Daniel P. Berrangé	f57ce74947	Update to 4.5.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-07-03 11:00:57 +01:00
Daniel P. Berrangé	851cfde15b	Fix typo in date Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-06-05 12:49:52 +01:00
Daniel P. Berrangé	06123137eb	Update to 4.4.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-06-05 12:30:16 +01:00
Igor Gnatenko	6ccf3cb58c	Remove %clean section None of currently supported distributions need that. Last one was EL5 which is EOL for a while. Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>	2018-05-07 09:38:07 +02:00
Igor Gnatenko	030ddaa4ef	Remove BuildRoot definition None of currently supported distributions need that. It was needed last for EL5 which is EOL now Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>	2018-05-07 09:38:07 +02:00
Daniel P. Berrangé	a8886736c4	Set wireshark plugin dir dynamically Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-05-03 12:26:11 +01:00
Daniel P. Berrangé	4fd635e537	Update to 4.3.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-05-03 10:55:46 +01:00
Daniel P. Berrangé	6210c457fc	Update to 4.2.0 release Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-04-03 13:42:58 +01:00
Iryna Shcherbina	82926cfdf0	Update Python 2 dependency declarations to new packaging standards	2018-03-23 23:29:56 +01:00
Daniel P. Berrangé	e7a3ca6f6b	Fix systemd macro argument with line continuations (rhbz#1558648) Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-03-21 09:38:28 +00:00
Daniel P. Berrangé	1ae6f647b7	Upload 4.1.0 sources Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-03-05 13:36:35 +00:00
Daniel P. Berrangé	48941c011f	Rebase to version 4.1.0 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2018-03-05 13:31:54 +00:00