add ARM to NUMA platform exlcludes

Fix for CVE-2011-2178, regression introduced in disk probe logic,
Bug 709775

.abignore

@@ -1,31 +0,0 @@
-[suppress_function]
-symbol_version_regexp = LIBVIRT_PRIVATE.*
-soname_regexp = libvirt\\.so.*
-
-[suppress_function]
-symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
-soname_regexp = libvirt-admin\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = LIBVIRT_PRIVATE.*
-soname_regexp = libvirt\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
-soname_regexp = libvirt-admin\\.so.*
-
-[suppress_function]
-symbol_version_regexp = .*
-soname_regexp = libvirt_storage_.*\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = .*
-soname_regexp = libvirt_storage_.*\\.so.*
-
-[suppress_function]
-symbol_version_regexp = .*
-soname_regexp = libvirt_driver_.*\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = .*
-soname_regexp = libvirt_driver_.*\\.so.*

.gitignore

@@ -2,4 +2,4 @@
 *.rpm
 i686
 x86_64
-libvirt-*.tar.xz
+libvirt-*.tar.gz

0001-build-support-explicitly-disabling-netcf.patch

@@ -1,56 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 21 Jan 2021 16:01:06 -0500
-Subject: [PATCH] build: support explicitly disabling netcf
-
-placing "-Dnetcf=disabled" on the meson commandline was ignored,
-meaning that even with that option the build would get WITH_NETCF if
-the netcf-devel package was found - the only way to disable it was to
-uninstall netcf-devel.
-
-This patch adds the small bit of logic to check the netcf meson
-commandline option (in addition to whether netcf-devel is installed)
-before defining WITH_NETCF.
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Neal Gompa <ngompa13@gmail.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 06169a115d46d8870a96d293c2faf6ea87e71020)
----
- meson.build | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index b5164f68ed..e9d6d9f82e 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1155,8 +1155,10 @@ libm_dep = cc.find_library('m', required : false)
- 
- netcf_version = '0.1.8'
- netcf_dep = dependency('netcf', version: '>=' + netcf_version, required: get_option('netcf'))
--if netcf_dep.found()
--  conf.set('WITH_NETCF', 1)
-+if not get_option('netcf').disabled()
-+  if netcf_dep.found()
-+    conf.set('WITH_NETCF', 1)
-+  endif
- endif
- 
- have_gnu_gettext_tools = false
-@@ -1550,7 +1552,7 @@ elif get_option('driver_hyperv').enabled()
-   error('openwsman is required for the Hyper-V driver')
- endif
- 
--if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or netcf_dep.found())
-+if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or conf.has('WITH_NETCF'))
-   conf.set('WITH_INTERFACE', 1)
- elif get_option('driver_interface').enabled()
-   error('Requested the Interface driver without netcf or udev and libvirtd support')
-@@ -2362,7 +2364,7 @@ libs_summary = {
-   'libssh': libssh_dep.found(),
-   'libssh2': libssh2_dep.found(),
-   'libutil': libutil_dep.found(),
--  'netcf': netcf_dep.found(),
-+  'netcf': conf.has('WITH_NETCF'),
-   'NLS': have_gnu_gettext_tools,
-   'numactl': numactl_dep.found(),
-   'openwsman': openwsman_dep.found(),

0002-node_device_udev-Serialize-access-to-pci_get_strings.patch

@@ -1,72 +0,0 @@
-From: wangjian <wangjian161@huawei.com>
-Date: Fri, 26 Mar 2021 11:21:16 +0800
-Subject: [PATCH] node_device_udev: Serialize access to pci_get_strings)_
-
-Since the functions provided by libpciaccess are not thread-safe,
-when the udev-event and nodedev-init threads of libvirt call the
-pci_get_strings function provided by libpaciaccess at the same
-time the following can happen:
-
-nodedev-init thread:
-nodeStateInitializeEnumerate ->
-  udevEnumerateDevices->
-    udevProcessDeviceListEntry ->
-      udevAddOneDevice ->
-        udevGetDeviceDetails->
-          udevProcessPCI ->
-            udevTranslatePCIIds ->
-              pci_get_strings -> (libpciaccess)
-                find_device_name ->
-                  populate_vendor ->
-                    d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                    vend->num_devices++;
-
-udev-event thread:
-udevEventHandleThread ->
-  udevHandleOneDevice ->
-    udevAddOneDevice->
-      udevGetDeviceDetails->
-        udevProcessPCI ->
-          udevTranslatePCIIds ->
-            pci_get_strings -> (libpciaccess)
-              find_device_name ->
-                populate_vendor ->
-                  d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                  vend->num_devices++;
-
-Signed-off-by: WangJian <wangjian161@huawei.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 59788a5caea5f292c86e07a31ee2b853d68db87e)
----
- src/node_device/node_device_udev.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
-index 55a2731681..6f0defe908 100644
---- a/src/node_device/node_device_udev.c
-+++ b/src/node_device/node_device_udev.c
-@@ -328,6 +328,7 @@ udevGenerateDeviceName(struct udev_device *device,
-     return 0;
- }
- 
-+static virMutex pciaccessMutex = VIR_MUTEX_INITIALIZER;
- 
- static int
- udevTranslatePCIIds(unsigned int vendor,
-@@ -346,12 +347,14 @@ udevTranslatePCIIds(unsigned int vendor,
-     m.device_class_mask = 0;
-     m.match_data = 0;
- 
--    /* pci_get_strings returns void */
-+    /* pci_get_strings returns void and unfortunately is not thread safe. */
-+    virMutexLock(&pciaccessMutex);
-     pci_get_strings(&m,
-                     &device_name,
-                     &vendor_name,
-                     NULL,
-                     NULL);
-+    virMutexUnlock(&pciaccessMutex);
- 
-     *vendor_string = g_strdup(vendor_name);
-     *product_string = g_strdup(device_name);

0003-virSetUIDGIDWithCaps-Don-t-drop-CAP_SETPCAP-right-aw.patch

@@ -1,53 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 24 Jun 2021 16:58:09 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Don't drop CAP_SETPCAP right away
-
-There are few cases where we execute a virCommand with all caps
-cleared (virCommandClearCaps()). For instance
-dnsmasqCapsRefreshInternal() does just that. This means, that
-after fork() and before exec() the virSetUIDGIDWithCaps() is
-called. But since the caller did not want to change anything,
-just drop capabilities, these are the values of arguments:
-
-  virSetUIDGIDWithCaps (uid=-1, gid=-1, groups=0x0, ngroups=0,
-                        capBits=0, clearExistingCaps=true)
-
-This means that indeed all capabilities will be dropped,
-including CAP_SETPCAP. But this capability controls whether
-capabilities can be set, IOW whether capng_apply() succeeds.
-
-There are two calls of capng_apply() in the function. The
-CAP_SETPCAP is dropped after the first call and thus the other
-call (capng_apply(CAPNG_SELECT_BOUNDS);) fails.
-
-The solution is to keep the capability for as long as needed
-(just like CAP_SETGID and CAP_SETUID) and drop it only at the
-very end (just like CAP_SETGID and CAP_SETUID).
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1949388
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 438b50dda8a863fdc988e9ab612f097cc1626e8a)
----
- src/util/virutil.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index a0cd0f1bcd..7ae23a7061 100644
---- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1202,12 +1202,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-     }
- # ifdef PR_CAPBSET_DROP
-     /* If newer kernel, we need also need setpcap to change the bounding set */
--    if ((capBits || need_setgid || need_setuid) &&
--        !capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-+    if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-         need_setpcap = true;
--    }
--    if (need_setpcap)
-         capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
-+    }
- # endif
- 
-     /* Tell system we want to keep caps across uid change */

0004-security-fix-SELinux-label-generation-logic.patch

@@ -1,51 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Jun 2021 13:09:04 +0100
-Subject: [PATCH] security: fix SELinux label generation logic
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A process can access a file if the set of MCS categories
-for the file is equal-to *or* a subset-of, the set of
-MCS categories for the process.
-
-If there are two VMs:
-
-  a) svirt_t:s0:c117
-  b) svirt_t:s0:c117,c720
-
-Then VM (b) is able to access files labelled for VM (a).
-
-IOW, we must discard case where the categories are equal
-because that is a subset of many other valid category pairs.
-
-Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
-CVE-2021-3631
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 15073504dbb624d3f6c911e85557019d3620fdb2)
----
- src/security/security_selinux.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 2fc6ef2616..61a871ec3d 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -389,7 +389,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
-         VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
- 
-         if (c1 == c2) {
--            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
-+            /*
-+             * A process can access a file if the set of MCS categories
-+             * for the file is equal-to *or* a subset-of, the set of
-+             * MCS categories for the process.
-+             *
-+             * IOW, we must discard case where the categories are equal
-+             * because that is a subset of other category pairs.
-+             */
-+            continue;
-         } else {
-             if (c1 > c2) {
-                 int t = c1;

0005-virSetUIDGIDWithCaps-Set-bounding-capabilities-only-.patch

@@ -1,43 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 22 Jul 2021 14:26:00 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Set bounding capabilities only with
- CAP_SETPCAP
-
-In one of my previous patches I've tried to postpone dropping
-CAP_SETPCAP until the very end because it's needed for
-capng_apply(). What I did not realize back then was that we might
-not have the capability to begin with. Because of unknown reasons
-capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not
-for CAPNG_SELECT_CAPS.
-
-Reproducer is really simple: run libvirtd as a regular user.
-During its initialization, libvirtd will spawn some binaries
-(dnsmasq, qemu-*, etc.) and while doing so it will try to drop
-capabilities.
-
-Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we
-have the CAP_SETPCAP (which is tracked in need_setpcap variable).
-
-Fixes: 438b50dda8a863fdc988e9ab612f097cc1626e8a
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1924218
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit a2476f37a7789eb9315b77bb451f4754ef4ef15b)
----
- src/util/virutil.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index 7ae23a7061..333f99e91d 100644
---- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1269,7 +1269,8 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-      * do this if we failed to get the capability above, so ignore the
-      * return value.
-      */
--    capng_apply(CAPNG_SELECT_BOUNDS);
-+    if (!need_setpcap)
-+        capng_apply(CAPNG_SELECT_BOUNDS);
- 
-     /* Drop the caps that allow setuid/gid (unless they were requested) */
-     if (need_setgid)

0006-qemu_firmware-don-t-error-out-for-unknown-firmware-f.patch

@@ -1,57 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Mon, 10 May 2021 15:07:09 +0200
-Subject: [PATCH] qemu_firmware: don't error out for unknown firmware features
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When QEMU introduces new firmware features libvirt will fail until we
-list that feature in our code as well which doesn't sound right.
-
-We should simply ignore the new feature until we add a proper support
-for it.
-
-Reported-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9)
----
- src/qemu/qemu_firmware.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
-index 639cff7459..e602de22e3 100644
---- a/src/qemu/qemu_firmware.c
-+++ b/src/qemu/qemu_firmware.c
-@@ -573,6 +573,7 @@ qemuFirmwareFeatureParse(const char *path,
-     virJSONValuePtr featuresJSON;
-     g_autoptr(qemuFirmwareFeature) features = NULL;
-     size_t nfeatures;
-+    size_t nparsed = 0;
-     size_t i;
- 
-     if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features"))) {
-@@ -592,17 +593,16 @@ qemuFirmwareFeatureParse(const char *path,
-         int tmp;
- 
-         if ((tmp = qemuFirmwareFeatureTypeFromString(tmpStr)) <= 0) {
--            virReportError(VIR_ERR_INTERNAL_ERROR,
--                           _("unknown feature %s"),
--                           tmpStr);
--            return -1;
-+            VIR_DEBUG("ignoring unknown QEMU firmware feature '%s'", tmpStr);
-+            continue;
-         }
- 
--        features[i] = tmp;
-+        features[nparsed] = tmp;
-+        nparsed++;
-     }
- 
-     fw->features = g_steal_pointer(&features);
--    fw->nfeatures = nfeatures;
-+    fw->nfeatures = nparsed;
-     return 0;
- }
- 

0007-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch

@@ -1,33 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Wed, 21 Jul 2021 11:22:25 +0200
-Subject: [PATCH] storage_driver: Unlock object on ACL fail in
- storagePoolLookupByTargetPath
-
-'virStoragePoolObjListSearch' returns a locked and refed object, thus we
-must release it on ACL permission failure.
-
-Fixes: 7aa0e8c0cb8
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87)
----
- src/storage/storage_driver.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
-index 16bc53aa46..2787c1671b 100644
---- a/src/storage/storage_driver.c
-+++ b/src/storage/storage_driver.c
-@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
-                                            storagePoolLookupByTargetPathCallback,
-                                            cleanpath))) {
-         def = virStoragePoolObjGetDef(obj);
--        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
-+        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
-+            virStoragePoolObjEndAPI(&obj);
-             return NULL;
-+        }
- 
-         pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
-         virStoragePoolObjEndAPI(&obj);

0008-wireshark-Switch-to-tvb_bytes_to_str.patch

@@ -1,81 +0,0 @@
-From 7e299ba649b1288d529c7595c0e6060c9ae0ff2a Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 09:57:49 +0100
-Subject: [PATCH 1/2] wireshark: Switch to tvb_bytes_to_str()
-
-When the dissector sees a byte sequence that is either an opaque
-data (xdr_opaque) or a byte sequence (xdr_bytes) it formats the
-bytes as a hex numbers using our own implementation. But
-wireshark already provides a function for it: tvb_bytes_to_str().
-NB, the reason why it returns a const string is so that callers
-don't try to free it - the string is allocated using an allocator
-which will decide when to free it.
-
-The wireshark formatter was introduced in wireshark commit of
-v1.99.2~479 and thus is present in the version we require at
-least (2.6.0).
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 30 ++++++++--------------------
- 1 file changed, 8 insertions(+), 22 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index f43919b05d..cb922b8070 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -158,24 +158,6 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     }
- }
- 
--static const gchar *
--format_xdr_bytes(guint8 *bytes, guint32 length)
--{
--    gchar *buf;
--    guint32 i;
--
--    if (length == 0)
--        return "";
--    buf = wmem_alloc(wmem_packet_scope(), length*2 + 1);
--    for (i = 0; i < length; i++) {
--        /* We know that buf has enough size to contain
--           2 * length + '\0' characters. */
--        g_snprintf(buf, 2*(length - i) + 1, "%02x", bytes[i]);
--        buf += 2;
--    }
--    return buf - length*2;
--}
--
- static gboolean
- dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-                    guint32 size)
-@@ -187,8 +169,10 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     val = g_malloc(size);
-     start = xdr_getpos(xdrs);
-     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
--        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
--                                          NULL, "%s", format_xdr_bytes(val, size));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-     } else {
-         proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA);
-     }
-@@ -207,8 +191,10 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- 
-     start = xdr_getpos(xdrs);
-     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
--        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
--                                          NULL, "%s", format_xdr_bytes(val, length));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-         /* Seems I can't call xdr_free() for this case.
-            It will raises SEGV by referencing out of bounds call stack */
-         free(val);
--- 
-2.33.1
-

0009-wireshark-Drop-needless-comment-in-dissect_xdr_bytes.patch

@@ -1,33 +0,0 @@
-From 010613cfd8dae6d85602a84c5c95b2d441e1b3d1 Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 10:20:05 +0100
-Subject: [PATCH 2/2] wireshark: Drop needless comment in dissect_xdr_bytes()
-
-In the dissect_xdr_bytes() there's a comment that the string
-allocated by xdr_bytes() can't be freed using xdr_free(). Well,
-that is expected because xdr_bytes() used plain calloc() AND the
-string is not an XDR struct but plain 'char *' type. Passing it
-to xdr_free() must result in weird things happening.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index cb922b8070..eeacbcdf0e 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -195,8 +195,6 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-         const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
--        /* Seems I can't call xdr_free() for this case.
--           It will raises SEGV by referencing out of bounds call stack */
-         free(val);
-         return TRUE;
-     } else {
--- 
-2.33.1
-

Makefile

@@ -0,0 +1,21 @@
+# Makefile for source rpm: libvirt
+# $Id$
+NAME := libvirt
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attempt a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)

libvirt-0.8.3-avoid-resetting-errors.patch

@@ -0,0 +1,51 @@
+From 452bf160e5bbe0789d706fda95f5919551eb2cac Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 25 Mar 2011 16:45:45 +0100
+Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
+
+https://bugzilla.redhat.com/show_bug.cgi?id=690733
+
+Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
+*Free) is called before remoteDispatchConnError() is called on error.
+However, the patch missed two instances.
+(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
+---
+ daemon/remote.c |    6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index a8258ca..7464957 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -4547,12 +4547,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
+     ret->names.names_len =
+         virStoragePoolListVolumes (pool,
+                                    ret->names.names_val, args->maxnames);
+-    virStoragePoolFree(pool);
+     if (ret->names.names_len == -1) {
+         VIR_FREE(ret->names.names_val);
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+@@ -4576,11 +4577,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
+     }
+ 
+     ret->num = virStoragePoolNumOfVolumes (pool);
+-    virStoragePoolFree(pool);
+     if (ret->num == -1) {
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+-- 
+1.7.3.4
+

libvirt-0.8.3-boot-menu.patch

@@ -0,0 +1,12 @@
+diff -rup libvirt-0.8.3.orig/src/qemu/qemu_conf.c libvirt-0.8.3.new/src/qemu/qemu_conf.c
+--- libvirt-0.8.3.orig/src/qemu/qemu_conf.c	2010-08-04 13:21:27.000000000 +0100
++++ libvirt-0.8.3.new/src/qemu/qemu_conf.c	2010-08-23 21:08:13.239794362 +0100
+@@ -3651,7 +3651,7 @@ int qemudBuildCommandLine(virConnectPtr 
+ {
+     int i;
+     char memory[50];
+-    char boot[VIR_DOMAIN_BOOT_LAST];
++    char boot[VIR_DOMAIN_BOOT_LAST+1];
+     struct utsname ut;
+     int disableKQEMU = 0;
+     int disableKVM = 0;

libvirt-0.8.3-fix-var-lib-libvirt-permissions.patch

@@ -0,0 +1,44 @@
+From f970d802ab805f1a37af384f148f34e108714034 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 3 Nov 2010 15:20:24 -0600
+Subject: [PATCH] rpm: fix /var/lib/libvirt permissions
+
+https://bugzilla.redhat.com/show_bug.cgi?id=649511
+
+Regression of forcing 0700 permissions (which breaks guest startup
+because the qemu user can't see /var/lib/libvirt/*.monitor) was
+introduced in commit 66823690e, as part of libvirt 0.8.2.
+
+* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
+since libvirt depends on libvirt-client.
+(%files client): Guarantee 755 permissions on
+%(_localstatedir}/lib/libvirt, since the qemu user must be able to
+do pathname resolution to a subdirectory.
+---
+ libvirt.spec.in |    3 +--
+ 1 files changed, 1 insertions(+), 2 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index 813e0c0..f77626e 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -793,7 +793,6 @@ fi
+ 
+ %dir %{_localstatedir}/run/libvirt/
+ 
+-%dir %{_localstatedir}/lib/libvirt/
+ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
+ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
+ %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
+@@ -883,7 +882,7 @@ fi
+ 
+ %{_sysconfdir}/rc.d/init.d/libvirt-guests
+ %config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
+-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt
++%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
+ 
+ %if %{with_sasl}
+ %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
+-- 
+1.7.3.4
+

libvirt-0.8.3-octal-addresses.patch

@@ -0,0 +1,53 @@
+From 8efebd1761700a0cc32736829aead7807cc7865d Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
+Date: Tue, 26 Oct 2010 14:45:03 +0200
+Subject: [PATCH] qemu: don't use %.3d format for bus/addr of USB devices
+
+When using 0-prefixed numbers, QEmu will interpret them as octal numbers
+(as C convention says); this means that if you attach a device that has
+addr > 10 (decimal) you're going to attach a different device.
+---
+ src/qemu/qemu_conf.c                               |    4 ++--
+ .../qemuxml2argv-hostdev-usb-address-device.args   |    2 +-
+ .../qemuxml2argv-hostdev-usb-address.args          |    2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index 00e89a1..5bd3d4c 100644
+--- a/src/qemu/qemu_conf.c
++++ b/src/qemu/qemu_conf.c
+@@ -3266,7 +3266,7 @@ qemuBuildUSBHostdevDevStr(virDomainHostdevDefPtr dev)
+         return NULL;
+     }
+ 
+-    if (virAsprintf(&ret, "usb-host,hostbus=%.3d,hostaddr=%.3d,id=%s",
++    if (virAsprintf(&ret, "usb-host,hostbus=%d,hostaddr=%d,id=%s",
+                     dev->source.subsys.u.usb.bus,
+                     dev->source.subsys.u.usb.device,
+                     dev->info.alias) < 0)
+@@ -3288,7 +3288,7 @@ qemuBuildUSBHostdevUsbDevStr(virDomainHostdevDefPtr dev)
+         return NULL;
+     }
+ 
+-    if (virAsprintf(&ret, "host:%.3d.%.3d",
++    if (virAsprintf(&ret, "host:%d.%d",
+                     dev->source.subsys.u.usb.bus,
+                     dev->source.subsys.u.usb.device) < 0)
+         virReportOOMError();
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
+index 6900fd3..7e42542 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
+@@ -1 +1 @@
+-LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -usb -device usb-host,hostbus=014,hostaddr=006,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2
++LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -usb -device usb-host,hostbus=14,hostaddr=6,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
+index e57bec1..96e004d 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
+@@ -1 +1 @@
+-LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -usbdevice host:014.006
++LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -usbdevice host:14.6
+-- 
+1.7.3.4
+

libvirt-0.8.3-read-only-checks.patch

@@ -0,0 +1,95 @@
+From: Guido Günther <agx@sigxcpu.org>
+Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
+Subject: Add missing checks for read only connections
+X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
+
+Add missing checks for read only connections
+
+As pointed on CVE-2011-1146, some API forgot to check the read-only
+status of the connection for entry point which modify the state
+of the system or may lead to a remote execution using user data.
+The entry points concerned are:
+  - virConnectDomainXMLToNative
+  - virNodeDeviceDettach
+  - virNodeDeviceReAttach
+  - virNodeDeviceReset
+  - virDomainRevertToSnapshot
+  - virDomainSnapshotDelete
+
+* src/libvirt.c: fix the above set of entry points to error on read-only
+                 connections
+
+Rebased to 0.8.2, mostly changed the call of the error routines
+---
+
+--- src/libvirt.c.orig	2011-03-14 17:03:45.000000000 +0800
++++ src/libvirt.c	2011-03-14 17:10:41.000000000 +0800
+@@ -3190,6 +3190,10 @@ char *virConnectDomainXMLToNative(virCon
+         virDispatchError(NULL);
+         return (NULL);
+     }
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (nativeFormat == NULL || domainXml == NULL) {
+         virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+@@ -9432,6 +9436,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceDettach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceDettach (dev);
+@@ -9475,6 +9484,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReAttach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReAttach (dev);
+@@ -9520,6 +9534,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReset) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReset (dev);
+@@ -12775,6 +12794,10 @@ virDomainRevertToSnapshot(virDomainSnaps
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainRevertToSnapshot) {
+         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
+@@ -12821,6 +12844,10 @@ virDomainSnapshotDelete(virDomainSnapsho
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainSnapshotDelete) {
+         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

libvirt-0.8.3-remote-protect-against-integer-overflow.patch

@@ -0,0 +1,106 @@
+From 584f9cee6926b57a19cc8bb36ea77124bdcfed94 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 24 Jun 2011 12:16:05 -0600
+Subject: [PATCH] remote: protect against integer overflow
+
+https://bugzilla.redhat.com/show_bug.cgi?id=717204
+CVE-2011-2511 - integer overflow in VirDomainGetVcpus
+
+Integer overflow and remote code are never a nice mix.
+
+This has existed since commit 56cd414.
+
+* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
+* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
+  on sending rpc.
+* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
+  receiving rpc.
+
+(cherry picked from commit 774b21c163845170c9ffa873f5720d318812eaf6)
+
+Conflicts:
+
+	daemon/remote.c
+	src/remote/remote_driver.c
+        src/libvirt.c
+
+Change to internal.h required to avoid backporting 89d994ad.
+---
+ daemon/remote.c            |    3 ++-
+ src/internal.h             |   17 +++++++++++++++++
+ src/libvirt.c              |    4 ++--
+ src/remote/remote_driver.c |    3 ++-
+ 4 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 7464957..c6f7007 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -1697,7 +1697,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+         return -1;
+     }
+ 
+-    if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) ||
++        args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
+         virDomainFree(dom);
+         remoteDispatchFormatError (rerr, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX"));
+         return -1;
+diff --git a/src/internal.h b/src/internal.h
+index fab3e11..53447a9 100644
+--- a/src/internal.h
++++ b/src/internal.h
+@@ -226,4 +226,21 @@
+         }                                                               \
+     } while (0)
+ 
++/* branch-specific: we don't want to update gnulib on the branch, so this
++ * backports just one required macro from newer gnulib's intprops.h.
++ * This version requires that both a and b are 'int', rather than
++ * the fully type-generic version from gnulib.  */
++# define INT_MULTIPLY_OVERFLOW(a, b)            \
++    ((b) < 0                                    \
++     ? ((a) < 0                                 \
++        ? (a) < INT_MAX / (b)                   \
++        : (b) == -1                             \
++        ? 0                                     \
++        : INT_MIN / (b) < (a))                  \
++     : (b) == 0                                 \
++     ? 0                                        \
++     : ((a) < 0                                 \
++        ? (a) < INT_MIN / (b)                   \
++        : INT_MAX / (b) < (a)))
++
+ #endif                          /* __VIR_INTERNAL_H__ */
+diff --git a/src/libvirt.c b/src/libvirt.c
+index 1213ecf..6a584fb 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -5218,8 +5218,8 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
+ 
+     /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
+        try to memcpy anything into a NULL pointer.  */
+-    if ((cpumaps == NULL && maplen != 0)
+-        || (cpumaps && maplen <= 0)) {
++    if (!cpumaps ? maplen != 0
++        : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) {
+         virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
+         goto error;
+     }
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index cb0d8e1..0d9b425 100644
+--- a/src/remote/remote_driver.c
++++ b/src/remote/remote_driver.c
+@@ -2467,7 +2467,8 @@ remoteDomainGetVcpus (virDomainPtr domain,
+                     maxinfo, REMOTE_VCPUINFO_MAX);
+         goto done;
+     }
+-    if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) ||
++        maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
+         remoteError(VIR_ERR_RPC,
+                     _("vCPU map buffer length exceeds maximum: %d > %d"),
+                     maxinfo * maplen, REMOTE_CPUMAPS_MAX);
+-- 
+1.7.3.4
+

sources

@@ -1 +1 @@
-SHA512 (libvirt-7.0.0.tar.xz) = dd6db5ec4971cf4c6059795fd81d5a3a889b10740e34c3c92271eda1c683c99df2c8f923398065d8a7c4f987a20eb1da617d5297ba8ea5a31f154412af50c343
+ae8535ce119d32a2e9fb1f46e2c8f325  libvirt-0.8.3.tar.gz