Fix qemu:///session connect race failures (bz #1271183 )

driver: log missing modules as INFO, not WARN (bz #1274849)
Fix XML validation with qemu commandline passthrough (bz #1292131 )
2016-03-17 17:31:07 -04:00 · 2016-01-20 20:04:34 -05:00 · 2015-12-23 19:09:14 -05:00 · 2015-09-22 09:11:23 -04:00 · 2015-09-21 21:24:48 -04:00 · 2015-06-06 11:17:32 -04:00
25 changed files with 3055 additions and 1682 deletions
@@ -1,31 +0,0 @@
-[suppress_function]
-symbol_version_regexp = LIBVIRT_PRIVATE.*
-soname_regexp = libvirt\\.so.*
-
-[suppress_function]
-symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
-soname_regexp = libvirt-admin\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = LIBVIRT_PRIVATE.*
-soname_regexp = libvirt\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
-soname_regexp = libvirt-admin\\.so.*
-
-[suppress_function]
-symbol_version_regexp = .*
-soname_regexp = libvirt_storage_.*\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = .*
-soname_regexp = libvirt_storage_.*\\.so.*
-
-[suppress_function]
-symbol_version_regexp = .*
-soname_regexp = libvirt_driver_.*\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = .*
-soname_regexp = libvirt_driver_.*\\.so.*
@@ -2,4 +2,4 @@
 *.rpm
 i686
 x86_64
-libvirt-*.tar.xz
+libvirt-*.tar.gz
@@ -1,56 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 21 Jan 2021 16:01:06 -0500
-Subject: [PATCH] build: support explicitly disabling netcf
-
-placing "-Dnetcf=disabled" on the meson commandline was ignored,
-meaning that even with that option the build would get WITH_NETCF if
-the netcf-devel package was found - the only way to disable it was to
-uninstall netcf-devel.
-
-This patch adds the small bit of logic to check the netcf meson
-commandline option (in addition to whether netcf-devel is installed)
-before defining WITH_NETCF.
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Neal Gompa <ngompa13@gmail.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 06169a115d46d8870a96d293c2faf6ea87e71020)
---
- meson.build | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index b5164f68ed..e9d6d9f82e 100644
--- a/meson.build
-+++ b/meson.build
-@@ -1155,8 +1155,10 @@ libm_dep = cc.find_library('m', required : false)
- 
- netcf_version = '0.1.8'
- netcf_dep = dependency('netcf', version: '>=' + netcf_version, required: get_option('netcf'))
-if netcf_dep.found()
-  conf.set('WITH_NETCF', 1)
-+if not get_option('netcf').disabled()
-+  if netcf_dep.found()
-+    conf.set('WITH_NETCF', 1)
-+  endif
- endif
- 
- have_gnu_gettext_tools = false
-@@ -1550,7 +1552,7 @@ elif get_option('driver_hyperv').enabled()
-   error('openwsman is required for the Hyper-V driver')
- endif
- 
-if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or netcf_dep.found())
-+if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or conf.has('WITH_NETCF'))
-   conf.set('WITH_INTERFACE', 1)
- elif get_option('driver_interface').enabled()
-   error('Requested the Interface driver without netcf or udev and libvirtd support')
-@@ -2362,7 +2364,7 @@ libs_summary = {
-   'libssh': libssh_dep.found(),
-   'libssh2': libssh2_dep.found(),
-   'libutil': libutil_dep.found(),
-  'netcf': netcf_dep.found(),
-+  'netcf': conf.has('WITH_NETCF'),
-   'NLS': have_gnu_gettext_tools,
-   'numactl': numactl_dep.found(),
-   'openwsman': openwsman_dep.found(),
@@ -0,0 +1,38 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Thu, 17 Dec 2015 13:43:58 +0100
+Subject: [PATCH] schema: interleave domain name and uuid with other elements
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Allow <name> and <uuid> anywhere under <domain>, not just at the top:
+
+error:XML document failed to validate against schema: Unable to validate
+doc against /usr/share/libvirt/schemas/domain.rng
+Expecting an element name, got nothing
+Invalid sequence in interleave
+Element domain failed to validate content
+
+Introduced with the first RelaxNG schema in commit c642103.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1292131
+(cherry picked from commit b4e0549febe416ffefc16f389423740d6d65fa74)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ docs/schemas/domaincommon.rng | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
+index b252a17..48610ce 100644
+--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
+@@ -30,8 +30,8 @@
+   <define name="domain">
+     <element name="domain">
+       <ref name="hvs"/>
+-      <ref name="ids"/>
+       <interleave>
+        <ref name="ids"/>
+         <optional>
+           <ref name="title"/>
+         </optional>
@@ -0,0 +1,32 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Thu, 14 Jan 2016 14:31:17 +0100
+Subject: [PATCH] leaseshelper: fix crash when no mac is specified
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If dnsmasq specified DNSMASQ_IAID (so we're dealing with an IPv6
+lease) but no DNSMASQ_MAC, we skip creation of the new lease object.
+
+Also skip adding it to the leases array.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1202350
+(cherry picked from commit df9fe124d650bc438c531673492569da87523d20)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/network/leaseshelper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c
+index 2d528f7..6930310 100644
+--- a/src/network/leaseshelper.c
+++ b/src/network/leaseshelper.c
+@@ -439,7 +439,7 @@ main(int argc, char **argv)
+ 
+     case VIR_LEASE_ACTION_OLD:
+     case VIR_LEASE_ACTION_ADD:
+-        if (virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
+        if (lease_new && virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("failed to create json"));
+             goto cleanup;
@@ -1,72 +0,0 @@
-From: wangjian <wangjian161@huawei.com>
-Date: Fri, 26 Mar 2021 11:21:16 +0800
-Subject: [PATCH] node_device_udev: Serialize access to pci_get_strings)_
-
-Since the functions provided by libpciaccess are not thread-safe,
-when the udev-event and nodedev-init threads of libvirt call the
-pci_get_strings function provided by libpaciaccess at the same
-time the following can happen:
-
-nodedev-init thread:
-nodeStateInitializeEnumerate ->
-  udevEnumerateDevices->
-    udevProcessDeviceListEntry ->
-      udevAddOneDevice ->
-        udevGetDeviceDetails->
-          udevProcessPCI ->
-            udevTranslatePCIIds ->
-              pci_get_strings -> (libpciaccess)
-                find_device_name ->
-                  populate_vendor ->
-                    d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                    vend->num_devices++;
-
-udev-event thread:
-udevEventHandleThread ->
-  udevHandleOneDevice ->
-    udevAddOneDevice->
-      udevGetDeviceDetails->
-        udevProcessPCI ->
-          udevTranslatePCIIds ->
-            pci_get_strings -> (libpciaccess)
-              find_device_name ->
-                populate_vendor ->
-                  d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                  vend->num_devices++;
-
-Signed-off-by: WangJian <wangjian161@huawei.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 59788a5caea5f292c86e07a31ee2b853d68db87e)
---
- src/node_device/node_device_udev.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
-index 55a2731681..6f0defe908 100644
--- a/src/node_device/node_device_udev.c
-+++ b/src/node_device/node_device_udev.c
-@@ -328,6 +328,7 @@ udevGenerateDeviceName(struct udev_device *device,
-     return 0;
- }
- 
-+static virMutex pciaccessMutex = VIR_MUTEX_INITIALIZER;
- 
- static int
- udevTranslatePCIIds(unsigned int vendor,
-@@ -346,12 +347,14 @@ udevTranslatePCIIds(unsigned int vendor,
-     m.device_class_mask = 0;
-     m.match_data = 0;
- 
-    /* pci_get_strings returns void */
-+    /* pci_get_strings returns void and unfortunately is not thread safe. */
-+    virMutexLock(&pciaccessMutex);
-     pci_get_strings(&m,
-                     &device_name,
-                     &vendor_name,
-                     NULL,
-                     NULL);
-+    virMutexUnlock(&pciaccessMutex);
- 
-     *vendor_string = g_strdup(vendor_name);
-     *product_string = g_strdup(device_name);
@@ -0,0 +1,63 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 19 Jan 2016 22:19:56 -0500
+Subject: [PATCH] build: predictably generate systemtap tapsets (bz 1173641)
+
+The generated output is dependent on perl hashtable ordering, which
+gives different results for i686 and x86_64. Fix this by sorting
+the hash keys before iterating over them
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1173641
+(cherry picked from commit a1edb05c6028470aa24b74aa0f8d5fb5a181128a)
+---
+ src/rpc/gensystemtap.pl | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/rpc/gensystemtap.pl b/src/rpc/gensystemtap.pl
+index 2467300..7b80fbf 100755
+--- a/src/rpc/gensystemtap.pl
+++ b/src/rpc/gensystemtap.pl
+@@ -72,7 +72,7 @@ function libvirt_rpc_auth_name(type, verbose)
+ {
+ EOF
+ my $first = 1;
+-foreach my $type (keys %auth) {
+foreach my $type (sort(keys %auth)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (type == ", $type, ") {\n";
+@@ -95,7 +95,7 @@ function libvirt_rpc_type_name(type, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $type (keys %type) {
+foreach my $type (sort(keys %type)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (type == ", $type, ") {\n";
+@@ -118,7 +118,7 @@ function libvirt_rpc_status_name(status, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $status (keys %status) {
+foreach my $status (sort(keys %status)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (status == ", $status, ") {\n";
+@@ -141,7 +141,7 @@ function libvirt_rpc_program_name(program, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $prog (keys %funcs) {
+foreach my $prog (sort(keys %funcs)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (program == ", $funcs{$prog}->{id}, ") {\n";
+@@ -165,7 +165,7 @@ function libvirt_rpc_procedure_name(program, version, proc, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $prog (keys %funcs) {
+foreach my $prog (sort(keys %funcs)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (program == ", $funcs{$prog}->{id}, " && version == ", $funcs{$prog}->{version}, ") {\n";
@@ -1,53 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 24 Jun 2021 16:58:09 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Don't drop CAP_SETPCAP right away
-
-There are few cases where we execute a virCommand with all caps
-cleared (virCommandClearCaps()). For instance
-dnsmasqCapsRefreshInternal() does just that. This means, that
-after fork() and before exec() the virSetUIDGIDWithCaps() is
-called. But since the caller did not want to change anything,
-just drop capabilities, these are the values of arguments:
-
-  virSetUIDGIDWithCaps (uid=-1, gid=-1, groups=0x0, ngroups=0,
-                        capBits=0, clearExistingCaps=true)
-
-This means that indeed all capabilities will be dropped,
-including CAP_SETPCAP. But this capability controls whether
-capabilities can be set, IOW whether capng_apply() succeeds.
-
-There are two calls of capng_apply() in the function. The
-CAP_SETPCAP is dropped after the first call and thus the other
-call (capng_apply(CAPNG_SELECT_BOUNDS);) fails.
-
-The solution is to keep the capability for as long as needed
-(just like CAP_SETGID and CAP_SETUID) and drop it only at the
-very end (just like CAP_SETGID and CAP_SETUID).
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1949388
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 438b50dda8a863fdc988e9ab612f097cc1626e8a)
---
- src/util/virutil.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index a0cd0f1bcd..7ae23a7061 100644
--- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1202,12 +1202,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-     }
- # ifdef PR_CAPBSET_DROP
-     /* If newer kernel, we need also need setpcap to change the bounding set */
-    if ((capBits || need_setgid || need_setuid) &&
-        !capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-+    if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-         need_setpcap = true;
-    }
-    if (need_setpcap)
-         capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
-+    }
- # endif
- 
-     /* Tell system we want to keep caps across uid change */
@@ -0,0 +1,30 @@
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Fri, 3 Jul 2015 16:51:56 +0100
+Subject: [PATCH] rpc: ensure daemon is spawn even if dead socket exists
+
+The auto-spawn code would originally attempt to spawn the
+daemon for both ENOENT and ECONNREFUSED errors from connect().
+The various refactorings eventually lost this so we only
+spawn the daemon on ENOENT. The result is if the daemon exits
+uncleanly, so that the socket is left in the filesystem, we
+will never be able to auto-spawn the daemon again.
+
+(cherry picked from commit 406ee8c226d2197ba1aaecb9cf3ad2b6df31ae44)
+---
+ src/rpc/virnetsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 51f94d4..6153e0e 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -610,7 +610,8 @@ int virNetSocketNewConnectUNIX(const char *path,
+ 
+     while (retries &&
+            connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
+-        if (!(spawnDaemon && errno == ENOENT)) {
+        if (!(spawnDaemon && (errno == ENOENT ||
+                              errno == ECONNREFUSED))) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+             goto cleanup;
@@ -1,51 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Jun 2021 13:09:04 +0100
-Subject: [PATCH] security: fix SELinux label generation logic
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A process can access a file if the set of MCS categories
-for the file is equal-to *or* a subset-of, the set of
-MCS categories for the process.
-
-If there are two VMs:
-
-  a) svirt_t:s0:c117
-  b) svirt_t:s0:c117,c720
-
-Then VM (b) is able to access files labelled for VM (a).
-
-IOW, we must discard case where the categories are equal
-because that is a subset of many other valid category pairs.
-
-Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
-CVE-2021-3631
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 15073504dbb624d3f6c911e85557019d3620fdb2)
---
- src/security/security_selinux.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 2fc6ef2616..61a871ec3d 100644
--- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -389,7 +389,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
-         VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
- 
-         if (c1 == c2) {
-            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
-+            /*
-+             * A process can access a file if the set of MCS categories
-+             * for the file is equal-to *or* a subset-of, the set of
-+             * MCS categories for the process.
-+             *
-+             * IOW, we must discard case where the categories are equal
-+             * because that is a subset of other category pairs.
-+             */
-+            continue;
-         } else {
-             if (c1 > c2) {
-                 int t = c1;
@@ -0,0 +1,48 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:01:24 -0500
+Subject: [PATCH] rpc: socket: Minor cleanups
+
+- Add some debugging
+- Make the loop dependent only on retries
+- Make it explicit that connect(2) success exits the loop
+- Invert the error checking logic
+
+(cherry picked from commit f102c7146ed7f6e04af0ad3bce302476239f2502)
+---
+ src/rpc/virnetsocket.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 6153e0e..dcff69e 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -548,6 +548,9 @@ int virNetSocketNewConnectUNIX(const char *path,
+     char *rundir = NULL;
+     int ret = -1;
+ 
+    VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
+        NULLSTR(binary));
+
+     memset(&localAddr, 0, sizeof(localAddr));
+     memset(&remoteAddr, 0, sizeof(remoteAddr));
+ 
+@@ -608,10 +611,15 @@ int virNetSocketNewConnectUNIX(const char *path,
+     if (remoteAddr.data.un.sun_path[0] == '@')
+         remoteAddr.data.un.sun_path[0] = '\0';
+ 
+-    while (retries &&
+-           connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
+-        if (!(spawnDaemon && (errno == ENOENT ||
+-                              errno == ECONNREFUSED))) {
+    while (retries) {
+        if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) == 0) {
+            VIR_DEBUG("connect() succeeded");
+            break;
+        }
+        VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
+
+        if (!spawnDaemon ||
+            (errno != ENOENT && errno != ECONNREFUSED)) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+             goto cleanup;
@@ -1,43 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 22 Jul 2021 14:26:00 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Set bounding capabilities only with
- CAP_SETPCAP
-
-In one of my previous patches I've tried to postpone dropping
-CAP_SETPCAP until the very end because it's needed for
-capng_apply(). What I did not realize back then was that we might
-not have the capability to begin with. Because of unknown reasons
-capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not
-for CAPNG_SELECT_CAPS.
-
-Reproducer is really simple: run libvirtd as a regular user.
-During its initialization, libvirtd will spawn some binaries
-(dnsmasq, qemu-*, etc.) and while doing so it will try to drop
-capabilities.
-
-Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we
-have the CAP_SETPCAP (which is tracked in need_setpcap variable).
-
-Fixes: 438b50dda8a863fdc988e9ab612f097cc1626e8a
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1924218
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit a2476f37a7789eb9315b77bb451f4754ef4ef15b)
---
- src/util/virutil.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index 7ae23a7061..333f99e91d 100644
--- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1269,7 +1269,8 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-      * do this if we failed to get the capability above, so ignore the
-      * return value.
-      */
-    capng_apply(CAPNG_SELECT_BOUNDS);
-+    if (!need_setpcap)
-+        capng_apply(CAPNG_SELECT_BOUNDS);
- 
-     /* Drop the caps that allow setuid/gid (unless they were requested) */
-     if (need_setgid)
@@ -1,57 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Mon, 10 May 2021 15:07:09 +0200
-Subject: [PATCH] qemu_firmware: don't error out for unknown firmware features
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When QEMU introduces new firmware features libvirt will fail until we
-list that feature in our code as well which doesn't sound right.
-
-We should simply ignore the new feature until we add a proper support
-for it.
-
-Reported-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9)
---
- src/qemu/qemu_firmware.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
-index 639cff7459..e602de22e3 100644
--- a/src/qemu/qemu_firmware.c
-+++ b/src/qemu/qemu_firmware.c
-@@ -573,6 +573,7 @@ qemuFirmwareFeatureParse(const char *path,
-     virJSONValuePtr featuresJSON;
-     g_autoptr(qemuFirmwareFeature) features = NULL;
-     size_t nfeatures;
-+    size_t nparsed = 0;
-     size_t i;
- 
-     if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features"))) {
-@@ -592,17 +593,16 @@ qemuFirmwareFeatureParse(const char *path,
-         int tmp;
- 
-         if ((tmp = qemuFirmwareFeatureTypeFromString(tmpStr)) <= 0) {
-            virReportError(VIR_ERR_INTERNAL_ERROR,
-                           _("unknown feature %s"),
-                           tmpStr);
-            return -1;
-+            VIR_DEBUG("ignoring unknown QEMU firmware feature '%s'", tmpStr);
-+            continue;
-         }
- 
-        features[i] = tmp;
-+        features[nparsed] = tmp;
-+        nparsed++;
-     }
- 
-     fw->features = g_steal_pointer(&features);
-    fw->nfeatures = nfeatures;
-+    fw->nfeatures = nparsed;
-     return 0;
- }
- 
@@ -0,0 +1,40 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:08:45 -0500
+Subject: [PATCH] rpc: socket: Explicitly error if we exceed retry count
+
+When we autolaunch libvirtd for session URIs, we spin in a retry
+loop waiting for the daemon to start and the connect(2) to succeed.
+
+However if we exceed the retry count, we don't explicitly raise an
+error, which can yield a slew of different error messages elsewhere
+in the code.
+
+Explicitly raise the last connect(2) failure if we run out of retries.
+
+(cherry picked from commit 8da02d528068942303923fc4f935e77cccac9c7c)
+---
+ src/rpc/virnetsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index dcff69e..90951be 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -618,7 +618,9 @@ int virNetSocketNewConnectUNIX(const char *path,
+         }
+         VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
+ 
+        retries--;
+         if (!spawnDaemon ||
+            retries == 0 ||
+             (errno != ENOENT && errno != ECONNREFUSED)) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+@@ -628,7 +630,6 @@ int virNetSocketNewConnectUNIX(const char *path,
+         if (virNetSocketForkDaemon(binary) < 0)
+             goto cleanup;
+ 
+-        retries--;
+         usleep(5000);
+     }
+ 
@@ -0,0 +1,43 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:13:38 -0500
+Subject: [PATCH] rpc: socket: Don't repeatedly attempt to launch daemon
+
+On every socket connect(2) attempt we were re-launching session
+libvirtd, up to 100 times in 5 seconds.
+
+This understandably caused some weird load races and intermittent
+qemu:///session startup failures
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1271183
+(cherry picked from commit 2eb7a975756d05a5b54ab4acf60083beb6161ac6)
+---
+ src/rpc/virnetsocket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 90951be..2ee4b6e 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -547,6 +547,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+     virSocketAddr remoteAddr;
+     char *rundir = NULL;
+     int ret = -1;
+    bool daemonLaunched = false;
+ 
+     VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
+         NULLSTR(binary));
+@@ -627,8 +628,12 @@ int virNetSocketNewConnectUNIX(const char *path,
+             goto cleanup;
+         }
+ 
+-        if (virNetSocketForkDaemon(binary) < 0)
+-            goto cleanup;
+        if (!daemonLaunched) {
+            if (virNetSocketForkDaemon(binary) < 0)
+                goto cleanup;
+
+            daemonLaunched = true;
+        }
+ 
+         usleep(5000);
+     }
@@ -1,33 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Wed, 21 Jul 2021 11:22:25 +0200
-Subject: [PATCH] storage_driver: Unlock object on ACL fail in
- storagePoolLookupByTargetPath
-
-'virStoragePoolObjListSearch' returns a locked and refed object, thus we
-must release it on ACL permission failure.
-
-Fixes: 7aa0e8c0cb8
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87)
---
- src/storage/storage_driver.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
-index 16bc53aa46..2787c1671b 100644
--- a/src/storage/storage_driver.c
-+++ b/src/storage/storage_driver.c
-@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
-                                            storagePoolLookupByTargetPathCallback,
-                                            cleanpath))) {
-         def = virStoragePoolObjGetDef(obj);
-        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
-+        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
-+            virStoragePoolObjEndAPI(&obj);
-             return NULL;
-+        }
- 
-         pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
-         virStoragePoolObjEndAPI(&obj);
@@ -0,0 +1,57 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 15 Jan 2016 10:55:58 +0100
+Subject: [PATCH] security: Do not restore kernel and initrd labels
+
+Kernel/initrd files are essentially read-only shareable images and thus
+should be handled in the same way. We already use the appropriate label
+for kernel/initrd files when starting a domain, but when a domain gets
+destroyed we would remove the labels which would make other running
+domains using the same files very unhappy.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=921135
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 68acc701bd449481e3206723c25b18fcd3d261b7)
+---
+ src/security/security_dac.c     | 8 --------
+ src/security/security_selinux.c | 8 --------
+ 2 files changed, 16 deletions(-)
+
+diff --git a/src/security/security_dac.c b/src/security/security_dac.c
+index deb6980..d01215f 100644
+--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
+@@ -971,14 +971,6 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
+         virSecurityDACRestoreSecurityFileLabel(def->os.loader->nvram) < 0)
+         rc = -1;
+ 
+-    if (def->os.kernel &&
+-        virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
+-        rc = -1;
+-
+-    if (def->os.initrd &&
+-        virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
+-        rc = -1;
+-
+     if (def->os.dtb &&
+         virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
+         rc = -1;
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 6e67a86..2475a80 100644
+--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
+@@ -1953,14 +1953,6 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
+         virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.loader->nvram) < 0)
+         rc = -1;
+ 
+-    if (def->os.kernel &&
+-        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0)
+-        rc = -1;
+-
+-    if (def->os.initrd &&
+-        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
+-        rc = -1;
+-
+     if (def->os.dtb &&
+         virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
+         rc = -1;
@@ -1,81 +0,0 @@
-From 7e299ba649b1288d529c7595c0e6060c9ae0ff2a Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 09:57:49 +0100
-Subject: [PATCH 1/2] wireshark: Switch to tvb_bytes_to_str()
-
-When the dissector sees a byte sequence that is either an opaque
-data (xdr_opaque) or a byte sequence (xdr_bytes) it formats the
-bytes as a hex numbers using our own implementation. But
-wireshark already provides a function for it: tvb_bytes_to_str().
-NB, the reason why it returns a const string is so that callers
-don't try to free it - the string is allocated using an allocator
-which will decide when to free it.
-
-The wireshark formatter was introduced in wireshark commit of
-v1.99.2~479 and thus is present in the version we require at
-least (2.6.0).
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 30 ++++++++--------------------
- 1 file changed, 8 insertions(+), 22 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index f43919b05d..cb922b8070 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -158,24 +158,6 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     }
- }
- 
-static const gchar *
-format_xdr_bytes(guint8 *bytes, guint32 length)
-{
-    gchar *buf;
-    guint32 i;
-
-    if (length == 0)
-        return "";
-    buf = wmem_alloc(wmem_packet_scope(), length*2 + 1);
-    for (i = 0; i < length; i++) {
-        /* We know that buf has enough size to contain
-           2 * length + '\0' characters. */
-        g_snprintf(buf, 2*(length - i) + 1, "%02x", bytes[i]);
-        buf += 2;
-    }
-    return buf - length*2;
-}
-
- static gboolean
- dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-                    guint32 size)
-@@ -187,8 +169,10 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     val = g_malloc(size);
-     start = xdr_getpos(xdrs);
-     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
-                                          NULL, "%s", format_xdr_bytes(val, size));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-     } else {
-         proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA);
-     }
-@@ -207,8 +191,10 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- 
-     start = xdr_getpos(xdrs);
-     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
-                                          NULL, "%s", format_xdr_bytes(val, length));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-         /* Seems I can't call xdr_free() for this case.
-            It will raises SEGV by referencing out of bounds call stack */
-         free(val);
-- 
-2.33.1
-
@@ -0,0 +1,37 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 15 Mar 2016 17:04:32 -0400
+Subject: [PATCH] rpc: wait longer for session daemon to start up
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1271183
+
+We only wait 0.5 seconds for the session daemon to start up and present
+its socket, which isn't sufficient for many users. Bump up the sleep
+interval and retry amount so we wait for a total of 5.0 seconds.
+
+(cherry picked from commit ca0c06f4008154de55e0b3109885facd0bf02d32)
+---
+ src/rpc/virnetsocket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 2ee4b6e..275f1f5 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -542,7 +542,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+     char *lockpath = NULL;
+     int lockfd = -1;
+     int fd = -1;
+-    int retries = 100;
+    int retries = 500;
+     virSocketAddr localAddr;
+     virSocketAddr remoteAddr;
+     char *rundir = NULL;
+@@ -635,7 +635,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+             daemonLaunched = true;
+         }
+ 
+-        usleep(5000);
+        usleep(10000);
+     }
+ 
+     localAddr.len = sizeof(localAddr.data);
@@ -1,33 +0,0 @@
-From 010613cfd8dae6d85602a84c5c95b2d441e1b3d1 Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 10:20:05 +0100
-Subject: [PATCH 2/2] wireshark: Drop needless comment in dissect_xdr_bytes()
-
-In the dissect_xdr_bytes() there's a comment that the string
-allocated by xdr_bytes() can't be freed using xdr_free(). Well,
-that is expected because xdr_bytes() used plain calloc() AND the
-string is not an XDR struct but plain 'char *' type. Passing it
-to xdr_free() must result in weird things happening.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index cb922b8070..eeacbcdf0e 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -195,8 +195,6 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-         const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-        /* Seems I can't call xdr_free() for this case.
-           It will raises SEGV by referencing out of bounds call stack */
-         free(val);
-         return TRUE;
-     } else {
-- 
-2.33.1
-
@@ -0,0 +1,27 @@
+From: Jovanka Gulicoska <jovanka.gulicoska@gmail.com>
+Date: Thu, 17 Mar 2016 20:02:20 +0100
+Subject: [PATCH] driver: log missing modules as INFO, not WARN
+
+Missing modules is a common expected scenario for most libvirt usage on
+RPM distributions like Fedora, so it doesn't really warrant logging at
+WARN level. Use INFO instead
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1274849
+(cherry picked from commit 9a0c7f5f834185db9017c34aabc03ad99cf37bed)
+---
+ src/driver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/driver.c b/src/driver.c
+index db03438..f926fe4 100644
+--- a/src/driver.c
+++ b/src/driver.c
+@@ -62,7 +62,7 @@ virDriverLoadModule(const char *name)
+         return NULL;
+ 
+     if (access(modfile, R_OK) < 0) {
+-        VIR_WARN("Module %s not accessible", modfile);
+        VIR_INFO("Module %s not accessible", modfile);
+         goto cleanup;
+     }
+ 
@@ -0,0 +1,126 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 28 Apr 2015 17:38:00 -0400
+Subject: [PATCH] polkit: Allow password-less access for 'libvirt' group
+
+Many users, who admin their own machines, want to be able to access
+system libvirtd via tools like virt-manager without having to enter
+a root password. Just google 'virt-manager without password' and
+you'll find many hits. I've read at least 5 blog posts over the years
+describing slightly different ways of achieving this goal.
+
+Let's finally add official support for this.
+
+Install a polkit-1 rules file granting password-less auth for any user
+in the new 'libvirt' group. Create the group on RPM install
+
+https://bugzilla.redhat.com/show_bug.cgi?id=957300
+(cherry picked from commit e94979e901517af9fdde358d7b7c92cc055dd50c)
+---
+ daemon/Makefile.am   | 13 +++++++++++++
+ daemon/libvirt.rules |  9 +++++++++
+ libvirt.spec.in      | 15 +++++++++++++--
+ 3 files changed, 35 insertions(+), 2 deletions(-)
+ create mode 100644 daemon/libvirt.rules
+
+diff --git a/daemon/Makefile.am b/daemon/Makefile.am
+index b95a79d..9c5ea37 100644
+--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
+@@ -53,6 +53,7 @@ EXTRA_DIST =						\
+ 	libvirtd.init.in				\
+ 	libvirtd.upstart				\
+ 	libvirtd.policy.in				\
+	libvirt.rules					\
+ 	libvirtd.sasl					\
+ 	libvirtd.service.in				\
+ 	libvirtd.socket.in				\
+@@ -233,6 +234,8 @@ policyauth = auth_admin_keep_session
+ else ! WITH_POLKIT0
+ policydir = $(datadir)/polkit-1/actions
+ policyauth = auth_admin_keep
+rulesdir = $(datadir)/polkit-1/rules.d
+rulesfile = libvirt.rules
+ endif ! WITH_POLKIT0
+ endif WITH_POLKIT
+ 
+@@ -263,9 +266,19 @@ if WITH_POLKIT
+ install-data-polkit::
+ 	$(MKDIR_P) $(DESTDIR)$(policydir)
+ 	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+if ! WITH_POLKIT0
+	$(MKDIR_P) $(DESTDIR)$(rulesdir)
+	$(INSTALL_DATA) $(srcdir)/$(rulesfile) $(DESTDIR)$(rulesdir)/50-libvirt.rules
+endif ! WITH_POLKIT0
+
+ uninstall-data-polkit::
+ 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ 	rmdir $(DESTDIR)$(policydir) || :
+if ! WITH_POLKIT0
+	rm -f $(DESTDIR)$(rulesdir)/50-libvirt.rules
+	rmdir $(DESTDIR)$(rulesdir) || :
+endif ! WITH_POLKIT0
+
+ else ! WITH_POLKIT
+ install-data-polkit::
+ uninstall-data-polkit::
+diff --git a/daemon/libvirt.rules b/daemon/libvirt.rules
+new file mode 100644
+index 0000000..01a15fa
+--- /dev/null
+++ b/daemon/libvirt.rules
+@@ -0,0 +1,9 @@
+// Allow any user in the 'libvirt' group to connect to system libvirtd
+// without entering a password.
+
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.libvirt.unix.manage" &&
+        subject.isInGroup("libvirt")) {
+        return polkit.Result.YES;
+    }
+});
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index dc327a2..a23629d 100644
+--- a/libvirt.spec.in
+++ b/libvirt.spec.in
+@@ -1631,9 +1631,9 @@ then
+ fi
+ 
+ %if %{with_libvirtd}
+%pre daemon
+     %if ! %{with_driver_modules}
+         %if %{with_qemu}
+-%pre daemon
+             %if 0%{?fedora} || 0%{?rhel} >= 6
+ # We want soft static allocation of well-known ids, as disk images
+ # are commonly shared across NFS mounts by id rather than name; see
+@@ -1647,11 +1647,21 @@ if ! getent passwd qemu >/dev/null; then
+     useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+   fi
+ fi
+-exit 0
+             %endif
+         %endif
+     %endif
+ 
+    %if %{with_polkit}
+        %if 0%{?fedora} || 0%{?rhel} >= 6
+# 'libvirt' group is just to allow password-less polkit access to
+# libvirtd. The uid number is irrelevant, so we use dynamic allocation
+# described at the above link.
+getent group libvirt >/dev/null || groupadd -r libvirt
+        %endif
+    %endif
+
+exit 0
+
+ %post daemon
+ 
+     %if %{with_systemd}
+@@ -1925,6 +1935,7 @@ exit 0
+         %if 0%{?fedora} || 0%{?rhel} >= 6
+ %{_datadir}/polkit-1/actions/org.libvirt.unix.policy
+ %{_datadir}/polkit-1/actions/org.libvirt.api.policy
+%{_datadir}/polkit-1/rules.d/50-libvirt.rules
+         %else
+ %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
+         %endif
@@ -0,0 +1,21 @@
+# Makefile for source rpm: libvirt
+# $Id$
+NAME := libvirt
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attempt a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)
@@ -1 +1 @@
-SHA512 (libvirt-7.0.0.tar.xz) = dd6db5ec4971cf4c6059795fd81d5a3a889b10740e34c3c92271eda1c683c99df2c8f923398065d8a7c4f987a20eb1da617d5297ba8ea5a31f154412af50c343
+05f461cd499c628ef07822dd607c340a  libvirt-1.2.13.2.tar.gz
Author	SHA1	Message	Date
Cole Robinson	d2399d7bdf	Fix qemu:///session connect race failures (bz #1271183 ) driver: log missing modules as INFO, not WARN (bz #1274849)	2016-03-17 17:31:07 -04:00
Cole Robinson	c76aa1c80f	Fix XML validation with qemu commandline passthrough (bz #1292131 ) Fix crash in libvirt_leasehelper (bz #1202350) Generate consistent systemtap tapsets regardless of host arch (bz #1173641) Fix qemu:///session error 'Transport endpoint is not connected' (bz #1271183) Fix parallel VM start/top svirt errors on kernel/initrd (bz #1269975)	2016-01-20 20:04:34 -05:00
Cole Robinson	43c932192d	Rebased to version 1.2.13.2 disk backend is not removed properly when disk frontent hotplug fails (bz #1265968) Fix TPM cancel path on newer kernels (bz #1244895) Remove timeout for libvirt-guests.service (bz #1195544) CVE-2015-5313 libvirt: filesystem storage volume names path traversal flaw (bz #1291433) Fix VM names with non-ascii (bz #1062943) Fix backwards migration with graphics listen address (bz #1276883)	2015-12-23 19:09:14 -05:00
Cole Robinson	1b23098699	Fix polkit dep	2015-09-22 09:11:23 -04:00
Cole Robinson	925965e626	Add sanity checks for drive mirroring (bz #1263438 )	2015-09-21 21:24:48 -04:00
Cole Robinson	b8aa82790b	Add patches	2015-06-06 11:17:32 -04:00
Cole Robinson	ba6977e03f	lxc network fixes (bz #1225591 , bz #1225593 , bz #1225594 ) polkit: Allow password-less access for 'libvirt' group (bz #957300)	2015-06-06 11:12:42 -04:00
Cole Robinson	e18130141c	Rebased to version 1.2.13.1 Fix getVersion() after installing qemu (bz #1000116) Fix autosocket setup with qemu:///session (bz #1044561, bz #1105274) Ignore storage volumes with non-ascii in names (bz #1066564) Don't generate invalid system nodedev XML (bz #1184131) Fix crash via race when unrefing rpc identity object (bz #1203030) Fix domcapabilities failure with ppc64le (bz #1209948) Fix regression with 'virsh event ' (bz #1212620) Add {Haswell,Broadwell}-noTSX CPU models (bz #1182650) Don't lose VMs on libvirtd restart if qemu is uninstalled (bz #1099847) Ignore storage volumes that libvirt can't open (bz #1103308)	2015-04-28 12:20:27 -04:00
Cole Robinson	a99455b301	Fix LXC domain startup (bz #1210397 ) Fix crash via identify object cleanup race (bz #1203030) Fix race starting multiple session daemons (bz #1200149) Fix change-media success messages Strip invalid control codes from XML (bz #1066564, bz #1184131)	2015-04-15 14:37:39 -04:00