add ARM to NUMA platform exlcludes

Fix for CVE-2011-2178, regression introduced in disk probe logic,
Bug 709775

.gitignore

@@ -3,5 +3,3 @@
 i686
 x86_64
 libvirt-*.tar.gz
-libvirt-0.6.0.tar.gz
-libvirt-0.6.1.tar.gz

Makefile

@@ -4,7 +4,7 @@ NAME := libvirt
 SPECFILE = $(firstword $(wildcard *.spec))
 
 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 
 MAKEFILE_COMMON := $(shell $(find-makefile-common))

libvirt-0.6.1-events-dispatch.patch

@@ -1,46 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 10:35:21 +0000 (+0000)
-Subject: Fix dispatch of FD events when one or more handles are marked deleted
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=10baf3deb8588f5902b6f2eb362fb408707e3d95
-
-Fix dispatch of FD events when one or more handles are marked deleted
----
-
-diff --git a/qemud/event.c b/qemud/event.c
-index c9ea563..0887008 100644
---- a/qemud/event.c
-+++ b/qemud/event.c
-@@ -409,25 +409,26 @@ static int virEventDispatchTimeouts(void) {
-  * Returns 0 upon success, -1 if an error occurred
-  */
- static int virEventDispatchHandles(int nfds, struct pollfd *fds) {
--    int i;
-+    int i, n;
- 
--    for (i = 0 ; i < nfds ; i++) {
-+    for (i = 0, n = 0 ; i < eventLoop.handlesCount && n < nfds ; i++) {
-         if (eventLoop.handles[i].deleted) {
-             EVENT_DEBUG("Skip deleted %d", eventLoop.handles[i].fd);
-             continue;
-         }
- 
--        if (fds[i].revents) {
-+        if (fds[n].revents) {
-             virEventHandleCallback cb = eventLoop.handles[i].cb;
-             void *opaque = eventLoop.handles[i].opaque;
--            int hEvents = virPollEventToEventHandleType(fds[i].revents);
--            EVENT_DEBUG("Dispatch %d %d %p", fds[i].fd,
--                        fds[i].revents, eventLoop.handles[i].opaque);
-+            int hEvents = virPollEventToEventHandleType(fds[n].revents);
-+            EVENT_DEBUG("Dispatch %d %d %p", fds[n].fd,
-+                        fds[n].revents, eventLoop.handles[i].opaque);
-             virEventUnlock();
-             (cb)(eventLoop.handles[i].watch,
--                 fds[i].fd, hEvents, opaque);
-+                 fds[n].fd, hEvents, opaque);
-             virEventLock();
-         }
-+        n++;
-     }
- 
-     return 0;

libvirt-0.6.1-fd-leaks.patch

@@ -1,78 +0,0 @@
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 16 Mar 2009 10:41:37 +0000 (+0000)
-Subject: Avoid some potential FILE * leaks
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=39429bab2d55807698d9aed0112200ae532799b8
-
-Avoid some potential FILE * leaks
-* qemud/qemud.c src/cgroup.c src/uml_driver.c src/util.c: close
-  some potential FILE * leaks
-Daniel
----
-
-diff --git a/qemud/qemud.c b/qemud/qemud.c
-index fd315fc..4f04355 100644
---- a/qemud/qemud.c
-+++ b/qemud/qemud.c
-@@ -488,7 +488,7 @@ static int qemudWritePidFile(const char *pidFile) {
-     if (fprintf(fh, "%lu\n", (unsigned long)getpid()) < 0) {
-         VIR_ERROR(_("Failed to write to pid file '%s' : %s"),
-                   pidFile, virStrerror(errno, ebuf, sizeof ebuf));
--        close(fd);
-+        fclose(fh);
-         return -1;
-     }
- 
-diff --git a/src/cgroup.c b/src/cgroup.c
-index 5af44bd..d1d44a2 100644
---- a/src/cgroup.c
-+++ b/src/cgroup.c
-@@ -57,7 +57,7 @@ void virCgroupFree(virCgroupPtr *group)
- 
- static virCgroupPtr virCgroupGetMount(const char *controller)
- {
--    FILE *mounts;
-+    FILE *mounts = NULL;
-     struct mntent entry;
-     char buf[CGROUP_MAX_VAL];
-     virCgroupPtr root = NULL;
-@@ -90,6 +90,8 @@ static virCgroupPtr virCgroupGetMount(const char *controller)
- 
-     return root;
- err:
-+    if (mounts != NULL)
-+        fclose(mounts);
-     virCgroupFree(&root);
- 
-     return NULL;
-diff --git a/src/uml_driver.c b/src/uml_driver.c
-index 1dc7ccd..f7400f9 100644
---- a/src/uml_driver.c
-+++ b/src/uml_driver.c
-@@ -547,6 +547,7 @@ reopen:
- 
-     if (fscanf(file, "%d", &vm->pid) != 1) {
-         errno = EINVAL;
-+        fclose(file);
-         goto cleanup;
-     }
- 
-@@ -1040,6 +1041,7 @@ static int umlGetProcessInfo(unsigned long long *cpuTime, int pid) {
- 
-     if (fscanf(pidinfo, "%*d %*s %*c %*d %*d %*d %*d %*d %*u %*u %*u %*u %*u %llu %llu", &usertime, &systime) != 2) {
-         umlDebug("not enough arg");
-+        fclose(pidinfo);
-         return -1;
-     }
- 
-diff --git a/src/util.c b/src/util.c
-index 9b74757..66ad9a4 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -1058,6 +1058,7 @@ int virFileReadPid(const char *dir,
- 
-     if (fscanf(file, "%d", pid) != 1) {
-         rc = EINVAL;
-+        fclose(file);
-         goto cleanup;
-     }
- 

libvirt-0.6.1-fd-leaks2.patch

@@ -1,40 +0,0 @@
-Index: src/remote_internal.c
-===================================================================
-RCS file: /data/cvs/libxen/src/remote_internal.c,v
-retrieving revision 1.141
-diff -u -u -p -r1.141 remote_internal.c
---- src/remote_internal.c	3 Mar 2009 19:33:34 -0000	1.141
-+++ src/remote_internal.c	16 Mar 2009 16:57:17 -0000
-@@ -332,7 +332,7 @@ doRemoteOpen (virConnectPtr conn,
-               virConnectAuthPtr auth ATTRIBUTE_UNUSED,
-               int flags)
- {
--    int wakeupFD[2];
-+    int wakeupFD[2] = { -1, -1 };
-     char *transport_str = NULL;
- 
-     if (conn->uri) {
-@@ -885,6 +885,11 @@ doRemoteOpen (virConnectPtr conn,
- #endif
-     }
- 
-+    if (wakeupFD[0] >= 0) {
-+        close(wakeupFD[0]);
-+	close(wakeupFD[1]);
-+    }
-+
-     VIR_FREE(priv->hostname);
-     goto cleanup;
- }
-@@ -1350,6 +1355,11 @@ doRemoteClose (virConnectPtr conn, struc
-         } while (reap != -1 && reap != priv->pid);
-     }
- #endif
-+    if (priv->wakeupReadFD >= 0) {
-+        close(priv->wakeupReadFD);
-+	close(priv->wakeupSendFD);
-+    }
-+
- 
-     /* Free hostname copy */
-     free (priv->hostname);

libvirt-0.6.1-getvcpus-remote.patch

@@ -1,22 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 10:33:01 +0000 (+0000)
-Subject: Fix handling of cpumaps arg to virDomainGetVcpus RPC dispatcher
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=2d75d954f52a740470f85ceece4eb995d79968ca
-
-Fix handling of cpumaps arg to virDomainGetVcpus RPC dispatcher
----
-
-diff --git a/qemud/remote.c b/qemud/remote.c
-index 8eaa7d6..44a274a 100644
---- a/qemud/remote.c
-+++ b/qemud/remote.c
-@@ -1475,7 +1475,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
-     /* Allocate buffers to take the results. */
-     if (VIR_ALLOC_N(info, args->maxinfo) < 0)
-         goto oom;
--    if (VIR_ALLOC_N(cpumaps, args->maxinfo) < 0)
-+    if (args->maplen > 0 &&
-+        VIR_ALLOC_N(cpumaps, args->maxinfo * args->maplen) < 0)
-         goto oom;
- 
-     info_len = virDomainGetVcpus (dom,

libvirt-0.6.1-pool-mode-parse.patch

@@ -1,188 +0,0 @@
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 12 Mar 2009 20:15:32 +0000 (+0000)
-Subject: * src/storage_conf.c: fix storage pool mode parsing, and refactoring
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=bc962f5d7c6e2c2cfc233ea6deea95dba2b7c6eb
-
-* src/storage_conf.c: fix storage pool mode parsing, and refactoring
-  patch by Ryota Ozaki
-Daniel
----
-
-diff --git a/src/storage_conf.c b/src/storage_conf.c
-index 9c13e07..1c9a4e5 100644
---- a/src/storage_conf.c
-+++ b/src/storage_conf.c
-@@ -371,15 +371,33 @@ virStoragePoolDefParseAuthChap(virConnectPtr conn,
- 
- 
- static int
--virStoragePoolDefParsePerms(virConnectPtr conn,
--                            xmlXPathContextPtr ctxt,
--                            virStoragePermsPtr perms) {
-+virStorageDefParsePerms(virConnectPtr conn,
-+                        xmlXPathContextPtr ctxt,
-+                        virStoragePermsPtr perms,
-+                        const char *permxpath,
-+                        int defaultmode) {
-     char *mode;
-     long v;
-+    int ret = -1;
-+    xmlNodePtr relnode;
-+    xmlNodePtr node;
- 
--    mode = virXPathString(conn, "string(/pool/permissions/mode)", ctxt);
-+    node = virXPathNode(conn, permxpath, ctxt);
-+    if (node == NULL) {
-+        /* Set default values if there is not <permissions> element */
-+        perms->mode = defaultmode;
-+        perms->uid = getuid();
-+        perms->gid = getgid();
-+        perms->label = NULL;
-+        return 0;
-+    }
-+
-+    relnode = ctxt->node;
-+    ctxt->node = node;
-+
-+    mode = virXPathString(conn, "string(./mode)", ctxt);
-     if (!mode) {
--        perms->mode = 0700;
-+        perms->mode = defaultmode;
-     } else {
-         char *end = NULL;
-         perms->mode = strtol(mode, &end, 8);
-@@ -387,36 +405,39 @@ virStoragePoolDefParsePerms(virConnectPtr conn,
-         if (*end || perms->mode < 0 || perms->mode > 0777) {
-             virStorageReportError(conn, VIR_ERR_XML_ERROR,
-                                   "%s", _("malformed octal mode"));
--            return -1;
-+            goto error;
-         }
-     }
- 
--    if (virXPathNode(conn, "/pool/permissions/owner", ctxt) == NULL) {
-+    if (virXPathNode(conn, "./owner", ctxt) == NULL) {
-         perms->uid = getuid();
-     } else {
--        if (virXPathLong(conn, "number(/pool/permissions/owner)", ctxt, &v) < 0) {
-+        if (virXPathLong(conn, "number(./owner)", ctxt, &v) < 0) {
-             virStorageReportError(conn, VIR_ERR_XML_ERROR,
-                                   "%s", _("malformed owner element"));
--            return -1;
-+            goto error;
-         }
-         perms->uid = (int)v;
-     }
- 
--    if (virXPathNode(conn, "/pool/permissions/group", ctxt) == NULL) {
-+    if (virXPathNode(conn, "./group", ctxt) == NULL) {
-         perms->gid = getgid();
-     } else {
--        if (virXPathLong(conn, "number(/pool/permissions/group)", ctxt, &v) < 0) {
-+        if (virXPathLong(conn, "number(./group)", ctxt, &v) < 0) {
-             virStorageReportError(conn, VIR_ERR_XML_ERROR,
-                                   "%s", _("malformed group element"));
--            return -1;
-+            goto error;
-         }
-         perms->gid = (int)v;
-     }
- 
-     /* NB, we're ignoring missing labels here - they'll simply inherit */
--    perms->label = virXPathString(conn, "string(/pool/permissions/label)", ctxt);
-+    perms->label = virXPathString(conn, "string(./label)", ctxt);
- 
--    return 0;
-+    ret = 0;
-+error:
-+    ctxt->node = relnode;
-+    return ret;
- }
- 
- 
-@@ -579,7 +600,8 @@ virStoragePoolDefParseDoc(virConnectPtr conn,
-         goto cleanup;
-     }
- 
--    if (virStoragePoolDefParsePerms(conn, ctxt, &ret->target.perms) < 0)
-+    if (virStorageDefParsePerms(conn, ctxt, &ret->target.perms,
-+                                "/pool/target/permissions", 0700) < 0)
-         goto cleanup;
- 
-     return ret;
-@@ -801,55 +823,6 @@ virStoragePoolDefFormat(virConnectPtr conn,
- 
- 
- static int
--virStorageVolDefParsePerms(virConnectPtr conn,
--                           xmlXPathContextPtr ctxt,
--                           virStoragePermsPtr perms) {
--    char *mode;
--    long v;
--
--    mode = virXPathString(conn, "string(/volume/permissions/mode)", ctxt);
--    if (!mode) {
--        perms->mode = 0600;
--    } else {
--        char *end = NULL;
--        perms->mode = strtol(mode, &end, 8);
--        VIR_FREE(mode);
--        if (*end || perms->mode < 0 || perms->mode > 0777) {
--            virStorageReportError(conn, VIR_ERR_XML_ERROR,
--                                  "%s", _("malformed octal mode"));
--            return -1;
--        }
--    }
--
--    if (virXPathNode(conn, "/volume/permissions/owner", ctxt) == NULL) {
--        perms->uid = getuid();
--    } else {
--        if (virXPathLong(conn, "number(/volume/permissions/owner)", ctxt, &v) < 0) {
--            virStorageReportError(conn, VIR_ERR_XML_ERROR,
--                                  "%s", _("missing owner element"));
--            return -1;
--        }
--        perms->uid = (int)v;
--    }
--    if (virXPathNode(conn, "/volume/permissions/group", ctxt) == NULL) {
--        perms->gid = getgid();
--    } else {
--        if (virXPathLong(conn, "number(/volume/permissions/group)", ctxt, &v) < 0) {
--            virStorageReportError(conn, VIR_ERR_XML_ERROR,
--                                  "%s", _("missing group element"));
--            return -1;
--        }
--        perms->gid = (int)v;
--    }
--
--    /* NB, we're ignoring missing labels here - they'll simply inherit */
--    perms->label = virXPathString(conn, "string(/volume/permissions/label)", ctxt);
--
--    return 0;
--}
--
--
--static int
- virStorageSize(virConnectPtr conn,
-                const char *unit,
-                const char *val,
-@@ -997,7 +970,8 @@ virStorageVolDefParseDoc(virConnectPtr conn,
-         VIR_FREE(format);
-     }
- 
--    if (virStorageVolDefParsePerms(conn, ctxt, &ret->target.perms) < 0)
-+    if (virStorageDefParsePerms(conn, ctxt, &ret->target.perms,
-+                                "/volume/target/permissions", 0600) < 0)
-         goto cleanup;
- 
- 
-@@ -1019,7 +993,8 @@ virStorageVolDefParseDoc(virConnectPtr conn,
-         VIR_FREE(format);
-     }
- 
--    if (virStorageVolDefParsePerms(conn, ctxt, &ret->backingStore.perms) < 0)
-+    if (virStorageDefParsePerms(conn, ctxt, &ret->backingStore.perms,
-+                                "/volume/backingStore/permissions", 0600) < 0)
-         goto cleanup;
- 
-     return ret;

libvirt-0.6.1-storage-free.patch

@@ -1,20 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 10:31:38 +0000 (+0000)
-Subject: Don't free storage volume in cleanup path, since it may still be referenced
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=d8f08ca049b6d3bc7a5124a3957e967539ad080d
-
-Don't free storage volume in cleanup path, since it may still be referenced
----
-
-diff --git a/src/storage_driver.c b/src/storage_driver.c
-index f1320c5..b261843 100644
---- a/src/storage_driver.c
-+++ b/src/storage_driver.c
-@@ -1296,7 +1296,6 @@ storageVolumeDelete(virStorageVolPtr obj,
-     ret = 0;
- 
- cleanup:
--    virStorageVolDefFree(vol);
-     if (pool)
-         virStoragePoolObjUnlock(pool);
-     return ret;

libvirt-0.6.1-vcpu-deadlock.patch

@@ -1,36 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 11:44:46 +0000 (+0000)
-Subject: Avoid deadlock setting vcpus in QEMU driver
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=4d7ecd146ce4de847256ae0887963719f214f62f
-
-Avoid deadlock setting vcpus in QEMU driver
----
-
-diff --git a/src/qemu_driver.c b/src/qemu_driver.c
-index dad7098..51442d6 100644
---- a/src/qemu_driver.c
-+++ b/src/qemu_driver.c
-@@ -2725,6 +2725,7 @@ static int qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
-     virDomainObjPtr vm;
-     int max;
-     int ret = -1;
-+    const char *type;
- 
-     qemuDriverLock(driver);
-     vm = virDomainFindByUUID(&driver->domains, dom->uuid);
-@@ -2745,7 +2746,14 @@ static int qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
-         goto cleanup;
-     }
- 
--    if ((max = qemudDomainGetMaxVcpus(dom)) < 0) {
-+    if (!(type = virDomainVirtTypeToString(vm->def->virtType))) {
-+        qemudReportError(dom->conn, dom, NULL, VIR_ERR_INTERNAL_ERROR,
-+                         _("unknown virt type in domain definition '%d'"),
-+                         vm->def->virtType);
-+        goto cleanup;
-+    }
-+
-+    if ((max = qemudGetMaxVCPUs(dom->conn, type)) < 0) {
-         qemudReportError(dom->conn, dom, NULL, VIR_ERR_INTERNAL_ERROR, "%s",
-                          _("could not determine max vcpus for the domain"));
-         goto cleanup;

libvirt-0.6.1-vnc-sasl-auth.patch

@@ -1,277 +0,0 @@
-diff -r 961d4b1ca1d3 qemud/libvirtd_qemu.aug
---- a/qemud/libvirtd_qemu.aug	Wed Mar 04 13:17:44 2009 +0000
-+++ b/qemud/libvirtd_qemu.aug	Thu Mar 05 14:22:50 2009 +0000
-@@ -27,6 +27,8 @@ module Libvirtd_qemu =
-                  | str_entry "vnc_tls_x509_cert_dir"
-                  | bool_entry "vnc_tls_x509_verify"
-                  | str_entry "vnc_password"
-+                 | bool_entry "vnc_sasl"
-+                 | str_entry "vnc_sasl_dir"
- 
-    (* Each enty in the config is one of the following three ... *)
-    let entry = vnc_entry
-diff -r 961d4b1ca1d3 qemud/test_libvirtd_qemu.aug
---- a/qemud/test_libvirtd_qemu.aug	Wed Mar 04 13:17:44 2009 +0000
-+++ b/qemud/test_libvirtd_qemu.aug	Thu Mar 05 14:22:50 2009 +0000
-@@ -60,6 +60,25 @@ vnc_tls_x509_verify = 1
- # example here before you set this
- #
- vnc_password = \"XYZ12345\"
-+
-+
-+# Enable use of SASL encryption on the VNC server. This requires
-+# a VNC client which supports the SASL protocol extension.
-+# Examples include vinagre, virt-viewer and virt-manager
-+# itself. UltraVNC, RealVNC, TightVNC do not support this
-+#
-+# It is necessary to configure /etc/sasl2/qemu.conf to choose
-+# the desired SASL plugin (eg, GSSPI for Kerberos)
-+#
-+vnc_sasl = 1
-+
-+
-+# The default SASL configuration file is located in /etc/sasl2/
-+# When running libvirtd unprivileged, it may be desirable to
-+# override the configs in this location. Set this parameter to
-+# point to the directory, and create a qemu.conf in that location
-+#
-+vnc_sasl_dir = \"/some/directory/sasl2\"
- "
- 
-    test Libvirtd_qemu.lns get conf =
-@@ -123,3 +142,22 @@ vnc_password = \"XYZ12345\"
- { "#comment" = "example here before you set this" }
- { "#comment" = "" }
- { "vnc_password" = "XYZ12345" }
-+{ "#empty" }
-+{ "#empty" }
-+{ "#comment" = "Enable use of SASL encryption on the VNC server. This requires" }
-+{ "#comment" = "a VNC client which supports the SASL protocol extension." }
-+{ "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
-+{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
-+{ "#comment" = "" }
-+{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
-+{ "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
-+{ "#comment" = "" }
-+{ "vnc_sasl" = "1" }
-+{ "#empty" }
-+{ "#empty" }
-+{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" }
-+{ "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
-+{ "#comment" = "override the configs in this location. Set this parameter to" }
-+{ "#comment" = "point to the directory, and create a qemu.conf in that location" }
-+{ "#comment" = "" }
-+{ "vnc_sasl_dir" = "/some/directory/sasl2" }
-diff -r 961d4b1ca1d3 src/qemu.conf
---- a/src/qemu.conf	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu.conf	Thu Mar 05 14:22:50 2009 +0000
-@@ -60,6 +60,27 @@
- # vnc_password = "XYZ12345"
- 
- 
-+# Enable use of SASL encryption on the VNC server. This requires
-+# a VNC client which supports the SASL protocol extension.
-+# Examples include vinagre, virt-viewer and virt-manager
-+# itself. UltraVNC, RealVNC, TightVNC do not support this
-+#
-+# It is necessary to configure /etc/sasl2/qemu.conf to choose
-+# the desired SASL plugin (eg, GSSPI for Kerberos)
-+#
-+# vnc_sasl = 1
-+
-+
-+# The default SASL configuration file is located in /etc/sasl2/
-+# When running libvirtd unprivileged, it may be desirable to
-+# override the configs in this location. Set this parameter to
-+# point to the directory, and create a qemu.conf in that location
-+#
-+# vnc_sasl_dir = "/some/directory/sasl2"
-+
-+
-+
-+
- # The default security driver is SELinux. If SELinux is disabled
- # on the host, then the security driver will automatically disable
- # itself. If you wish to disable QEMU SELinux security driver while
-diff -r 961d4b1ca1d3 src/qemu_conf.c
---- a/src/qemu_conf.c	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu_conf.c	Thu Mar 05 14:22:50 2009 +0000
-@@ -161,6 +161,21 @@ int qemudLoadDriverConfig(struct qemud_d
-         }
-     }
- 
-+    p = virConfGetValue (conf, "vnc_sasl");
-+    CHECK_TYPE ("vnc_sasl", VIR_CONF_LONG);
-+    if (p) driver->vncSASL = p->l;
-+
-+    p = virConfGetValue (conf, "vnc_sasl_dir");
-+    CHECK_TYPE ("vnc_sasl_dir", VIR_CONF_STRING);
-+    if (p && p->str) {
-+        VIR_FREE(driver->vncSASLdir);
-+        if (!(driver->vncSASLdir = strdup(p->str))) {
-+            virReportOOMError(NULL);
-+            virConfFree(conf);
-+            return -1;
-+        }
-+    }
-+
-     virConfFree (conf);
-     return 0;
- }
-@@ -838,15 +853,20 @@ int qemudBuildCommandLine(virConnectPtr 
-             goto no_memory;                                             \
-     } while (0)
- 
-+#define ADD_ENV_PAIR(envname, val)                                      \
-+    do {                                                                \
-+        char *envval;                                                   \
-+        ADD_ENV_SPACE;                                                  \
-+        if (virAsprintf(&envval, "%s=%s", envname, val) < 0)            \
-+            goto no_memory;                                             \
-+        qenv[qenvc++] = envval;                                         \
-+    } while (0)
-+
- #define ADD_ENV_COPY(envname)                                           \
-     do {                                                                \
-         char *val = getenv(envname);                                    \
--        char *envval;                                                   \
--        ADD_ENV_SPACE;                                                  \
-         if (val != NULL) {                                              \
--            if (virAsprintf(&envval, "%s=%s", envname, val) < 0)        \
--                goto no_memory;                                         \
--            qenv[qenvc++] = envval;                                     \
-+            ADD_ENV_PAIR(envname, val);                                 \
-         }                                                               \
-     } while (0)
- 
-@@ -1295,6 +1315,15 @@ int qemudBuildCommandLine(virConnectPtr 
-                                       driver->vncTLSx509certdir);
-                 }
-             }
-+
-+            if (driver->vncSASL) {
-+                virBufferAddLit(&opt, ",sasl");
-+
-+                if (driver->vncSASLdir)
-+                    ADD_ENV_PAIR("SASL_CONF_DIR", driver->vncSASLdir);
-+
-+                /* TODO: Support ACLs later */
-+            }
-         } else {
-             virBufferVSprintf(&opt, "%d",
-                               vm->def->graphics->data.vnc.port - 5900);
-diff -r 961d4b1ca1d3 src/qemu_conf.h
---- a/src/qemu_conf.h	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu_conf.h	Thu Mar 05 14:22:50 2009 +0000
-@@ -73,9 +73,11 @@ struct qemud_driver {
-     char *stateDir;
-     unsigned int vncTLS : 1;
-     unsigned int vncTLSx509verify : 1;
-+    unsigned int vncSASL : 1;
-     char *vncTLSx509certdir;
-     char *vncListen;
-     char *vncPassword;
-+    char *vncSASLdir;
- 
-     virCapsPtr caps;
- 
-diff -r 961d4b1ca1d3 src/qemu_driver.c
---- a/src/qemu_driver.c	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu_driver.c	Thu Mar 05 14:22:50 2009 +0000
-@@ -620,6 +620,7 @@ qemudShutdown(void) {
-     VIR_FREE(qemu_driver->vncTLSx509certdir);
-     VIR_FREE(qemu_driver->vncListen);
-     VIR_FREE(qemu_driver->vncPassword);
-+    VIR_FREE(qemu_driver->vncSASLdir);
- 
-     /* Free domain callback list */
-     virDomainEventCallbackListFree(qemu_driver->domainEventCallbacks);
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,1 @@
-+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,sasl
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,24 @@
-+<domain type='qemu'>
-+  <name>QEMUGuest1</name>
-+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
-+  <memory>219200</memory>
-+  <currentMemory>219200</currentMemory>
-+  <vcpu>1</vcpu>
-+  <os>
-+    <type arch='i686' machine='pc'>hvm</type>
-+    <boot dev='hd'/>
-+  </os>
-+  <clock offset='utc'/>
-+  <on_poweroff>destroy</on_poweroff>
-+  <on_reboot>restart</on_reboot>
-+  <on_crash>destroy</on_crash>
-+  <devices>
-+    <emulator>/usr/bin/qemu</emulator>
-+    <disk type='block' device='disk'>
-+      <source dev='/dev/HostVG/QEMUGuest1'/>
-+      <target dev='hda' bus='ide'/>
-+    </disk>
-+    <input type='mouse' bus='ps2'/>
-+    <graphics type='vnc' port='5903' autoport='no' listen='127.0.0.1'/>
-+  </devices>
-+</domain>
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,1 @@
-+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,24 @@
-+<domain type='qemu'>
-+  <name>QEMUGuest1</name>
-+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
-+  <memory>219200</memory>
-+  <currentMemory>219200</currentMemory>
-+  <vcpu>1</vcpu>
-+  <os>
-+    <type arch='i686' machine='pc'>hvm</type>
-+    <boot dev='hd'/>
-+  </os>
-+  <clock offset='utc'/>
-+  <on_poweroff>destroy</on_poweroff>
-+  <on_reboot>restart</on_reboot>
-+  <on_crash>destroy</on_crash>
-+  <devices>
-+    <emulator>/usr/bin/qemu</emulator>
-+    <disk type='block' device='disk'>
-+      <source dev='/dev/HostVG/QEMUGuest1'/>
-+      <target dev='hda' bus='ide'/>
-+    </disk>
-+    <input type='mouse' bus='ps2'/>
-+    <graphics type='vnc' port='5903' autoport='no' listen='127.0.0.1'/>
-+  </devices>
-+</domain>
-diff -r 961d4b1ca1d3 tests/qemuxml2argvtest.c
---- a/tests/qemuxml2argvtest.c	Wed Mar 04 13:17:44 2009 +0000
-+++ b/tests/qemuxml2argvtest.c	Thu Mar 05 14:22:50 2009 +0000
-@@ -213,6 +213,19 @@ mymain(int argc, char **argv)
-             QEMUD_CMD_FLAG_DRIVE_CACHE_V2);
-     DO_TEST("disk-usb", 0);
-     DO_TEST("graphics-vnc", 0);
-+
-+    driver.vncSASL = 1;
-+    driver.vncSASLdir = strdup("/root/.sasl2");
-+    DO_TEST("graphics-vnc-sasl", 0);
-+    driver.vncTLS = 1;
-+    driver.vncTLSx509verify = 1;
-+    driver.vncTLSx509certdir = strdup("/etc/pki/tls/qemu");
-+    DO_TEST("graphics-vnc-tls", 0);
-+    driver.vncSASL = driver.vncTLSx509verify = driver.vncTLS = 0;
-+    free(driver.vncSASLdir);
-+    free(driver.vncTLSx509certdir);
-+    driver.vncSASLdir = driver.vncTLSx509certdir = NULL;
-+
-     DO_TEST("graphics-sdl", 0);
-     DO_TEST("graphics-sdl-fullscreen", 0);
-     DO_TEST("input-usbmouse", 0);

libvirt-0.6.1-xen-events.patch

@@ -1,29 +0,0 @@
-Index: src/xs_internal.c
-===================================================================
-RCS file: /data/cvs/libxen/src/xs_internal.c,v
-retrieving revision 1.88
-diff -u -u -r1.88 xs_internal.c
---- src/xs_internal.c	5 Feb 2009 18:14:00 -0000	1.88
-+++ src/xs_internal.c	11 Mar 2009 13:23:17 -0000
-@@ -1215,7 +1215,7 @@
- static void
- xenStoreWatchEvent(int watch ATTRIBUTE_UNUSED,
-                    int fd ATTRIBUTE_UNUSED,
--                   int events ATTRIBUTE_UNUSED,
-+                   int events,
-                    void *data)
- {
-     char		 **event;
-@@ -1226,8 +1226,12 @@
- 
-     virConnectPtr        conn = data;
-     xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) conn->privateData;
-+
-     if(!priv) return;
- 
-+    /* only set a watch on read and write events */
-+    if (events & (VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP)) return;
-+
-     xenUnifiedLock(priv);
- 
-     if(!priv->xshandle)

libvirt-0.6.1-xenblock-detach.patch

@@ -1,26 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Tue, 10 Mar 2009 10:32:24 +0000 (+0000)
-Subject: Fix Xen block detach with newer Xend (Cole RobinSon / Tomohiro Takahashi)
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=33813a932d58c17441203d0e581eba91369a71e0
-
-Fix Xen block detach with newer Xend (Cole RobinSon / Tomohiro Takahashi)
----
-
-diff --git a/src/xend_internal.c b/src/xend_internal.c
-index f9f2cb3..772f3f4 100644
---- a/src/xend_internal.c
-+++ b/src/xend_internal.c
-@@ -5566,7 +5566,12 @@ virDomainXMLDevID(virDomainPtr domain,
-     char *xref;
- 
-     if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
--        strcpy(class, "vbd");
-+        if (dev->data.disk->driverName &&
-+            STREQ(dev->data.disk->driverName, "tap"))
-+            strcpy(class, "tap");
-+        else
-+            strcpy(class, "vbd");
-+
-         if (dev->data.disk->dst == NULL)
-             return -1;
-         xenUnifiedLock(priv);

libvirt-0.6.1-xend-lookup.patch

@@ -1,24 +0,0 @@
-Index: src/xend_internal.c
-===================================================================
-RCS file: /data/cvs/libxen/src/xend_internal.c,v
-retrieving revision 1.251
-diff -u -r1.251 xend_internal.c
---- src/xend_internal.c	13 Feb 2009 18:23:23 -0000	1.251
-+++ src/xend_internal.c	10 Mar 2009 10:00:28 -0000
-@@ -904,7 +904,15 @@
-         count++;
-     }
- 
--    if (VIR_ALLOC_N(ptr, count + 1 + extra) < 0)
-+    /*
-+     * We can'tuse the normal allocation routines as we are mixing
-+     * an array of char * at the beginning followed by an array of char
-+     * ret points to the NULL terminated array of char *
-+     * ptr points to the current string after that array but in the same
-+     * allocated block
-+     */
-+    if (virAlloc((void *)&ptr,
-+                 (count + 1) * sizeof(char *) + extra * sizeof(char)) < 0)
-         goto error;
- 
-     ret = (char **) ptr;

libvirt-0.8.3-avoid-resetting-errors.patch

@@ -0,0 +1,51 @@
+From 452bf160e5bbe0789d706fda95f5919551eb2cac Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 25 Mar 2011 16:45:45 +0100
+Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
+
+https://bugzilla.redhat.com/show_bug.cgi?id=690733
+
+Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
+*Free) is called before remoteDispatchConnError() is called on error.
+However, the patch missed two instances.
+(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
+---
+ daemon/remote.c |    6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index a8258ca..7464957 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -4547,12 +4547,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
+     ret->names.names_len =
+         virStoragePoolListVolumes (pool,
+                                    ret->names.names_val, args->maxnames);
+-    virStoragePoolFree(pool);
+     if (ret->names.names_len == -1) {
+         VIR_FREE(ret->names.names_val);
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+@@ -4576,11 +4577,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
+     }
+ 
+     ret->num = virStoragePoolNumOfVolumes (pool);
+-    virStoragePoolFree(pool);
+     if (ret->num == -1) {
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+-- 
+1.7.3.4
+

libvirt-0.8.3-boot-menu.patch

@@ -0,0 +1,12 @@
+diff -rup libvirt-0.8.3.orig/src/qemu/qemu_conf.c libvirt-0.8.3.new/src/qemu/qemu_conf.c
+--- libvirt-0.8.3.orig/src/qemu/qemu_conf.c	2010-08-04 13:21:27.000000000 +0100
++++ libvirt-0.8.3.new/src/qemu/qemu_conf.c	2010-08-23 21:08:13.239794362 +0100
+@@ -3651,7 +3651,7 @@ int qemudBuildCommandLine(virConnectPtr 
+ {
+     int i;
+     char memory[50];
+-    char boot[VIR_DOMAIN_BOOT_LAST];
++    char boot[VIR_DOMAIN_BOOT_LAST+1];
+     struct utsname ut;
+     int disableKQEMU = 0;
+     int disableKVM = 0;

libvirt-0.8.3-fix-var-lib-libvirt-permissions.patch

@@ -0,0 +1,44 @@
+From f970d802ab805f1a37af384f148f34e108714034 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 3 Nov 2010 15:20:24 -0600
+Subject: [PATCH] rpm: fix /var/lib/libvirt permissions
+
+https://bugzilla.redhat.com/show_bug.cgi?id=649511
+
+Regression of forcing 0700 permissions (which breaks guest startup
+because the qemu user can't see /var/lib/libvirt/*.monitor) was
+introduced in commit 66823690e, as part of libvirt 0.8.2.
+
+* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
+since libvirt depends on libvirt-client.
+(%files client): Guarantee 755 permissions on
+%(_localstatedir}/lib/libvirt, since the qemu user must be able to
+do pathname resolution to a subdirectory.
+---
+ libvirt.spec.in |    3 +--
+ 1 files changed, 1 insertions(+), 2 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index 813e0c0..f77626e 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -793,7 +793,6 @@ fi
+ 
+ %dir %{_localstatedir}/run/libvirt/
+ 
+-%dir %{_localstatedir}/lib/libvirt/
+ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
+ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
+ %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
+@@ -883,7 +882,7 @@ fi
+ 
+ %{_sysconfdir}/rc.d/init.d/libvirt-guests
+ %config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
+-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt
++%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
+ 
+ %if %{with_sasl}
+ %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
+-- 
+1.7.3.4
+

libvirt-0.8.3-octal-addresses.patch

@@ -0,0 +1,53 @@
+From 8efebd1761700a0cc32736829aead7807cc7865d Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
+Date: Tue, 26 Oct 2010 14:45:03 +0200
+Subject: [PATCH] qemu: don't use %.3d format for bus/addr of USB devices
+
+When using 0-prefixed numbers, QEmu will interpret them as octal numbers
+(as C convention says); this means that if you attach a device that has
+addr > 10 (decimal) you're going to attach a different device.
+---
+ src/qemu/qemu_conf.c                               |    4 ++--
+ .../qemuxml2argv-hostdev-usb-address-device.args   |    2 +-
+ .../qemuxml2argv-hostdev-usb-address.args          |    2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index 00e89a1..5bd3d4c 100644
+--- a/src/qemu/qemu_conf.c
++++ b/src/qemu/qemu_conf.c
+@@ -3266,7 +3266,7 @@ qemuBuildUSBHostdevDevStr(virDomainHostdevDefPtr dev)
+         return NULL;
+     }
+ 
+-    if (virAsprintf(&ret, "usb-host,hostbus=%.3d,hostaddr=%.3d,id=%s",
++    if (virAsprintf(&ret, "usb-host,hostbus=%d,hostaddr=%d,id=%s",
+                     dev->source.subsys.u.usb.bus,
+                     dev->source.subsys.u.usb.device,
+                     dev->info.alias) < 0)
+@@ -3288,7 +3288,7 @@ qemuBuildUSBHostdevUsbDevStr(virDomainHostdevDefPtr dev)
+         return NULL;
+     }
+ 
+-    if (virAsprintf(&ret, "host:%.3d.%.3d",
++    if (virAsprintf(&ret, "host:%d.%d",
+                     dev->source.subsys.u.usb.bus,
+                     dev->source.subsys.u.usb.device) < 0)
+         virReportOOMError();
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
+index 6900fd3..7e42542 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
+@@ -1 +1 @@
+-LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -usb -device usb-host,hostbus=014,hostaddr=006,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2
++LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -usb -device usb-host,hostbus=14,hostaddr=6,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
+index e57bec1..96e004d 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
+@@ -1 +1 @@
+-LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -usbdevice host:014.006
++LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -usbdevice host:14.6
+-- 
+1.7.3.4
+

libvirt-0.8.3-read-only-checks.patch

@@ -0,0 +1,95 @@
+From: Guido Günther <agx@sigxcpu.org>
+Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
+Subject: Add missing checks for read only connections
+X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
+
+Add missing checks for read only connections
+
+As pointed on CVE-2011-1146, some API forgot to check the read-only
+status of the connection for entry point which modify the state
+of the system or may lead to a remote execution using user data.
+The entry points concerned are:
+  - virConnectDomainXMLToNative
+  - virNodeDeviceDettach
+  - virNodeDeviceReAttach
+  - virNodeDeviceReset
+  - virDomainRevertToSnapshot
+  - virDomainSnapshotDelete
+
+* src/libvirt.c: fix the above set of entry points to error on read-only
+                 connections
+
+Rebased to 0.8.2, mostly changed the call of the error routines
+---
+
+--- src/libvirt.c.orig	2011-03-14 17:03:45.000000000 +0800
++++ src/libvirt.c	2011-03-14 17:10:41.000000000 +0800
+@@ -3190,6 +3190,10 @@ char *virConnectDomainXMLToNative(virCon
+         virDispatchError(NULL);
+         return (NULL);
+     }
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (nativeFormat == NULL || domainXml == NULL) {
+         virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+@@ -9432,6 +9436,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceDettach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceDettach (dev);
+@@ -9475,6 +9484,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReAttach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReAttach (dev);
+@@ -9520,6 +9534,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReset) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReset (dev);
+@@ -12775,6 +12794,10 @@ virDomainRevertToSnapshot(virDomainSnaps
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainRevertToSnapshot) {
+         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
+@@ -12821,6 +12844,10 @@ virDomainSnapshotDelete(virDomainSnapsho
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainSnapshotDelete) {
+         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

libvirt-0.8.3-remote-protect-against-integer-overflow.patch

@@ -0,0 +1,106 @@
+From 584f9cee6926b57a19cc8bb36ea77124bdcfed94 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 24 Jun 2011 12:16:05 -0600
+Subject: [PATCH] remote: protect against integer overflow
+
+https://bugzilla.redhat.com/show_bug.cgi?id=717204
+CVE-2011-2511 - integer overflow in VirDomainGetVcpus
+
+Integer overflow and remote code are never a nice mix.
+
+This has existed since commit 56cd414.
+
+* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
+* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
+  on sending rpc.
+* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
+  receiving rpc.
+
+(cherry picked from commit 774b21c163845170c9ffa873f5720d318812eaf6)
+
+Conflicts:
+
+	daemon/remote.c
+	src/remote/remote_driver.c
+        src/libvirt.c
+
+Change to internal.h required to avoid backporting 89d994ad.
+---
+ daemon/remote.c            |    3 ++-
+ src/internal.h             |   17 +++++++++++++++++
+ src/libvirt.c              |    4 ++--
+ src/remote/remote_driver.c |    3 ++-
+ 4 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 7464957..c6f7007 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -1697,7 +1697,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+         return -1;
+     }
+ 
+-    if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) ||
++        args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
+         virDomainFree(dom);
+         remoteDispatchFormatError (rerr, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX"));
+         return -1;
+diff --git a/src/internal.h b/src/internal.h
+index fab3e11..53447a9 100644
+--- a/src/internal.h
++++ b/src/internal.h
+@@ -226,4 +226,21 @@
+         }                                                               \
+     } while (0)
+ 
++/* branch-specific: we don't want to update gnulib on the branch, so this
++ * backports just one required macro from newer gnulib's intprops.h.
++ * This version requires that both a and b are 'int', rather than
++ * the fully type-generic version from gnulib.  */
++# define INT_MULTIPLY_OVERFLOW(a, b)            \
++    ((b) < 0                                    \
++     ? ((a) < 0                                 \
++        ? (a) < INT_MAX / (b)                   \
++        : (b) == -1                             \
++        ? 0                                     \
++        : INT_MIN / (b) < (a))                  \
++     : (b) == 0                                 \
++     ? 0                                        \
++     : ((a) < 0                                 \
++        ? (a) < INT_MIN / (b)                   \
++        : INT_MAX / (b) < (a)))
++
+ #endif                          /* __VIR_INTERNAL_H__ */
+diff --git a/src/libvirt.c b/src/libvirt.c
+index 1213ecf..6a584fb 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -5218,8 +5218,8 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
+ 
+     /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
+        try to memcpy anything into a NULL pointer.  */
+-    if ((cpumaps == NULL && maplen != 0)
+-        || (cpumaps && maplen <= 0)) {
++    if (!cpumaps ? maplen != 0
++        : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) {
+         virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
+         goto error;
+     }
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index cb0d8e1..0d9b425 100644
+--- a/src/remote/remote_driver.c
++++ b/src/remote/remote_driver.c
+@@ -2467,7 +2467,8 @@ remoteDomainGetVcpus (virDomainPtr domain,
+                     maxinfo, REMOTE_VCPUINFO_MAX);
+         goto done;
+     }
+-    if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) ||
++        maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
+         remoteError(VIR_ERR_RPC,
+                     _("vCPU map buffer length exceeds maximum: %d > %d"),
+                     maxinfo * maplen, REMOTE_CPUMAPS_MAX);
+-- 
+1.7.3.4
+

sources

@@ -1 +1 @@
-3154ea9d4a0778497dfdf58cb98127c0  libvirt-0.6.1.tar.gz
+ae8535ce119d32a2e9fb1f46e2c8f325  libvirt-0.8.3.tar.gz