make commandtest more robust to fix broken build

Fix for CVE-2011-2178, regression introduced in disk probe logic,
Bug 709775

Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus,
Bug 717204

Add several build and runtime dependencies to specfile
Bug 680270

.cvsignore

@@ -1,12 +0,0 @@
-.build*.log
-*.rpm
-i686
-x86_64
-libvirt-*.tar.gz
-libvirt-0.6.0.tar.gz
-libvirt-0.6.1.tar.gz
-libvirt-0.6.2.tar.gz
-libvirt-0.6.3.tar.gz
-libvirt-0.6.4.tar.gz
-libvirt-0.6.5.tar.gz
-libvirt-0.7.0-0.1.gitf055724.tar.gz

.gitignore

@@ -0,0 +1,8 @@
+.build*.log
+*.rpm
+i686
+x86_64
+libvirt-*.tar.gz
+/libvirt-0.8.4.tar.gz
+/libvirt-0.8.5.tar.gz
+/libvirt-0.8.7.tar.gz

Makefile

@@ -4,7 +4,7 @@ NAME := libvirt
 SPECFILE = $(firstword $(wildcard *.spec))
 
 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 
 MAKEFILE_COMMON := $(shell $(find-makefile-common))

libvirt-0.6.4-svirt-sound.patch

@@ -1,33 +0,0 @@
---- src/qemu_conf.c.orig	2009-05-29 19:24:59.000000000 +0200
-+++ src/qemu_conf.c	2009-05-29 19:19:39.000000000 +0200
-@@ -792,6 +792,20 @@ int qemudBuildCommandLine(virConnectPtr 
-     char uuid[VIR_UUID_STRING_BUFLEN];
-     char domid[50];
-     const char *cpu = NULL;
-+    int skipSound = 0;
-+
-+    if (driver->securityDriver &&
-+        driver->securityDriver->name &&
-+        STREQ(driver->securityDriver->name, "selinux") &&
-+        getuid() == 0) {
-+        static int soundWarned = 0; 
-+        skipSound = 1;
-+        if (def->nsounds &&
-+            !soundWarned) {
-+            soundWarned = 1;
-+            VIR_WARN0("Sound cards for VMs are disabled while SELinux security model is active");
-+        }
-+    }
- 
-     uname_normalize(&ut);
- 
-@@ -1429,7 +1443,8 @@ int qemudBuildCommandLine(virConnectPtr 
-     }
- 
-     /* Add sound hardware */
--    if (def->nsounds) {
-+    if (def->nsounds &&
-+        !skipSound) {
-         int size = 100;
-         char *modstr;
-         if (VIR_ALLOC_N(modstr, size+1) < 0)

libvirt-0.8.8-Requires-gettext-for-client-package.patch

@@ -0,0 +1,40 @@
+From e03899ff772cb753f02ecc99c81776a95c8e3d59 Mon Sep 17 00:00:00 2001
+From: Osier Yang <jyang@redhat.com>
+Date: Fri, 18 Feb 2011 13:45:13 +0800
+Subject: [PATCH 2/6] Requires gettext for client package
+
+https://bugzilla.redhat.com/show_bug.cgi?id=680270
+libvirt-client is missing some dependencies
+
+libvirt-guests invokes functions in gettext.sh, so we need to
+require gettext package in spec file.
+
+Demo with the fix:
+% rpm -q gettext
+package gettext is not installed
+
+% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm
+error: Failed dependencies:
+	gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64
+
+* libvirt.spec.in
+---
+ libvirt.spec.in |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index d4208e8..c08b186 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -415,6 +415,8 @@ Requires: ncurses
+ # So remote clients can access libvirt over SSH tunnel
+ # (client invokes 'nc' against the UNIX socket on the server)
+ Requires: nc
++# Needed by libvirt-guests init script.
++Requires: gettext
+ %if %{with_sasl}
+ Requires: cyrus-sasl
+ # Not technically required, but makes 'out-of-box' config
+-- 
+1.7.3.4
+

libvirt-0.8.8-avoid-resetting-errors.patch

@@ -0,0 +1,51 @@
+From 2c2ae4c48c7e57fd233f1b9475fb6ecbab04804a Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 25 Mar 2011 16:45:45 +0100
+Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
+
+https://bugzilla.redhat.com/show_bug.cgi?id=690733
+
+Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
+*Free) is called before remoteDispatchConnError() is called on error.
+However, the patch missed two instances.
+(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
+---
+ daemon/remote.c |    6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 554e75e..159430e 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -4868,12 +4868,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
+     ret->names.names_len =
+         virStoragePoolListVolumes (pool,
+                                    ret->names.names_val, args->maxnames);
+-    virStoragePoolFree(pool);
+     if (ret->names.names_len == -1) {
+         VIR_FREE(ret->names.names_val);
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+@@ -4897,11 +4898,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
+     }
+ 
+     ret->num = virStoragePoolNumOfVolumes (pool);
+-    virStoragePoolFree(pool);
+     if (ret->num == -1) {
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+-- 
+1.7.3.4
+

libvirt-0.8.8-build-add-dependency-on-gnutls-utils.patch

@@ -0,0 +1,30 @@
+From 29680e00f67bad9145387022ea0d3c307465d3dc Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 21 Feb 2011 10:43:29 -0700
+Subject: [PATCH 4/6] build: add dependency on gnutls-utils
+
+https://bugzilla.redhat.com/show_bug.cgi?id=680270
+libvirt-client is missing some dependencies
+
+* libvirt.spec.in (Requires): Add gnutls-utils, for virt-pki-validate.
+Suggested by Daniel P. Berrange.
+---
+ libvirt.spec.in |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index c08b186..23f4525 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -417,6 +417,8 @@ Requires: ncurses
+ Requires: nc
+ # Needed by libvirt-guests init script.
+ Requires: gettext
++# Needed by virt-pki-validate script.
++Requires: gnutls-utils
+ %if %{with_sasl}
+ Requires: cyrus-sasl
+ # Not technically required, but makes 'out-of-box' config
+-- 
+1.7.3.4
+

libvirt-0.8.8-kernel-boot-index.patch

@@ -0,0 +1,27 @@
+commit efc2594b4e0cbcdd6947fafeeed41accd5b611e0
+Author: Jim Fehlig <jfehlig@novell.com>
+Date:   Thu Feb 17 14:22:55 2011 -0700
+
+    Do not add drive 'boot=on' param when a kernel is specified
+    
+    libvirt-tck was failing several domain tests [1] with qemu 0.14, which
+    is now less tolerable of specifying 2 bootroms with the same boot index [2].
+    
+    Drop the 'boot=on' param if kernel has been specfied.
+    
+    [1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html
+    [2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html
+
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index 371a7ed..0db2843 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -3173,7 +3173,7 @@ qemuBuildCommandLine(virConnectPtr conn,
+         int bootCD = 0, bootFloppy = 0, bootDisk = 0;
+ 
+         /* If QEMU supports boot=on for -drive param... */
+-        if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT) {
++        if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT && !def->os.kernel) {
+             for (i = 0 ; i < def->os.nBootDevs ; i++) {
+                 switch (def->os.bootDevs[i]) {
+                 case VIR_DOMAIN_BOOT_CDROM:

libvirt-0.8.8-make-commandtest-more-robust.patch

@@ -0,0 +1,32 @@
+From 12509c09a55bd2ab171f9fa029fb94f297adc0a0 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Thu, 24 Feb 2011 12:12:27 +0000
+Subject: [PATCH] Make commandtest more robust wrt its execution environment
+
+When executed from cron, commandtest would fail to correctly
+identify daemon processes. Set session ID and process group
+IDs at startup to ensure we have a consistent environment to
+run in.
+
+* tests/commandtest.c: Call setsid() and setpgid()
+---
+ tests/commandtest.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/tests/commandtest.c b/tests/commandtest.c
+index 7157c51..dc2f8a1 100644
+--- a/tests/commandtest.c
++++ b/tests/commandtest.c
+@@ -730,6 +730,9 @@ mymain(int argc, char **argv)
+     if (chdir("/tmp") < 0)
+         return(EXIT_FAILURE);
+ 
++    setpgid(0, 0);
++    setsid();
++
+     /* Kill off any inherited fds that might interfere with our
+      * testing.  */
+     fd = 3;
+-- 
+1.7.3.4
+

libvirt-0.8.8-read-only-checks.patch

@@ -0,0 +1,95 @@
+From: Guido Günther <agx@sigxcpu.org>
+Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
+Subject: Add missing checks for read only connections
+X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
+
+Add missing checks for read only connections
+
+As pointed on CVE-2011-1146, some API forgot to check the read-only
+status of the connection for entry point which modify the state
+of the system or may lead to a remote execution using user data.
+The entry points concerned are:
+  - virConnectDomainXMLToNative
+  - virNodeDeviceDettach
+  - virNodeDeviceReAttach
+  - virNodeDeviceReset
+  - virDomainRevertToSnapshot
+  - virDomainSnapshotDelete
+
+* src/libvirt.c: fix the above set of entry points to error on read-only
+                 connections
+---
+
+diff --git a/src/libvirt.c b/src/libvirt.c
+index caa109d..713291f 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
+         virDispatchError(NULL);
+         return NULL;
+     }
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (nativeFormat == NULL || domainXml == NULL) {
+         virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
+         return -1;
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceDettach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceDettach (dev);
+@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
+         return -1;
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReAttach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReAttach (dev);
+@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
+         return -1;
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReset) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReset (dev);
+@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainRevertToSnapshot) {
+         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
+@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainSnapshotDelete) {
+         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

libvirt-0.8.8-remote-protect-against-integer-overflow.patch

@@ -0,0 +1,115 @@
+From 9388aeabcbb06ec93845b6d066148ad4cfe1dd9e Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 24 Jun 2011 12:16:05 -0600
+Subject: [PATCH 6/6] remote: protect against integer overflow
+
+https://bugzilla.redhat.com/show_bug.cgi?id=717204
+CVE-2011-2511 - integer overflow in VirDomainGetVcpus
+
+Integer overflow and remote code are never a nice mix.
+
+This has existed since commit 56cd414.
+
+* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
+* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
+  on sending rpc.
+* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
+  receiving rpc.
+
+(cherry picked from commit 774b21c163845170c9ffa873f5720d318812eaf6)
+
+Conflicts:
+
+	daemon/remote.c
+	src/remote/remote_driver.c
+
+Change to internal.h required to avoid backporting 89d994ad.
+---
+ daemon/remote.c            |    3 ++-
+ src/internal.h             |   17 +++++++++++++++++
+ src/libvirt.c              |    5 +++--
+ src/remote/remote_driver.c |    3 ++-
+ 4 files changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 159430e..b707326 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -1722,7 +1722,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+         return -1;
+     }
+ 
+-    if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) ||
++        args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
+         virDomainFree(dom);
+         remoteDispatchFormatError (rerr, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX"));
+         return -1;
+diff --git a/src/internal.h b/src/internal.h
+index e263684..f47b842 100644
+--- a/src/internal.h
++++ b/src/internal.h
+@@ -232,6 +232,23 @@
+         }                                                               \
+     } while (0)
+ 
++/* branch-specific: we don't want to update gnulib on the branch, so this
++ * backports just one required macro from newer gnulib's intprops.h.
++ * This version requires that both a and b are 'int', rather than
++ * the fully type-generic version from gnulib.  */
++# define INT_MULTIPLY_OVERFLOW(a, b)            \
++    ((b) < 0                                    \
++     ? ((a) < 0                                 \
++        ? (a) < INT_MAX / (b)                   \
++        : (b) == -1                             \
++        ? 0                                     \
++        : INT_MIN / (b) < (a))                  \
++     : (b) == 0                                 \
++     ? 0                                        \
++     : ((a) < 0                                 \
++        ? (a) < INT_MIN / (b)                   \
++        : INT_MAX / (b) < (a)))
++
+ /* divide value by size, rounding up */
+ # define VIR_DIV_UP(value, size) (((value) + (size) - 1) / (size))
+ 
+diff --git a/src/libvirt.c b/src/libvirt.c
+index 8c70a1f..d8ab8f8 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -40,6 +40,7 @@
+ #include "util.h"
+ #include "memory.h"
+ #include "configmake.h"
++#include "intprops.h"
+ 
+ #ifndef WITH_DRIVER_MODULES
+ # ifdef WITH_TEST
+@@ -5363,8 +5364,8 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
+ 
+     /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
+        try to memcpy anything into a NULL pointer.  */
+-    if ((cpumaps == NULL && maplen != 0)
+-        || (cpumaps && maplen <= 0)) {
++    if (!cpumaps ? maplen != 0
++        : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) {
+         virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+         goto error;
+     }
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index 4ca0d3b..c73452e 100644
+--- a/src/remote/remote_driver.c
++++ b/src/remote/remote_driver.c
+@@ -2850,7 +2850,8 @@ remoteDomainGetVcpus (virDomainPtr domain,
+                     maxinfo, REMOTE_VCPUINFO_MAX);
+         goto done;
+     }
+-    if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) ||
++        maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
+         remoteError(VIR_ERR_RPC,
+                     _("vCPU map buffer length exceeds maximum: %d > %d"),
+                     maxinfo * maplen, REMOTE_CPUMAPS_MAX);
+-- 
+1.7.3.4
+

libvirt-0.8.8-rpm-add-missing-dependencies.patch

@@ -0,0 +1,99 @@
+From 775581ead9c0b6435e8a0dad2a6838909638e7b6 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 23 Mar 2011 10:30:49 -0600
+Subject: [PATCH 5/6] rpm: add missing dependencies
+
+manually adapted from upstream 206fc979b1656722b254e683d89b3e9fc4480c63
+
+Among others, the missing radvd dependency showed up as:
+
+error: Failed to start network ipv6net
+error: Cannot find radvd - Possibly the package isn't installed: No such file
+or directory
+
+even when radvd was installed, because the RADVD preprocessor
+symbol was missing at configure time.
+
+* libvirt.spec.in (with_network): Add Build and BuildRequires for radvd
+    (BuildRequires): Add libxslt and augeas for docs and test.
+    (with_libvirtd): Add module-init-tools for modprobe.
+    (with_nwfilter): Add BuildRequires for ebtables.
+---
+ libvirt.spec.in |   26 ++++++++++++++++++++++++--
+ 1 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index 23f4525..8ffb757 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -219,15 +219,21 @@ Requires: %{name}-client = %{version}-%{release}
+ # daemon is present
+ %if %{with_libvirtd}
+ Requires: bridge-utils
++# for modprobe of pci devices
++Requires: module-init-tools
++# for /sbin/ip
++Requires: iproute
+ %endif
+ %if %{with_network}
+ Requires: dnsmasq >= 2.41
++Requires: radvd
++%endif
++%if %{with_network} || %{with_nwfilter}
+ Requires: iptables
++Requires: iptables-ipv6
+ %endif
+ %if %{with_nwfilter}
+ Requires: ebtables
+-Requires: iptables
+-Requires: iptables-ipv6
+ %endif
+ # needed for device enumeration
+ %if %{with_hal}
+@@ -295,10 +301,15 @@ BuildRequires: xmlrpc-c-devel >= 1.14.0
+ %endif
+ BuildRequires: libxml2-devel
+ BuildRequires: xhtml1-dtds
++BuildRequires: libxslt
+ BuildRequires: readline-devel
+ BuildRequires: ncurses-devel
+ BuildRequires: gettext
+ BuildRequires: gnutls-devel
++%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
++# for augparse, optionally used in testing
++BuildRequires: augeas
++%endif
+ %if %{with_hal}
+ BuildRequires: hal-devel
+ %endif
+@@ -323,8 +334,15 @@ BuildRequires: libselinux-devel
+ %endif
+ %if %{with_network}
+ BuildRequires: dnsmasq >= 2.41
++BuildRequires: iptables
++BuildRequires: iptables-ipv6
++BuildRequires: radvd
++%endif
++%if %{with_nwfilter}
++BuildRequires: ebtables
+ %endif
+ BuildRequires: bridge-utils
++BuildRequires: module-init-tools
+ %if %{with_sasl}
+ BuildRequires: cyrus-sasl-devel
+ %endif
+@@ -388,7 +406,11 @@ BuildRequires: libssh2-devel
+ BuildRequires: netcf-devel >= 0.1.4
+ %endif
+ %if %{with_esx}
++%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6
+ BuildRequires: libcurl-devel
++%else
++BuildRequires: curl-devel
++%endif
+ %endif
+ %if %{with_audit}
+ BuildRequires: audit-libs-devel
+-- 
+1.7.3.4
+

libvirt-0.8.8-security-plug-regression-introduced-in-disk-probe-lo.patch

@@ -0,0 +1,40 @@
+From c2d77ade37ee917ca258cb24ffb130fc07bb95b4 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 26 May 2011 08:18:46 -0600
+Subject: [PATCH 1/6] security: plug regression introduced in disk probe logic
+
+This patch resolves:
+
+  https://bugzilla.redhat.com/show_bug.cgi?id=709775
+  CVE-2011-2178 - regression introduced in disk probe logic
+
+Regression introduced in commit d6623003 (v0.8.8) - using the
+wrong sizeof operand meant that security manager private data
+was overlaying the allowDiskFormatProbing member of struct
+_virSecurityManager.  This reopens disk probing, which was
+supposed to be prevented by the solution to CVE-2010-2238.
+
+* src/security/security_manager.c
+(virSecurityManagerGetPrivateData): Use correct offset.
+---
+ src/security/security_manager.c |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/src/security/security_manager.c b/src/security/security_manager.c
+index 0246dd8..6f0becd 100644
+--- a/src/security/security_manager.c
++++ b/src/security/security_manager.c
+@@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
+ 
+ void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
+ {
+-    return ((char*)mgr) + sizeof(mgr);
++    /* This accesses the memory just beyond mgr, which was allocated
++     * via VIR_ALLOC_VAR earlier.  */
++    return mgr + 1;
+ }
+ 
+ 
+-- 
+1.7.3.4
+

libvirt-0.8.8-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch

@@ -0,0 +1,27 @@
+From 9679cde15cabf95c7538c3b6929893ec68552d23 Mon Sep 17 00:00:00 2001
+From: Dan Kenigsberg <danken@redhat.com>
+Date: Sun, 20 Feb 2011 22:29:25 +0200
+Subject: [PATCH 3/6] virt-pki-validate: behave when CERTTOOL is missing
+
+https://bugzilla.redhat.com/show_bug.cgi?id=680270
+libvirt-client is missing some dependencies
+---
+ tools/virt-pki-validate.in |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
+index 207fa76..96659cf 100755
+--- a/tools/virt-pki-validate.in
++++ b/tools/virt-pki-validate.in
+@@ -14,7 +14,7 @@ PORT=16514
+ # First get certtool
+ #
+ CERTOOL=`which certtool 2>/dev/null`
+-if [ ! -x $CERTOOL ]
++if [ ! -x "$CERTOOL" ]
+ then
+     echo "Could not locate the certtool program"
+     echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
+-- 
+1.7.3.4
+

libvirt-convert-news-to-utf8.patch

@@ -1,248 +0,0 @@
-From 50f5a6c7ab7795fb6ade4bb24849fa2bab5084dd Mon Sep 17 00:00:00 2001
-From: Mark McLoughlin <markmc@redhat.com>
-Date: Wed, 29 Jul 2009 08:40:17 +0100
-Subject: [PATCH] Convert NEWS to UTF-8
-
-* docs/news.xsl: request UTF-8 as the output encoding
-
-* NEWS: re-generate with UTF-8 encoding
----
- NEWS          |   70 ++++++++++++++++++++++++++++----------------------------
- docs/news.xsl |    2 +-
- 2 files changed, 36 insertions(+), 36 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 447d2b4..0a838b9 100644
---- a/NEWS
-+++ b/NEWS
-@@ -137,7 +137,7 @@
-    - Improvements: add SCSI storage rescan (David Allan), rootless
-           LXC containers support improvements (Serge Hallyn), getHostname
-           support for LXC (Dan Smith), cleanup and logging output of some
--          domain functions (Guido Günther), drop pool lock when allocating
-+          domain functions (Guido Günther), drop pool lock when allocating
-           volumes (Cole Robinson), LXC handle kernel without CLONE_NEWUSER
-           support (Serge Hallyn), cpu pinning on defined Xen domains (Takahashi
-           Tomohiro), dynamic bridge names support (Soren Hansen), LXC use
-@@ -145,7 +145,7 @@
-           virNodeDeviceCreateXML and virNodeDeviceDestroy entry points
-           (Dave Allan)
-    - Cleanups: don't hardcode getgrnam_r buffer to 1024 bytes (Guido
--          Günther), qemudBuildCommandLine API cleanup (Daniel Berrange),
-+          Günther), qemudBuildCommandLine API cleanup (Daniel Berrange),
-           
- 
- 
-@@ -214,15 +214,15 @@
-           to avoid crashes (Daniel Berrange), mark defined network descriptions
-           as persistent (Cole Robinson), qemu+tls handshake negotiation hang
-           (Chris Lalancette)
--   - Improvements: don't hardcode ssh port (Guido Günther), new test
-+   - Improvements: don't hardcode ssh port (Guido Günther), new test
-           cases and testing infrastructure (Jim Meyering), improve the
-           SExpr parser (John Levon), proper error reporting on xend
-           shutdown command (John Levon), proper handling of errors when
--          saving QEmu domains state (Guido Günther), revamp of the internal
-+          saving QEmu domains state (Guido Günther), revamp of the internal
-           error memory APIs (John Levon), better virsh error reporting (John
-           Levon), more daemon options to allow running multiple daemons (Jim
--          Meyering), error handling when creating a QEmu domain (Guido Günther),
--          fix timeouts in QEmu log reading (Guido Günther), migration with
-+          Meyering), error handling when creating a QEmu domain (Guido Günther),
-+          fix timeouts in QEmu log reading (Guido Günther), migration with
-           xend 3.3 fixes (John Levon), virsh XML dump flags cleanup (Cole
-           Robinson), fix build with loadable drivers (Maximilian Wilhelm),
-           internal XML APIs to read long long and hexa values (Mark
-@@ -236,7 +236,7 @@
-           (Jim Meyering), many error handling cleanups (Jim Meyering), XML
-           module cleanups (Mark McLoughlin), compiler warning (Maximilian
-           Wilhelm), daemon TCP listen cleanup (Cole Robinson), size_t type
--          cleanup (Guido Günther), parallel make fix (Michael Marineau),
-+          cleanup (Guido Günther), parallel make fix (Michael Marineau),
-           storage error diagnostic fix (Ryota Ozaki), remove redundant monitor
-           watch variable (Cole Robinson), qemu AttachDevice error report
-           improvement (Cole Robinson), virsh output cleanup (Jim Meyering),
-@@ -248,7 +248,7 @@
- 0.6.0: Jan 31 2009:
-    - New features: thread safety of the API and event handling (Daniel
-           Berrange), allow QEmu domains to survive daemon restart (Guido
--          Günther), extended logging capabilities, support copy-on-write
-+          Günther), extended logging capabilities, support copy-on-write
-           storage volumes (Daniel Berrange), support of storage cache
-           control options for QEmu/KVM (Daniel Berrange)
-    - Portability: fix old DBus API problem, Debian portability fix
-@@ -260,13 +260,13 @@
-           solaris Xen fixes (John Levon), RPC portability to Solaris (Daniel
-           Berrange)
-    - Documentation: typo fixes (Richard Jones), logging support,
--          vnc keymap attributes (Guido Günther), HACKING file updates
-+          vnc keymap attributes (Guido Günther), HACKING file updates
-          (Jim Meyering), new PCI passthrough format, libvirt-qpid and
-          UML driver documentation (Daniel Berrange), provide RNG schemas
-          for all XML formats used in libvirt APIs (Daniel Berrange), 
-    - Bug fixes: segfault on virtual network without bridge name (Cole
-           Robinson), various locking fixes (Cole Robinson), fix serial
--          and parallel devices on tcp/unix/telnet (Guido Günther), leak
-+          and parallel devices on tcp/unix/telnet (Guido Günther), leak
-           in daemon (Jim Meyering), storage driver segfault (Miloslav TrmaC),
-           missing check in read-only connections (Daniel Berrange),
-           OpenVZ crash and mutex fixes (Anton Protopopov), couple of
-@@ -282,15 +282,15 @@
-    - Improvements: driver infrastructure and locking (Daniel Berrange),
-           Test driver infrastructure (Daniel Berrange), parallelism in the
-           daemon and associated config (Daniel Berrange), virsh help cleanups
--          (Jim Meyering), logrotate daemon logs (Guido Günther), more
-+          (Jim Meyering), logrotate daemon logs (Guido Günther), more
-           regression tests (Jim Meyering), QEmu SDL graphics (Itamar Heim),
-           add --version flag to daemon (Dave Allan), memory consumption
-           cleanup (Dave Allan), QEmu pid file and XML states for daemon
--          restart (Guido Günther), gnulib updates (Jim Meyering and
-+          restart (Guido Günther), gnulib updates (Jim Meyering and
-           Dan Berrange), PCI passthrough for KVM (Jason Krieg), generic
-           internal thread API (Daniel Berrange), RHEL-5 specific Xen
-           configure option and code (Markus Armbruster), save domain
--          state as string in status file (Guido Günther), add locking
-+          state as string in status file (Guido Günther), add locking
-           to all API entry points (Daniel Berrange), new ref counting APIs
-           (Daniel Berrange), IP address for Xen bridges (John Levon),
-           driver format for disk file types (Daniel Berrange), improve
-@@ -303,15 +303,15 @@
-           (Jim Meyering), gethostby* cleanup and test (Jim Meyering), some
-            code fixes (Dave Allan), various code cleanup (Jim Meyering),
-            virsh argument handling cleanup (Jim Meyering), virAsprintf
--           cleanup replacement (Guido Günther), QEmu monitor reads (Cole
--           Robinson), Makefile cleanups (Guido Günther), Xen code cleanups
-+           cleanup replacement (Guido Günther), QEmu monitor reads (Cole
-+           Robinson), Makefile cleanups (Guido Günther), Xen code cleanups
-            (John Levon), revamp of ELF export scripts (John Levon), domain
-            event callback args (John Levon), enforce use of pid_t (John Levon),
-            virsh pool-*-as XML code merge (Cole Robinson), xgettext warnings
--           (Jim Meyering), add virKillProcess (Guido Günther), add
-+           (Jim Meyering), add virKillProcess (Guido Günther), add
-            virGetHostname (David Lutterkort), add flags argument to the full
--           XML parsing stack (Guido Günther), various daemon code cleanups
--           (Guido Günther), handling of daemon missing config file (Jim
-+           XML parsing stack (Guido Günther), various daemon code cleanups
-+           (Guido Günther), handling of daemon missing config file (Jim
-            Meyering), rpcgen invocation cleanup (Richard Jones), devhelp
-            builkd makefile cleanups (John Levon), update error handling for
-            threading (Daniel Berrange), remove all non-rentrant POSIX calls
-@@ -331,7 +331,7 @@
-    - Bug fixes: add a delay in storage backend for disks to show up
-           (Chris Lalancette), fix parsing for CDRom device with no source
-           (Daniel Berrange), use xenstore to list domains to avoid some
--          bugs (Guido Günther), remove a leak in xen inotify code (Daniel
-+          bugs (Guido Günther), remove a leak in xen inotify code (Daniel
-           Berrange), UML driver freeing of uninitialialized variable (Ron
-           Yorston), fix UML inotify code (Daniel Berrange), crash when
-           adding storage without a format (Cole Robinson)
-@@ -339,8 +339,8 @@
-           max memory (Jim Fehlig), allow remote://hostname/ URI for automatic
-           probe of hypervisors (Daniel Berrange), fix daemon configuration
-           regression testing (Jim Meyering ), check /usr/bin/kvm for QEmu
--          driver init (Guido Günther), proper active vs. inactive
--          differentiation (Guido Günther), improve MTU setting on tap
-+          driver init (Guido Günther), proper active vs. inactive
-+          differentiation (Guido Günther), improve MTU setting on tap
-           interfaces (Eduardo Habkost), increase timeout for initial QEmu
-           monitor poll (Cole Robinson)
-    - Cleanups:fix improper initialisations (Jim Meyering)
-@@ -350,9 +350,9 @@
-    - New features: CPU and scheduler support for LXC (Dan Smith), SDL display configuration (Daniel Berrange), domain lifecycle event support for QEmu and Xen with python bindings (Ben Guthro and Daniel Berrange), KVM/QEmu migration support (Rich Jones and Chris Lalancette), User Mode Linux driver (Daniel Berrange), API for node device enumeration using HAL and DeviceKit with python bindings (David Lively), 
-    - Portability: RHEL build fixes, VPATH build (Guido Gunther), many MinGW related cleanups and fixes (Richard Jones), compilation without libvirtd (Richard Jones), Add a Windows icon (Richard Jones), sys/poll.h portability fixes (Daniel Berrange), gnulib and mingw cleanups (Jim Meyering), 
-    - Documentation: virsh man page cleanups (Mark McLoughlin), doc for NIC model selection (Richard Jones), monitoring section, link to AMQP bindings, inew APIs, UML driver docs (Daniel Berrange), 
--   - Bug fixes: Xen interfaces ordering (Jim Fehlig), startup timeout with multiple pty (Cole Robinson), segfault if QEmu without active virtual network (Cole Robinson), qemu small leak (Eduardo Habkost), index creation for more than 26 disks (Sanjay Rao and Chris Wright), virRealloc handling of 0 (Daniel Berrange), missing pointer initialization (Chris Lalancette), bus device index bug (Guido Günther), avoid crash in some error patch (Chris Lalancette), fix a problem in storage back-end (Chris Lalancette), minimum domain memory size check for Xen (Shigeki Sakamoto), switch off QEmu cache if device is shared (Charles Duffy), logical volume definition before scan bug (Chris Lalancette), a couple of memory leaks on QEmu vnc (Jim Meyering), lvs parsing fixes (Cole Robinson),  
--   - Improvements: LXC resources control and internal cgroup API (Dan Smith), virDomainCreateLinux renamed virDomainDefineXML, network driver modularization (Daniel Berrange), change the way domain and net are reported in errors (Jim Meyering), partition table scan on iSCSI (Chris Lalancette), qemudDiskDeviceName to handle normal disks (Guido Günther), qemudDomainBlockStats improvement (Guido Günther), scsi/virtio hotplug support for KVM (Guido Günther), USB hot addition in QEmu (Guido Günther), logical pool and storage backend XML dump improvement (Chris Lalancette), MAC addresses prefix per driver (Daniel Berrange), OpenVZ getVersion support (Daniel Berrange), hot removal of scsi/virtio disks for KVM (Guido Günther), test storage driver (Cole Robinson), iSCSI and disk storage driver improvement on path handling (Chris Lalancette), UUID and ID support for Xenner (Daniel Berrange), better logging when when executing commands (Cole Robinson), bridged network for OpenVZ (Daniel Berrange), OpenVZ config file params (Evgeniy Sokolov), allow to build drivers as libtool convenience libs (Daniel Berrange), fully versioned linker script for exported ABI (Daniel Berrange), Push URI probing down into drivers open (Daniel Berrange), move all stateful drivers into the daemon binary (Daniel Berrange), improve domain event with a detail field (Daniel Berrange), domain events for QEMU driver (Daniel Berrange), event unregister callback crash (David Lively), plug a few leaks (Daniel Berrange), internal APIs for handling node device XML config (David Lively), tweaks to node device implementation (Daniel Berrange), OpenVZ vCPUs values init (Evgeniy Sokolov)
--   - Cleanups: C99 initializers (Guido Gunther), test output (Cole Robinson), debug macro centralization (Cole Robinson), various error handling (Guido Günther), safewrite use cleanup (Jim Meyering), centralize error reporting logic (Cole Robinson), avoid printf warnings (Daniel Berrange), use arrays instead of list for internal APIs (Daniel Berrange), remove many format string warnings Jim Meyering), avoid syntax check warnings (Chris Lalancette), improve po-check and list generation (Jim Meyering), .gitignore generation and handling (Jim Meyering), use ARRAY_CARDINALITY (Jim Meyering), gnulib updates and switch to use netdb.h (Jim Meyering), drop usage of socket_errno (Jim Meyering), remove socketcompat.h (Jim Meyering), more tests (Jim Meyering), drop virStringList (Daniel Berrange), reformatting and isolation of the error APIs (Daniel Berrange), cleanup internal.h and move internal APIs in specific headers (Daniel Berrange), move domain events helpers into domain_events.c (Daniel Berrange), cleanup the way optional modules are compiled (Daniel Berrange), add new logging module, optional dlopen of drivers (Daniel Berrange), various new tests (Jim Meyering), cleanups when Xen is not configured in (Daniel Berrange), add some missing functions comments (Jim Meyering), 
-+   - Bug fixes: Xen interfaces ordering (Jim Fehlig), startup timeout with multiple pty (Cole Robinson), segfault if QEmu without active virtual network (Cole Robinson), qemu small leak (Eduardo Habkost), index creation for more than 26 disks (Sanjay Rao and Chris Wright), virRealloc handling of 0 (Daniel Berrange), missing pointer initialization (Chris Lalancette), bus device index bug (Guido Günther), avoid crash in some error patch (Chris Lalancette), fix a problem in storage back-end (Chris Lalancette), minimum domain memory size check for Xen (Shigeki Sakamoto), switch off QEmu cache if device is shared (Charles Duffy), logical volume definition before scan bug (Chris Lalancette), a couple of memory leaks on QEmu vnc (Jim Meyering), lvs parsing fixes (Cole Robinson),  
-+   - Improvements: LXC resources control and internal cgroup API (Dan Smith), virDomainCreateLinux renamed virDomainDefineXML, network driver modularization (Daniel Berrange), change the way domain and net are reported in errors (Jim Meyering), partition table scan on iSCSI (Chris Lalancette), qemudDiskDeviceName to handle normal disks (Guido Günther), qemudDomainBlockStats improvement (Guido Günther), scsi/virtio hotplug support for KVM (Guido Günther), USB hot addition in QEmu (Guido Günther), logical pool and storage backend XML dump improvement (Chris Lalancette), MAC addresses prefix per driver (Daniel Berrange), OpenVZ getVersion support (Daniel Berrange), hot removal of scsi/virtio disks for KVM (Guido Günther), test storage driver (Cole Robinson), iSCSI and disk storage driver improvement on path handling (Chris Lalancette), UUID and ID support for Xenner (Daniel Berrange), better logging when when executing commands (Cole Robinson), bridged network for OpenVZ (Daniel Berrange), OpenVZ config file params (Evgeniy Sokolov), allow to build drivers as libtool convenience libs (Daniel Berrange), fully versioned linker script for exported ABI (Daniel Berrange), Push URI probing down into drivers open (Daniel Berrange), move all stateful drivers into the daemon binary (Daniel Berrange), improve domain event with a detail field (Daniel Berrange), domain events for QEMU driver (Daniel Berrange), event unregister callback crash (David Lively), plug a few leaks (Daniel Berrange), internal APIs for handling node device XML config (David Lively), tweaks to node device implementation (Daniel Berrange), OpenVZ vCPUs values init (Evgeniy Sokolov)
-+   - Cleanups: C99 initializers (Guido Gunther), test output (Cole Robinson), debug macro centralization (Cole Robinson), various error handling (Guido Günther), safewrite use cleanup (Jim Meyering), centralize error reporting logic (Cole Robinson), avoid printf warnings (Daniel Berrange), use arrays instead of list for internal APIs (Daniel Berrange), remove many format string warnings Jim Meyering), avoid syntax check warnings (Chris Lalancette), improve po-check and list generation (Jim Meyering), .gitignore generation and handling (Jim Meyering), use ARRAY_CARDINALITY (Jim Meyering), gnulib updates and switch to use netdb.h (Jim Meyering), drop usage of socket_errno (Jim Meyering), remove socketcompat.h (Jim Meyering), more tests (Jim Meyering), drop virStringList (Daniel Berrange), reformatting and isolation of the error APIs (Daniel Berrange), cleanup internal.h and move internal APIs in specific headers (Daniel Berrange), move domain events helpers into domain_events.c (Daniel Berrange), cleanup the way optional modules are compiled (Daniel Berrange), add new logging module, optional dlopen of drivers (Daniel Berrange), various new tests (Jim Meyering), cleanups when Xen is not configured in (Daniel Berrange), add some missing functions comments (Jim Meyering), 
- 
- 
- 0.4.6: Sep 23 2008:
-@@ -364,7 +364,7 @@
-           OpenVZ (Evgeniy Sokolov), fix parsing of pool without a source
-           (Chris Lalancette and Daniel Berrange)
-    - Improvements: add storage disk volume delete (Cole Robinson),
--          KVM dynamic max CPU detection (Guido Günther), spec file improvement
-+          KVM dynamic max CPU detection (Guido Günther), spec file improvement
-           for minimal builds (Ben Guthro), improved error message in XM
-           configuration module (Richard Jones), network config in OpenVZ
-           support (Evgeniy Sokolov), enable stopping a pool in logical
-@@ -379,7 +379,7 @@
-           unified XML domain and network parsing for all drivers (Daniel
-           Berrange), OpenVZ features improvements (Evgeniy Sokolov),
-           OpenVZ and Linux containers support now default, USB device
--          passthrough for QEmu/KVM (Guido Günther), storage pool source
-+          passthrough for QEmu/KVM (Guido Günther), storage pool source
-           discovery (David Lively)
-    - Portability: fixes for MinGW (Atsushi SAKAI and Daniel Berrange),
-           detection of xen lib improvement (David Lively),
-@@ -389,9 +389,9 @@
-           SAKAI and Daniel Berrange), HTML generation fix, -lpthread explicit
-           linking when needed (Jim Meyering)
-    - Documentation: various typo fixes (Anton Protopopov, Toth
--          István, Atsushi SAKAI, Nguyen Anh Quynh),
-+          István, Atsushi SAKAI, Nguyen Anh Quynh),
-           Java bindings docs, remove Xen centric
--          comments (Guido Günther), various typo in comments (Chris
-+          comments (Guido Günther), various typo in comments (Chris
-           Lalancette), docs and API comments fixes (Charles Duffy),
-           how to contribute to open source link (Richard Jones),
-           memory unit fixups (matthew chan)
-@@ -401,14 +401,14 @@
-           in QEmu/KVM (Daniel Berrange), fix OpenVZ probe function (Evgeniy
-           Sokolov), ID related lookup fixes in OpenVZ (Evgeniy Sokolov),
-           pool cration for netfs (Cole Robinson), check for migrate support
--          with QEmu (Guido Günther), check against double create with QEmu
--          (Guido Günther), broken open failure detection in QEmu (Guido
--          Günther), UUID string conversions in QEmu (Guido Günther),
-+          with QEmu (Guido Günther), check against double create with QEmu
-+          (Guido Günther), broken open failure detection in QEmu (Guido
-+          Günther), UUID string conversions in QEmu (Guido Günther),
-           various small cleanup and bug fixes (Daniel Berrange), ID
-           related fixes in the test driver (Daniel Berrange), better error
-           reporting on XML parsing (Daniel Berrange), empty CD-ROM source
-           device section (Chris Lalancette), avoid crashes for interface
--          without a name in QEmu (Guido Günther), provide the real
-+          without a name in QEmu (Guido Günther), provide the real
-           vncport (Charles Duffy), fix forward delay (Daniel Berrange),
-           new VM state is initialized to be SHUTOFF (Daniel Berrange),
-           virsh attach-disk bug fixes (Chris Lalancette), veth clash
-@@ -440,7 +440,7 @@
-           (Daniel Berrange), virsh "edit" command (Richard Jones), save
-           UUID of OpenVZ domains (Evgeniy Sokolov), improve xen blocks
-           statistics (Chris Lalancette), gnulib updates (Jim Meyering),
--          allow to add disk as USB devices (Guido Günther), LXC container
-+          allow to add disk as USB devices (Guido Günther), LXC container
-           process should survive libvirtd restarts (Daniel Berrange), allow
-           to define static host domain configs, number of CPU used by
-           OpenVZ domains (Evgeniy Sokolov), private root fs for LXC (Daniel
-@@ -572,9 +572,9 @@
-       driver (Cole Robinson), xen and hvm added to test driver capabilities
-       (Cole Robinson)
-    - Code cleanup: remove unused getopt header (Jim Meyering), mark more
--      strings as translatable (Guido Günther and Jim Meyering), convert
-+      strings as translatable (Guido Günther and Jim Meyering), convert
-       error strings to something meaningful and translatable (Jim Meyering),
--      Linux Containers code cleanup, last error initializer (Guido Günther)
-+      Linux Containers code cleanup, last error initializer (Guido Günther)
- 
- 
- 0.4.1: Mar 3 2008:
-diff --git a/docs/news.xsl b/docs/news.xsl
-index a190120..e35030e 100644
---- a/docs/news.xsl
-+++ b/docs/news.xsl
-@@ -1,7 +1,7 @@
- <?xml version="1.0"?>
- <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-                 version="1.0">
--  <xsl:output method="text" encoding="ISO-8859-1"/>
-+  <xsl:output method="text" encoding="UTF-8"/>
- 
-   <xsl:template match="/">
-     <xsl:text>
--- 
-1.6.2.5
-

sources

@@ -1 +1 @@
-7c8008af99963682cb38666d2f1661ba  libvirt-0.7.0-0.1.gitf055724.tar.gz
+ac9235576352b84b8cb17df7456bbdfc  libvirt-0.8.8.tar.gz