make commandtest more robust to fix broken build

Fix for CVE-2011-2178, regression introduced in disk probe logic,
Bug 709775

Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus,
Bug 717204

Add several build and runtime dependencies to specfile
Bug 680270

.cvsignore

@@ -1,17 +0,0 @@
-.build*.log
-*.rpm
-i686
-x86_64
-libvirt-*.tar.gz
-libvirt-0.6.0.tar.gz
-libvirt-0.6.1.tar.gz
-libvirt-0.6.2.tar.gz
-libvirt-0.6.3.tar.gz
-libvirt-0.6.4.tar.gz
-libvirt-0.6.5.tar.gz
-libvirt-0.7.0.tar.gz
-libvirt-0.7.1.tar.gz
-libvirt-0.7.2.tar.gz
-libvirt-0.7.3.tar.gz
-libvirt-0.7.4.tar.gz
-libvirt-0.7.5.tar.gz

.gitignore

@@ -0,0 +1,8 @@
+.build*.log
+*.rpm
+i686
+x86_64
+libvirt-*.tar.gz
+/libvirt-0.8.4.tar.gz
+/libvirt-0.8.5.tar.gz
+/libvirt-0.8.7.tar.gz

libvirt-0.8.8-Requires-gettext-for-client-package.patch

@@ -0,0 +1,40 @@
+From e03899ff772cb753f02ecc99c81776a95c8e3d59 Mon Sep 17 00:00:00 2001
+From: Osier Yang <jyang@redhat.com>
+Date: Fri, 18 Feb 2011 13:45:13 +0800
+Subject: [PATCH 2/6] Requires gettext for client package
+
+https://bugzilla.redhat.com/show_bug.cgi?id=680270
+libvirt-client is missing some dependencies
+
+libvirt-guests invokes functions in gettext.sh, so we need to
+require gettext package in spec file.
+
+Demo with the fix:
+% rpm -q gettext
+package gettext is not installed
+
+% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm
+error: Failed dependencies:
+	gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64
+
+* libvirt.spec.in
+---
+ libvirt.spec.in |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index d4208e8..c08b186 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -415,6 +415,8 @@ Requires: ncurses
+ # So remote clients can access libvirt over SSH tunnel
+ # (client invokes 'nc' against the UNIX socket on the server)
+ Requires: nc
++# Needed by libvirt-guests init script.
++Requires: gettext
+ %if %{with_sasl}
+ Requires: cyrus-sasl
+ # Not technically required, but makes 'out-of-box' config
+-- 
+1.7.3.4
+

libvirt-0.8.8-avoid-resetting-errors.patch

@@ -0,0 +1,51 @@
+From 2c2ae4c48c7e57fd233f1b9475fb6ecbab04804a Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 25 Mar 2011 16:45:45 +0100
+Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
+
+https://bugzilla.redhat.com/show_bug.cgi?id=690733
+
+Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
+*Free) is called before remoteDispatchConnError() is called on error.
+However, the patch missed two instances.
+(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
+---
+ daemon/remote.c |    6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 554e75e..159430e 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -4868,12 +4868,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
+     ret->names.names_len =
+         virStoragePoolListVolumes (pool,
+                                    ret->names.names_val, args->maxnames);
+-    virStoragePoolFree(pool);
+     if (ret->names.names_len == -1) {
+         VIR_FREE(ret->names.names_val);
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+@@ -4897,11 +4898,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
+     }
+ 
+     ret->num = virStoragePoolNumOfVolumes (pool);
+-    virStoragePoolFree(pool);
+     if (ret->num == -1) {
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+-- 
+1.7.3.4
+

libvirt-0.8.8-build-add-dependency-on-gnutls-utils.patch

@@ -0,0 +1,30 @@
+From 29680e00f67bad9145387022ea0d3c307465d3dc Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 21 Feb 2011 10:43:29 -0700
+Subject: [PATCH 4/6] build: add dependency on gnutls-utils
+
+https://bugzilla.redhat.com/show_bug.cgi?id=680270
+libvirt-client is missing some dependencies
+
+* libvirt.spec.in (Requires): Add gnutls-utils, for virt-pki-validate.
+Suggested by Daniel P. Berrange.
+---
+ libvirt.spec.in |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index c08b186..23f4525 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -417,6 +417,8 @@ Requires: ncurses
+ Requires: nc
+ # Needed by libvirt-guests init script.
+ Requires: gettext
++# Needed by virt-pki-validate script.
++Requires: gnutls-utils
+ %if %{with_sasl}
+ Requires: cyrus-sasl
+ # Not technically required, but makes 'out-of-box' config
+-- 
+1.7.3.4
+

libvirt-0.8.8-kernel-boot-index.patch

@@ -0,0 +1,27 @@
+commit efc2594b4e0cbcdd6947fafeeed41accd5b611e0
+Author: Jim Fehlig <jfehlig@novell.com>
+Date:   Thu Feb 17 14:22:55 2011 -0700
+
+    Do not add drive 'boot=on' param when a kernel is specified
+    
+    libvirt-tck was failing several domain tests [1] with qemu 0.14, which
+    is now less tolerable of specifying 2 bootroms with the same boot index [2].
+    
+    Drop the 'boot=on' param if kernel has been specfied.
+    
+    [1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html
+    [2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html
+
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index 371a7ed..0db2843 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -3173,7 +3173,7 @@ qemuBuildCommandLine(virConnectPtr conn,
+         int bootCD = 0, bootFloppy = 0, bootDisk = 0;
+ 
+         /* If QEMU supports boot=on for -drive param... */
+-        if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT) {
++        if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT && !def->os.kernel) {
+             for (i = 0 ; i < def->os.nBootDevs ; i++) {
+                 switch (def->os.bootDevs[i]) {
+                 case VIR_DOMAIN_BOOT_CDROM:

libvirt-0.8.8-make-commandtest-more-robust.patch

@@ -0,0 +1,32 @@
+From 12509c09a55bd2ab171f9fa029fb94f297adc0a0 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Thu, 24 Feb 2011 12:12:27 +0000
+Subject: [PATCH] Make commandtest more robust wrt its execution environment
+
+When executed from cron, commandtest would fail to correctly
+identify daemon processes. Set session ID and process group
+IDs at startup to ensure we have a consistent environment to
+run in.
+
+* tests/commandtest.c: Call setsid() and setpgid()
+---
+ tests/commandtest.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/tests/commandtest.c b/tests/commandtest.c
+index 7157c51..dc2f8a1 100644
+--- a/tests/commandtest.c
++++ b/tests/commandtest.c
+@@ -730,6 +730,9 @@ mymain(int argc, char **argv)
+     if (chdir("/tmp") < 0)
+         return(EXIT_FAILURE);
+ 
++    setpgid(0, 0);
++    setsid();
++
+     /* Kill off any inherited fds that might interfere with our
+      * testing.  */
+     fd = 3;
+-- 
+1.7.3.4
+

libvirt-0.8.8-read-only-checks.patch

@@ -0,0 +1,95 @@
+From: Guido Günther <agx@sigxcpu.org>
+Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
+Subject: Add missing checks for read only connections
+X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
+
+Add missing checks for read only connections
+
+As pointed on CVE-2011-1146, some API forgot to check the read-only
+status of the connection for entry point which modify the state
+of the system or may lead to a remote execution using user data.
+The entry points concerned are:
+  - virConnectDomainXMLToNative
+  - virNodeDeviceDettach
+  - virNodeDeviceReAttach
+  - virNodeDeviceReset
+  - virDomainRevertToSnapshot
+  - virDomainSnapshotDelete
+
+* src/libvirt.c: fix the above set of entry points to error on read-only
+                 connections
+---
+
+diff --git a/src/libvirt.c b/src/libvirt.c
+index caa109d..713291f 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
+         virDispatchError(NULL);
+         return NULL;
+     }
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (nativeFormat == NULL || domainXml == NULL) {
+         virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
+         return -1;
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceDettach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceDettach (dev);
+@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
+         return -1;
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReAttach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReAttach (dev);
+@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
+         return -1;
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReset) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReset (dev);
+@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainRevertToSnapshot) {
+         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
+@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainSnapshotDelete) {
+         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

libvirt-0.8.8-remote-protect-against-integer-overflow.patch

@@ -0,0 +1,115 @@
+From 9388aeabcbb06ec93845b6d066148ad4cfe1dd9e Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 24 Jun 2011 12:16:05 -0600
+Subject: [PATCH 6/6] remote: protect against integer overflow
+
+https://bugzilla.redhat.com/show_bug.cgi?id=717204
+CVE-2011-2511 - integer overflow in VirDomainGetVcpus
+
+Integer overflow and remote code are never a nice mix.
+
+This has existed since commit 56cd414.
+
+* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
+* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
+  on sending rpc.
+* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
+  receiving rpc.
+
+(cherry picked from commit 774b21c163845170c9ffa873f5720d318812eaf6)
+
+Conflicts:
+
+	daemon/remote.c
+	src/remote/remote_driver.c
+
+Change to internal.h required to avoid backporting 89d994ad.
+---
+ daemon/remote.c            |    3 ++-
+ src/internal.h             |   17 +++++++++++++++++
+ src/libvirt.c              |    5 +++--
+ src/remote/remote_driver.c |    3 ++-
+ 4 files changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 159430e..b707326 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -1722,7 +1722,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+         return -1;
+     }
+ 
+-    if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) ||
++        args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
+         virDomainFree(dom);
+         remoteDispatchFormatError (rerr, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX"));
+         return -1;
+diff --git a/src/internal.h b/src/internal.h
+index e263684..f47b842 100644
+--- a/src/internal.h
++++ b/src/internal.h
+@@ -232,6 +232,23 @@
+         }                                                               \
+     } while (0)
+ 
++/* branch-specific: we don't want to update gnulib on the branch, so this
++ * backports just one required macro from newer gnulib's intprops.h.
++ * This version requires that both a and b are 'int', rather than
++ * the fully type-generic version from gnulib.  */
++# define INT_MULTIPLY_OVERFLOW(a, b)            \
++    ((b) < 0                                    \
++     ? ((a) < 0                                 \
++        ? (a) < INT_MAX / (b)                   \
++        : (b) == -1                             \
++        ? 0                                     \
++        : INT_MIN / (b) < (a))                  \
++     : (b) == 0                                 \
++     ? 0                                        \
++     : ((a) < 0                                 \
++        ? (a) < INT_MIN / (b)                   \
++        : INT_MAX / (b) < (a)))
++
+ /* divide value by size, rounding up */
+ # define VIR_DIV_UP(value, size) (((value) + (size) - 1) / (size))
+ 
+diff --git a/src/libvirt.c b/src/libvirt.c
+index 8c70a1f..d8ab8f8 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -40,6 +40,7 @@
+ #include "util.h"
+ #include "memory.h"
+ #include "configmake.h"
++#include "intprops.h"
+ 
+ #ifndef WITH_DRIVER_MODULES
+ # ifdef WITH_TEST
+@@ -5363,8 +5364,8 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
+ 
+     /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
+        try to memcpy anything into a NULL pointer.  */
+-    if ((cpumaps == NULL && maplen != 0)
+-        || (cpumaps && maplen <= 0)) {
++    if (!cpumaps ? maplen != 0
++        : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) {
+         virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+         goto error;
+     }
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index 4ca0d3b..c73452e 100644
+--- a/src/remote/remote_driver.c
++++ b/src/remote/remote_driver.c
+@@ -2850,7 +2850,8 @@ remoteDomainGetVcpus (virDomainPtr domain,
+                     maxinfo, REMOTE_VCPUINFO_MAX);
+         goto done;
+     }
+-    if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) ||
++        maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
+         remoteError(VIR_ERR_RPC,
+                     _("vCPU map buffer length exceeds maximum: %d > %d"),
+                     maxinfo * maplen, REMOTE_CPUMAPS_MAX);
+-- 
+1.7.3.4
+

libvirt-0.8.8-rpm-add-missing-dependencies.patch

@@ -0,0 +1,99 @@
+From 775581ead9c0b6435e8a0dad2a6838909638e7b6 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 23 Mar 2011 10:30:49 -0600
+Subject: [PATCH 5/6] rpm: add missing dependencies
+
+manually adapted from upstream 206fc979b1656722b254e683d89b3e9fc4480c63
+
+Among others, the missing radvd dependency showed up as:
+
+error: Failed to start network ipv6net
+error: Cannot find radvd - Possibly the package isn't installed: No such file
+or directory
+
+even when radvd was installed, because the RADVD preprocessor
+symbol was missing at configure time.
+
+* libvirt.spec.in (with_network): Add Build and BuildRequires for radvd
+    (BuildRequires): Add libxslt and augeas for docs and test.
+    (with_libvirtd): Add module-init-tools for modprobe.
+    (with_nwfilter): Add BuildRequires for ebtables.
+---
+ libvirt.spec.in |   26 ++++++++++++++++++++++++--
+ 1 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index 23f4525..8ffb757 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -219,15 +219,21 @@ Requires: %{name}-client = %{version}-%{release}
+ # daemon is present
+ %if %{with_libvirtd}
+ Requires: bridge-utils
++# for modprobe of pci devices
++Requires: module-init-tools
++# for /sbin/ip
++Requires: iproute
+ %endif
+ %if %{with_network}
+ Requires: dnsmasq >= 2.41
++Requires: radvd
++%endif
++%if %{with_network} || %{with_nwfilter}
+ Requires: iptables
++Requires: iptables-ipv6
+ %endif
+ %if %{with_nwfilter}
+ Requires: ebtables
+-Requires: iptables
+-Requires: iptables-ipv6
+ %endif
+ # needed for device enumeration
+ %if %{with_hal}
+@@ -295,10 +301,15 @@ BuildRequires: xmlrpc-c-devel >= 1.14.0
+ %endif
+ BuildRequires: libxml2-devel
+ BuildRequires: xhtml1-dtds
++BuildRequires: libxslt
+ BuildRequires: readline-devel
+ BuildRequires: ncurses-devel
+ BuildRequires: gettext
+ BuildRequires: gnutls-devel
++%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
++# for augparse, optionally used in testing
++BuildRequires: augeas
++%endif
+ %if %{with_hal}
+ BuildRequires: hal-devel
+ %endif
+@@ -323,8 +334,15 @@ BuildRequires: libselinux-devel
+ %endif
+ %if %{with_network}
+ BuildRequires: dnsmasq >= 2.41
++BuildRequires: iptables
++BuildRequires: iptables-ipv6
++BuildRequires: radvd
++%endif
++%if %{with_nwfilter}
++BuildRequires: ebtables
+ %endif
+ BuildRequires: bridge-utils
++BuildRequires: module-init-tools
+ %if %{with_sasl}
+ BuildRequires: cyrus-sasl-devel
+ %endif
+@@ -388,7 +406,11 @@ BuildRequires: libssh2-devel
+ BuildRequires: netcf-devel >= 0.1.4
+ %endif
+ %if %{with_esx}
++%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6
+ BuildRequires: libcurl-devel
++%else
++BuildRequires: curl-devel
++%endif
+ %endif
+ %if %{with_audit}
+ BuildRequires: audit-libs-devel
+-- 
+1.7.3.4
+

libvirt-0.8.8-security-plug-regression-introduced-in-disk-probe-lo.patch

@@ -0,0 +1,40 @@
+From c2d77ade37ee917ca258cb24ffb130fc07bb95b4 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 26 May 2011 08:18:46 -0600
+Subject: [PATCH 1/6] security: plug regression introduced in disk probe logic
+
+This patch resolves:
+
+  https://bugzilla.redhat.com/show_bug.cgi?id=709775
+  CVE-2011-2178 - regression introduced in disk probe logic
+
+Regression introduced in commit d6623003 (v0.8.8) - using the
+wrong sizeof operand meant that security manager private data
+was overlaying the allowDiskFormatProbing member of struct
+_virSecurityManager.  This reopens disk probing, which was
+supposed to be prevented by the solution to CVE-2010-2238.
+
+* src/security/security_manager.c
+(virSecurityManagerGetPrivateData): Use correct offset.
+---
+ src/security/security_manager.c |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/src/security/security_manager.c b/src/security/security_manager.c
+index 0246dd8..6f0becd 100644
+--- a/src/security/security_manager.c
++++ b/src/security/security_manager.c
+@@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
+ 
+ void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
+ {
+-    return ((char*)mgr) + sizeof(mgr);
++    /* This accesses the memory just beyond mgr, which was allocated
++     * via VIR_ALLOC_VAR earlier.  */
++    return mgr + 1;
+ }
+ 
+ 
+-- 
+1.7.3.4
+

libvirt-0.8.8-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch

@@ -0,0 +1,27 @@
+From 9679cde15cabf95c7538c3b6929893ec68552d23 Mon Sep 17 00:00:00 2001
+From: Dan Kenigsberg <danken@redhat.com>
+Date: Sun, 20 Feb 2011 22:29:25 +0200
+Subject: [PATCH 3/6] virt-pki-validate: behave when CERTTOOL is missing
+
+https://bugzilla.redhat.com/show_bug.cgi?id=680270
+libvirt-client is missing some dependencies
+---
+ tools/virt-pki-validate.in |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
+index 207fa76..96659cf 100755
+--- a/tools/virt-pki-validate.in
++++ b/tools/virt-pki-validate.in
+@@ -14,7 +14,7 @@ PORT=16514
+ # First get certtool
+ #
+ CERTOOL=`which certtool 2>/dev/null`
+-if [ ! -x $CERTOOL ]
++if [ ! -x "$CERTOOL" ]
+ then
+     echo "Could not locate the certtool program"
+     echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
+-- 
+1.7.3.4
+

libvirt.spec

@@ -31,18 +31,19 @@
 
 # Then the hypervisor drivers that run on local host
 %define with_xen           0%{!?_without_xen:%{server_drivers}}
-%define with_xen_proxy     0%{!?_without_xen_proxy:%{server_drivers}}
 %define with_qemu          0%{!?_without_qemu:%{server_drivers}}
 %define with_openvz        0%{!?_without_openvz:%{server_drivers}}
 %define with_lxc           0%{!?_without_lxc:%{server_drivers}}
 %define with_vbox          0%{!?_without_vbox:%{server_drivers}}
 %define with_uml           0%{!?_without_uml:%{server_drivers}}
+%define with_xenapi        0%{!?_without_xenapi:%{server_drivers}}
 # XXX this shouldn't be here, but it mistakenly links into libvirtd
 %define with_one           0%{!?_without_one:%{server_drivers}}
 
 # Then the hypervisor drivers that talk a native remote protocol
 %define with_phyp          0%{!?_without_phyp:1}
 %define with_esx           0%{!?_without_esx:1}
+%define with_vmware        0%{!?_without_vmware:1}
 
 # Then the secondary host drivers
 %define with_network       0%{!?_without_network:%{server_drivers}}
@@ -61,6 +62,13 @@
 %define with_udev          0%{!?_without_udev:0}
 %define with_hal           0%{!?_without_hal:0}
 %define with_yajl          0%{!?_without_yajl:0}
+%define with_nwfilter      0%{!?_without_nwfilter:0}
+%define with_libpcap       0%{!?_without_libpcap:0}
+%define with_macvtap       0%{!?_without_macvtap:0}
+%define with_libnl         0%{!?_without_libnl:0}
+%define with_audit         0%{!?_without_audit:0}
+%define with_dtrace        0%{!?_without_dtrace:0}
+%define with_cgconfig      0%{!?_without_cgconfig:0}
 
 # Non-server/HV driver defaults which are always enabled
 %define with_python        0%{!?_without_python:1}
@@ -74,19 +82,21 @@
 %define with_xen 0
 %endif
 
-# Numactl is not available on s390[x]
-%ifarch s390 s390x
+# Numactl is not available on s390[x] and ARM
+%ifarch s390 s390x %{arm}
 %define with_numactl 0
 %endif
 
-# RHEL doesn't ship OpenVZ, VBox, UML, OpenNebula, PowerHypervisor or ESX
+# RHEL doesn't ship OpenVZ, VBox, UML, OpenNebula, PowerHypervisor,
+# VMWare, or libxenserver (xenapi)
 %if 0%{?rhel}
 %define with_openvz 0
 %define with_vbox 0
 %define with_uml 0
 %define with_one 0
 %define with_phyp 0
-%define with_esx 0
+%define with_vmware 0
+%define with_xenapi 0
 %endif
 
 # RHEL-5 has restricted QEMU to x86_64 only and is too old for LXC
@@ -106,11 +116,6 @@
 %define with_xen 0
 %endif
 
-# If Xen isn't turned on, we shouldn't build the xen proxy either
-%if ! %{with_xen}
-%define with_xen_proxy 0
-%endif
-
 # Fedora doesn't have any QEMU on ppc64 - only ppc
 %if 0%{?fedora}
 %ifarch ppc64
@@ -118,11 +123,9 @@
 %endif
 %endif
 
-# PolicyKit was introduced in Fedora 8 / RHEL-6 or newer, allowing
-# the setuid Xen proxy to be killed off
+# PolicyKit was introduced in Fedora 8 / RHEL-6 or newer
 %if 0%{?fedora} >= 8 || 0%{?rhel} >= 6
 %define with_polkit    0%{!?_without_polkit:1}
-%define with_xen_proxy 0
 %endif
 
 # libcapng is used to manage capabilities in Fedora 12 / RHEL-6 or newer
@@ -147,6 +150,32 @@
 %define with_yajl     0%{!?_without_yajl:%{server_drivers}}
 %endif
 
+# Enable libpcap library
+%if %{with_qemu}
+%define with_nwfilter 0%{!?_without_nwfilter:%{server_drivers}}
+%define with_libpcap  0%{!?_without_libpcap:%{server_drivers}}
+%define with_macvtap  0%{!?_without_macvtap:%{server_drivers}}
+%endif
+
+%if %{with_macvtap}
+%define with_libnl 1
+%endif
+
+%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
+%define with_audit    0%{!?_without_audit:1}
+%endif
+
+%if 0%{?fedora} >= 13 || 0%{?rhel} >= 6
+%define with_dtrace 1
+%endif
+
+# Pull in cgroups config system
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+%if %{with_qemu} || %{with_lxc}
+%define with_cgconfig 0%{!?_without_cgconfig:1}
+%endif
+%endif
+
 # Force QEMU to run as non-root
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 %define qemu_user  qemu
@@ -166,28 +195,57 @@
 %endif
 
 
-Summary: Library providing a simple API virtualization
+# there's no use compiling the network driver without
+# the libvirt daemon
+%if ! %{with_libvirtd}
+%define with_network 0
+%endif
+
+Summary: Library providing a simple virtualization API
 Name: libvirt
-Version: 0.7.5
-Release: 2%{?dist}%{?extra_release}
+Version: 0.8.8
+Release: 7%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
+Patch1: %{name}-%{version}-kernel-boot-index.patch
+Patch2: %{name}-%{version}-read-only-checks.patch
+# Patches 5, 6  CVE-2011-1486
+Patch3: %{name}-%{version}-threadsafe-libvirtd-error-reporting.patch
+Patch4: %{name}-%{version}-avoid-resetting-errors.patch
+Patch5: %{name}-%{version}-security-plug-regression-introduced-in-disk-probe-lo.patch
+Patch6: %{name}-%{version}-Requires-gettext-for-client-package.patch
+Patch7: %{name}-%{version}-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch
+Patch8: %{name}-%{version}-build-add-dependency-on-gnutls-utils.patch
+Patch9: %{name}-%{version}-rpm-add-missing-dependencies.patch
+Patch10: %{name}-%{version}-remote-protect-against-integer-overflow.patch
+Patch11: %{name}-%{version}-make-commandtest-more-robust.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
 BuildRequires: python-devel
 
 # The client side, i.e. shared libs and virsh are in a subpackage
-Requires: libvirt-client = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
 
 # Used by many of the drivers, so turn it on whenever the
 # daemon is present
 %if %{with_libvirtd}
 Requires: bridge-utils
+# for modprobe of pci devices
+Requires: module-init-tools
+# for /sbin/ip
+Requires: iproute
 %endif
 %if %{with_network}
-Requires: dnsmasq
+Requires: dnsmasq >= 2.41
+Requires: radvd
+%endif
+%if %{with_network} || %{with_nwfilter}
 Requires: iptables
+Requires: iptables-ipv6
+%endif
+%if %{with_nwfilter}
+Requires: ebtables
 %endif
 # needed for device enumeration
 %if %{with_hal}
@@ -244,6 +302,9 @@ Requires: parted
 # For multipath support
 Requires: device-mapper
 %endif
+%if %{with_cgconfig}
+Requires: libcgroup
+%endif
 %if %{with_xen}
 BuildRequires: xen-devel
 %endif
@@ -252,10 +313,15 @@ BuildRequires: xmlrpc-c-devel >= 1.14.0
 %endif
 BuildRequires: libxml2-devel
 BuildRequires: xhtml1-dtds
+BuildRequires: libxslt
 BuildRequires: readline-devel
 BuildRequires: ncurses-devel
 BuildRequires: gettext
 BuildRequires: gnutls-devel
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+# for augparse, optionally used in testing
+BuildRequires: augeas
+%endif
 %if %{with_hal}
 BuildRequires: hal-devel
 %endif
@@ -266,6 +332,12 @@ BuildRequires: libpciaccess-devel >= 0.10.9
 %if %{with_yajl}
 BuildRequires: yajl-devel
 %endif
+%if %{with_libpcap}
+BuildRequires: libpcap-devel
+%endif
+%if %{with_libnl}
+BuildRequires: libnl-devel
+%endif
 %if %{with_avahi}
 BuildRequires: avahi-devel
 %endif
@@ -273,9 +345,16 @@ BuildRequires: avahi-devel
 BuildRequires: libselinux-devel
 %endif
 %if %{with_network}
-BuildRequires: dnsmasq
+BuildRequires: dnsmasq >= 2.41
+BuildRequires: iptables
+BuildRequires: iptables-ipv6
+BuildRequires: radvd
+%endif
+%if %{with_nwfilter}
+BuildRequires: ebtables
 %endif
 BuildRequires: bridge-utils
+BuildRequires: module-init-tools
 %if %{with_sasl}
 BuildRequires: cyrus-sasl-devel
 %endif
@@ -338,6 +417,21 @@ BuildRequires: libssh2-devel
 %if %{with_netcf}
 BuildRequires: netcf-devel >= 0.1.4
 %endif
+%if %{with_esx}
+%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6
+BuildRequires: libcurl-devel
+%else
+BuildRequires: curl-devel
+%endif
+%endif
+%if %{with_audit}
+BuildRequires: audit-libs-devel
+%endif
+%if %{with_dtrace}
+# we need /usr/sbin/dtrace
+BuildRequires: systemtap-sdt-devel
+%endif
+
 
 # Fedora build root suckage
 BuildRequires: gawk
@@ -355,6 +449,10 @@ Requires: ncurses
 # So remote clients can access libvirt over SSH tunnel
 # (client invokes 'nc' against the UNIX socket on the server)
 Requires: nc
+# Needed by libvirt-guests init script.
+Requires: gettext
+# Needed by virt-pki-validate script.
+Requires: gnutls-utils
 %if %{with_sasl}
 Requires: cyrus-sasl
 # Not technically required, but makes 'out-of-box' config
@@ -369,7 +467,7 @@ virtualization capabilities of recent versions of Linux (and other OSes).
 %package devel
 Summary: Libraries, includes, etc. to compile with the libvirt library
 Group: Development/Libraries
-Requires: libvirt-client = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
 Requires: pkgconfig
 %if %{with_xen}
 Requires: xen-devel
@@ -383,7 +481,7 @@ the virtualization capabilities of recent versions of Linux (and other OSes).
 %package python
 Summary: Python bindings for the libvirt library
 Group: Development/Libraries
-Requires: libvirt-client = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
 
 %description python
 The libvirt-python package contains a module that permits applications
@@ -394,6 +492,17 @@ of recent versions of Linux (and other OSes).
 
 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
 
 %build
 %if ! %{with_xen}
@@ -416,6 +525,10 @@ of recent versions of Linux (and other OSes).
 %define _without_vbox --without-vbox
 %endif
 
+%if ! %{with_xenapi}
+%define _without_xenapi --without-xenapi
+%endif
+
 %if ! %{with_sasl}
 %define _without_sasl --without-sasl
 %endif
@@ -432,6 +545,10 @@ of recent versions of Linux (and other OSes).
 %define _without_esx --without-esx
 %endif
 
+%if ! %{with_vmware}
+%define _without_vmware --without-vmware
+%endif
+
 %if ! %{with_polkit}
 %define _without_polkit --without-polkit
 %endif
@@ -508,11 +625,35 @@ of recent versions of Linux (and other OSes).
 %define _without_yajl --without-yajl
 %endif
 
+%if ! %{with_libpcap}
+%define _without_libpcap --without-libpcap
+%endif
+
+%if ! %{with_macvtap}
+%define _without_macvtap --without-macvtap
+%endif
+
+%if ! %{with_audit}
+%define _without_audit --without-audit
+%endif
+
+%if ! %{with_dtrace}
+%define _without_dtrace --without-dtrace
+%endif
+
+%define when  %(date +"%%F-%%T")
+%define where %(hostname)
+%define who   %{?packager}%{!?packager:Unknown}
+%define with_packager --with-packager="%{who}, %{when}, %{where}"
+%define with_packager_version --with-packager-version="%{release}"
+
+
 %configure %{?_without_xen} \
            %{?_without_qemu} \
            %{?_without_openvz} \
            %{?_without_lxc} \
            %{?_without_vbox} \
+           %{?_without_xenapi} \
            %{?_without_sasl} \
            %{?_without_avahi} \
            %{?_without_polkit} \
@@ -522,6 +663,7 @@ of recent versions of Linux (and other OSes).
            %{?_without_one} \
            %{?_without_phyp} \
            %{?_without_esx} \
+           %{?_without_vmware} \
            %{?_without_network} \
            %{?_with_rhel5_api} \
            %{?_without_storage_fs} \
@@ -536,6 +678,12 @@ of recent versions of Linux (and other OSes).
            %{?_without_hal} \
            %{?_without_udev} \
            %{?_without_yajl} \
+           %{?_without_libpcap} \
+           %{?_without_macvtap} \
+           %{?_without_audit} \
+           %{?_without_dtrace} \
+           %{with_packager} \
+           %{with_packager_version} \
            --with-qemu-user=%{qemu_user} \
            --with-qemu-group=%{qemu_group} \
            --with-init-script=redhat \
@@ -547,7 +695,7 @@ gzip -9 ChangeLog
 rm -fr %{buildroot}
 
 %makeinstall
-for i in domain-events/events-c dominfo domsuspend hellolibvirt python
+for i in domain-events/events-c dominfo domsuspend hellolibvirt openauth python xml/nwfilter systemtap
 do
   (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in)
 done
@@ -557,6 +705,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
 
 %if %{with_network}
+install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/lib/libvirt/dnsmasq/
 # We don't want to install /etc/libvirt/qemu/networks in the main %files list
 # because if the admin wants to delete the default network completely, we don't
 # want to end up re-incarnating it on every RPM upgrade.
@@ -590,20 +739,38 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version}
 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}
 %endif
 
+%if ! %{with_libvirtd}
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter
+mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}/html \
+   $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-devel-%{version}/
+%endif
+
 %if ! %{with_qemu}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu
 %endif
 %if ! %{with_lxc}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc
 %endif
-
-%if %{with_libvirtd}
-chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd
+%if ! %{with_uml}
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
 %endif
 
 %clean
 rm -fr %{buildroot}
 
+%check
+cd tests
+# These 3 tests don't current work in a mock build root
+for i in nodeinfotest daemon-conf seclabeltest
+do
+  rm -f $i
+  printf "#!/bin/sh\nexit 0\n" > $i
+  chmod +x $i
+done
+make check
+
 %pre
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 # Normally 'setup' adds this in /etc/passwd, but this is
@@ -624,7 +791,7 @@ getent passwd qemu >/dev/null || \
 # or on the first upgrade from a non-network aware libvirt only.
 # We check this by looking to see if the daemon is already installed
 /sbin/chkconfig --list libvirtd 1>/dev/null 2>&1
-if [ $? != 0 -a ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ]
+if test $? != 0 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml
 then
     UUID=`/usr/bin/uuidgen`
     sed -e "s,</name>,</name>\n  <uuid>$UUID</uuid>," \
@@ -634,6 +801,12 @@ then
 fi
 %endif
 
+%if %{with_cgconfig}
+if [ "$1" -eq "1" ]; then
+/sbin/chkconfig cgconfig on
+fi
+%endif
+
 /sbin/chkconfig --add libvirtd
 if [ "$1" -ge "1" ]; then
 	/sbin/service libvirtd condrestart > /dev/null 2>&1
@@ -648,7 +821,25 @@ if [ $1 = 0 ]; then
 fi
 %endif
 
-%post client -p /sbin/ldconfig
+%preun client
+
+if [ $1 = 0 ]; then
+    /sbin/chkconfig --del libvirt-guests
+    rm -f /var/lib/libvirt/libvirt-guests
+fi
+
+%post client
+
+/sbin/ldconfig
+/sbin/chkconfig --add libvirt-guests
+if [ $1 -ge 1 ]; then
+    level=$(/sbin/runlevel | /bin/cut -d ' ' -f 2)
+    if /sbin/chkconfig --list libvirt-guests | /bin/grep -q $level:on ; then
+        # this doesn't do anything but allowing for libvirt-guests to be
+        # stopped on the first shutdown
+        /sbin/service libvirt-guests start > /dev/null 2>&1 || true
+    fi
+fi
 
 %postun client -p /sbin/ldconfig
 
@@ -665,19 +856,29 @@ fi
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
 %endif
 
+%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
+%{_sysconfdir}/libvirt/nwfilter/*.xml
+
 %{_sysconfdir}/rc.d/init.d/libvirtd
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
+%if %{with_dtrace}
+%{_datadir}/systemtap/tapsets/libvirtd.stp
+%endif
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
 
 %if %{with_qemu}
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
 %endif
 %if %{with_lxc}
 %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc
+%endif
+%if %{with_uml}
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml
 %endif
 
 %dir %{_datadir}/libvirt/
@@ -689,15 +890,14 @@ fi
 
 %dir %{_localstatedir}/run/libvirt/
 
-%dir %{_localstatedir}/lib/libvirt/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
 %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
 
 %if %{with_qemu}
 %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
-%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
-%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
 %endif
 %if %{with_lxc}
 %dir %{_localstatedir}/run/libvirt/lxc/
@@ -710,6 +910,7 @@ fi
 %if %{with_network}
 %dir %{_localstatedir}/run/libvirt/network/
 %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/network/
+%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/dnsmasq/
 %endif
 
 %if %{with_qemu}
@@ -735,10 +936,6 @@ fi
 
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/
 
-%if %{with_xen_proxy}
-%attr(4755, root, root) %{_libexecdir}/libvirt_proxy
-%endif
-
 %if %{with_lxc}
 %attr(0755, root, root) %{_libexecdir}/libvirt_lxc
 %endif
@@ -746,6 +943,8 @@ fi
 %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
 %attr(0755, root, root) %{_sbindir}/libvirtd
 
+%{_mandir}/man8/libvirtd.8*
+
 %doc docs/*.xml
 %endif
 
@@ -765,6 +964,7 @@ fi
 %dir %{_datadir}/libvirt/schemas/
 
 %{_datadir}/libvirt/schemas/domain.rng
+%{_datadir}/libvirt/schemas/domainsnapshot.rng
 %{_datadir}/libvirt/schemas/network.rng
 %{_datadir}/libvirt/schemas/storagepool.rng
 %{_datadir}/libvirt/schemas/storagevol.rng
@@ -773,9 +973,14 @@ fi
 %{_datadir}/libvirt/schemas/interface.rng
 %{_datadir}/libvirt/schemas/secret.rng
 %{_datadir}/libvirt/schemas/storageencryption.rng
+%{_datadir}/libvirt/schemas/nwfilter.rng
 
 %{_datadir}/libvirt/cpu_map.xml
 
+%{_sysconfdir}/rc.d/init.d/libvirt-guests
+%config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
+%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
+
 %if %{with_sasl}
 %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
 %endif
@@ -799,7 +1004,9 @@ fi
 %doc examples/domain-events/events-c
 %doc examples/dominfo
 %doc examples/domsuspend
+%doc examples/openauth
 %doc examples/xml
+%doc examples/systemtap
 
 %if %{with_python}
 %files python
@@ -815,6 +1022,152 @@ fi
 %endif
 
 %changelog
+* Wed Jul  5 2011 Laine Stump <laine@redhat.com> - 0.8.8-7
+- Make commandtest more robust.
+
+* Wed Jul  5 2011 Peter Robinson <pbrobinson@gmail.com> - 0.8.8-6
+- Add ARM to NUMA excludes
+
+* Tue Jul  5 2011 Laine Stump <laine@redhat.com> 0.8.8-5
+- Fix for CVE-2011-2178, regression introduced in disk probe logic,
+  Bug 709775
+- Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus,
+  Bug 717204
+- Add several build and runtime dependencies to specfile
+  Bug 680270
+
+* Tue Apr  5 2011 Laine Stump <laine@redhat.com> 0.8.8-4
+- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
+  bug 693457
+
+* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-3
+- fix a lack of API check on read-only connections 683655
+- CVE-2011-1146
+
+* Mon Feb 21 2011 Daniel P. Berrange <berrange@redhat.com> - 0.8.8-2
+- Fix kernel boot with latest QEMU
+
+* Thu Feb 17 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-1
+- expose new API for sysinfo extraction
+- cgroup blkio weight support
+- smartcard device support
+- qemu: Support per-device boot ordering
+- Various improvements and bug fixes
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Thu Jan  6 2011 Daniel Veillard <veillard@redhat.com> - 0.8.7-1
+- Preliminary support for VirtualBox 4.0
+- IPv6 support
+- Add VMware Workstation and Player driver driver
+- Add network disk support
+- Various improvements and bug fixes
+- from 0.8.6:
+- Add support for iSCSI target auto-discovery
+- QED: Basic support for QED images
+- remote console support
+- support for SPICE graphics
+- sysinfo and VMBIOS support
+- virsh qemu-monitor-command
+- various improvements and bug fixes
+
+* Fri Oct 29 2010 Daniel Veillard <veillard@redhat.com> - 0.8.5-1
+- Enable JSON and netdev features in QEMU >= 0.13
+- framework for auditing integration
+- framework DTrace/SystemTap integration
+- Setting the number of vcpu at boot
+- Enable support for nested SVM
+- Virtio plan9fs filesystem QEMU
+- Memory parameter controls
+- various improvements and bug fixes
+
+* Wed Sep 29 2010 jkeating - 0.8.4-3
+- Rebuilt for gcc bug 634757
+
+* Thu Sep 16 2010 Dan Horák <dan[at]danny.cz> - 0.8.4-2
+- disable the nwfilterxml2xmltest also on s390(x)
+
+* Mon Sep 13 2010 Daniel Veillard <veillard@redhat.com> - 0.8.4-1
+- Upstream release 0.8.4
+
+* Mon Aug 23 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.3-2
+- Fix potential overflow in boot menu code
+
+* Mon Aug 23 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.3-1
+- Upstream release 0.8.3
+
+* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 0.8.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Mon Jul 12 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.2-2
+- CVE-2010-2237 ignoring defined main disk format when looking up disk backing stores
+- CVE-2010-2238 ignoring defined disk backing store format when recursing into disk
+  image backing stores
+- CVE-2010-2239 not setting user defined backing store format when creating new image
+- CVE-2010-2242 libvirt: improperly mapped source privileged ports may allow for
+  obtaining privileged resources on the host
+
+* Mon Jul  5 2010 Daniel Veillard <veillard@redhat.com> - 0.8.2-1
+- Upstream release 0.8.2
+- phyp: adding support for IVM
+- libvirt: introduce domainCreateWithFlags API
+- add 802.1Qbh and 802.1Qbg switches handling
+- Support for VirtualBox version 3.2
+- Init script for handling guests on shutdown/boot
+- qemu: live migration with non-shared storage for kvm
+
+* Fri Apr 30 2010 Daniel Veillard <veillard@redhat.com> - 0.8.1-1
+- Upstream release 0.8.1
+- Starts dnsmasq from libvirtd with --dhcp-hostsfile
+- Add virDomainGetBlockInfo API to query disk sizing
+- a lot of bug fixes and cleanups
+
+* Mon Apr 12 2010 Daniel Veillard <veillard@redhat.com> - 0.8.0-1
+- Upstream release 0.8.0
+- Snapshotting support (QEmu/VBox/ESX)
+- Network filtering API
+- XenAPI driver
+- new APIs for domain events
+- Libvirt managed save API
+- timer subselection for domain clock
+- synchronous hooks
+- API to update guest CPU to host CPU
+- virDomainUpdateDeviceFlags new API
+- migrate max downtime API
+- volume wiping API
+- and many bug fixes
+
+* Tue Mar 30 2010 Richard W.M. Jones <rjones@redhat.com> - 0.7.7-3.fc14
+- No change, just rebuild against new libparted with bumped soname.
+
+* Mon Mar 22 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-2.fc14
+- Fix USB devices by product with security enabled (bz 574136)
+- Set kernel/initrd in security driver, fixes some URL installs (bz 566425)
+
+* Fri Mar  5 2010 Daniel Veillard <veillard@redhat.com> - 0.7.7-1
+- macvtap support
+- async job handling
+- virtio channel
+- computing baseline CPU
+- virDomain{Attach,Detach}DeviceFlags
+- assorted bug fixes and lots of cleanups
+
+* Tue Feb 16 2010 Adam Jackson <ajax@redhat.com> 0.7.6-2
+- libvirt-0.7.6-add-needed.patch: Fix FTBFS from --no-add-needed
+- Add BuildRequires: xmlrpc-c-client for libxmlrpc_client.so
+
+* Wed Feb  3 2010 Daniel Veillard <veillard@redhat.com> - 0.7.6-1
+- upstream release of 0.7.6
+- Use QEmu new device adressing when possible
+- Implement CPU topology support for QEMU driver
+- Implement SCSI controller hotplug/unplug for QEMU
+- Implement support for multi IQN
+- a lot of fixes and improvements
+
+* Thu Jan 14 2010 Chris Weyl <cweyl@alumni.drew.edu> 0.7.5-3
+- bump for libssh2 rebuild
+
 * Tue Jan 12 2010 Daniel P. Berrange <berrange@redhat.com> - 0.7.5-2
 - Rebuild for libparted soname change
 

sources

@@ -1 +1 @@
-06eedba78d4848cede7ab1a6e48f6df9  libvirt-0.7.5.tar.gz
+ac9235576352b84b8cb17df7456bbdfc  libvirt-0.8.8.tar.gz