[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/sid] 2 commits: Rediff patches
Guido Günther
gitlab at salsa.debian.org
Fri Apr 6 12:45:11 UTC 2018
Guido Günther pushed to branch debian/sid at Libvirt Packaging Team / libvirt
Commits:
c23ed3dc by Guido Günther at 2018-04-06T12:31:59+02:00
Rediff patches
Applied upstream:
lockd-fix-typo-in-virtlockd-admin.socket.patch
security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
- - - - -
f53db44e by Guido Günther at 2018-04-06T13:37:13+02:00
Document changes and release 4.2.0-1
- - - - -
8 changed files:
- debian/changelog
- debian/patches/debian/Debianize-libvirt-guests.patch
- debian/patches/debian/Don-t-enable-default-network-on-boot.patch
- debian/patches/debian/Use-upstreams-polkit-rule.patch
- debian/patches/debian/remove-RHism.diff.patch
- − debian/patches/lockd-fix-typo-in-virtlockd-admin.socket.patch
- − debian/patches/security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,17 @@
-libvirt (4.2.0-1~1.gbp91aebf) UNRELEASED; urgency=medium
-
- ** SNAPSHOT build @91aebf3f9c4a6bd399fd46031712e83a38daa085 **
+libvirt (4.2.0-1) unstable; urgency=medium
[ Laurent Bigonville ]
* [8d62a8c] Start admin sockets on installation (Closes: #893484)
[ Guido Günther ]
- * [417534b] New upstream version 4.2.0
-
- -- Guido Günther <agx at sigxcpu.org> Tue, 03 Apr 2018 13:24:38 +0200
+ * [417534b] New upstream version 4.2.0 (Closes: #894985)
+ * [9d7fa44] Bump symbol versions
+ * [c23ed3d] Rediff patches.
+ Applied upstream:
+ lockd-fix-typo-in-virtlockd-admin.socket.patch
+ CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
+
+ -- Guido Günther <agx at sigxcpu.org> Fri, 06 Apr 2018 12:33:30 +0200
libvirt (4.1.0-2) unstable; urgency=medium
=====================================
debian/patches/debian/Debianize-libvirt-guests.patch
=====================================
--- a/debian/patches/debian/Debianize-libvirt-guests.patch
+++ b/debian/patches/debian/Debianize-libvirt-guests.patch
@@ -9,7 +9,7 @@ Origin: vendor
2 files changed, 30 insertions(+), 19 deletions(-)
diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
-index d5e68e5..6bfab4e 100644
+index fcada31..f486070 100644
--- a/tools/libvirt-guests.sh.in
+++ b/tools/libvirt-guests.sh.in
@@ -1,5 +1,17 @@
=====================================
debian/patches/debian/Don-t-enable-default-network-on-boot.patch
=====================================
--- a/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
+++ b/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
@@ -4,29 +4,15 @@ Subject: Don't enable default network on boot
to not interfere with existing network configurations
---
- src/Makefile.am | 3 +--
- src/Makefile.in | 3 +--
+ src/Makefile.in | 3 +--
+ src/network/Makefile.inc.am | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 3bf2da5..c17f474 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -2896,8 +2896,7 @@ if WITH_NETWORK
- $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
- rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
- ( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
-- rm -f default.xml && \
-- $(LN_S) ../default.xml default.xml )
-+ rm -f default.xml )
- endif WITH_NETWORK
-
- uninstall-local:: uninstall-init uninstall-systemd uninstall-upstart \
diff --git a/src/Makefile.in b/src/Makefile.in
-index 99ba050..4014d22 100644
+index 771464d..d9d7146 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
-@@ -13122,8 +13122,7 @@ install-data-local: install-init install-systemd install-upstart \
+@@ -13023,8 +13023,7 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
@WITH_NETWORK_TRUE@ $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
@WITH_NETWORK_TRUE@ rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
@WITH_NETWORK_TRUE@ ( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
@@ -34,5 +20,19 @@ index 99ba050..4014d22 100644
- at WITH_NETWORK_TRUE@ $(LN_S) ../default.xml default.xml )
+ at WITH_NETWORK_TRUE@ rm -f default.xml )
- uninstall-local:: uninstall-init uninstall-systemd uninstall-upstart \
- uninstall-sysctl uninstall-polkit uninstall-sasl \
+ @WITH_NETWORK_TRUE at uninstall-data-network:
+ @WITH_NETWORK_TRUE@ rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml
+diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
+index 508c8c0..b0df5ec 100644
+--- a/src/network/Makefile.inc.am
++++ b/src/network/Makefile.inc.am
+@@ -85,8 +85,7 @@ install-data-network:
+ $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
+ rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
+ ( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
+- rm -f default.xml && \
+- $(LN_S) ../default.xml default.xml )
++ rm -f default.xml )
+
+ uninstall-data-network:
+ rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml
=====================================
debian/patches/debian/Use-upstreams-polkit-rule.patch
=====================================
--- a/debian/patches/debian/Use-upstreams-polkit-rule.patch
+++ b/debian/patches/debian/Use-upstreams-polkit-rule.patch
@@ -4,27 +4,58 @@ Subject: Use upstreams polkit rule
As of 1.2.16 upstream ships a Polkit rule like Debian does.
---
- src/Makefile.am | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ src/Makefile.am | 1 -
+ src/Makefile.in | 4 ++--
+ src/remote/Makefile.inc.am | 4 ++--
+ 3 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
-index c17f474..af604d5 100644
+index 8b1e4c8..5cce0d7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
-@@ -2251,14 +2251,14 @@ install-polkit::
- if ! WITH_POLKIT0
+@@ -811,7 +811,6 @@ else ! WITH_LIBVIRTD
+ install-logrotate:
+ uninstall-logrotate:
+ endif ! WITH_LIBVIRTD
+-
+ if LIBVIRT_INIT_SCRIPT_RED_HAT
+ install-init:: $(SYSVINIT_FILES) install-sysconfig
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
+diff --git a/src/Makefile.in b/src/Makefile.in
+index d9d7146..01d41e6 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -13072,12 +13072,12 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(MKDIR_P) $(DESTDIR)$(datadir)/polkit-1/rules.d
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
+- at WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
++ at WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
+
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE at uninstall-polkit::
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ rmdir $(DESTDIR)$(policydir) || :
+- at WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
++ at WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ rmdir $(DESTDIR)$(datadir)/polkit-1/rules.d || :
+
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_FALSE at install-polkit::
+diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
+index 12600b8..8b374a7 100644
+--- a/src/remote/Makefile.inc.am
++++ b/src/remote/Makefile.inc.am
+@@ -213,12 +213,12 @@ install-polkit::
+ $(DESTDIR)$(policydir)/org.libvirt.unix.policy
$(MKDIR_P) $(DESTDIR)$(datadir)/polkit-1/rules.d
$(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
- $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
+ $(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
- endif ! WITH_POLKIT0
uninstall-polkit::
rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
rmdir $(DESTDIR)$(policydir) || :
- if ! WITH_POLKIT0
- rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
+ rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
rmdir $(DESTDIR)$(datadir)/polkit-1/rules.d || :
- endif ! WITH_POLKIT0
+ else ! WITH_POLKIT
=====================================
debian/patches/debian/remove-RHism.diff.patch
=====================================
--- a/debian/patches/debian/remove-RHism.diff.patch
+++ b/debian/patches/debian/remove-RHism.diff.patch
@@ -7,7 +7,7 @@ Subject: remove-RHism.diff
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/virsh.pod b/tools/virsh.pod
-index 8f0e8d7..2625565 100644
+index 9d69a75..b29d628 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -119,7 +119,7 @@ virsh is coming from and which options and driver are compiled in.
=====================================
debian/patches/lockd-fix-typo-in-virtlockd-admin.socket.patch deleted
=====================================
--- a/debian/patches/lockd-fix-typo-in-virtlockd-admin.socket.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Jim Fehlig <jfehlig at suse.com>
-Date: Wed, 14 Mar 2018 16:42:39 -0600
-Subject: lockd: fix typo in virtlockd-admin.socket
-
-Commit ce7ae55ea1 introduced a typo in virtlockd-admin socket file
-
-/usr/lib/systemd/system/virtlockd-admin.socket:7: Unknown lvalue
-'Server' in section 'Socket'
-
-Change 'Server' to 'Service'.
-
-Signed-off-by: Jim Fehlig <jfehlig at suse.com>
-Reviewed-by: Erik Skultety <eskultet at redhat.com>
----
- src/locking/virtlockd-admin.socket.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
-index 1fa0a3d..2a7500f 100644
---- a/src/locking/virtlockd-admin.socket.in
-+++ b/src/locking/virtlockd-admin.socket.in
-@@ -4,7 +4,7 @@ Before=libvirtd.service
-
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
--Server=virtlockd.service
-+Service=virtlockd.service
-
- [Install]
- WantedBy=sockets.target
=====================================
debian/patches/security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch deleted
=====================================
--- a/debian/patches/security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange at redhat.com>
-Date: Thu, 1 Mar 2018 14:55:26 +0000
-Subject: CVE-2018-1064: qemu: avoid denial of service reading from QEMU guest
- agent
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: base64
-
-V2UgcmVhZCBmcm9tIHRoZSBhZ2VudCB1bnRpbCBzZWVpbmcgYSBcclxuIHBhaXIgdG8gaW5kaWNh
-dGUgYSBjb21wbGV0ZWQKcmVwbHkgb3IgZXZlbnQuIFRvIGF2b2lkIG1lbW9yeSBkZW5pYWwtb2Yt
-c2VydmljZSB0aG91Z2gsIHdlIG11c3QgaGF2ZSBhCnNpemUgbGltaXQgb24gYW1vdW50IG9mIGRh
-dGEgd2UgYnVmZmVyLiAxMCBNQiBpcyBsYXJnZSBlbm91Z2ggdGhhdCBpdApvdWdodCB0byBjb3Bl
-IHdpdGggbm9ybWFsIGFnZW50IHJlcGxpZXMsIGFuZCBzbWFsbCBlbm91Z2ggdGhhdCB3ZSdyZSBu
-b3QKY29uc3VtaW5nIHVucmVhc29uYWJsZSBtZW0uCgpUaGlzIGlzIGlkZW50aWNhbCB0byB0aGUg
-ZmxhdyB3ZSBoYWQgcmVhZGluZyBmcm9tIHRoZSBRRU1VIG1vbml0b3IKYXMgQ1ZFLTIwMTgtNTc0
-OCwgc28gcmF0aGVyIGVtYmFycmFzc2luZyB0aGF0IHdlIGZvcmdvdCB0byBmaXgKdGhlIGFnZW50
-IGNvZGUgYXQgdGhlIHNhbWUgdGltZS4KClNpZ25lZC1vZmYtYnk6IERhbmllbCBQLiBCZXJyYW5n
-w6kgPGJlcnJhbmdlQHJlZGhhdC5jb20+Cg==
----
- src/qemu/qemu_agent.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
-index 0f36054..89183c3 100644
---- a/src/qemu/qemu_agent.c
-+++ b/src/qemu/qemu_agent.c
-@@ -53,6 +53,15 @@ VIR_LOG_INIT("qemu.qemu_agent");
- #define DEBUG_IO 0
- #define DEBUG_RAW_IO 0
-
-+/* We read from QEMU until seeing a \r\n pair to indicate a
-+ * completed reply or event. To avoid memory denial-of-service
-+ * though, we must have a size limit on amount of data we
-+ * buffer. 10 MB is large enough that it ought to cope with
-+ * normal QEMU replies, and small enough that we're not
-+ * consuming unreasonable mem.
-+ */
-+#define QEMU_AGENT_MAX_RESPONSE (10 * 1024 * 1024)
-+
- /* When you are the first to uncomment this,
- * don't forget to uncomment the corresponding
- * part in qemuAgentIOProcessEvent as well.
-@@ -535,6 +544,12 @@ qemuAgentIORead(qemuAgentPtr mon)
- int ret = 0;
-
- if (avail < 1024) {
-+ if (mon->bufferLength >= QEMU_AGENT_MAX_RESPONSE) {
-+ virReportSystemError(ERANGE,
-+ _("No complete agent response found in %d bytes"),
-+ QEMU_AGENT_MAX_RESPONSE);
-+ return -1;
-+ }
- if (VIR_REALLOC_N(mon->buffer,
- mon->bufferLength + 1024) < 0)
- return -1;
=====================================
debian/patches/series
=====================================
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,5 +17,3 @@ debian/apparmor_profiles_local_include.patch
Set-defaults-for-zfs-tools.patch
Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
-security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
-lockd-fix-typo-in-virtlockd-admin.socket.patch
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/compare/9d7fa443a05131452d2774669b06c24b458fca88...f53db44e17bd3a15f67d2bd8530beec79d94fa69
---
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/compare/9d7fa443a05131452d2774669b06c24b458fca88...f53db44e17bd3a15f67d2bd8530beec79d94fa69
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-commits/attachments/20180406/b16978df/attachment-0001.html>
More information about the Pkg-libvirt-commits
mailing list