[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/experimental] 14 commits: Fix virtio-gpu + virgl support by cherry-picking upstream commits
Guido Günther
gitlab at salsa.debian.org
Wed Apr 10 08:48:39 BST 2019
Guido Günther pushed to branch debian/experimental at Libvirt Packaging Team / libvirt
Commits:
d7a7218f by intrigeri at 2019-04-01T09:30:52Z
Fix virtio-gpu + virgl support by cherry-picking upstream commits
virt-manager in current sid still creates new VMs with QXL graphics by default,
so this bug only affects users who opt in for virtio-gpu + 3D acceleration.
Still, the option for virtio-gpu + 3D acceleration is offered in the
virt-manager GUI, so having it broken by default is an important problem.
These are upstream commits:
f2cbb94eabdd5e3422c45b1afa48eb4c951c09e0
00fbb9e51678f76effa2d20e78a9be861ad5f484
27a9ebf28183cb3c3c784fcab622e67e978eb3dc
d85e8e400b48f1b4c1dfbf438dda83cd959eacf7
fb01e1a44daea773cd53f275cad6f031506c20db
Closes: #916587
- - - - -
39971869 by Christian Ehrhardt at 2019-04-05T18:06:00Z
d/libvirt-daemon-system.maintscript: remove obsolete conffile (Closes: #920574)
/etc/logrotate.d/libvirtd.uml became obsolete since UML was
dropped in libvirt 5.0
Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
- - - - -
c64d0207 by Christian Ehrhardt at 2019-04-05T18:13:47Z
d/libvirt-daemon-system.libvirtd.default: clarify libvirtd_opts example
(Closes: #921713)
Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
- - - - -
e6a409f4 by Guido Günther at 2019-04-06T17:49:43Z
Merge branch 'fix-minor-issues-in-libvirt-5.0.0-1' into 'debian/sid'
Fix minor issues in libvirt 5.0.0 1
See merge request libvirt-team/libvirt!12
- - - - -
790365e4 by Guido Günther at 2019-04-07T10:36:03Z
CVE-2019-3886: Don't allow unprivileged users to use the guest agent
Apply upstream patches
remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
api-disallow-virDomainGetHostname-for-read-only-connectio.patch
Closes: #926418
- - - - -
e8858268 by Guido Günther at 2019-04-07T10:52:21Z
Document changes and release 5.0.0-2
- - - - -
4fde9ed4 by Andrea Bolognani at 2019-04-07T15:26:50Z
Merge tag 'debian/5.0.0-2' into debian/experimental
libvirt Debian release 5.0.0-2
Conflicts:
debian/changelog
- - - - -
52792664 by Andrea Bolognani at 2019-04-07T15:27:27Z
Fix Debian changelog
5.2.0~rc2 and 5.2.0 have been imported; however, the Debian
changelog is still stuck at 5.2.0~rc1, and builds can't succeed
because of that.
Gbp-Dch: Ignore
- - - - -
453f85dd by Andrea Bolognani at 2019-04-07T16:30:50Z
Rediff patches
The patches
security-aa-helper-allow-virt-aa-helper-to-read-dev-dri.patch
security-aa-helper-generate-more-rules-for-gl-devices.patch
security-aa-helper-gl-devices-in-sysfs-at-arbitrary-depth.patch
security-aa-helper-nvidia-rules-for-gl-devices.patch
virt-aa-helper-generate-rules-for-gl-enabled-graphics-dev.patch
are included in libvirt 5.2.0 and have thus been dropped.
- - - - -
a4294efe by Andrea Bolognani at 2019-04-07T16:31:33Z
Bump symbol versions
5.2.0~rc1 (and 5.2.0~rc2) were not uploaded to Debian.
- - - - -
68394f60 by Andrea Bolognani at 2019-04-07T16:32:17Z
Add tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
Not having this causes FTBFS when using pbuilder.
- - - - -
26f30e62 by Andrea Bolognani at 2019-04-07T16:47:51Z
Document changes and release 5.2.0-1
Commit 0b5e54e is removed from the changelog because it's
superseded by the subsequent commit 453f85d, and documenting
what is, as far as users are concerned, a single change twice
seems weird.
- - - - -
f3e17136 by Guido Günther at 2019-04-10T06:53:24Z
Revert "Bump symbol versions"
The symbols were introduced in 5.2.0~rc2 already
This reverts commit a4294efe9ee349fc0aa4b6055d2d46820c78648f.
Gbp-Dch: Ignore
- - - - -
9d4ba53e by Guido Günther at 2019-04-10T07:36:31Z
Document changes and release 5.2.0-1
- - - - -
10 changed files:
- debian/changelog
- debian/libvirt-daemon-system.libvirtd.default
- + debian/libvirt-daemon-system.maintscript
- + debian/patches/api-disallow-virDomainGetHostname-for-read-only-connectio.patch
- debian/patches/debian/Don-t-enable-default-network-on-boot.patch
- debian/patches/debian/Prefer-sbin-over-usr-sbin.patch
- debian/patches/debian/Use-upstreams-polkit-rule.patch
- + debian/patches/remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
- debian/patches/series
- + debian/patches/tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
Changes:
=====================================
debian/changelog
=====================================
@@ -1,13 +1,34 @@
-libvirt (5.2.0~rc1-1~3.gbp21533c) UNRELEASED; urgency=medium
+libvirt (5.2.0-1) experimental; urgency=medium
- ** SNAPSHOT build @21533cff1685c78c610fa9e9ad7452a03a0ce620 **
+ * Team upload.
- * [932fa9d] New upstream version 5.2.0~rc1
- * [0b5e54e] Bump symbol versions
- * [bf0bc67] New upstream version 5.2.0~rc2
+ [ Christian Ehrhardt ]
+ * [3997186] d/libvirt-daemon-system.maintscript: remove obsolete conffile
+ /etc/logrotate.d/libvirtd.uml became obsolete since UML was dropped in
+ libvirt 5.0 (Closes: #920574)
+ * [c64d020] d/libvirt-daemon-system.libvirtd.default: clarify libvirtd_opts
+ example (Closes: #921713)
+
+ [ Guido Günther ]
* [dd9d74f] New upstream version 5.2.0
+ * [790365e] CVE-2019-3886: Don't allow unprivileged users to use the guest
+ agent. Apply upstream patches
+ remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+ api-disallow-virDomainGetHostname-for-read-only-connectio.patch
+ (Closes: #926418)
- -- Guido Günther <agx at sigxcpu.org> Fri, 05 Apr 2019 09:17:27 +0200
+ [ Andrea Bolognani ]
+ * [453f85d] Rediff patches. The patches
+ security-aa-helper-allow-virt-aa-helper-to-read-dev-dri.patch
+ security-aa-helper-generate-more-rules-for-gl-devices.patch
+ security-aa-helper-gl-devices-in-sysfs-at-arbitrary-depth.patch
+ security-aa-helper-nvidia-rules-for-gl-devices.patch
+ virt-aa-helper-generate-rules-for-gl-enabled-graphics-dev.patch
+ are included in libvirt 5.2.0 and have thus been dropped.
+ * [a4294ef] Bump symbol versions.
+ * [68394f6] Add tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
+
+ -- Andrea Bolognani <eof at kiyuko.org> Sun, 07 Apr 2019 18:39:49 +0200
libvirt (5.1.0-1) experimental; urgency=medium
@@ -23,6 +44,37 @@ libvirt (5.1.0-1) experimental; urgency=medium
-- Guido Günther <agx at sigxcpu.org> Thu, 28 Mar 2019 13:03:29 +0100
+libvirt (5.0.0-2) unstable; urgency=medium
+
+ [ Laurent Bigonville ]
+ * [76e2cb7] Don't recommend ebtables. It's part of the iptables package now.
+ (Closes: #918472)
+
+ [ intrigeri ]
+ * [d7a7218] Fix virtio-gpu + virgl support by cherry-picking upstream
+ commits virt-manager in current sid still creates new VMs with QXL
+ graphics by default, so this bug only affects users who opt in for
+ virtio-gpu 3D acceleration. Still, the option for virtio-gpu + 3D
+ acceleration is offered in the virt-manager GUI, so having it broken by
+ default is an important problem.
+ (Closes: #916587)
+
+ [ Christian Ehrhardt ]
+ * [3997186] d/libvirt-daemon-system.maintscript: remove obsolete conffile
+ /etc/logrotate.d/libvirtd.uml became obsolete since UML was dropped in
+ libvirt 5.0 (Closes: #920574)
+ * [c64d020] d/libvirt-daemon-system.libvirtd.default: clarify libvirtd_opts
+ example (Closes: #921713)
+
+ [ Guido Günther ]
+ * [790365e] CVE-2019-3886: Don't allow unprivileged users to use the guest
+ agent. Apply upstream patches
+ remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+ api-disallow-virDomainGetHostname-for-read-only-connectio.patch
+ (Closes: #926418)
+
+ -- Guido Günther <agx at sigxcpu.org> Sun, 07 Apr 2019 12:36:21 +0200
+
libvirt (5.0.0-1) unstable; urgency=medium
* [7346f30] New upstream version 5.0.0
=====================================
debian/libvirt-daemon-system.libvirtd.default
=====================================
@@ -4,7 +4,9 @@
# Start libvirtd to handle qemu/kvm:
start_libvirtd="yes"
-# options passed to libvirtd, add "-l" to listen on tcp
+# options passed to libvirtd, see man libvirtd for details.
+# For example to enable listening on tcp add -l here
+# and set up the TLS Certificates that libvirtd will need.
#libvirtd_opts=""
# pass in location of kerberos keytab
=====================================
debian/libvirt-daemon-system.maintscript
=====================================
@@ -0,0 +1 @@
+rm_conffile /etc/logrotate.d/libvirtd.uml 5.0.0-2~
=====================================
debian/patches/api-disallow-virDomainGetHostname-for-read-only-connectio.patch
=====================================
@@ -0,0 +1,30 @@
+From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange at redhat.com>
+Date: Wed, 3 Apr 2019 15:00:49 +0100
+Subject: api: disallow virDomainGetHostname for read-only connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+The virDomainGetHostname API is fetching guest information and this may
+involve use of an untrusted guest agent. As such its use must be
+forbidden on a read-only connection to libvirt.
+
+Fixes CVE-2019-3886
+Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
+---
+ src/libvirt-domain.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index be5b1f6..baf2182 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
+ virCheckDomainReturn(domain, NULL);
+ conn = domain->conn;
+
++ virCheckReadOnlyGoto(domain->conn->flags, error);
++
+ if (conn->driver->domainGetHostname) {
+ char *ret;
+ ret = conn->driver->domainGetHostname(domain, flags);
=====================================
debian/patches/debian/Don-t-enable-default-network-on-boot.patch
=====================================
@@ -9,10 +9,10 @@ to not interfere with existing network configurations
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/Makefile.in b/src/Makefile.in
-index 25f1b9d..f4e3fa5 100644
+index fe2d19f..2700a1d 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
-@@ -13372,8 +13372,7 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
+@@ -13398,8 +13398,7 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
@WITH_NETWORK_TRUE@ $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
@WITH_NETWORK_TRUE@ rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
@WITH_NETWORK_TRUE@ ( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
=====================================
debian/patches/debian/Prefer-sbin-over-usr-sbin.patch
=====================================
@@ -11,7 +11,7 @@ Closes: #895145
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 4dcdd12..94438db 100644
+index 880a3a7..307aff0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,7 +110,7 @@ then
=====================================
debian/patches/debian/Use-upstreams-polkit-rule.patch
=====================================
@@ -9,10 +9,10 @@ As of 1.2.16 upstream ships a Polkit rule like Debian does.
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/Makefile.in b/src/Makefile.in
-index f4e3fa5..99a185e 100644
+index 2700a1d..4abd388 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
-@@ -13421,12 +13421,12 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
+@@ -13447,12 +13447,12 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
@WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(DESTDIR)$(polkitactionsdir)/org.libvirt.unix.policy
@WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(MKDIR_P) $(DESTDIR)$(polkitrulesdir)
@WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@ $(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
@@ -28,10 +28,10 @@ index f4e3fa5..99a185e 100644
.PHONY: \
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
-index 3d0ff29..7835ed8 100644
+index dccecf8..c1916bd 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
-@@ -219,12 +219,12 @@ install-polkit:
+@@ -213,12 +213,12 @@ install-polkit:
$(DESTDIR)$(polkitactionsdir)/org.libvirt.unix.policy
$(MKDIR_P) $(DESTDIR)$(polkitrulesdir)
$(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
=====================================
debian/patches/remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
=====================================
@@ -0,0 +1,40 @@
+From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange at redhat.com>
+Date: Wed, 3 Apr 2019 15:00:50 +0100
+Subject: remote: enforce ACL write permission for getting guest time &
+ hostname
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Getting the guest time and hostname both require use of guest agent
+commands. These must not be allowed for read-only users, so the
+permissions check must validate "write" permission not "read".
+
+Fixes CVE-2019-3886
+Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
+---
+ src/remote/remote_protocol.x | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
+index 74be4b3..11f44ee 100644
+--- a/src/remote/remote_protocol.x
++++ b/src/remote/remote_protocol.x
+@@ -5513,7 +5513,7 @@ enum remote_procedure {
+
+ /**
+ * @generate: both
+- * @acl: domain:read
++ * @acl: domain:write
+ */
+ REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
+
+@@ -5908,7 +5908,7 @@ enum remote_procedure {
+
+ /**
+ * @generate: none
+- * @acl: domain:read
++ * @acl: domain:write
+ */
+ REMOTE_PROC_DOMAIN_GET_TIME = 337,
+
=====================================
debian/patches/series
=====================================
@@ -14,3 +14,6 @@ Set-defaults-for-zfs-tools.patch
Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
debian/Prefer-sbin-over-usr-sbin.patch
+api-disallow-virDomainGetHostname-for-read-only-connectio.patch
+remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
=====================================
debian/patches/tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
=====================================
@@ -0,0 +1,98 @@
+From: Eric Blake <eblake at redhat.com>
+Date: Wed, 27 Mar 2019 13:42:45 -0500
+Subject: tests: Avoid writing into $HOME during virsh-snapshot
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+In a constrained CI environment, where it is intentional that attempts
+to write outside the current directory will fail, virsh-snapshot was
+failing:
+
+ error: invalid argument: parent s3 for snapshot s2 not found
+ error: marker
++error: Failed to create '/home/travis/.cache/libvirt/virsh': Permission denied
+FAIL virsh-snapshot (exit status: 1)
+
+But we've already solved the problem in virsh-uriprecedence: tell
+virsh to use XDG locations pointing to somewhere we can write rather
+than its default of falling back to $HOME with the test being at risk
+of breaking due to the user's environment and/or unacceptably altering
+the user's normal cache. Hoist that solution into test-lib.sh, so
+that all scripts can use it as needed. While at it, fix a latent typo
+where XDG_RUNTIME_HOME was set to a literal relative directory name
+"XDG_CACHE_HOME" (the typo did not affect virsh-uriprecedence, but
+could matter to other clients).
+
+Fixes: 280a2b41
+Fixes: 398de147
+Reported-by: Daniel P. Berrangé <berrange at redhat.com>
+Signed-off-by: Eric Blake <eblake at redhat.com>
+
+(cherry picked from commit b18866086516b6fb1dc5bcc45dcde7b8df324850)
+---
+ tests/test-lib.sh | 13 +++++++++++++
+ tests/virsh-snapshot | 2 ++
+ tests/virsh-uriprecedence | 12 +-----------
+ 3 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/tests/test-lib.sh b/tests/test-lib.sh
+index 49e8d22..ef5a47b 100644
+--- a/tests/test-lib.sh
++++ b/tests/test-lib.sh
+@@ -222,6 +222,19 @@ mkfifo_or_skip_()
+ fi
+ }
+
++# Create mock XDG files/directories to avoid permission problems.
++# As it points inside $test_dir_, it is automatically cleaned.
++mock_xdg_()
++{
++ export XDG_CONFIG_HOME="$t_/.config"
++ export XDG_CACHE_HOME="$t_/.cache"
++ export XDG_RUNTIME_HOME="$XDG_CACHE_HOME"
++
++ mkdir -p "$XDG_CONFIG_HOME/libvirt" "$XDG_CONFIG_HOME/virsh"
++ mkdir -p "$XDG_CACHE_HOME/libvirt" "$XDG_CACHE_HOME/virsh"
++ mkdir -p "$XDG_RUNTIME_HOME/libvirt" "$XDG_RUNTIME_HOME/virsh"
++}
++
+ test_dir_=$(pwd)
+
+ this_test_() { echo "./$0" | sed 's,.*/,,'; }
+diff --git a/tests/virsh-snapshot b/tests/virsh-snapshot
+index fb8a99d..cb498cf 100755
+--- a/tests/virsh-snapshot
++++ b/tests/virsh-snapshot
+@@ -26,6 +26,8 @@ fi
+
+ fail=0
+
++mock_xdg_ || framework_failure
++
+ # The test driver loses states between restarts, so we perform a script
+ # with some convenient markers for later post-processing of output.
+ $abs_top_builddir/tools/virsh --connect test:///default >out 2>err '
+diff --git a/tests/virsh-uriprecedence b/tests/virsh-uriprecedence
+index 564e3dc..fd6ce10 100755
+--- a/tests/virsh-uriprecedence
++++ b/tests/virsh-uriprecedence
+@@ -11,17 +11,7 @@ virsh_cmd="$virsh_bin"
+ counter=0
+ ret=0
+
+-cleanup_() { rm -rf "$tmphome"; }
+-
+-# Create all mock files/directories to avoid permission problems
+-tmphome="$PWD/tmp_home"
+-export XDG_CONFIG_HOME="$tmphome/.config"
+-export XDG_CACHE_HOME="$tmphome/.cache"
+-export XDG_RUNTIME_HOME="XDG_CACHE_HOME"
+-
+-mkdir -p "$XDG_CONFIG_HOME/libvirt" "$XDG_CONFIG_HOME/virsh"
+-mkdir -p "$XDG_CACHE_HOME/libvirt" "$XDG_CACHE_HOME/virsh"
+-mkdir -p "$XDG_RUNTIME_HOME/libvirt" "$XDG_RUNTIME_HOME/virsh"
++mock_xdg_ || framework_failure
+
+ is_uri_good()
+ {
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/compare/861b36c90319f74236cdf898b50dd200edc77241...9d4ba53eacb24e92846bcfd37e89da757747dafb
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/compare/861b36c90319f74236cdf898b50dd200edc77241...9d4ba53eacb24e92846bcfd37e89da757747dafb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20190410/bde49662/attachment-0001.html>
More information about the Pkg-libvirt-commits
mailing list