[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/latest] 7 commits: changelog: Create entry for 10.1.0-1
Andrea Bolognani (@abologna)
gitlab at salsa.debian.org
Wed Mar 20 22:15:43 GMT 2024
Andrea Bolognani pushed to branch debian/latest at Libvirt Packaging Team / libvirt
Commits:
2bb87bae by Andrea Bolognani at 2024-03-18T23:11:58+01:00
changelog: Create entry for 10.1.0-1
Gbp-Dch: Ignore
- - - - -
844a3924 by Andrea Bolognani at 2024-03-18T23:14:14+01:00
symbols: Bump symbol versions
New symbols:
* virNodeDeviceUpdate
Gbp-Dch: Ignore
- - - - -
84128fe3 by Andrea Bolognani at 2024-03-18T23:18:20+01:00
patches: Drop backports
- - - - -
ea8fd81a by Andrea Bolognani at 2024-03-20T00:03:00+01:00
not-installed: Ignore sysusers.d
We create users and groups in maintainer scripts. Besides, all
the information in the file is suitable for Fedora/RHEL but
not for Debian, where we use different names and numerical IDs.
Gbp-Dch: Ignore
- - - - -
55519c3f by Andrea Bolognani at 2024-03-20T00:04:36+01:00
rules: Set userfaultfd_sysctl meson option
We install the resulting file as an example.
Gbp-Dch: Ignore
- - - - -
299474fb by Andrea Bolognani at 2024-03-20T00:04:37+01:00
copyright: Update copyright information
Gbp-Dch: Ignore
- - - - -
e13e3020 by Andrea Bolognani at 2024-03-20T00:20:05+01:00
Document changes and release 10.1.0-1
- - - - -
8 changed files:
- debian/changelog
- debian/copyright
- debian/libvirt0.symbols
- debian/not-installed
- − debian/patches/backport/apparmor-Add-user-session-path-for-PID-and-socket-files-u.patch
- − debian/patches/backport/scripts-Make-check-symfile.py-work-on-alpha.patch
- debian/patches/series
- debian/rules
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+libvirt (10.1.0-1) unstable; urgency=medium
+
+ * [517918e] New upstream version 10.1.0
+ - Fixes CVE-2024-1441 (Closes: #1066058)
+ * [84128fe] patches: Drop backports
+
+ -- Andrea Bolognani <eof at kiyuko.org> Wed, 20 Mar 2024 00:18:12 +0100
+
libvirt (10.0.0-3) experimental; urgency=medium
* [e31fc9e] control: Recommend pkgconf instead of pkg-config
=====================================
debian/copyright
=====================================
@@ -10,10 +10,11 @@ Comment: Among many source files this also includes many generated, test-data or
Files: build-aux/syntax-check.mk
Copyright: 2008-2019 Red Hat, Inc.
- 2001-2022 Free Software Foundation, Inc.
+ 2001-2024 Free Software Foundation, Inc.
License: GPL-3.0+
Files: src/ch/ch_capabilities.*
+ src/ch/ch_interface.*
Copyright: 2023 Microsoft Corp.
License: LGPL-2.1+
=====================================
debian/libvirt0.symbols
=====================================
@@ -99,7 +99,8 @@ libvirt.so.0 libvirt0 #MINVER#
*@LIBVIRT_8.5.0 8.5.0
*@LIBVIRT_9.0.0 9.0.0
*@LIBVIRT_9.7.0 9.7.0
- *@LIBVIRT_PRIVATE_10.0.0 10.0.0
+ *@LIBVIRT_10.1.0 10.1.0
+ *@LIBVIRT_PRIVATE_10.1.0 10.1.0
libvirt-qemu.so.0 libvirt0 #MINVER#
*@LIBVIRT_QEMU_0.8.3 0.8.3
@@ -117,4 +118,4 @@ libvirt-admin.so.0 libvirt0 #MINVER#
*@LIBVIRT_ADMIN_2.0.0 2.0.0~rc1
*@LIBVIRT_ADMIN_3.0.0 3.0.0
*@LIBVIRT_ADMIN_8.6.0 8.9.0
- *@LIBVIRT_ADMIN_PRIVATE_10.0.0 10.0.0
+ *@LIBVIRT_ADMIN_PRIVATE_10.1.0 10.1.0
=====================================
debian/not-installed
=====================================
@@ -70,6 +70,7 @@ lib/systemd/system/virtxend-admin.socket
lib/systemd/system/virtxend-ro.socket
lib/systemd/system/virtxend.service
lib/systemd/system/virtxend.socket
+usr/lib/sysusers.d/libvirt-qemu.conf
usr/sbin/virtinterfaced
usr/sbin/virtlxcd
usr/sbin/virtnetworkd
=====================================
debian/patches/backport/apparmor-Add-user-session-path-for-PID-and-socket-files-u.patch deleted
=====================================
@@ -1,46 +0,0 @@
-From: Stefano Brivio <sbrivio at redhat.com>
-Date: Tue, 30 Jan 2024 19:15:51 +0100
-Subject: apparmor: Add user session path for PID and socket files used by
- passt
-
-Commit 7a39b04d683f ("apparmor: Enable passt support") grants
-passt(1) read-write access to /{,var/}run/libvirt/qemu/passt/* if
-started by the libvirt daemon. That's the path where passt creates
-PID and socket files only if the guest is started by the root user.
-
-If the guest is started by another user, though, the path is more
-commonly /var/run/user/$UID/libvirt/qemu/run/passt: add it as
-read-write location. Otherwise, passt won't be able to start, as
-reported by Andreas.
-
-While at it, replace /{,var/}run/ in the existing rule by its
-corresponding tunable variable, @{run}.
-
-Fixes: 7a39b04d683f ("apparmor: Enable passt support")
-Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061678
-Reported-by: Andreas B. Mundt <andi at debian.org>
-Signed-off-by: Stefano Brivio <sbrivio at redhat.com>
-Reviewed-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Jim Fehlig <jfehlig at suse.com>
-(cherry picked from commit f95675fdbb42eee07fc4864d7c135dcb8b00c3a9)
-
-Forwarded: not-needed
-Origin: https://gitlab.com/libvirt/libvirt/-/commit/f95675fdbb42eee07fc4864d7c135dcb8b00c3a9
----
- src/security/apparmor/libvirt-qemu.in | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
-index f40f471..8b92915 100644
---- a/src/security/apparmor/libvirt-qemu.in
-+++ b/src/security/apparmor/libvirt-qemu.in
-@@ -196,7 +196,8 @@
- signal (receive) set=("term") peer=libvirtd,
- signal (receive) set=("term") peer=virtqemud,
-
-- owner /{,var/}run/libvirt/qemu/passt/* rw,
-+ owner @{run}/user/[0-9]*/libvirt/qemu/run/passt/* rw,
-+ owner @{run}/libvirt/qemu/passt/* rw,
-
- include if exists <abstractions/passt>
- }
=====================================
debian/patches/backport/scripts-Make-check-symfile.py-work-on-alpha.patch deleted
=====================================
@@ -1,58 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Sat, 20 Jan 2024 18:20:21 +0100
-Subject: scripts: Make check-symfile.py work on alpha
-
-The script expects each of the symbols that it looks for to
-be in one of three sections, which in nm(1) are described as
-follows:
-
- T - The symbol is in the text (code) section.
- B - The symbol is in the BSS data section. This section
- typically contains zero-initialized or uninitialized
- data, although the exact behavior is system dependent.
- D - The symbol is in the initialized data section.
-
-When building on alpha, however, some of the symbols show up
-in one of two additional sections, specifically:
-
- S - The symbol is in an uninitialized or zero-initialized
- data section for small objects.
- G - The symbol is in an initialized data section for small
- objects.
-
-In other words, S is the same as B and G is the same as D,
-except with some optimization for small objects that for some
-reason is applied on alpha but not on other architectures.
-
-I have confirmed that, for all the symbols that the script
-complained about being missing on alpha, the section is the
-expected one, that is, symbols that are reported as B on x86
-are reported as S on alpha, and symbols that are reported as
-D on x86 are reported as G on alpha.
-
-Note that, while the B section doesn't seem to be used at all
-on alpha, at least in our case, the D section still is.
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
-(cherry picked from commit 2757e91c2b28b704d9a0b586fb60012450110b1a)
-
-Forwarded: not-needed
-Origin: https://gitlab.com/libvirt/libvirt/-/commit/2757e91c2b28b704d9a0b586fb60012450110b1a
----
- scripts/check-symfile.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scripts/check-symfile.py b/scripts/check-symfile.py
-index 0f6e780..c2ee405 100755
---- a/scripts/check-symfile.py
-+++ b/scripts/check-symfile.py
-@@ -61,7 +61,7 @@ for elflib in elflibs:
-
- for line in nm:
- line = line.decode("utf-8")
-- symmatch = re.search(r'''^\S+\s(?:[TBD])\s(\S+)\s*$''', line)
-+ symmatch = re.search(r'''^\S+\s(?:[TBSDG])\s(\S+)\s*$''', line)
- if symmatch is None:
- continue
-
=====================================
debian/patches/series
=====================================
@@ -1,5 +1,3 @@
-backport/scripts-Make-check-symfile.py-work-on-alpha.patch
-backport/apparmor-Add-user-session-path-for-PID-and-socket-files-u.patch
forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch
debian/Debianize-libvirt-guests.patch
debian/apparmor_profiles_local_include.patch
=====================================
debian/rules
=====================================
@@ -53,7 +53,7 @@ ifeq ($(DEB_HOST_ARCH_OS), linux)
WITH_NSS_PLUGIN = -Dnss=enabled
WITH_DTRACE = -Ddtrace=enabled
WITH_NUMA = -Dnumactl=enabled -Dnumad=enabled
- WITH_SYSCTL = -Dsysctl_config=enabled
+ WITH_SYSCTL = -Dsysctl_config=enabled -Duserfaultfd_sysctl=enabled
WITH_WIRESHARK = -Dwireshark_dissector=enabled
else
WITH_DAEMONS = -Ddriver_libvirtd=disabled -Dhost_validate=disabled
@@ -90,7 +90,7 @@ else
WITH_NSS_PLUGIN = -Dnss=disabled
WITH_DTRACE = -Ddtrace=disabled
WITH_NUMA = -Dnumactl=disabled -Dnumad=disabled
- WITH_SYSCTL = -Dsysctl_config=disabled
+ WITH_SYSCTL = -Dsysctl_config=disabled -Duserfaultfd_sysctl=disabled
WITH_WIRESHARK = -Dwireshark_dissector=disabled
endif
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/7da34b36bbcbaf58e6e501ad89b209517b3e091d...e13e3020eeba7cad23bf1788122c3bd751d029fd
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/7da34b36bbcbaf58e6e501ad89b209517b3e091d...e13e3020eeba7cad23bf1788122c3bd751d029fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20240320/18055ae1/attachment-0001.htm>
More information about the Pkg-libvirt-commits
mailing list