[Libvirt-announce] LSN-2014-0010: CVE-2014-8136 deadlock on failed migration
by Eric Blake
Libvirt Security Notice: LSN-2014-0008
======================================
Summary: deadlock on failed migration
Reported on: 20141208
Published on: 20141208
Fixed on: 20141209
Reported by: Peter Krempa <pkrempa(a)redhat.com>
Patched by: Peter Krempa <pkrempa(a)redhat.com>
See also: CVE-2014-8136
Description
-----------
When using fine-grained ACLs to restrict users from migrating
domains, a logic bug could leave the domain locked and prevent
further operation on that domain.
Impact
------
A client that lacks the domain:migrate fine-grained ACL could use a
failed migration attempt to trigger a denial of service against a
more privileged user.
Workaround
----------
The bug is mitigated by the fact that the "perform" and "finish"
states of migration can generally be reached only after a successful
"begin" or "prepare" state, both of which also require the same
domain:migrate permission. Furthermore, the "prepare" state also
requires the domain:write permission, and any user which has been
granted that permission is already deemed to have full control over
the system; even if domain:migrate permission is dynamically denied
after migration has already started in order to trigger the flaw, an
attack by such a user generally does not constitute a denial of
service against a more privileged user. On the other hand, a
malicious client that has access to the read-write socket via only a
weaker privilege such as domain:read can send RPC commands out of
order, to attempt a "perform" without going through the
prerequisite states, and thereby trigger the bug in a manner that
forms a denial of service. Read-only clients cannot trigger the
problem, even via bad RPC commands. It is possible to avoid the bug
by not using the fine-grained access control mechanism.
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v1.1.0
Broken in: v1.1.1
Broken in: v1.1.2
Broken in: v1.1.3
Broken in: v1.1.4
Broken in: v1.2.0
Broken in: v1.2.1
Broken in: v1.2.2
Broken in: v1.2.3
Broken in: v1.2.4
Broken in: v1.2.5
Broken in: v1.2.6
Broken in: v1.2.7
Broken in: v1.2.8
Broken in: v1.2.9
Broken in: v1.2.10
Fixed in: v1.2.11
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 2bdcd29c713dfedd813c89f56ae98f6f3898313d
Branch: v1.1.0-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 540872ceae9d2850e42d3615f017feb46ab585aa
Branch: v1.1.1-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: fb1e0312f4cfc2375ee94d40e5f2999cd761337d
Branch: v1.1.2-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 12c35ca8e6a1dff79fe706b24edc094be7df9f93
Branch: v1.1.3-maint
Broken in: v1.1.3.1
Broken in: v1.1.3.2
Broken in: v1.1.3.3
Broken in: v1.1.3.4
Broken in: v1.1.3.5
Broken in: v1.1.3.6
Broken in: v1.1.3.7
Broken in: v1.1.3.8
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 63934cae465f757c774db1fa4e86d3c8bda4591b
Branch: v1.1.4-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 995516ad3dc64fb5a5102ad0fbbea6e1701f0d8d
Branch: v1.2.0-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 0d365c6f707f55e77ff14d6a52a59b7d1c43f8a4
Branch: v1.2.1-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 75dfd58284de1fdc146b8aa3deb7d6a2057f0391
Branch: v1.2.2-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: f5a151754f2080598049baf5d68282f183a30f5c
Branch: v1.2.3-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: e0e2f7eafc5adfbac4343592def097cbe8a67653
Branch: v1.2.4-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 4ba560e050fa83a2ef2083fbfa0ad9484b9393d4
Branch: v1.2.5-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: cd3d695a6be8398b399d0d06c26a618b12ad8946
Branch: v1.2.6-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: bad50b7501ebfe8076a6f7809d7b44b7a94c38ef
Branch: v1.2.7-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 220759259bcbcc705a96dc1cbaeb2f2ce980c479
Branch: v1.2.8-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 372bfe63b501c7580400107682633ad421416f88
Branch: v1.2.9-maint
Broken in: v1.2.9.1
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 12496319a24dd923c5f321c84112fd0e73979413
Branch: v1.2.10-maint
Broken by: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by: 2a121c635306cd498cdabb63a806ae17821b245f
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
10 years
[Libvirt-announce] LSN-2014-0009: CVE-2014-8135 crash when using virStorageVolUpload
by Eric Blake
Libvirt Security Notice: LSN-2014-0009
======================================
Summary: crash when using virStorageVolUpload
Reported on: 20141202
Published on: 20141203
Fixed on: 20141203
Reported by: Pei Zhang <pzhang(a)redhat.com>
Patched by: Luyao Huang <lhuang(a)redhat.com>
See also: CVE-2014-8135
Description
-----------
Incorrect parameter validation of the virStorageVolUpload command
could cause libvirtd to attempt to dereference NULL.
Impact
------
When using fine-grained ACLs, a user that is permitted to modify
storage volumes but not create arbitrary domains can use bogus
parameters to cause a denial of service attack against more
privileged users.
Workaround
----------
Passing valid parameters to virStorageVolUpload will not trigger a
problem. It is also possible to prevent the denial of service by
stopping the use of the fine grained access control mechanism, or by
not granting users the storage_vol:data_write permission if they do
not also have the domain:write permission; doing this will not
prevent the crash for invalid parameters, but such a crash is no
longer a security attack.
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v1.2.8
Broken in: v1.2.9
Broken in: v1.2.10
Fixed in: v1.2.11
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: 87b9437f8951f9d24f9a85c6bbfff0e54df8c984
Branch: v1.2.8-maint
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: 05ba8c50b15f7078ba7981f550fc59c3dc74c469
Branch: v1.2.9-maint
Broken in: v1.2.9.1
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: 584e876ba2057b472074dbf177d2397392d70363
Branch: v1.2.10-maint
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: c89df3695b397d155ca15ac174c983ae9a77387e
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
10 years
[Libvirt-announce] LSN-2014-0008: CVE-2014-8131 deadlock or segfault in virConnectGetAllDomainStats
by Eric Blake
Libvirt Security Notice: LSN-2014-0008
======================================
Summary: deadlock or segfault in virConnectGetAllDomainStats
Reported on: 20141127
Published on: 20141205
Fixed on: 20141211
Reported by: Martin Kletzander <mkletzan(a)redhat.com>
Patched by: Martin Kletzander <mkletzan(a)redhat.com>,
Francesco Romani <fromani(a)redhat.com>
See also: CVE-2014-8131
Description
-----------
When using fine-grained ACLs to restrict users from accessing all
domains, a logic bug in the qemu implementation of
virConnectGetAllDomainStats could result in incorrect lock
management of the next domain inspected after a domain that was
skipped due to ACL restrictions.
Impact
------
A restricted client can trigger a denial of service against a more
privileged user when libvirtd goes into deadlock when trying to lock
an incorrectly locked domain, or crashes when trying to unlock a
domain that was not locked.
Workaround
----------
Stop use of the fine grained access control mechanism, or stop
trying to use access control to restrict the set of domains that an
authorized client can see.
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v1.2.8
Broken in: v1.2.9
Broken in: v1.2.10
Fixed in: v1.2.11
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
Fixed by: 57023c0a3af4af1c547189c1f6712ed5edeb0c0b
Fixed by: cb104ef734dfea12cb8826dba7e2c98912c4b7e1
Branch: v1.2.8-maint
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Fixed by: 27431ec96e617f186bd3f5900aeb7d622770533a
Branch: v1.2.9-maint
Broken in: v1.2.9.1
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
Fixed by: 5d8bee6d57cddf462912ad2fc544c8a57b1c2841
Fixed by: dfbdea7ea8fa36d9f27942c5b2882acfd86a3c3b
Branch: v1.2.10-maint
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
Fixed by: a20e818cb3f46d2dce586327dcc49ffcd82d94cb
Fixed by: a9638ae975a1c784d958e3fb2f0aab36b3ebddeb
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
10 years
[Libvirt-announce] ANNOUNCE: libvirt-glib release 0.2.0
by Daniel P. Berrange
I am pleased to announce that a new release of the libvirt-glib package,
version 0.2.0, is now available from
ftp://libvirt.org/libvirt/glib/
The packages are GPG signed with
Key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF (4096R)
Changes in this release:
- Support keyboard input device config
- Annotate some unused parameters
- Add support for new graphics attach API
libvirt-glib comprises three distinct libraries:
- libvirt-glib - Integrate with the GLib event loop and error handling
- libvirt-gconfig - Representation of libvirt XML documents as GObjects
- libvirt-gobject - Mapping of libvirt APIs into the GObject type system
NB: While libvirt aims to be API/ABI stable forever, with libvirt-glib
we are not currently guaranteeing that libvirt-glib libraries are
permanently API/ABI stable. That said we do not expect to break the
API/ABI for the forseeable future and will always strive avoid it.
Follow up comments about libvirt-glib should be directed to the regular
libvir-list(a)redhat.com development list.
Thanks to all the people involved in contributing to this release.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
10 years
[Libvirt-announce] Release of libvirt-1.2.11
by Daniel Veillard
It's out ! Tagged in git and signed tarballs and rpms are available
from the usual place:
ftp://libvirt.org/libvirt/
I also tagged and pushed a libvirt-python release too, to be found at:
ftp://libvirt.org/libvirt/python/
Overall this includes around 350 commits, 2 are security fixes, and
this also includes a couple of new generic features. There is of course
a number of improvement on various drivers, notably parallels, drvbhyve,
linux containers, xen migration, and kvm.
This also pack an impressive amount of bug fixes (nearly 100), so I
would really suggest to update when possible.
Features:
- Implement public API for virDomainGetFSInfo (Tomoki Sekiyama)
- qemu: Add define for the new throttle options (Matthias Gatto)
Security:
- CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats() (Martin Kletzander)
- CVE-2014-7823: dumpxml: security hole with migratable flag (Eric Blake)
Documentation:
- virsh.pod: Fix typo (John Ferlan)
- Fix typo in path for storage pool (John Ferlan)
- Fix missing curly braces (Hao Liu)
- Fix simple typo s/ a API/ an API/ (Martin Kletzander)
- getstats: improve documentation (Eric Blake)
- Use gender-neutral pronoun in hacking.html.in (Christophe Fergeau)
- network: fix some trivial typos in docs/formatnetwork.html (Chen Fan)
- virsh.pod: Fix the pool-define-as and pool-create-as description (John Ferlan)
- Fix a couple of typos on the storage pool html (John Ferlan)
- storage: fix rbd pool indentation (Cole Robinson)
- Create html documentation even if XHTML1 DTD is not available to validate (Ian Campbell)
- More html/docs changes from libvirt.h.in split (John Ferlan)
- conf: fix a comment typo in virDomainVideoDefaultRAM (Wang Rui)
- Correct invalid hyperlinks (Martin Kletzander)
- Fix missing slashes in XML examples (Luyao Huang)
- fix simple typo in TPM paragraph (Martin Kletzander)
- tests: fix documentation for mocking methods (Martin Kletzander)
- virsh: document block.n.allocation stat (Eric Blake)
- storage_driver: fix a comment typo (Chen Hanxiao)
- domain: Move docs for storage hosts under the <source> element (Peter Krempa)
- virsh: sync domdisplay help and manual (Martin Kletzander)
- fix a typo in formatdomain.html (Chen Fan)
- Remove references to unused libvirt-libvirt.html (Nehal J Wani)
- Document NVRAM behavior on transient domains (Michal Privoznik)
- Adjust contributor guidelines about curly brackets (Martin Kletzander)
- Fix API docs for header file re-organization (Daniel P. Berrange)
- fix mismatched ACL attribute name (Luyao Huang)
- Add documentation for compat mode. (Prerna Saxena)
- examples: add systemtap script to ease lock debugging (Martin Kletzander)
Portability:
- Fix build on mingw (Ján Tomko)
- define NTF_{SELF,MASTER} if undefined (Guido Günther)
- build: fix mingw printing of pid (Eric Blake)
- build: fix unused variable in mingw (Eric Blake)
- libxl: Allow libxl to find pygrub binary. (Ian Campbell)
- build: fix build when not using dbus (Eric Blake)
- build: avoid 32-bit failure on older gcc (Eric Blake)
- build: fix build with older dbus headers (Eric Blake)
- maint: use portable shell (Eric Blake)
- qemuxml2argvtest: Run some test only on Linux (Michal Privoznik)
Bug Fixes:
- Avoid getting '-1:-1' in devices cgroup list (Cédric Bosdonnat)
- conf: goto error when value of max_sectors is too large (Luyao Huang)
- Ignore CPU features without a model for host-passthrough (Ján Tomko)
- Do not format CPU features without a model (Ján Tomko)
- qemu: bulk stats: Fix logic in monitor handling (Francesco Romani)
- dac: Add a new func to get DAC label of a running process (Luyao Huang)
- viriscsi: Need to sendtargets on Initiator IQN (John Ferlan)
- storage: Check stderr when matching parted output (Hao Liu)
- security: Manage SELinux labels on shared/readonly hostdev's (John Ferlan)
- tests: Fix sharable typo (John Ferlan)
- conf: forbid negative number in address(like controller, bus, slot...) (Luyao Huang)
- qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs (Peter Krempa)
- network: don't allow multiple dhcp sections (Kyle DeFrancia)
- getstats: avoid memory leak on OOM (Eric Blake)
- util: check for an illegal character in a XML namespace prefix (Erik Skultety)
- qemu: snapshot: Forbid internal snapshot with passthrough devices (Shanzhi Yu)
- networkValidate: Disallow bandwidth in portgroups too (Michal Privoznik)
- qemu: process: Avoid uninitialized use two vars when reconnecting to vm (Peter Krempa)
- Fix handling of whitespae in preprocessor macros for API generator (Daniel P. Berrange)
- tests: Fix misplaced parenthesis in qemumonitorjsontest (Martin Kletzander)
- qemu: Fix virsh freeze when blockcopy storage file is removed (Erik Skultety)
- cpu: fix possible crash in getModels (Pavel Hrdina)
- leaseshelper: Skip entries missing expiry time on INIT action (Peter Krempa)
- storage: fix crash caused by no check return before set close (Luyao Huang)
- virsh: vol-upload disallow negative offset (Shanzhi Yu)
- parallels: fix compilation of parallels_storage.c (Dmitry Guryanov)
- Generate a MAC when loading a config instead of package update (Ján Tomko)
- Silently ignore MAC in NetworkLoadConfig (Ján Tomko)
- nwfilter: fix crash when adding non-existing nwfilter (Pavel Hrdina)
- Fix race condition in qemuGetProcessInfo (Eduardo Costa)
- libxl: Resolve Coverity CHECKED_RETURN (John Ferlan)
- domain_conf: Resolve Coverity CHECKED_RETURN (John Ferlan)
- virhook: Resolve Coverity NULL_RETURNS (John Ferlan)
- hotplug: Resolve Coverity FORWARD_NULL (John Ferlan)
- storage: Add mixed fc_host/scsi_host duplicate adapter source checks (John Ferlan)
- conf: Add device-related code for panic devices (Martin Kletzander)
- conf: Add device-related code for TPM devices (Martin Kletzander)
- qemu: fix block{commit,copy} abort handling (Erik Skultety)
- qemu: Don't track quiesced state of FSs (Michal Privoznik)
- Fix usage of virReportSystemError (Jiri Denemark)
- network: Fix upgrade from libvirt older than 1.2.4 (Jiri Denemark)
- Resolve build breaker (John Ferlan)
- lxc: don't unmount subtree if it contains the source of the mount (Cédric Bosdonnat)
- virt-aa-helper wasn't running virErrorInitialize (Cédric Bosdonnat)
- storage: qemu: Fix security labelling of new image chain elements (Peter Krempa)
- storage: Add thread to refresh for createVport (John Ferlan)
- storage: Fix issue finding LU's when block doesn't exist (John Ferlan)
- rpc: do not fail if the pid of the connecting process is not set (Giuseppe Scrivano)
- util: don't log failure when older iptables lacks -w (Eric Blake)
- qemu: Really fix crash in tunnelled migration (Jiri Denemark)
- virsh: Fix msg: blockjob is aborted from another client (Erik Skultety)
- qemu: Fix crash in tunnelled migration (Jiri Denemark)
- vbox: fix a bug in _machineStateInactive (Yohan BELLEGUIC)
- qemu: Resolve Coverity UNINIT (John Ferlan)
- qemu: Fix get blkiodevtune for a disk that has been hot unplugged (Luyao Huang)
- Re-add use of locking with iptables/ip6tables/ebtables (Daniel P. Berrange)
- qemu: Don't try to parse -help for new QEMU (Jiri Denemark)
- qemu: Always set migration capabilities (Jiri Denemark)
- lxc: fix setmem effect on a running LXC machine (Erik Skultety)
- nwfilter: fix deadlock caused updating network device and nwfilter (Pavel Hrdina)
- qemuPrepareNVRAM: Save domain conf only if domain's persistent (Michal Privoznik)
- storage: Introduce 'managed' for the fchost parent (John Ferlan)
- storage: Ensure fc_host parent matches wwnn/wwpn (John Ferlan)
- storage: Check for valid fc_host parent at startup (John Ferlan)
- qemu: Resolve Coverity DEADCODE. (Matthias Gatto)
- qemu: Fix copy_paste_error in qemuBuildDriveStr. (Matthias Gatto)
- Do not crash on gluster snapshots with no host name (Ján Tomko)
- Fix virDomainChrEquals for spicevmc (Ján Tomko)
- qemu: fix domain startup failing with 'strict' mode in numatune (Wang Rui)
- lxc: don't setup cpuset.mems if memory mode in numatune is not 'strict' (Wang Rui)
- qemu: don't setup cpuset.mems if memory mode in numatune is not 'strict' (Wang Rui)
- Fix invalid log, misused option types and a typo (Hao Liu)
- phyp: Fix NULL dereference in phypConnectOpen (Martin Kletzander)
- nodeinfo: report error when failure in nodeSetMemoryParameters (Jincheng Miao)
- virnuma: add nodeset NULL check in virNumaSetupMemoryPolicy (Chen Fan)
- Fix build-time pkg-config files in VPATH (Jiri Denemark)
- qemu: Update fsfreeze status on domain state transitions (Michal Privoznik)
- network: fix call virNetworkEventLifecycleNew when networkStartNetwork fail (Luyao Huang)
- numa: fix assumption in virNumaNodeIsAvailable() (Martin Kletzander)
- Free job statistics from the migration cookie (Ján Tomko)
- virsh: Fix types for option bandwidth in block* (Hao Liu)
- qemuDomainUpdateDeviceConfig: Allow startupPolicy update (Michal Privoznik)
- remote: Fix memory leak in remoteConnectGetAllDomainStats (Peter Krempa)
- Require at least one console for LXC domain (Ján Tomko)
- Do not probe for power mgmt capabilities in lxc emulator (Ján Tomko)
- util: fix releasing pidfile in cleanup (Martin Kletzander)
- qemu: stop NBD server after successful migration (Weiwei Li)
- qemu: avoid rare race when undefining domain (Martin Kletzander)
- qemu: make sure capability probing process can start (Martin Kletzander)
- vbox: don't register NULL driver (Martin Kletzander)
- qemu: make advice from numad available when building commandline (Martin Kletzander)
Improvements:
- network: Bring netdevs online later (Matthew Rosato)
- lxc: give RW access to /proc/sys/net/ipv[46] to containers (Cédric Bosdonnat)
- conf: Ignore device address for guestfwd channel (Martin Kletzander)
- maint: clean up the unused variable 'caps' in src/qemu/qemu_*.c (Wang Rui)
- parallels: report proper error in Create/Destroy/Suspend e.t.c. (Dmitry Guryanov)
- parallels: fix getJobResultHelper (Dmitry Guryanov)
- parallels: return PRL_RESULT from waitJob and getJobResult (Dmitry Guryanov)
- parallels: implement domainUndefine and domainUndefineFlags (Dmitry Guryanov)
- parallels: add cdroms support (Dmitry Guryanov)
- parallels: Add domainCreateWithFlags() function. (Alexander Burluka)
- parallels: added function virDomainIsActive() (Alexander Burluka)
- parallels: refactor parallelsDomainDefineXML (Dmitry Guryanov)
- parallels: create VMs and containers with sdk (Dmitry Guryanov)
- parallels: rewrite parallelsApplyConfig with SDK (Dmitry Guryanov)
- parallels: reimplement functions, which change domain state (Dmitry Guryanov)
- parallels: handle events from parallels server (Alexander Burluka)
- parallels: move parallelsDomNotFoundError to parallels_utils.h (Dmitry Guryanov)
- parallels: get domain info with SDK (Alexander Burluka)
- parallels: move IS_CT macro to parallels_utils.h (Dmitry Guryanov)
- build: Move check for XML::XPath into bootstrap (Martin Kletzander)
- maint: update to latest gnulib (Eric Blake)
- lxc: always use virDomainNetGetActualBridgeName to get interface's bridge (Laine Stump)
- qemu: always use virDomainNetGetActualBridgeName to get interface's bridge (Laine Stump)
- qemu: setup tap devices for macTableManager='libvirt' (Laine Stump)
- network: setup bridge devices for macTableManager='libvirt' (Laine Stump)
- network: store network macTableManager setting in NetDef actual object (Laine Stump)
- network: save bridge name in ActualNetDef when actualType==network too (Laine Stump)
- conf: new network bridge device attribute macTableManager (Laine Stump)
- util: functions to manage bridge fdb (forwarding database) (Laine Stump)
- util: new functions for setting bridge and bridge port attributes (Laine Stump)
- getstats: add block.n.path stat (Eric Blake)
- getstats: start giving offline block stats (Eric Blake)
- rpc: Report proper close reason (Martin Kletzander)
- virsh: Don't reconnect after the command when disconnected (Martin Kletzander)
- storage: Fix printing/casting of uid_t/gid_t (Peter Krempa)
- virsh: Add adapter options for pool-{create|define}-as (John Ferlan)
- virsh: Add auth options for pool-{create|define}-as (John Ferlan)
- Report original error when QMP probing fails with new QEMU (Daniel P. Berrange)
- storage: backend: Log uid/gid when initializing storage file backend (Peter Krempa)
- qemu: process: Refactor reconnecting to qemu processes (Peter Krempa)
- drvbhyve: Automatically tear down guest domains on shutdown (Conrad Meyer)
- qemu: driver: Reload snapshots and managedsaves prior to reconnecting (Peter Krempa)
- leaseshelper: Fix incorrect alignment of a switch case (Peter Krempa)
- network: dnsmasq: Don't format lease file path (Peter Krempa)
- leaseshelper: Refactor control flow (Peter Krempa)
- leaseshelper: improvements to support all events (Nehal J Wani)
- cpu-driver: Fix the cross driver function call (Daniel Hansel)
- qemu_migration: Precreate missing storage (Michal Privoznik)
- qemu_migration: Send disk sizes to the other side (Michal Privoznik)
- qemuMonitorJSONBlockStatsUpdateCapacity: Don't skip disks (Michal Privoznik)
- storage: Introduce storagePoolLookupByTargetPath (Michal Privoznik)
- Replace virDomainSnapshotFree with virObjectUnref (John Ferlan)
- Replace virInterfaceFree with virObjectUnref (John Ferlan)
- Replace virNWFilterFree with virObjectUnref (John Ferlan)
- Replace virSecretFree with virObjectUnref (John Ferlan)
- Replace virStreamFree with virObjectUnref (John Ferlan)
- Replace virStoragePoolFree with virObjectUnref (John Ferlan)
- Replace virStorageVolFree with virObjectUnref (John Ferlan)
- Replace virNodeDeviceFree with virObjectUnref (John Ferlan)
- Replace virNetworkFree with virObjectUnref (John Ferlan)
- Replace virDomainFree with virObjectUnref (John Ferlan)
- rpc: Replace virXXXFree with virObjectUnref (John Ferlan)
- libvirt.c: Move virDomainGetFSInfo to libvirt-domain.c (Michal Privoznik)
- conf: replace call to virNetworkFree() with virObjectUnref() (Laine Stump)
- build, docs: Let make see the dependencies for html/*.html (Martin Kletzander)
- storage: Move and rename getVhbaSCSIHostParent (John Ferlan)
- conf: Don't redefine virDomainTPMDefPtr (Martin Kletzander)
- qemu: Make pid available for security managers in qemuProcessAttach (Luyao Huang)
- qemu: set jobinfo type to FAILED if job is failed in qemuMigrationRun (Wang Rui)
- qemu: set jobinfo type to CANCELLED if migration is cancelled in all conditions (Wang Rui)
- util: Avoid calling closedir(NULL) (Jiri Denemark)
- dbus: fix arrays of bools (Eric Blake)
- qemu: add the missing jobinfo type in qemuDomainGetJobInfo (Wang Rui)
- lxc: be more patient while resolving symlinks (Cédric Bosdonnat)
- virt-aa-helper: /etc/libvirt-sandbox/services isn't restricted (Cédric Bosdonnat)
- qemu-command: introduce new vgamem attribute for QXL video device (Pavel Hrdina)
- qemu-command: use vram attribute for all video devices (Pavel Hrdina)
- caps: introduce new QEMU capability for vgamem_mb device property (Pavel Hrdina)
- QXL: fix setting ram and vram values for QEMU QXL device (Pavel Hrdina)
- video: cleanup usage of vram attribute and update documentation (Pavel Hrdina)
- internal: add macro to round value to the next closest power of 2 (Pavel Hrdina)
- virsh: expose virDomainGetFSInfo (Tomoki Sekiyama)
- qemu: add test for qemuAgentGetFSInfo (Tomoki Sekiyama)
- qemu: Implement the qemu driver for virDomainGetFSInfo (Tomoki Sekiyama)
- remote: Implement the remote protocol for virDomainGetFSInfo (Tomoki Sekiyama)
- qemu: Emit the guest agent lifecycle event (Peter Krempa)
- examples: Add support for the guest agent lifecycle event (Peter Krempa)
- event: Add guest agent lifecycle event (Peter Krempa)
- spec: Automatically apply all patches with git (Jiri Denemark)
- qemu: process: Refresh virtio channel guest state when connecting to mon (Peter Krempa)
- qemu: chardev: Extract more information about character devices (Peter Krempa)
- libxl: destroy domain in migration finish phase on failure (Jim Fehlig)
- libxl: start domain paused on migration dst (Jim Fehlig)
- libxl: acquire job in migration finish phase (Jim Fehlig)
- libxl: Receive migration data in a thread (Jim Fehlig)
- storage: rbd: Implement support for passing config file option (Peter Krempa)
- storage: rbd: qemu: Add support for specifying internal RBD snapshots (Peter Krempa)
- storage: Allow parsing of RBD backing strings when building backing chain (Peter Krempa)
- util: storagefile: Split out parsing of NBD string into a separate func (Peter Krempa)
- util: split out qemuParseRBDString into a common helper (Peter Krempa)
- tests: Reflow the expected output from RBD disk test (Peter Krempa)
- qemu: Refactor qemuBuildNetworkDriveURI to take a virStorageSourcePtr (Peter Krempa)
- util: storage: Copy hosts of a storage file only if they exist (Peter Krempa)
- util: storage: Add notice for extension of struct virStorageSource (Peter Krempa)
- util: buffer: Clarify scope of the escape operation in virBufferEscape (Peter Krempa)
- test: virstoragetest: Add testing of network disk details (Peter Krempa)
- qemu: Add handling for VSERPORT_CHANGE event (Peter Krempa)
- conf: Add channel state for virtio channels to the XML (Peter Krempa)
- qemu: monitor: Rename and improve qemuMonitorGetPtyPaths (Peter Krempa)
- test: xml2xml: Print full filenames if xml2xml test fails (Peter Krempa)
- conf: Annotate source enums for character device struct members (Peter Krempa)
- qemu: process: report useful error if alias formatting fails (Peter Krempa)
- qemu: Drop OVMF whitelist (Michal Privoznik)
- qemu: Support OVMF on armv7l aarch64 guests (Michal Privoznik)
- maint: forbid 'int foo = true' (Eric Blake)
- virdbus: don't force users to pass int for bool values (Eric Blake)
- storage: wrap storage_driver.c to 80 columns (Chen Hanxiao)
- network: Add network bandwidth support to ethernet interfaces (Anirban Chakraborty)
- qemu: Add tests for new blkdeviotune arguments (John Ferlan)
- qemu: Add checks for blkdeviotune 'size_iops_sec' and adjust error (John Ferlan)
- bracket-spacing: Add syntax-check for unnecessary curly brackets (Martin Kletzander)
- bracket-spacing-check: Print out more specific error message (Martin Kletzander)
- bracket-spacing: Remove pointless cycles (Martin Kletzander)
- bracket-spacing: Don't modify current line (Martin Kletzander)
- Remove unnecessary curly brackets in tests/ (Martin Kletzander)
- Remove unnecessary curly brackets in tools/ (Martin Kletzander)
- Remove unnecessary curly brackets in rest of src/ (Martin Kletzander)
- Remove unnecessary curly brackets in rest of src/[o-u]*/ (Martin Kletzander)
- Remove unnecessary curly brackets in rest of src/[a-n]*/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/vbox/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/util/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/test/test_driver.c (Martin Kletzander)
- Remove unnecessary curly brackets in src/storage/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/qemu/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/node_device/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/hyperv/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/conf/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/vmx/vmx.c (Martin Kletzander)
- Remove unnecessary curly brackets in rest of src/esx/ (Martin Kletzander)
- Remove unnecessary curly brackets in src/esx/esx_driver.c (Martin Kletzander)
- Remove unnecessary curly brackets in daemon/ and examples/ (Martin Kletzander)
- virsh: Convert EDIT_NOT_CHANGED macro to do-while block. (Martin Kletzander)
- virt-aa-helper: Trick invalid syntax-check (Martin Kletzander)
- virsh: Error out if VSH_OT_STRING option has VSH_OFLAG_REQ flag (Martin Kletzander)
- virsh: Enforce proper ordering of options (Martin Kletzander)
- virsh: Reorder some options (Martin Kletzander)
- drvbhyve: Use boot-order for grub-bhyve boot device (Conrad Meyer)
- drvbhyve: Clean-up some used ATTRIBUTE_UNUSEDs. (Conrad Meyer)
- storage: Introduce virStoragePoolSaveConfig (John Ferlan)
- storage: Don't use a stack copy of the adapter (John Ferlan)
- bhyvexml2argv: Add test for grub console support (Conrad Meyer)
- bhyve: Add console support for grub-bhyve bootloader (Conrad Meyer)
- bhyve: Probe grub-bhyve for --cons-dev capability (Conrad Meyer)
- bhyvexml2argv: Add tests for domain-configured bootloader, args (Conrad Meyer)
- domaincommon.rng: Add 'bootloader' to os=hvm schema for Bhyve (Conrad Meyer)
- bhyvexml2argv: Add loader argv tests. (Conrad Meyer)
- bhyve: Support /domain/bootloader configuration for non-FreeBSD guests. (Conrad Meyer)
- Display nicer error message for unsupported chardev hotplug (Ján Tomko)
- virsh: Add bps_max and friends to virsh (Matthias Gatto)
- qemu: Add bps_max and friends to qemu command generation (Matthias Gatto)
- qemu: Add bps_max and friends QMP suport (Matthias Gatto)
- qemu: Add bps_max and friends qemu driver (Matthias Gatto)
- qemu: Add Qemu capability for bps_max and friends (Matthias Gatto)
- qemu: Modify the structure _virDomainBlockIoTuneInfo. (Matthias Gatto)
- cpu_conf: Allow specification of 'units' for @memory on numa nodes. (Prerna Saxena)
- conf: Expose virDomainParseMemory for use outside domain_conf (Prerna Saxena)
- esx: Simplify VI (vSphere) API and VMware product version handling (Matthias Bolte)
- domain_conf: Use virDomainParseMemory more widely (Michal Privoznik)
- Transform VIR_ERROR into VIR_WARN in detect_scsi_host_caps (Cédric Bosdonnat)
- vbox: Remove useless condition branches (Martin Kletzander)
- Remove use of networkPrivateData from netcf driver (Daniel P. Berrange)
- Remove use of networkPrivateData from network driver (Daniel P. Berrange)
- Remove use of storagePrivateData from storage driver (Daniel P. Berrange)
- Update Test driver to always use privateData (Daniel P. Berrange)
- Update Parallels driver to always use privateData (Daniel P. Berrange)
- Remove abuse of networkPrivateData in phyp driver (Daniel P. Berrange)
- Move phyp internal info out of the header file (Daniel P. Berrange)
- Update Hyper-V driver to always use privateData (Daniel P. Berrange)
- Update ESX driver to always use privateData (Daniel P. Berrange)
- Update remote driver to always use privateData (Daniel P. Berrange)
- Clean up remote driver connection open code (Daniel P. Berrange)
- Test: Add a testcase for PowerPC compat mode cpu specification. (Prerna Saxena)
- PowerPC:Improve PVR handling to fall back to cpu generation. (Prerna Saxena)
- PowerPC : Add support for launching VM in 'compat' mode. (Prerna Saxena)
- Cpu: Add support for Power LE Architecture. (Prerna Saxena)
- gitignore: use wildcard for configure's temporary files (Martin Kletzander)
- virnetdevbandwidth: Include virutil.h (Michal Privoznik)
- qemu: Allow use of iothreads for virtio ccw disk definitions (Boris Fiuczynski)
- qemu: Correct disk type checking logic for iothreads (Boris Fiuczynski)
- virsh: fix net-dhcp-leases no output in quiet mode (Luyao Huang)
- numa: split util/ and conf/ and support non-contiguous nodesets (Martin Kletzander)
- add temporary compilation files into .gitignore (Martin Kletzander)
- Iface: disallow network tuning in session mode globally (Erik Skultety)
- qemu: revert patch - bandwidth tuning in session mode (Erik Skultety)
- private.syms: Export virDomainNumatuneSpecifiedMaxNode (Michal Privoznik)
- virnuma: Add some more comments (Michal Privoznik)
- Memory: Use consistent type for all memory elements. (Prerna Saxena)
- virnuma: use virNumaNodesetIsAvailable checking nodeset in virNumaSetupMemoryPolicy (Chen Fan)
- numatune: add check for numatune nodeset range (Chen Fan)
- bitmap: add virBitmapLastSetBit for finding the last bit position of bitmap (Chen Fan)
- virsh: don't list unknown domains (Martin Kletzander)
- lxc: improve error message for invalid blkiotune settings (Martin Kletzander)
- qemu: improve error message for invalid blkiotune settings (Martin Kletzander)
- util: Introduce virPidFileForceCleanupPath (Martin Kletzander)
Cleanup:
- Remove left over debug in hvsupport.pl script (Daniel P. Berrange)
Thanks everybody for your contributions for this release, be it with
reports, patches, dicussions, documentation fixes, etc. !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
10 years
[Libvirt-announce] Entering freeze for 1.2.11, rc1 available
by Daniel Veillard
As planned, I tagged 1.2.11-rc1 in git and made signed tarballs and
rpms available at the usual place:
ftp://libvirt.org/libvirt/
This seems to work fine in my limited testing, but please give it
a serious try !
I understand Peter concerns w.r.t. the parallels patches, IMHO if
this doesn't touch common code and is fine by the maintainers, then
pushing in time for rc2 is reasonable even if we are past freeze.
The plan is to put out an rc2 in a couple of days and get the final
release this w.e. unless there is a serious issue blocking it.
thanks in advance for testing and reports !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
10 years