October 2014 - Announce - libvirt List Archives

[Libvirt-announce] Entering freeze and release of cadidate release 1 of 1.2.10
by Daniel Veillard 31 Oct '14

31 Oct '14

As planned beginning of this week, I just tagged 1.2.10-rc1 in git and pushed signed tarballs and rpms to the usual place: ftp://libvirt.org/libvirt/ The plan would be to get the rc2 out this friday, and push the release on monday if everything looks okay. In my own tests, my guest lost network connectivity, I'm not sure if it is a temporary problem on my side or something more serious in the current code, so please give it a try and report, thanks, Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 1

[Libvirt-announce] LSN-2014-0006: virDomainBlockRebase probes file formats in spite of explicit raw request
by Eric Blake 02 Oct '14

02 Oct '14

Libvirt Security Notice: LSN-2014-0006 ====================================== Summary: virDomainBlockRebase probes file formats in spite of explicit raw request Reported on: 20140626 Published on: 20140626 Fixed on: 20140625 Reported by: Eric Blake <eblake(a)redhat.com> Patched by: Peter Krempa <pkrempa(a)redhat.com> Description ----------- When virDomainBlockRebase gained the VIR_DOMAIN_BLOCK_REBASE_COPY flag, it was documented that libvirt might probe the format of the destination file under certain circumstances; but since file format probing is inherently unsafe for raw images (see CVE-2010-2237), the API also included the VIR_DOMAIN_BLOCK_REBASE_COPY_RAW flag as a safeguard to avoid the probe, in addition to the normal safeguards of /etc/libvirt/qemu.conf being able to forbid all probes. However, if a user has configured to allow probes, then two separate bugs in the implementation create situations where even though the user explicitly requested a raw destination, libvirt can end up probing the file format of the destination after the time that virDomainBlockAbort is used to pivot to that destination. The first bug was introduced in v1.0.0, the same release as the initial support for block copy: if the user requests the raw flag but lets libvirt create the destination, then the destination file will be raw but libvirt fails to record the fact. The second bug was introduced in libvirt v1.2.1 as part of a fix for CVE-2013-6458 (and therefore very likely to be backported to most builds that include block copy support): if the user requests the raw flag and reuses an existing destination file, but then later makes a second attempt to do a block copy while the first copy is still underway, then libvirt will forget that the destination is raw. In either scenario, once libvirt has lost track that the destination is raw, it will probe for the file format after a pivot. Note that although the block copy API was not implemented upstream until v1.0.0, it can be backported to any version that supports virDomainBlockRebase (as old as v0.9.8), so downstream versions with a lower version number may also suffer from these bugs. Impact ------ A malicious guest can store what looks like a different file format in the header of its disk image, in the hopes that the host will use block copy to relocate the storage for the guest disk into a raw file. If the host enables format probing, and either bug triggers, then the guest will be serviced by a raw destination after a block copy pivot, and libvirt may deduce the wrong file format in spite of the API being used correctly to copy to a raw destination. Once libvirt probes an incorrect format, it may end up incorrectly labelling host files, granting the guest access to a mislabeled host file, or otherwise violating sVirt protections. However, for either bug to actually happen, the host must set allow_disk_format_probing=1 in /etc/libvirt/qemu.conf; this setting defaults to 0 with a lengthy comment warning of other possible security problems if it is set to 1 without properly specifying formats everywhere. Since any host that sticks with the default configuration of disallowing probes is immune, this vulnerability was not assigned a CVE. Furthermore, block copy as implemented in the affected versions of libvirt is only possible on transient domains, and most known users of block copy only perform shallow copies (where the destination is qcow2 rather than raw), which is also immune to incorrect probe results. Workaround ---------- The guest cannot trigger the host to misbehave if the host leaves /etc/libvirt/qemu.conf with its default setting of allow_disk_format_probing=0. Furthermore, even if probing is allowed, a host that never performs a block copy to a raw destination file (whether pre-existing, or created by libvirt) will not be impacted. Finally, even if block copy occurs where libvirt forgets that the destination is raw, the worst effects of acting on probed information occur when booting a guest, so it is sufficient to edit the domain XML before each start of a guest, and re-add any lost <driver format='raw'/> element back to any disk that was previously copied to a raw destination, to ensure that libvirt does not probe the image and perform incorrect actions based on the probe. The newer virDomainBlockCopy API is immune to the problem. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Broken in: v1.0.6 Broken in: v1.1.0 Broken in: v1.1.1 Broken in: v1.1.2 Broken in: v1.1.3 Broken in: v1.1.4 Broken in: v1.2.0 Broken in: v1.2.1 Broken in: v1.2.2 Broken in: v1.2.3 Broken in: v1.2.4 Broken in: v1.2.5 Fixed in: v1.2.6 Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: ff5f30b6bfa317f2a4c33f69289baf4e887eb048 Fixed by: 02b364e186d487f54ed410c01af042f23e812d42 Fixed by: 42619ed05d7924978f3e6e2399522fc6f30607de Branch: v1.0.2-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: c5683680576aa624b7bc29a9c927dc9d5253fe44 Fixed by: 2d03487b702b3946f9ef389614b17bf3c44108a4 Fixed by: 20326db6a536d989e0dd3425a293ee0b4ba7cdb4 Branch: v1.0.3-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: a5987e23d5ff7a79a5c382b964ce3132c593e36d Fixed by: 6cb267e816fd89e0c362d5a090ec6c0539d5e730 Fixed by: e22f1c2e13523c830dc5f26c87e644b4a0dfd1df Branch: v1.0.4-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: cd7021934e8031ce1ae777672c094e9f28d39d45 Fixed by: ecb305fdbda47bf4855972cb00ae55752e035447 Fixed by: 261679a8c345d0bab905ec0c52f39259ebe16bd9 Branch: v1.0.5-maint Broken in: v1.0.5.1 Broken in: v1.0.5.2 Broken in: v1.0.5.3 Broken in: v1.0.5.4 Broken in: v1.0.5.5 Broken in: v1.0.5.6 Broken in: v1.0.5.7 Broken in: v1.0.5.8 Broken in: v1.0.5.9 Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: 0135324b9fc0f4b803fcd1464c83ce458ca1b1e0 Fixed by: 39b5123dc0f08955b68d91a14bdc577ffd1a9558 Fixed by: 17df6a9b3997117b43f6caa56b43c54d1841d93c Branch: v1.0.6-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: 3e41a461b3f587c075005e3da4293e02efbc4f0d Fixed by: 0e307ecf94967cfb4a8ed49db344e4513216a0df Fixed by: 4fb55871e925f1d02ecd04f626c6cfecae141d7f Branch: v1.1.0-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: ebac034d4dafd1774f4b075f7b2b0fa52736c22e Fixed by: 1141cdc95373b323779b67062fcb11385c72e810 Fixed by: 2a78c0f97e0c0f19e426403c7fd1ded8a9648b7d Branch: v1.1.1-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: 51d13311b89fe9709df0efef8054010d7e539600 Fixed by: f527b2253e372bb827195ef4af30f46862f6443a Fixed by: 9bb60cb44357d4b7698db5ca41a524c1411a4358 Branch: v1.1.2-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: 939b0818c223cd6e7a59dcf94c8117dfc5df2604 Fixed by: 2fc5924c9eddb25e117bd1bd58eb7aa0a53f1048 Fixed by: f4a7efeebc1935beeeafc4a5ccaabc037a5c10af Branch: v1.1.3-maint Broken in: v1.1.3.1 Broken in: v1.1.3.2 Broken in: v1.1.3.3 Broken in: v1.1.3.4 Broken in: v1.1.3.5 Fixed in: v1.1.3.6 Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: 0c4822c17b6cdcce812fb9201f19d30232b3812d Fixed by: ea1d4666d885ec68480f22a65d1a275a293484cd Fixed by: e7ee7542bb9d66539a0ec8d4a1e72efdfb8ccebe Branch: v1.1.4-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: 94256e697b60ac8514ad9b437e4f6ac5dc369939 Fixed by: b4ef374c2963fe8a034672cb11ed9464009b6fa8 Fixed by: 53bde6b7b4f9bdae6f94a0c196705d4531ae8211 Branch: v1.2.0-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: 26ff7d4c6ebc934c8881b93b526abb957738ed1d Fixed by: 69380800fbfebc17666c38f2226c09cb6a201747 Fixed by: a103b53f3cd5420e5da986ddbb0de9ab51e54c34 Branch: v1.2.1-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: ff5f30b6bfa317f2a4c33f69289baf4e887eb048 Fixed by: 60e54a50219b38d8d8ce8f95abd231316d95eeda Fixed by: a73122a4ab911b7e18fb2837a9173b67beaf8edb Branch: v1.2.2-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: ff5f30b6bfa317f2a4c33f69289baf4e887eb048 Fixed by: 684893e6924f0304a6749982ac2b5d90f4c66c47 Fixed by: b7771f928e95c8638aceadae35af328649ada030 Branch: v1.2.3-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: ff5f30b6bfa317f2a4c33f69289baf4e887eb048 Fixed by: 2f7ea630f019656f353dc4d2fff7dad38a0e61b8 Fixed by: b850e1a95c5d15700a396d7a5466b43113cb3ab5 Branch: v1.2.4-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: ff5f30b6bfa317f2a4c33f69289baf4e887eb048 Fixed by: b952dbdaa56b62f92eda11087fbcac509b6c8789 Fixed by: 5b3af9c06c42f136efc458b837595e14d3911b1d Branch: v1.2.5-maint Broken by: 35c7701c64508f975dfeb8379c56b4b6d0d9b71c Broken by: ff5f30b6bfa317f2a4c33f69289baf4e887eb048 Fixed by: bc390b175030f613e5f23edbde06ea5d466f6c31 Fixed by: 961758a1c66fb1777eba496eb1b328c8107f6a2d -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

1 0

Re: [Libvirt-announce] ANNOUNCE: Perl binding Sys-Virt release 1.2.9
by Daniel P. Berrange 02 Oct '14

02 Oct '14

I am pleased to announce that release 1.2.9 of Sys-Virt, the libvirt Perl API binding, is now available for download: http://search.cpan.org/CPAN/authors/id/D/DA/DANBERR/Sys-Virt-1.2.9.tar.gz Changed in the 1.2.9 release: - Add VIR_DOMAIN_*_BANDWIDTH_BYTES constants - Add VIR_DOMAIN_BLOCK_REBASE_COPY_DEV constant - Add VIR_DOMAIN_JOB_STATS_COMPLETED constant - Add VIR_DOMAIN_UNDEFINE_NVRAM constant - Add VIR_FROM_POLKIT constant - Add more VIR_DOMAIN_STATS_* constants - Add more VIR_DOMAIN_JOB_* constants - Add virConnectDomainEventTunable event callback & constants - Add virNodeAllocPages API & constants - Add VIR_MIGRATE_RDMA_PIN_ALL constant Further information, including online API documentation & previous release archives, is available from the CPAN home page http://search.cpan.org/dist/Sys-Virt/ Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

1 0

[Libvirt-announce] LSN-2014-0005: CVE-2014-3657
by Eric Blake 01 Oct '14

01 Oct '14

Libvirt Security Notice: LSN-2014-0005 ====================================== Summary: virConnectListAllDomains can deadlock Reported on: 20140922 Published on: 20141001 Fixed on: 20141001 Reported by: Pavel Hrdina <phrdina(a)redhat.com> Patched by: Pavel Hrdina <phrdina(a)redhat.com> See also: CVE-2014-3657 Description ----------- The common implementation of virConnectListAllDomains used an early return statement instead of jumping to a cleanup label when the API was used with a NULL list parameter to merely obtain a count of domains that match the filters. Because it missed the cleanup label, this left the list of domains locked and prevented all further APIs from accessing the list. Impact ------ A read-only client can cause a denial of service attack against a privileged client by passing a NULL parameter to force the deadlock condition. Workaround ---------- As long as all callers pass a non-NULL argument to virConnectListAllDomains to collect an actual list rather than just a count, the deadlock will not occur (this mode of operation is the only mode used by virsh and in the python bindings, which is why the bug has existed undetected for so long). Denying access to the readonly libvirt socket will avoid the potential for a denial of service attack, but will not prevent the deadlock if a privileged client passes a NULL argument, although such a hang is no longer a security problem. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v0.9.13 Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Broken in: v1.0.6 Broken in: v1.1.0 Broken in: v1.1.1 Broken in: v1.1.2 Broken in: v1.1.3 Broken in: v1.1.4 Broken in: v1.2.0 Broken in: v1.2.1 Broken in: v1.2.2 Broken in: v1.2.3 Broken in: v1.2.4 Broken in: v1.2.5 Broken in: v1.2.6 Broken in: v1.2.7 Broken in: v1.2.8 Fixed in: v1.2.9 Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: fc22b2e74890873848b43fffae43025d22053669 Branch: v0.10.2-maint Broken in: v0.10.2.1 Broken in: v0.10.2.2 Broken in: v0.10.2.3 Broken in: v0.10.2.4 Broken in: v0.10.2.5 Broken in: v0.10.2.6 Broken in: v0.10.2.7 Broken in: v0.10.2.8 Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: a397e887ed40898cc177e118dffdea8e1f4c6184 Branch: v1.0.2-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 905f2281e3dbb199191098235e335a2f54bb85c9 Branch: v1.0.3-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 31674d08fc1b54cd30ad9422ba84090a8b4a3f48 Branch: v1.0.4-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 26a87db8ea9320f08f5f029f4e1a47c04b322c64 Branch: v1.0.5-maint Broken in: v1.0.5.1 Broken in: v1.0.5.2 Broken in: v1.0.5.3 Broken in: v1.0.5.4 Broken in: v1.0.5.5 Broken in: v1.0.5.6 Broken in: v1.0.5.7 Broken in: v1.0.5.8 Broken in: v1.0.5.9 Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: f18b86e35f25eacbe1c68cd32caea0310e9d220c Branch: v1.0.6-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 4e41e40fde8e9eb5bfd67467450aeb4767b45b9c Branch: v1.1.0-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: b64eaab92267480e78133c3d2e7b698f046fe5d0 Branch: v1.1.1-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 64c04d03ce8d364043e692659220ae1094f1a0cf Branch: v1.1.2-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 75d051c7313aaa977bb67fde9b4094ed6da5ad4e Branch: v1.1.3-maint Broken in: v1.1.3.1 Broken in: v1.1.3.2 Broken in: v1.1.3.3 Broken in: v1.1.3.4 Broken in: v1.1.3.5 Broken in: v1.1.3.6 Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 0b13d34e89405b6017a935d3c19d6a80ce7f3c6b Branch: v1.1.4-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: da254a088ca74377615d127562677fb23c987faa Branch: v1.2.0-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 861f9b1c4536b27d2961039aaf73f66732543654 Branch: v1.2.1-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: c639118634cab93bdf7a8c1bdf7f1f4fd1f8a8ce Branch: v1.2.2-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 4ce1bd6e3783eef817ffd265616a2e6aa4cca2a3 Branch: v1.2.3-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 64700acc914e8ed7e091db2c67b48e7ef7ed99fc Branch: v1.2.4-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 98e0692c968e194d5fd7176c6768da91ab48d651 Branch: v1.2.5-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: af56bafcc9bfb39778790e9cd7f522b98354d978 Branch: v1.2.6-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: 7dcab231de3749e8056597b9b2271cd32b3797bf Branch: v1.2.7-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: cd685ddb5d35df227aa5be9ae84368775c20e325 Branch: v1.2.8-maint Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0 Fixed by: c074b4044e021db6765727ea18bca8408758c7a9 -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

1 0

[Libvirt-announce] Release of libvirt 1.2.9
by Daniel Veillard 01 Oct '14

01 Oct '14

As planned the release of libvirt 1.2.9 is available, tagged in git, signed sources and rpms are available at the usual place: ftp://libvirt.org/libvirt/ I also pushed the libvirt-python release 1.2.9 to its own location: ftp://libvirt.org/libvirt/python/ This release introduce some new APIs and functionalities as well as a number of bug fixes including 2 security fixes: CVE-2014-3633 and CVE-2014-3657 which has been pushed as part of the release. There is also a number of improvements available. In a nutshell users are invited to upgrade. Features: - Introduce virNodeAllocPages (Michal Privoznik) - event: introduce new event for tunable values (Pavel Hrdina) - add migration support for OpenVZ driver (Hongbin Lu) - Add support for fetching statistics of completed jobs (Jiri Denemark) Security: - CVE-2014-3657: domain_conf: fix domain deadlock (Pavel Hrdina) - CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk (Peter Krempa) Documentation: - LXC: emphasis uid start of idmap only accept '0' in docs (Chen Hanxiao) - specify vhost-net instead of net-vhost (Jianwei Hu) - LXC: add HOME environment variable docs (Chen Hanxiao) - update zfs documentation (Roman Bogorodskiy) - man: virsh: Add docs for supported stats groups (Peter Krempa) - lib: Document that virConnectGetAllDomainStats may omit some stats fields (Peter Krempa) - lib: De-duplicate stats group documentation for all stats functions (Peter Krempa) - util: Fix copy-paste error in virXPathLongLong description (Martin Kletzander) - formatdomain: Update <loader/> example to match the rest (Michal Privoznik) - virsh: desc command in --title mode mentions description instead of title (Peter Krempa) - fix encryption format attribute in example (Ján Tomko) Bug Fixes: - Allow setting migration max downtime any time (Chris St. Pierre) - qemu: monitor: return block stats data as a hash to avoid disk mixup (Peter Krempa) - Also filter out non-migratable features out of host-passthrough (Ján Tomko) - Don't verify CPU features with host-passthrough (Ján Tomko) - Fix crash cpu_shares change event crash on domain startup (Ján Tomko) - storage: Fix logical pool fmt type (Erik Skultety) - virsh: Fix help message of allocpages (Tomoki Sekiyama) - qemu: remove capabilities.monitor.sock when done (Guido Günther) - conf: report error in virCPUDefParseXML (Jincheng Miao) - Check for NULL in qemu monitor event filter (Ján Tomko) - qemuPrepareNVRAM: Save domain after NVRAM path generation (Michal Privoznik) - remoteNodeGetFreePages: Don't alloc args.pages.pages_val (Michal Privoznik) - virNodeAllocPages: Disallow RO connection (Michal Privoznik) - polkit_driver: fix possible segfault (Pavel Hrdina) - blkdeviotune: fix bug with saving values into live XML (Pavel Hrdina) - security: Fix labelling host devices (bz 1145968) (Cole Robinson) - nodeinfo: fix nodeGetFreePages when max node is zero (Jincheng Miao) - Fix bug with loading bridge name for active domain during libvirtd start (Pavel Hrdina) - libvirt-guests: run after time-sync.target (Jim Fehlig) - qemu: Fix memory leak in RDMA migration code (Jiri Denemark) - nodeinfo: report error when given node is out of range (Jincheng Miao) - virsh-host: fix pagesize unit of freepages (Jincheng Miao) - qemu: raise an error when trying to use readonly sata disks (Giuseppe Scrivano) - qemu: Add missing goto on rawio (John Ferlan) - Move the FIPS detection from capabilities (Pavel Hrdina) - virSecuritySELinuxSetTapFDLabel: Temporarily revert to old behavior (Michal Privoznik) - audit: fix memory leak without WITH_AUDIT (Ján Tomko) - Fixes for domains with no iothreads (Ján Tomko) - Fix leak in x86UpdateHostModel (Ján Tomko) - Fix libvirtd crash when removing metadata (Erik Skultety) - qemu: Don't fail startup/attach for IOThreads if no JSON (John Ferlan) - qemu: fix crash with shared disks (Ján Tomko) - qemu: Honor hugepages for UMA domains (Michal Privoznik) - conf: Disallow nonexistent NUMA nodes for hugepages (Michal Privoznik) - domaincapstest: Run cleanly on systems missing OVMF firmware (Michal Privoznik) - util: storage: Copy driver type when initializing chain element (Peter Krempa) - qemu: time: Report errors if agent command fails (Peter Krempa) - network: check negative values in bridge queues (Erik Skultety) - openvz: fixed two memory leaks on migration code (Hongbin Lu) - util: storage: Fix qcow(2) header parser according to docs (Peter Krempa) - qemu: Fix call in qemuDomainSetNumaParamsLive for virCgroupNewIOThread (John Ferlan) - qemu: Fix iothreads issue (John Ferlan) - domain_conf: Add iothreadpin to cputune (John Ferlan) - network: check for invalid forward delay time (Erik Skultety) - qemu: Fix build breaker on printf directive (John Ferlan) - daemon: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity BAD_SIZEOF (John Ferlan) - Resolve Coverity CHECKED_RETURN (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - domain_conf: Resolve Coverity COPY_PASTE_ERROR (John Ferlan) - virtime: Resolve Coverity DEADCODE (John Ferlan) - remote_driver: Resolve Coverity RESOURCE_LEAK (John Ferlan) - node_device_udev: Try harder to get human readable vendor:product (Lubomir Rintel) - util: fix potential leak in error codepath (Martin Kletzander) - network: try to eliminate default network conflict during package install (Laine Stump) - libxl: Resolve Coverity CHECKED_RETURN (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - virfile: Resolve Coverity RESOURCE_LEAK (John Ferlan) - virutil: Resolve Coverity RESOURCE_LEAK (John Ferlan) - daemon: Resolve Coverity RESOURCE_LEAK (John Ferlan) - virsh: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - libvirt.spec: Fix permission even for libvirt-driver-qemu (Michal Privoznik) - libxl: fix mapping of libvirt and libxl lifecycle actions (Jim Fehlig) - nvram: Fix permissions (Michal Privoznik) - libxl: Resolve Coverity NULL_RETURNS (John Ferlan) - qemu: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - qemu: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - xen: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - nodeinfo: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - qemu: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - network_conf: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - virstring: Resolve Coverity FORWARD_NULL (John Ferlan) - network: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - lxc: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - tests: Resolve Coverity DEADCODE (John Ferlan) - qemu: Resolve Coverity DEADCODE (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - virfile: Resolve Coverity DEADCODE (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - storage: Resolve Coverity OVERFLOW_BEFORE_WIDEN (John Ferlan) - qemu: Resolve Coverity REVERSE_INULL (John Ferlan) - vbox: Resolve Coverity UNUSED_VALUE (John Ferlan) - storage: Resolve Coverity UNUSED_VALUE (John Ferlan) - qemu_driver: Resolve Coverity COPY_PASTE_ERROR (John Ferlan) - selinux: Properly check TAP FD label (Michal Privoznik) - qemu: Silence coverity on optional migration stats (Jiri Denemark) - qemu: panic device: check for invalid address type (Erik Skultety) - qemu: Propagate QEMU errors during incoming migrations (Jiri Denemark) - selinux: Avoid label reservations for type = none (Shivaprasad G Bhat) - storage_conf: Fix libvirtd crash when defining scsi storage pool (Pradipta Kr. Banerjee) - Don't include non-migratable features in host-model (Ján Tomko) - conf: Fix even implicit labels (Michal Privoznik) - apparmor: allow reading cap_last_cap (Felix Geyer) - security: fix DH key generation when FIPS mode is on (Giuseppe Scrivano) - lxc_container: Resolve Coverity RESOURCE_LEAK (Wang Rui) - vircgroup: Resolve Coverity RESOURCE_LEAK (Wang Rui) - qemu_process: Resolve Coverity RESOURCE_LEAK (Wang Rui) - remote: Resolve Coverity RESOURCE_LEAK (Wang Rui) - test_conf: Resolve Coverity RESOURCE_LEAK (Wang Rui) - tests: Resolve Coverity RESOURCE_LEAK in commandhelper (Wang Rui) - sanlock: Avoid freeing uninitialized value (Jiri Denemark) - qemu: ensure sane umask for qemu process (Chunyan Liu) - spec: Fix preun script for daemon (Jiri Denemark) - remote: Fix memory leak on error path when deserializing bulk stats (Peter Krempa) - Free ifname in testDomainGenerateIfnames (Ján Tomko) Portability: - qemu: monitor: Avoid shadowing variable "devname" on FreeBSD (Peter Krempa) - lxc_monitor_protocol: Redefine xdr_uint64_t if needed (Michal Privoznik) - Fix build without polkit (Pavel Hrdina) - Fix MinGW build (Pavel Hrdina) - Fix build in qemu_command (Roman Bogorodskiy) - Fix build in qemu_capabilities (Roman Bogorodskiy) - bhyve: tests: fix build (Roman Bogorodskiy) - virprocess: Extend list of platforms for setns wrapper (Michal Privoznik) - vircgroup: Fix broken builds without cgroups (John Ferlan) - util/virprocess.c: fix MinGW build (Pavel Hrdina) - blockjob: avoid 32-bit compilation warning (Eric Blake) Improvements: - Fix typo s/EMULATORIN/EMULATORPIN/ (Daniel P. Berrange) - Rename tunable event constants (Daniel P. Berrange) - qemu: Always re-detect backing chain (Peter Krempa) - event_example: cleanup example code for tunable event (Pavel Hrdina) - parallels: login to parallels SDK (Dmitry Guryanov) - parallels: build with parallels SDK (Dmitry Guryanov) - virnetserver: Raise log level of max_clients related messages (Michal Privoznik) - blkdeviotune: trigger tunable event for blkdeviotune updates (Pavel Hrdina) - tunable_event: extend debug message and tweak limit for remote message (Pavel Hrdina) - virsh: Expose virNodeAllocPages (Michal Privoznik) - nodeinfo: Implement nodeAllocPages (Michal Privoznik) - virnuma: Introduce virNumaSetPagePoolSize (Michal Privoznik) - nodeGetFreePages: Push forgotten change (Michal Privoznik) - Convert polkit code to use DBus API instead of CLI helper (Daniel P. Berrange) - Support passing dict by reference for dbus messages (Daniel P. Berrange) - Convert remote daemon & acl code to use polkit API (Daniel P. Berrange) - Convert callers to use typesafe APIs for getting identity attrs (Daniel P. Berrange) - Convert callers to use typesafe APIs for setting identity attrs (Daniel P. Berrange) - Add typesafe APIs for virIdentity attributes (Daniel P. Berrange) - Add common API for doing polkit authentication (Daniel P. Berrange) - qemu: wire up virtio-net segment offloading options (Ján Tomko) - conf: add options for disabling segment offloading (Ján Tomko) - storage: Improve error message when traversing backing chains (Peter Krempa) - qemu: Report better errors from broken backing chains (Peter Krempa) - qemu: Sanitize argument names and empty disk check in qemuDomainDetermineDiskChain (Peter Krempa) - util: storage: Allow metadata crawler to report useful errors (Peter Krempa) - cputune_event: queue the event for cputune updates (Pavel Hrdina) - add an example how to use tunable event (Pavel Hrdina) - conf: sanitize tap and vhost paths (Martin Kletzander) - qemuBuildNumaArgStr: Discard def->cpu check (Michal Privoznik) - nodeinfo: Prefer MIN in nodeGetFreePages (Michal Privoznik) - domain_conf: separate structures from virDomainDef (Pavel Hrdina) - Fix typo of virNodeGetFreePages comment (Jincheng Miao) - qemu: Memory pre-pinning support for RDMA migration (Michael R. Hines) - qemu: RDMA migration support (Michael R. Hines) - qemu: Add RDMA migration capabilities (Jiri Denemark) - qemu: Prepare support for arbitrary migration protocol (Jiri Denemark) - qemu: Fix old tcp:host URIs more cleanly (Jiri Denemark) - qemu: Expose additional migration statistics (Michael R. Hines) - cpu: fix wrong single quote mark (Chen Fan) - cpu: remove repeated word in error message (Daniel P. Berrange) - qemu: hook: Provide hook when restoring a domain save image (Peter Krempa) - schema: properly set tap and vhost backend attributes optional (Jianwei Hu) - qemu: save image: Split out checks done only when editing the save img (Peter Krempa) - qemu: save image: Split out new definition check/update (Peter Krempa) - qemu: save image: Add possibility to return XML stored in the image (Peter Krempa) - qemu: save image: Split out user provided XML checker (Peter Krempa) - libxl: Drop driver lock in libxlDomainDefineXML (Jim Fehlig) - qemu: Process the hostdev "rawio" setting (John Ferlan) - hostdev: Add "rawio" attribute to _virDomainHostdevSubsysSCSI (John Ferlan) - domain_conf: Change virDomainDiskDef 'rawio' to use virTristateBool (John Ferlan) - storage: zfs: implement pool build and delete (Roman Bogorodskiy) - qemu: Improve check for local storage (Peter Krempa) - maint: clean up _virDomainMemoryStat (Wang Yufei) - maint: clean up _virDomainBlockStats (Wang Yufei) - maint: clean up _virDomainInterfaceStats (Wang Yufei) - virsh: add options to query bulk stats group (Francesco Romani) - qemu: bulk stats: implement block group (Francesco Romani) - qemu: bulk stats: implement interface group (Francesco Romani) - qemu: bulk stats: implement VCPU group (Francesco Romani) - qemu: bulk stats: implement balloon group (Francesco Romani) - qemu: bulk stats: implement CPU stats group (Francesco Romani) - qemu: bulk stats: extend internal collection API (Francesco Romani) - rpc: make daemon spawning a bit more intelligent (Martin Kletzander) - domaincaps: Expose UEFI binary path, if it exists (Michal Privoznik) - qemu_capabilities: Change virQEMUCapsFillDomainCaps signature (Michal Privoznik) - qemu: add support for shared memory mapping (Martin Kletzander) - docs, conf, schema: add support for shared memory mapping (Martin Kletzander) - schemas: finish virTristate{Bool,Switch} transition (Martin Kletzander) - qemu: Add support for multiple versions of 'pseries' machine type (Pradipta Kr. Banerjee) - domaincaps: Expose UEFI capability (Michal Privoznik) - Wire up the interface backend options (Ján Tomko) - conf: add backend element to interfaces (Ján Tomko) - conf: remove redundant local variable (Ján Tomko) - conf: split out virtio net driver formatting (Ján Tomko) - qemu: Need to check for capability before query (John Ferlan) - cputune: allow interleaved xml (Eric Blake) - network: detect conflicting route even if it is the final entry (Laine Stump) - qemu: Allow pinning specific IOThreads to a CPU (John Ferlan) - qemu_cgroup: Introduce cgroup functions for IOThreads (John Ferlan) - qemu_domain: Add niothreadpids and iothreadpids (John Ferlan) - vircgroup: Introduce virCgroupNewIOThread (John Ferlan) - qemu: Issue query-iothreads and to get list of active IOThreads (John Ferlan) - virsh: Add iothread to 'attach-disk' (John Ferlan) - util: get rid of unnecessary umask() call (Martin Kletzander) - remove redundant pidfile path constructions (Martin Kletzander) - rpc: reformat the flow to make a bit more sense (Martin Kletzander) - blockjob: allow finer bandwidth tuning for set speed (Eric Blake) - blockcopy: add qemu implementation of new tunables (Eric Blake) - blockcopy: add qemu implementation of new API (Eric Blake) - blockcopy: tweak how rebase calls into copy (Eric Blake) - virDomainUndefineFlags: Allow NVRAM unlinking (Michal Privoznik) - virsh: Move --completed from resume to domjobinfo (Jiri Denemark) - conf: snapshot: Don't default-snapshot empty drives (Peter Krempa) - util: Add function to check if a virStorageSource is "empty" (Peter Krempa) - tests: Add more test suite mock helpers (Daniel P. Berrange) - util: Allow port allocator to skip bind() check (Daniel P. Berrange) - qemu: remove leftover virResetLastError (Ján Tomko) - util: storage: Convert disk locality check to switch statement (Peter Krempa) - virprocess: Introduce our own setns() wrapper (Michal Privoznik) - qemu: dump: Resume CPUs only when the VM is still alive (Peter Krempa) - util: process: Don't report OOM errors in helper (Peter Krempa) - qemu: Automatically create NVRAM store (Michal Privoznik) - qemu: Implement extended loader and nvram (Michal Privoznik) - conf: Extend <loader/> and introduce <nvram/> (Michal Privoznik) - qemu: Transfer recomputed stats back to source (Jiri Denemark) - qemu: Recompute downtime and total time when migration completes (Jiri Denemark) - qemu: Transfer migration statistics to destination (Jiri Denemark) - virsh: Add support for completed job stats (Jiri Denemark) - qemu: Avoid incrementing jobs_queued if virTimeMillisNow fails (Jiri Denemark) - Refactor job statistics (Jiri Denemark) - virsh: additional scaled output units (Eric Blake) - util: let virSetSockReuseAddr report unified error message (Martin Kletzander) - blockcopy: add a way to parse disk source (Eric Blake) - qemu: snapshot: Simplify error paths (Peter Krempa) - qemu: snapshot: Fix snapshot function header formatting and spacing (Peter Krempa) - qemu: snapshot: Acquire job earlier on snapshot revert/delete (Jincheng Miao) - qemu: snapshot: Fix job handling when creating snapshots (Peter Krempa) - qemu: Rename DEFAULT_JOB_MASK to QEMU_DEFAULT_JOB_MASK (Peter Krempa) - blockcopy: remote implementation for new API (Eric Blake) - blockcopy: expose new API in virsh (Eric Blake) - maint: update to latest gnulib (Eric Blake) - blockcopy: split out virsh implementation (Eric Blake) - blockcopy: allow block device destination (Eric Blake) - blockjob: add new --bytes flag to virsh blockjob (Eric Blake) - blockjob: add new --raw flag to virsh blockjob (Eric Blake) - blockjob: split up virsh blockjob info (Eric Blake) - blockjob: allow finer bandwidth tuning for query (Eric Blake) - blockjob: add new monitor json conversions (Eric Blake) - blockjob: hoist bandwidth scaling out of monitor code (Eric Blake) - blockjob: split out block info monitor handling (Eric Blake) - tests: Add test cases for previous commit (Michal Privoznik) - blockjob: split out block info driver handling (Eric Blake) - blockjob: shuffle block rebase code (Eric Blake) - maint: tighten curly brace syntax checking (Eric Blake) - maint: use hanging curly braces (Eric Blake) - maint: enforce previous if-else {} cleanups (Eric Blake) - maint: use consistent if-else braces in remaining spots (Eric Blake) - maint: use consistent if-else braces in lxc, vbox, phyp (Eric Blake) - maint: use consistent if-else braces in xen and friends (Eric Blake) - maint: use consistent if-else braces in qemu (Eric Blake) - maint: use consistent if-else braces in conf and friends (Eric Blake) - LXC: add HOME environment variable (Chen Hanxiao) - tests: force FIPS testing mode with new enough GNU TLS versions (Giuseppe Scrivano) - command: test umask support (Eric Blake) - util: don't shadow global umask declaration (Martin Kletzander) - util: Introduce flags field for macvtap creation (Matthew Rosato) Cleanups: - nodeinfo: fix version of nodeAllocPages (Tomoki Sekiyama) - audit: remove redundant NULL assignment (Ján Tomko) - qemu: Drop unused formatting of uuid (Peter Krempa) - qemu_cgroup: Adjust spacing around incrementor (John Ferlan) - qemu: dump: Fix formatting of function headers and code inline (Peter Krempa) - virsh: domain: Clean up handling of "dom" in "save" command (Peter Krempa) Thanks everybody who helped with this release, with ideas, reports, patches, documentation or localizations ! Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 0