[Libvirt-announce] LSN-2014-0003: Unsafe parsing of XML documents allows arbitrary file read
by Daniel P. Berrange
Libvirt Security Notice: LSN-2014-0003
======================================
Summary: Unsafe parsing of XML documents allows arbitrary
file read
Reported on: 20140411
Published on: 20140506
Fixed on: 20140506
Reported by: Daniel P. Berrange <berrange(a)redhat.com>
Richard Jones <rjones(a)redhat.com>
Patched by: Daniel P. Berrange <berrange(a)redhat.com>
See also: CVE-2014-0179
Description
-----------
When parsing XML documents, libvirt passes the XML_PARSE_NOENT flag
to libxml2 which instructs it to expand all entities in the XML
document during parsing. This can be used to insert the contents of
host OS files in the resulting parsed content. Although the flaw was
introduced in 0.0.5, it was dormant having no ill effects, since the
APIs involved all required the user to authenticate with privileges
equivalent to root. In version 0.7.5 or later the
virConnectCompareCPU / virConnectBaselineCPU methods activate the
dormant bug, allowing for denial of service. In version 1.0.0 or
later, if the admin opts in to using the new fine grained access
control feature, there is potential for unprivileged information
disclosure.
Impact
------
A malicious user can pass libvirt an XML document which contains an
entity that points to an arbitrary file on the host. When libvirt
parses this document, it will insert the contents of that host file,
which could allow the user to read the contents of files that they
otherwise do not have permission to view. It also has the potential
to cause a denial of service / indefinite hang of libvirt, if the
entity points to a named pipe with no writer connected or certain
proc files. If the libvirt installation is not using fine grained
access control then virConnectCompareCPU and virConnectBaselineCPU
APIs can be used by a read-only user to inflict a denial of service
attack. If the libvirt installation is using fine grained access
control, then as well as the denial of service attack, one or more
of the following APIs can be used for information disclosure of
files: virDomainDefineXML, virNetworkCreateXML, virNetworkDefineXML,
virStoragePoolCreateXML, virStoragePoolDefineXML,
virStorageVolCreateXML, virDomainCreateXML, virNodeDeviceCreateXML,
virInterfaceDefineXML, virStorageVolCreateXMLFrom,
virConnectDomainXMLFromNative, virConnectDomainXMLToNative,
virSecretDefineXML, virNWFilterDefineXML,
virDomainSnapshotCreateXML, virDomainSaveImageDefineXML,
virDomainCreateXMLWithFiles, virConnectCompareCPU,
virConnectBaselineCPU.
Workaround
----------
Stop use of the fine grained access control mechanism, and restrict
access to all the libvirt TCP/UNIX sockets to only trusted
authenticated users. Simply denying access to the affected APIs in
the access control policy is insufficient to mitigate the bug, since
the XML document typically needs to be parsed before the access
control check is applied in order to extra the UUID/name of the
object to check. Access to the readonly libvirt socket must also be
revoked
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v0.7.5
Broken in: v0.7.6
Broken in: v0.7.7
Broken in: v0.8.0
Broken in: v0.8.1
Broken in: v0.8.2
Broken in: v0.8.3
Broken in: v0.8.4
Broken in: v0.8.5
Broken in: v0.8.6
Broken in: v0.8.7
Broken in: v0.8.8
Broken in: v0.9.0
Broken in: v0.9.1
Broken in: v0.9.2
Broken in: v0.9.3
Broken in: v0.9.4
Broken in: v0.9.5
Broken in: v0.9.6
Broken in: v0.9.7
Broken in: v0.9.8
Broken in: v0.9.9
Broken in: v0.9.10
Broken in: v0.9.11
Broken in: v0.9.12
Broken in: v0.9.13
Broken in: v1.0.0
Broken in: v1.0.1
Broken in: v1.0.2
Broken in: v1.0.3
Broken in: v1.0.4
Broken in: v1.0.5
Broken in: v1.0.6
Broken in: v1.1.0
Broken in: v1.1.1
Broken in: v1.1.2
Broken in: v1.1.3
Broken in: v1.1.4
Broken in: v1.2.0
Broken in: v1.2.1
Broken in: v1.2.2
Broken in: v1.2.3
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: d6b27d3e4c40946efa79e91d134616b41b1666c4
Branch: v0.9.6-maint
Broken in: v0.9.6.1
Broken in: v0.9.6.2
Broken in: v0.9.6.3
Broken in: v0.9.6.4
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Fixed by: be7a5de9d0c406f36efae3230e1743c613ad6945
Branch: v0.9.11-maint
Broken in: v0.9.11.1
Broken in: v0.9.11.2
Broken in: v0.9.11.3
Broken in: v0.9.11.4
Broken in: v0.9.11.5
Broken in: v0.9.11.6
Broken in: v0.9.11.7
Broken in: v0.9.11.8
Broken in: v0.9.11.9
Broken in: v0.9.11.10
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Branch: v0.9.12-maint
Broken in: v0.9.12.1
Broken in: v0.9.12.2
Broken in: v0.9.12.3
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Fixed by: 022b34cee73f86b01724b5279cf626df9cca245f
Branch: v1.0.5-maint
Broken in: v1.0.5.1
Broken in: v1.0.5.2
Broken in: v1.0.5.3
Broken in: v1.0.5.4
Broken in: v1.0.5.5
Broken in: v1.0.5.6
Broken in: v1.0.5.7
Broken in: v1.0.5.8
Broken in: v1.0.5.9
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Fixed by: 4410a83e18c1b41f1f5d3f10a0b648fc9304bc35
Branch: v1.1.0-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 6f4eae73a0bf3e1c5e9597e4f9a8078cad69b1e3
Branch: v1.1.1-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: cfc94140e5989c9f3cce0fdbb758730818cb2572
Branch: v1.1.2-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 8fd2005cc0594742dc6cfab07a62f9774798a56d
Branch: v1.1.3-maint
Broken in: v1.1.3.1
Broken in: v1.1.3.2
Broken in: v1.1.3.3
Broken in: v1.1.3.4
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 46de45d079ae2622660fe147cf237ee617cc461c
Branch: v1.1.4-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: e2b96d539f8a06e08cdf001627efe3f399db9c07
Branch: v1.2.0-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 9b1d09377492a4ce92498abb7cf830d693bc661c
Branch: v1.2.1-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 877388678a77bacf802f97de429b2b350b02eb41
Branch: v1.2.2-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: ab07ebeb22b1d724999dc6eabc33cd6266de496f
Branch: v1.2.3-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: a45368839fb898feb6b634df2bf337697155ea74
Branch: v1.2.4-maint
Broken by: 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e
Broken by: 387941fb626d9362835aa216b4a871e18268f649
Broken by: 0b7d2ae653f583825f6d83bfb0744673648a9833
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: a8480e2bc0d0b1c5cd98ff7424cace3e82db5ace
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
10 years, 6 months
[Libvirt-announce] Release of libvirt-1.2.4
by Daniel Veillard
As planned I tagged the release in git and pushed the tarball and
signed rpms to the usual place:
ftp://libvirt.org/libvirt/
I also generated those for python too even if the only change is a
spec file update, they are in the python subdir.
This is a smaller than average release, with most of the changes
on code refactoring, portability and bug fixes, so no big features
here but general improvements:
Documentation:
- Device{Attach,Detach}: Document S4 limitations (Michal Privoznik)
- Add a new example to illustrate domain migration (Sahid Orentino Ferdjaoui)
- update docs for setting the QEMU BIOS path (Chen Hanxiao)
- document nmdm type console (Roman Bogorodskiy)
- Fix typos in src/* (Nehal J Wani)
- document that vfio is default for hostdev networks too (Laine Stump)
- cpu: Add documentation for CPU driver APIs (Jiri Denemark)
- virsh: Fix comment of vshCmdInfo (Li Yang)
Portability:
- Explicitly link virfirewalltest and virsystemdtest against dbus (Guido Günther)
- qemuxml2argvtest: Don't use privileged mode upfront (Guido Günther)
- tests: skip virfirewalltest on non-Linux systems (Roman Bogorodskiy)
- tests: don't fail with newer gnutls (Martin Kletzander)
- fix build with older gcc (Ján Tomko)
- storage: reject negative indices (Eric Blake)
- networkxml2firewalltest: fix build failure on freebsd (Pavel Hrdina)
- virfirewall: fix build on freebsd (Pavel Hrdina)
- Disable libvirtd by default when building on Win32 (Daniel P. Berrange)
- Don't use SO_REUSEADDR on Win32 platforms (Daniel P. Berrange)
- Conditionalize include of dlfcn.h in virmock.h (Daniel P. Berrange)
- build: avoid 'index' as variable name (Eric Blake)
- build: Don't use code with dbus_message_unref when built without dbus (Martin Kletzander)
- tests: Fix systemd test with --without-driver-modules (Jiri Denemark)
- Fix build on mingw32 (Ján Tomko)
- build: avoid compiler warning on shadowed name (Jean-Baptiste Rouault)
- tests: link against libxml2 (Guido Günther)
- tests: build viridentitytest only WITH_ATTR. (Jincheng Miao)
- maint: Correctly detect wether "gluster" cli tool is accessible (Peter Krempa)
- libvirt-guests: avoid bashism (Guido Günther)
- Use the force flag for mkfs -t xfs (Ján Tomko)
Bug Fixes:
- Restore skipping of setting capacity (John Ferlan)
- qemu: fix crash when removing <filterref> from interface with update-device (Laine Stump)
- storage: Clear all data allocated about backing store before reparsing (Peter Krempa)
- nwfilter: Tear down temp. filters when tearing all filters (Stefan Berger)
- Set mknod permission in device ACL for LXC USB devices (Daniel P. Berrange)
- conf: avoid null deref during storage probe (Eric Blake)
- qemu: properly quit migration with abort_on_error (Martin Kletzander)
- qemu: don't call virFileExists() for network type disks (Martin Kletzander)
- storage_backend_rbd: Correct argument order to rbd_create3 (Steven McDonald)
- xen: ensure /usr/sbin/xend exists before checking status (Jim Fehlig)
- Remove bogus ATTRIBUTE_NONNULL from virFirewallAddRuleFull (Daniel P. Berrange)
- Make autostart of virtlockd actually work (Daniel P. Berrange)
- Fix leak on OOM in virNWFilterVarValueCreateSimpleCopyValue (Daniel P. Berrange)
- qemu: Avoid overflow when setting migration speed on inactive domains (Jiri Denemark)
- qemu: don't check for backing chains for formats w/o snapshot support (Martin Kletzander)
- Fix pci bus naming for PPC (Daniel P. Berrange)
- Document behavior of setvcpus during guest boot (Ján Tomko)
- Save domain status after cpu hotplug (Ján Tomko)
- Fix error for out of range vcpu in qemuDomainPinVcpuFlags (Ján Tomko)
- Properly free vcpupin info for unplugged CPUs (Ján Tomko)
- Only set QEMU_CAPS_NO_HPET on x86 (Ján Tomko)
- Fix Memory Leak in virStorageFileGetMetadataRecurse() (Nehal J Wani)
- qemu: Unlock the NWFilter update lock by leaving via the cleanup label (Stefan Berger)
- storage: netfs: Handle backend errors (John Ferlan)
- conf: fix omission of <driver> in domain dumpxml (Eric Blake)
- Fix virsystemdtest without SYSTEMD_DAEMON (Ján Tomko)
- qemu: Avoid overflow when setting migration speed (Jiri Denemark)
- bhyve: fix domain management (Wojciech Macek)
- Check maximum startcpu value correctly (Ján Tomko)
- storage: Don't update pool available/allocation if buildVol fails (John Ferlan)
- LXC: Fix return code evaulation in lxcCheckNetNsSupport() (Richard Weinberger)
- Fix incorrect values in redirdev ABI check error (Ján Tomko)
- virNetDev{Replace,Restore}MacAddress: Fix memory leak (Wangrui K)
- bhyveConnectGetCapabilities: Fix double caps unref (Michal Privoznik)
- Simplify bhyveDriverGetCapabilities() (Michal Privoznik)
- bhyve_capabilities: Add Semihalf to Copyright (Michal Privoznik)
- tests: Don't crash when creating the config object fails (Guido Günther)
- conf: avoid memleak on NULL path (Eric Blake)
- lxc conf2xml: don't let current vcpus at 0: define won't like it (Cédric Bosdonnat)
- QoS: make tc filters match all traffic (Antoni S. Puimedon)
- NFS storage pool: Fix libvirtd crash due to refactor edit (John Ferlan)
- Define CPUINFO_FILE_LEN and fix maxlen of cpuinfo file for all uses (Olivia Yin)
- Fix Memory Leak in daemon/libvirtd.c (Nehal J Wani)
- qemu: make sure agent returns error when required data are missing (Martin Kletzander)
- Fix coverity-reported leak in virSecurityManagerGenLabel (Ján Tomko)
- phyp: fix logic error on volume creation (Eric Blake)
- qemu: cleanup error checking on agent replies (Martin Kletzander)
Improvements
- util: new stricter unsigned int parsing (Eric Blake)
- util: fix uint parsing on 64-bit platforms (Eric Blake)
- Misc error reporting bugs in QEMU cli builder (Daniel P. Berrange)
- nwfilter: Validate rule after parsing (Stefan Berger)
- Add support for QEMU migration to use SASL authentication (Sahid Orentino Ferdjaoui)
- enforce sane readdir usage (Eric Blake)
- network: use virDirRead in networkMigrateStateFiles (Laine Stump)
- storage: use virDirRead API (Eric Blake)
- drivers: use virDirRead API (Eric Blake)
- util: use virDirRead API (Eric Blake)
- conf: use virDirRead API (Eric Blake)
- nodeinfo: use virDirRead API (Natanael Copa)
- util: introduce virDirRead wrapper for readdir (Natanael Copa)
- tests: remove hostdevmgr directory on cleanup (Martin Kletzander)
- Use virFileFindResource to locate virtlockd daemon (Daniel P. Berrange)
- Use virFileFindResource to locate libvirtd daemon (Daniel P. Berrange)
- Recheck disk backing chains after snapshot (Jiri Denemark)
- network: centralize check for active network during interface attach (Laine Stump)
- network: set macvtap/hostdev networks active if their state file exists (Laine Stump)
- network: change location of network state xml files (Laine Stump)
- network: create statedir during driver initialization (Laine Stump)
- network: fix virNetworkObjAssignDef and persistence (Laine Stump)
- build: -avoid-version on libvirt_driver_nwfilter (Dwight Engen)
- libxl: Support PV consoles (Ian Campbell)
- build: add nwfilterxml2firewalldata to dist (Dwight Engen)
- Add a test suite for nwfilter ebiptables tech driver (Daniel P. Berrange)
- Remove last trace of direct firewall command exection (Daniel P. Berrange)
- Convert ebiptablesDriverProbeStateMatch to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebiptablesApplyNewRules to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebtablesApplyDropAllRules to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebtablesApplyDHCPOnlyRules to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebtablesApplyBasicRules to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebiptablesTearNewRules to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebtablesRemoveBasicRules to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebiptablesTearOldRules to virFirewall (Daniel P. Berrange)
- Convert nwfilter ebiptablesAllTeardown to virFirewall (Daniel P. Berrange)
- Convert ebtables code over to use firewall APIs (Daniel P. Berrange)
- Add test for converting network XML to iptables rules (Daniel P. Berrange)
- Replace virNetworkObjPtr with virNetworkDefPtr in network platform APIs (Daniel P. Berrange)
- Convert bridge driver over to use new firewall APIs (Daniel P. Berrange)
- Introduce an object for managing firewall rulesets (Daniel P. Berrange)
- Preserve error when tearing down nwfilter rules (Daniel P. Berrange)
- Remove two-stage construction of commands in nwfilter (Daniel P. Berrange)
- Merge nwfilter createRuleInstance driver into applyNewRules (Daniel P. Berrange)
- Push virNWFilterRuleInstPtr out of (eb|ip)tablesCreateRuleInstance (Daniel P. Berrange)
- Add helper methods for determining what protocol layer is used (Daniel P. Berrange)
- Remove nwfilter tech driver 'displayRuleInstance' callback (Daniel P. Berrange)
- Remove nwfilter tech driver 'removeRules' callback (Daniel P. Berrange)
- Remove pointless storage of var names in virNWFilterHashTable (Daniel P. Berrange)
- Remove virDomainNetType parameter from nwfilter drivers (Daniel P. Berrange)
- Move virNWFilterTechDriver struct out of nwfilter_conf.h (Daniel P. Berrange)
- Use virFileFindResource to locate CPU map XML (Daniel P. Berrange)
- Use virFileFindResource to locate driver plugins (Daniel P. Berrange)
- Use virFileFindResource to locate lock manager plugins (Daniel P. Berrange)
- Use virFileFindResource to locate iohelper for fdstream (Nehal J Wani)
- Use virFileFindResource to locate parthelper for storage backend (Nehal J Wani)
- Use virFileFindResource to locate libvirt_lxc for capabilities (Nehal J Wani)
- Use virFileFindResource to locate iohelper for virFileWrapperFdNew (Nehal J Wani)
- Activate build dir overrides in libvirtd, virtlockd, virsh & tests (Daniel P. Berrange)
- Add helpers for resolving path to resources in build tree (Daniel P. Berrange)
- Add test suite for viralloc APIs (Daniel P. Berrange)
- Add support for addressing backing stores by index (Jiri Denemark)
- virStorageFileChainLookup: Return virStorageSourcePtr (Jiri Denemark)
- qemuDomainBlockCommit: Track virStorageSourcePtr for base (Jiri Denemark)
- qemuDomainBlockCommit: Don't track top_canon path separately (Jiri Denemark)
- tests: Test backing store XML formatting and parsing (Jiri Denemark)
- tests: More output options for xml2xml tests (Jiri Denemark)
- conf: Format and parse backing chains in domain XML (Jiri Denemark)
- conf: Output disk backing store details in domain XML (Jiri Denemark)
- util: storage: Invert the way recursive metadata retrieval works (Peter Krempa)
- util: virstoragefile: Don't mangle data stored about directories (Peter Krempa)
- storage: Move disk->backingChain to the recursive disk->src.backingStore (Peter Krempa)
- util: virstoragefile: Rename backingMeta to backingStore (Peter Krempa)
- util: virstorage: Kill struct virStorageFileMetadata (Peter Krempa)
- maint: Switch over from struct virStorageFileMetadata to virStorageSource (Peter Krempa)
- util: storagefile: Add fields from virStorageMetadata to virStorageSource (Peter Krempa)
- util: storagefile: Add function to free a virStorageSourcePtr (Peter Krempa)
- virstoragefile: Kill "backingStore" field from virStorageFileMetadata (Peter Krempa)
- util: virstoragefile: Don't use "backingStore" directly (Peter Krempa)
- util: storagefile: Rename "canonPath" to "path" in virStorageFileMetadata (Peter Krempa)
- util: storage: Rename "path" to "relPath" in virStorageFileMetadata (Peter Krempa)
- storage: util: Clean up arguments of virStorageFileGetMetadataInternal (Peter Krempa)
- util: storage: Move checking of the actual backing image to the worker (Peter Krempa)
- util: storage: Remove obsolete argument virStorageFileGetMetadataInternal (Peter Krempa)
- util: storagefile: Always store raw backing name in the metadata (Peter Krempa)
- qemu: unexport qemuDiskChainCheckBroken (Peter Krempa)
- bhyve: bhyveDomainDefineXML fixes (Roman Bogorodskiy)
- PPC64 prefers to set pci-ohci controller as default USB controller (Li Zhang)
- Make virDomainVcpuPinDel return void (Ján Tomko)
- maint: update to latest gnulib (Eric Blake)
- bhyve: domainCreateXML (Wojciech Macek)
- Remove QEMU_CAPS_MACHINE_USB_OPT from ComputeCmdFlags (Ján Tomko)
- conf: split <disk> schema into more pieces (Eric Blake)
- conf: set up for per-grammar overrides in schemas (Eric Blake)
- conf: restrict external snapshots to backing store formats (Eric Blake)
- conf: move storage formats to common RNG file (Eric Blake)
- conf: better <disk> interleaving in schema (Eric Blake)
- conf: create common storage RNG grammar file (Eric Blake)
- conf: delete internal directory field (Eric Blake)
- conf: tweak chain lookup internals (Eric Blake)
- conf: drop redundant parameter to chain lookup (Eric Blake)
- conf: report error on chain lookup failure (Eric Blake)
- util: new virFileRelLinkPointsTo function (Eric Blake)
- conf: test backing chain lookup (Eric Blake)
- Introduce --without-pm-utils to get rid of pm-is-supported dependency (Cédric Bosdonnat)
- conf: delete useless backingStoreFormat field (Eric Blake)
- conf: return backing information separately from metadata (Eric Blake)
- conf: delete useless backingStoreIsFile field (Eric Blake)
- conf: expose probe for non-local storage (Eric Blake)
- conf: provide details on network backing store (Eric Blake)
- conf: make virstoragetest debug easier (Eric Blake)
- cpu: Properly check input parameters (Jiri Denemark)
- Clean up virCgroupGetPercpuStats (Ján Tomko)
- Rename id, max_id to need_cpus, total_cpus (Ján Tomko)
- Extend virCgroupGetPercpuStats to fill in vcputime too (Ján Tomko)
- Fix return value of virCgroupGetPercpuStats (Ján Tomko)
- Don't require domain obj in qemuDomainGetPercpuStats (Ján Tomko)
- conf: test for more fields (Eric Blake)
- conf: start testing contents of the new backing chain fields (Eric Blake)
- conf: track more fields in backing chain metadata (Eric Blake)
- conf: rename some test fields (Eric Blake)
- conf: earlier allocation during backing chain crawl (Eric Blake)
- conf: track user vs. canonical name through full chain lookup (Eric Blake)
- qemu: Unexport qemuBuildNetworkDriveURI() (Peter Krempa)
- qemu: Refactor qemuGetDriveSourceString to take virStorageSourcePtr (Peter Krempa)
- storage: Refactor location of metadata for storage drive access to files (Peter Krempa)
- storage: Refactor storage file initialization to use virStorageSourcePtr (Peter Krempa)
- conf: Refactor helpers to retrieve actual storage type (Peter Krempa)
- tests: use virBhyveCapsBuild in bhyvexml2argv test (Roman Bogorodskiy)
- conf: another refactor of virstoragetest (Eric Blake)
- conf: interleave virstoragetest structs (Eric Blake)
- conf: test for more scenarios (Eric Blake)
- conf: fix detection of infinite backing loop (Eric Blake)
- vmware: set the driver version (Jean-Baptiste Rouault)
- tests: add bhyve xml2xml test (Roman Bogorodskiy)
- bhyve: add domain metadata support (Roman Bogorodskiy)
- bhyve: fix ATTRIBUTE_NONNULL usage (Roman Bogorodskiy)
- Use a static initializer for static mutexes (Daniel P. Berrange)
- Add syntax check to validate capitalization of abbreviations (Daniel P. Berrange)
- Replace Pci with PCI throughout (Daniel P. Berrange)
- Replace Usb with USB throughout (Daniel P. Berrange)
- Replace Scsi with SCSI throughout (Daniel P. Berrange)
- Switch systemd test to use generic dbus mock (Daniel P. Berrange)
- Create a re-usable DBus LD_PRELOAD mock library (Daniel P. Berrange)
- Introduce a new set of helper macros for mocking symbols (Daniel P. Berrange)
- bhyve: connectCompareCPU support (Wojciech Macek)
- bhyve: create capabilities submodule (Wojciech Macek)
- bhyve: support for connectBaselineCPU (Wojciech Macek)
- interface: dump inactive xml when interface isn't active (Laine Stump)
- hash: add common utility functions (Eric Blake)
- bhyve: add xml2argv tests for console (Roman Bogorodskiy)
- bhyve: add console support through nmdm device (Roman Bogorodskiy)
- bhyve: domain autostart support (David Shane Holden)
- conf: track when storage type is still undetermined (Eric Blake)
- tests: refactor virstoragetest for less stack space (Eric Blake)
- tests: use C99 initialization for storage test (Eric Blake)
- libxl: Set disk format for empty cdrom device (Stefan Bader)
- libxl: Use id from virDomainObj inside the driver (Stefan Bader)
- Add redirdevs to ABI stability check (Ján Tomko)
- virsh: Make 'exit' action same as 'quit' (Li Yang)
- Include PCI address in the error in virDomainNetFindIdx (Ján Tomko)
- Move error reporting into virDomainNetFindIdx (Ján Tomko)
- tests: simplify storage test cleanup (Eric Blake)
- storage: Report error from VolOpen by default (Cole Robinson)
- conf: modify tracking of encrypted images (Eric Blake)
- conf: drop redundant parameters during probe (Eric Blake)
- conf: track sizes directly in source struct (Eric Blake)
- conf: use common struct in storage volumes (Eric Blake)
- conf: move volume structs to util/ (Eric Blake)
- conf: tweak volume target struct details (Eric Blake)
- conf: manage disk source by struct instead of pieces (Eric Blake)
- virsh: man: delete the unexpected character in snapshot-list (Shanzhi Yu)
- maint: fix spelling errors in disk pools (Eric Blake)
- conf: let snapshots share disk source struct (Eric Blake)
- conf: move common disk source functions (Eric Blake)
- util: don't support loopback and nbd when setuid (Eric Blake)
- util: move detection of shared filesystems (Eric Blake)
- conf: move storage source type to util/ (Eric Blake)
- conf: move storage secret type to util/ (Eric Blake)
- conf: move source pool type to util/ (Eric Blake)
- conf: move storage encryption type to util/ (Eric Blake)
- conf: move network disk protocol type to util/ (Eric Blake)
- conf: move host disk type to util/ (Eric Blake)
- conf: split network host structs to util/ (Eric Blake)
- conf: split security label structs to util/ (Eric Blake)
- maint: ensure src/ directory includes are clean (Eric Blake)
- storage: gluster: Implement storage pool lookup (Peter Krempa)
- storage: netfs: Support lookup of glusterfs pool sources (Peter Krempa)
- storage: netfs: Split up and tidy up NFS storage pool source function (Peter Krempa)
Cleanups:
- tests: drop dead code from argv2xml and xml2xml (Eric Blake)
- qemu: remove unneeded forward declaration (Martin Kletzander)
Thanks everybody for your contributions to this release
be it with ideas, report, patches, documentation or localizations !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
10 years, 6 months
[Libvirt-announce] ANNOUNCE: libvirt 1.1.3.5 maintenance release
by Cole Robinson
libvirt 1.1.3.5 maintenance release is now available. This is
libvirt 1.1.3 with additional bugfixes that have accumulated
upstream since the initial release.
This release can be downloaded at:
http://libvirt.org/sources/stable_updates/libvirt-1.1.3.5.tar.gz
Changes in this version:
* qemu: Introduce qemuDomainDefCheckABIStability
* interface: dump inactive xml when interface isn't active
* interface: Introduce netcfInterfaceObjIsActive
* Ignore additional fields in iscsiadm output
* qemu: fix crash when removing <filterref> from interface with update-
device
* Only set QEMU_CAPS_NO_HPET on x86
* Fix journald PRIORITY values
* qemu: make sure agent returns error when required data are missing
* qemu: remove unneeded forward declaration
* qemu: cleanup error checking on agent replies
* Ignore char devices in storage pools by default
* Ignore missing files on pool refresh
* storage: reduce number of stat calls
* Fix explicit usage of default video PCI slots
* virNetClientSetTLSSession: Restore original signal mask
* storage: use valid XML for awkward volume names
* maint: fix comma style issues: conf
* virNetServerRun: Notify systemd that we're accepting clients
* libvirt-guests: Wait for libvirtd to initialize
* virSystemdCreateMachine: Set dependencies for slices
* Add Documentation fields to systemd service files
* Add a mutex to serialize updates to firewall
* virt-login-shell: also build virAtomic.h
* Fix conflicting types of virInitctlSetRunLevel
For info about past maintenance releases, see:
http://wiki.libvirt.org/page/Maintenance_Releases
Thanks,
Cole
10 years, 6 months