As planned I released libvirt-1.1.0 a couple of hours ago after
a couple more patches and a fix for CVE-2013-2218 were applied. It
should be available on the server along with the rpms:
ftp://libvirt.org/libvirt/
The biggest feature leading to the bump in medium release number is
the adition of ACL for individual access control of each API, until now
there was only two classes of access read-only and read write, this
feature is a big enhancement we have been thinking about for years!
This version includes a relatively smaller amount of patches though,
around 200, with a balanced set of bug fixes and enhancements, plus
the fix for CVE-2013-2218 which is afftecting 1.0.6 release.
Features:
- Extensible migration APIs (Jiri Denemark)
- Fine grained ACL support for the API (Daniel P. Berrange)
- various improvements in the Xen driver (Jim Fehlig and Marek Marczykowski-Górecki)
- improve networking support on BSD (Roman Bogorodskiy)
- agent based vCPU hotplug support (Peter Krempa)
Security:
- CVE-2013-2218: Fix crash listing network interfaces with filters (Daniel P. Berrange)
Documentation:
- Document security reporting & handling process (Daniel P. Berrange)
- Fix reference to #elementsUSB (Philipp Hahn)
- Fix sample TPM XML (Stefan Berger)
- correct and update network vlan example (Laine Stump)
- add spaces to formatstorage.html (Ján Tomko)
Portability:
- spec: require xen-devel for libxl driver (Eric Blake)
- Conditionalize use of IF_MAXUNIT in virnetdevtap.c (Daniel P. Berrange)
- Replace use of 'in_addr_t' with 'struct in_addr' (Daniel P. Berrange)
- build: Fix VPATH build for access/* (Viktor Mihajlovski)
- util: fix build error on non-Linux systems (Laine Stump)
- conf: Swap order of AddImplicitControllers and DomainDefPostParse (Viktor Mihajlovski)
- S390: Testcase for console default target type (virtio) (Viktor Mihajlovski)
- Fix units in virNetDevBridgeSetSTPDelay on BSD (Roman Bogorodskiy)
- build: Fix check-aclrules in VPATH build (Jiri Denemark)
- build: Fix build with -Werror (Jim Fehlig)
- use net/if.h instead of linux/if.h (Roman Bogorodskiy)
- build: fix build without posix_fallocate (Eric Blake)
- spec: Explicitly require libgcrypt-devel (Jiri Denemark)
Bug Fixes:
- pci: initialize virtual_functions array pointer to avoid segfault (Laine Stump)
- node device driver: update driver name during dumpxml (Laine Stump)
- Resolve valgrind errors for nodedev cap parsing (John Ferlan)
- Resolve valgrind error in remoteConfigGetStringList() (John Ferlan)
- Resolve valgrind error in virStorageBackendCreateQemuImgCmd() (John Ferlan)
- Resolve valgrind error in virNetDevVlanParse() (John Ferlan)
- Fix vPort management: FC vHBA creation (Dennis Chen)
- bridge: don't crash on bandwidth unplug with no bandwidth (Ján Tomko)
- Plug leak in virCgroupMoveTask (Ján Tomko)
- Fix invalid read in virCgroupGetValueStr (Ján Tomko)
- qemu: fix infinite loop in OOM error path (Laine Stump)
- pci: fix dangling pointer in qemuDomainReAttachHostdevDevices (Laine Stump)
- pci: eliminate leak in OOM condition (Laine Stump)
- util: fix bug found by Coverity (Laine Stump)
- Fix possible NULL dereference during migration (Jiri Denemark)
- virsh: edit: don't leak XML string on reedit or redefine (Ján Tomko)
- qemu: don't reset PCI devices being assigned with VFIO (Laine Stump)
- pci: eliminate memory leak in virPCIDeviceReattach (Laine Stump)
- qemu: check if block I/O limits fit into long long (Ján Tomko)
- network: increase max number of routes (Laine Stump)
- lxc: Resolve issue with GetScheduler APIs for non running domain (John Ferlan)
- qemu: Resolve issue with GetScheduler APIs for non running domain (John Ferlan)
- qemu: Avoid leaking uri in qemuMigrationPrepareDirect (Jiri Denemark)
- udev: fix crash in libudev logging (Ján Tomko)
- remote: Fix client crash when URI path is empty when using ssh (Peter Krempa)
- remote: Forbid default "/session" connections when using ssh transport (Peter
Krempa)
- nodedev: fix vport detection for FC HBA (Ján Tomko)
- qemu: Fix memory leak in Prepare phase (Jiri Denemark)
- virSocketAddrIsWildcard: Use IN6_IS_ADDR_UNSPECIFIED correctly (Michal Privoznik)
- Fix ordering of file open in virProcessGetNamespaces (Richard Weinberger)
- qemuDomainGetVcpusFlags: Initialize ncpuinfo (Michal Privoznik)
- virtlockd: fix socket path (Ján Tomko)
- nwfilter: grab driver lock earlier during init (bz96649) (Stefan Berger)
- Fix a invalid usage of virDomainNetDef in OpenVZ driver (Alvaro Polo)
- use virBitmapFree instead of VIR_FREE for cpumask (Ján Tomko)
- usb: don't spoil decimal addresses (Martin Kletzander)
Improvements:
- Allow RO connections to interface udev backend (Doug Goldstein)
- virsh: Add parenthesis into virsh nodedev-detach help (xuzhang)
- nodedev: add iommuGroup to node device object (Laine Stump)
- pci: new iommu_group functions (Laine Stump)
- network: allow <vlan> in type='hostdev' networks (Laine Stump)
- test: include qemuhotplugtest data files in source rpm (Laine Stump)
- pci: virPCIDeviceListAddCopy API (Laine Stump)
- pci: update stubDriver name in virPCIDeviceBindToStub (Laine Stump)
- pci: eliminate repetitive path constructions in virPCIDeviceBindToStub (Laine Stump)
- pci: rename virPCIParseDeviceAddress and make it public (Laine Stump)
- pci: rename virPCIDeviceGetVFIOGroupDev to virPCIDeviceGetIOMMUGroupDev (Laine Stump)
- pci: eliminate unused driver arg from virPCIDeviceDetach (Laine Stump)
- tests: Introduce qemuhotplugtest (Michal Privoznik)
- qemu: Implement support for VIR_MIGRATE_PARAM_GRAPHICS_URI (Jiri Denemark)
- Implement extensible migration APIs in qemu driver (Jiri Denemark)
- qemu: Move internals of Confirm phase to qemu_migration.c (Jiri Denemark)
- qemu: Move common parts of Prepare phase to qemu_migration.c (Jiri Denemark)
- qemu: Move internals of Begin phase to qemu_migration.c (Jiri Denemark)
- Use 1.1.0 everywhere in the documentation (Ján Tomko)
- Add polkit policy for API checks to rpm spec (Daniel Veillard)
- Configure native vlan modes on Open vSwitch ports (james robson)
- Introduce VIR_MIGRATE_PARAM_GRAPHICS_URI parameter (Jiri Denemark)
- virsh: Use extensible migration APIs (Jiri Denemark)
- python: Add bindings for extensible migration APIs (Jiri Denemark)
- Adapt virDomainMigratePeer2Peer for extensible migration APIs (Jiri Denemark)
- Adapt virDomainMigrateVersion3 for extensible migration APIs (Jiri Denemark)
- Implement extensible migration APIs in remote driver (Jiri Denemark)
- New internal migration APIs with extensible parameters (Jiri Denemark)
- Introduce migration parameters (Jiri Denemark)
- Introduce virTypedParamsCopy internal API (Jiri Denemark)
- Log input type parameters in API entry points (Jiri Denemark)
- Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params (Jiri Denemark)
- Introduce virTypedParamsReplaceString internal API (Jiri Denemark)
- Introduce virTypedParamsCheck internal API (Jiri Denemark)
- util: Emit proper error code in virTypedParamsValidate (Jiri Denemark)
- Rename virTypedParameterArrayValidate as virTypedParamsValidate (Jiri Denemark)
- pci: make virPCIDeviceDetach consistent in behavior (Laine Stump)
- pci: new utility functions (Laine Stump)
- pci: change stubDriver from const char* to char* (Laine Stump)
- syntax: virPCIDeviceFree is also a NOP for NULL args (Laine Stump)
- libxl: support qdisk backend (Jim Fehlig)
- libxl: Fix disk format error message (Jim Fehlig)
- Add validation that all APIs contain ACL checks (Daniel P. Berrange)
- Set process ID in system identity (Daniel P. Berrange)
- Add ACL checks into the secrets driver (Daniel P. Berrange)
- Add ACL checks into the nwfilter driver (Daniel P. Berrange)
- Add ACL checks into the node device driver (Daniel P. Berrange)
- Add ACL checks into the interface driver (Daniel P. Berrange)
- Add ACL checks into the network driver (Daniel P. Berrange)
- Add ACL checks into the storage driver (Daniel P. Berrange)
- Add ACL checks into the libxl driver (Daniel P. Berrange)
- Add ACL checks into the Xen driver (Daniel P. Berrange)
- Add ACL checks into the UML driver (Daniel P. Berrange)
- Add ACL checks into the LXC driver (Daniel P. Berrange)
- Add ACL checks into the QEMU driver (Daniel P. Berrange)
- Auto-generate helpers for checking access control rules (Daniel P. Berrange)
- Add ACL annotations to all RPC messages (Daniel P. Berrange)
- Setup default access control manager in libvirtd (Daniel P. Berrange)
- Set conn->driver before running driver connectOpen method (Daniel P. Berrange)
- Define basic internal API for access control (Daniel P. Berrange)
- netdev: accept NULL in virNetDevSetupControl (Ján Tomko)
- xen: Implement virConnectGetSysinfo (Jim Fehlig)
- libxl: Implement virConnectGetSysinfo (Jim Fehlig)
- libxl: Allow libxl to set NIC devid (Jim Fehlig)
- storage: add support for creating qcow2 images with extensions (Ján Tomko)
- conf: add features to volume target XML (Ján Tomko)
- util: add support for qcow2v3 image detection (Ján Tomko)
- qemu: add hv_vapic and hv_spinlocks support (Ján Tomko)
- conf: add vapic and spinlocks to hyperv features (Ján Tomko)
- BSD: implement bridge add/remove port and set STP (Roman Bogorodskiy)
- BSD: implement virNetDevBridgeCreate() and virNetDevBridgeDelete() (Roman Bogorodskiy)
- conf: Requires either uuid or usage of secret (Osier Yang)
- qemu: Make probing for commands declarative (Jiri Denemark)
- qemu: Make probing for events declarative (Jiri Denemark)
- libxl: support paused domain restore in virDomainRestoreFlags (Marek
Marczykowski-Górecki)
- qemuDomainChangeGraphics: Check listen address change by listen type (Michal Privoznik)
- libxl: initialize device structures (Marek Marczykowski-Górecki)
- libxl: populate xenstore memory entries at startup, handle dom0_mem (Marek
Marczykowski-Górecki)
- conf: split out snapshot disk XML formatting (Ján Tomko)
- storage: rework qemu-img command line generation (Ján Tomko)
- util: switch virBufferTrim to void (Ján Tomko)
- migration: Don't propagate VIR_MIGRATE_ABORT_ON_ERROR (Peter Krempa)
- migration: Make erroring out on I/O error controllable by flag (Peter Krempa)
- qemu_migration: Move waiting for SPICE migration (Michal Privoznik)
- spec: Enable KVM support on ARM (Cole Robinson)
- virsh: Support SCSI_GENERIC cap flag for nodedev-list (Osier Yang)
- nodedev: Support SCSI_GENERIC cap flag for listAllNodeDevices (Osier Yang)
- nodedev_hal: Enumerate scsi generic device (Osier Yang)
- nodedev_udev: Enumerate scsi generic device (Osier Yang)
- qemu: set QEMU_CAPS_DEVICE_VIDEO_PRIMARY cap flag in QMP detection (Guannan Ren)
- nodedev_udev: changes missed by commit 1aa0ba3cef (Osier Yang)
- nodedev_udev: Refactor udevGetDeviceType (Osier Yang)
- nodedev: Expose sysfs path of device (Osier Yang)
- Move virGetUserEnt() to where its needed (Doug Goldstein)
- BSD: implement virNetDevTapCreate() and virNetDevTapDelete() (Roman Bogorodskiy)
- Make virNetDevSetupControl() public. (Roman Bogorodskiy)
- LXC: s/chroot/chdir in lxcContainerPivotRoot() (Richard Weinberger)
- Implement dispose method for libxlDomainObjPrivate (Frediano Ziglio)
- libxl: allow only 'ethernet' and 'bridge' interfaces, allow script there
(Marek Marczykowski-Górecki)
- qemu: allow restore with non-migratable XML input (Ján Tomko)
- libxl: set bootloader for PV domains if not specified (Jim Fehlig)
- libxl: Report connect type as Xen (Jim Fehlig)
- schema: simplify RNG pattern, remove superfluous <optional> (Claudio Bley)
- libvirt_private.syms: add virProcessGetStartTime (Ján Tomko)
- qemu: Forbid migration of machines with I/O errors (Peter Krempa)
- qemu: Cancel migration if guest encoutners I/O error while migrating (Peter Krempa)
- qemu_migrate: Dispose listen address if set from config (Michal Privoznik)
- selinux: assume 's0' if the range is empty (Ján Tomko)
- storage: fix description of versionOffset (Martin Kletzander)
- spec: Drop Requires: vbox (Cole Robinson)
- Prefer VIR_STRDUP over virAsprintf(&dst, "%s", str) (Michal Privoznik)
- qemu: Implement new QMP command for cpu hotplug (Peter Krempa)
- qemu: Implement support for VIR_DOMAIN_VCPU_AGENT in qemuDomainSetVcpusFlags (Peter
Krempa)
- qemu: Implement request of vCPU state using the guest agent (Peter Krempa)
- API: Introduce VIR_DOMAIN_VCPU_AGENT, for agent based CPU hot(un)plug (Peter Krempa)
- qemu_agent: Introduce helpers for agent based CPU hot(un)plug (Peter Krempa)
- qemu: Use bool instead of int in qemuMonitorSetCPU APIs (Peter Krempa)
- virsh-domain-monitor: Remove ATTRIBUTE_UNUSED from a argument (Peter Krempa)
- Add support for VirtualBox 4.2 APIs (ryan woodsmall)
- qemuDomainMigrateGraphicsRelocate: Use then new virSocketAddrIsWildcard (Michal
Privoznik)
- virsocket: Introduce virSocketAddrIsWildcard (Michal Privoznik)
- iscsi: pass hostnames to iscsiadm instead of resolving them (Ján Tomko)
- qemu: Report the offset from host UTC for RTC_CHANGE event (Osier Yang)
- qemu: simplify CPU command line parsing (Ján Tomko)
- qemu: change two-state int parameters to bool (Ján Tomko)
- nwfilter: change two-state int parameters to bool (Ján Tomko)
- Remove redundant two-state integers (Ján Tomko)
- Replace two-state local integers with bool (Ján Tomko)
- storage: Avoid unnecessary ternary operators and refactor the code (Peter Krempa)
- openvz: Fix code coverage issue in OpenVZ driver (Alvaro Polo)
- qemu: Reformat listen address prior to checking (Michal Privoznik)
- Ensure non-root can read /proc/meminfo file in LXC containers (Daniel P. Berrange)
- storage: Provide better error message if metadata pre-alloc is unsupported (Peter
Krempa)
- storage: Clean up function header and reflow error message (Peter Krempa)
- storagevolxml2argvtest: Report better error messages on test failure (Peter Krempa)
- maint: don't use config.h in .h files (Eric Blake)
- qemu: Abstract code for the cpu controller setting into a helper (Osier Yang)
- storage: Forbid to shrink the vol's capacity if no --shrink is specified (Osier
Yang)
- storage: Support preallocate the new capacity for vol-resize (Osier Yang)
- snapshot: remove mutually exclusive memory and disk-only duplicate check (Guannan Ren)
- virsh: Allow attach-disk to specify disk wwn (Osier Yang)
- tests: fix typo in securityselinuxtest (Ján Tomko)
- virsh: Obey pool-or-uuid spec when creating volumes (Jiri Denemark)
- libvirt-qemu: Dispatch errors from virDomainQemuAgentCommand() (Peter Krempa)
- qemu: Properly report guest agent errors on command passthrough (Peter Krempa)
- virsh-domain: Report errors and don't deref NULL in qemu-agent-command (Peter
Krempa)
- RPC: Support up to 16384 cpus on the host and 4096 in the guest (Peter Krempa)
- virsh iface-bridge: Ignore delay if stp is turned off (Jiri Denemark)
- Fix warning about using an uninitialized next_unit value (Jiri Denemark)
- virsh-domain: Add --live, --config, --current logic to cmdAttachInterface (Peter
Krempa)
- virsh-domain: Add --live, --config, --current logic to cmdAttachDisk (Peter Krempa)
- virsh-domain: Add --live, --config, --current logic to cmdAttachDevice (Peter Krempa)
Cleanups:
- Get rid of useless VIR_STORAGE_FILE_FEATURE_NONE (Ján Tomko)
- configure: Remove unused brctl check (Cole Robinson)
- storage_backend: Drop unused code (Cole Robinson)
- Remove legacy code for single-instance devpts filesystem (Daniel P. Berrange)
Thanks everybody for your contributions to this release, with ideas,
reports, patches, documentation or localizations !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit
http://xmlsoft.org/
http://veillard.com/ | virtualization library
http://libvirt.org/