[libvirt] [PATCH 0/2] news: Update for 5.4.0 release
Hopefully I've done a decent enough job at summarizing, especially with the security stuff: if not, please let me know! Andrea Bolognani (2): news: Reformat overgrown line news: Update for 5.4.0 release docs/news.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) -- 2.21.0
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- docs/news.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/news.xml b/docs/news.xml index 9922cd4de0..23bd831563 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -54,7 +54,8 @@ to start up other threads was misleading as it would affect other threads (vCPU and I/O) as well. In some particular situations this could also lead to an error when the thread for vCPU #0 was being - moved to its cpu,cpuacct cgroup. This was fixed so that the scheduler for the main thread is set after QEMU starts. + moved to its cpu,cpuacct cgroup. This was fixed so that the + scheduler for the main thread is set after QEMU starts. </description> </change> </section> -- 2.21.0
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- docs/news.xml | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 23bd831563..06ab3c0cef 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -42,7 +42,60 @@ <release version="v5.4.0" date="unreleased"> <section title="New features"> </section> + <section title="Security"> + <change> + <summary> + cpu: Introduce support for the md-clear CPUID bit + </summary> + <description> + This bit is set when microcode provides the mechanism to invoke a + flush of various exploitable CPU buffers by invoking the x86 + <code>VERW</code> instruction. CVE-2018-12126, CVE-2018-12127, + CVE-2018-12130, CVE-2019-11091. + </description> + </change> + <change> + <summary> + Restrict user access to virt-admin, virtlogd and virtlockd + </summary> + <description> + The intended users for these facilities are the <code>root</code> + user and the <code>libvirtd</code> service respectively, but these + restrictions were not enforced correctly. CVE-2019-10132. + </description> + </change> + </section> <section title="Improvements"> + <change> + <summary> + test driver: Expand API coverage + </summary> + <description> + Several APIs that were missing from the test driver have now been + implemented. + </description> + </change> + <change> + <summary> + Avoid unnecessary static linking + </summary> + <description> + Most binaries shipped as part of libvirt, for example + <code>virtlogd</code> and <code>libvirt_iohelper</code>, were + embedding parts of the library even though they also linked against + the <code>libvirt.so</code> dynamic library. This is no longer the + case, which results in both the disk and memory footprint being + reduced. + </description> + </change> + <change> + <summary> + qemu: Report stat-htlb-pgalloc and stat-htlb-pgfail balloon stats + </summary> + <description> + These stats have been introduced in QEMU 3.0. + </description> + </change> </section> <section title="Bug fixes"> <change> @@ -58,6 +111,11 @@ scheduler for the main thread is set after QEMU starts. </description> </change> + <change> + <summary> + apparmor: Allow hotplug of vhost-scsi devices + </summary> + </change> </section> </release> <release version="v5.3.0" date="2019-05-04"> -- 2.21.0
On 5/30/19 4:33 PM, Andrea Bolognani wrote:
Hopefully I've done a decent enough job at summarizing, especially with the security stuff: if not, please let me know!
Andrea Bolognani (2): news: Reformat overgrown line news: Update for 5.4.0 release
docs/news.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-)
ACK and safe for freeze. Michal
participants (2)
-
Andrea Bolognani -
Michal Privoznik