As scheduled I have pushed the tarballs and rpms of the new release at
the usual place:
ftp://libvirt.org/libvirt/
This is a medium sized release with less than 300 commits, with a
inclination toward code improvements and bugs fixes, in particular
fixes for 4 CVEs. It may be a good idea to upgrade !
Features:
- various improvements to libxl driver (Jim Fehlig, Bamvor Jian Zhang)
- systemd integration improvements (Daniel P. Berrange, Mooli Tayer)
- Add flag to BaselineCPU API to return detailed CPU features (Don Dugger)
- Introduce a virt-login-shell binary (Dan Walsh)
- conf: add startupPolicy attribute for harddisk (Guannan Ren)
Security:
- provide supplemental groups even when parsing label (CVE-2013-4291) (Eric Blake)
- Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292) (Daniel P.
Berrange)
- CVE-2013-5651 virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array
(Peter Krempa)
- CVE-2013-4239 xen: fix memory corruption in legacy driver (Jim Fehlig)
Documentation:
- Reformat <disk> attribute description in formatdomain (John Ferlan)
- Update iSCSI storage pool example (John Ferlan)
- Update formatsecrets to include more examples of each type (John Ferlan)
- Update the formatdomain disk examples (John Ferlan)
- Clean 09adfdc62de2b up (Michal Privoznik)
- virt-pki-validate: add --help/--version option (Eric Blake)
- virt-xml-validate: add --help/--version option (Eric Blake)
- Discourage users to set hard_limit (Michal Privoznik)
- Update polkit examples to use 'lookup' method (Daniel P. Berrange)
- fix usb node device sub-element names (Xuesong Zhang)
- virt-login-shell: improve error message grammar (Ruben Kerkhof)
- storage pool permission copy-paste fix (Philipp Hahn)
- mention VIR_TEST_RANGE (Eric Blake)
- Document use of systemd socket activation (Daniel P. Berrange)
- Remove leftovers from hyperv spinlocks documentation (Ján Tomko)
- Fix typo in domain name in polkit acl example (Daniel P. Berrange)
- Add documentation for access control system (Daniel P. Berrange)
- Add an example config file for virtlockd (Daniel P. Berrange)
- Add a man page for virtlockd daemon (Daniel P. Berrange)
- Add info about access control checks into API reference (Daniel P. Berrange)
- Fix minor typos in messages and docs (Yuri Chornoivan)
Portability:
- build: fix virtlockd file distribution (Eric Blake)
- build: shipped files must not depend on BUILT_SOURCES (Eric Blake)
- build: only create virt-login-shell for lxc builds (Eric Blake)
- qemu: Only setup vhost if virtType == "kvm" (Cole Robinson)
- Process virtlockd.conf instead of libvirtd.conf (Guido Günther)
- Change way we fake dbus method calls (Daniel P. Berrange)
- random: don't mix RAND_MAX with random_r (Eric Blake)
- tests: skip schema validation tests if xmllint is missing (Eric Blake)
- Check for --no-copy-dt-needed linker flag (Guido Günther)
- Simplify RELRO_LDFLAGS (Guido Günther)
- tests: fix building without xattr support (Claudio Bley)
- nwfilter: Don't fail to start if DBus isn't available (Peter Krempa)
- virsystemd: Don't fail to start VM if DBus isn't available or compiled in (Peter
Krempa)
- tools: Make sure to distribute conf_DATA, fix RPM build (Cole Robinson)
- Directly link against needed libraries (Guido Günther)
- Directly link against needed libraries (Guido Günther)
- build: avoid -lgcrypt with newer gnutls (Eric Blake)
- build: more workarounds for if_bridge.h (Eric Blake)
- tests: avoid too-large constants (Eric Blake)
- tests: work with older dbus (Eric Blake)
- build: fix compilation of virt-login-shell.c (Jim Fehlig)
- maint: the compiler is not always named gcc (Eric Blake)
- build: fix qemuagenttest build with -O0 in fedora 19. (Jincheng Miao)
- spec: RHEL-7 does not have sanlock on i686 (Jiri Denemark)
- spec: Disable libssh2 support for RHEL (Peter Krempa)
Bug Fixes:
- qemu_hotplug: Resolve DEADCODE coverity error (John Ferlan)
- Fix memory leak in cmdAttachDisk (Hongwei Bi)
- python: Fix a PyList usage mistake (Guan Qiang)
- qemu: Remove hostdev entry when freeing the depending network entry (Peter Krempa)
- virsh: detect programming errors with option parsing (Eric Blake)
- virt-sanlock-cleanup; Fix augtool usage (Jiri Denemark)
- virsh: Fix debugging (Martin Kletzander)
- virsh: free the caps list properly if one of them is invalid (Ján Tomko)
- virsh: free the formatting string when listing pool details (Ján Tomko)
- virsh: free the list from ListAll APIs even for 0 items (Ján Tomko)
- virsh: free messages after logging them to a file (Ján Tomko)
- Test network update XML parsing (Ján Tomko)
- Always specify qcow2 compat level on qemu-img command line (Ján Tomko)
- virsh: fix return value error of cpu-stats (Guannan Ren)
- Don't free NULL network in cmdNetworkUpdate (Ján Tomko)
- schema: Allow dots in device aliases (Jiri Denemark)
- qemu: Don't update count of vCPUs if hot-plug fails silently (Peter Krempa)
- tests: Add URI precedence checking (Martin Kletzander)
- Fix URI connect precedence (Martin Kletzander)
- libxl: fix libvirtd crash when reconnecting domains (Jim Fehlig)
- migration: do not restore labels on failed migration (Eric Blake)
- storage: Fix the use-after-free memory bug (Osier Yang)
- storage: Fix coverity warning (Osier Yang)
- qemu_conf: Fix broken logic for adding passthrough iscsi lun (Osier Yang)
- libxl: Resolve possible NULL dereference (John Ferlan)
- virsh: Don't leak list of volumes when undefining domain with storage (Peter
Krempa)
- virbitmaptest: Shut coverity up in case of broken test (Peter Krempa)
- storage: Update pool metadata after adding/removing/resizing volume (Osier Yang)
- virbitmaptest: Add test for out of bounds condition (Peter Krempa)
- virsh-domain: Fix memleak in cmdCPUBaseline (Peter Krempa)
- libxl: unref DomainObjPrivate on error path (Jim Fehlig)
- virsh-domain: Fix memleak in cmdUndefine with storage (Peter Krempa)
- Fix qemuProcessReadLog with non-zero offset (Ján Tomko)
- network: permit upstream forwarding of unqualified DNS names (Laine Stump)
- virsh-domain: Flip logic in cmdSetvcpus (Peter Krempa)
- Don't crash in qemuBuildDeviceAddressStr (Guido Günther)
- libxl: fix libvirtd segfault (Jim Fehlig)
- Make check for /dev/loop device names stricter to avoid /dev/loop-control (Daniel P.
Berrange)
- libxl: fix node ranges in libxlNodeGetCellsFreeMemory() (Dario Faggioli)
- Fix double-free and broken logic in virt-login-shell (Daniel P. Berrange)
- virnettlscontext: Resolve Coverity warnings (UNINIT) (John Ferlan)
- remote: Fix a segfault in remoteDomainCreateWithFlags (Alex Jia)
- qemu: Allow hotplug of multiple SCSI devices (Eric Farman)
- Fix validation of CA certificate chains (Daniel P. Berrange)
- Reverse logic allowing partial DHCP host XML (Ján Tomko)
- xen: Use internal interfaces in xenDomainUsedCpus (Stefan Bader)
- qemu_migration: Don't error on tunelled migration with --copy-storage (Michal
Privoznik)
- build: fix missing max_queued_clients in augeas test file for libvirtd.conf (Laine
Stump)
- Fix crashing upgrading from older libvirts with running guests (Daniel P. Berrange)
- Avoid crash if NULL is passed for filename/funcname in logging (Daniel P. Berrange)
- qemumonitortestutils: Don't skip va_end() on error path (Peter Krempa)
- tests: Coverity found new NULL_RETURNS (John Ferlan)
- Configuring systemd to restart libvirt on failure (Mooli Tayer)
- xen: Avoid double free of virDomainDef in xenDaemonCreateXML (Stefan Bader)
Improvements:
- build: fix 'make distcheck' out of the box (Eric Blake)
- virsh-domain: rename print_job_progress to vshPrintJobProgress (Peter Krempa)
- Prohibit unbounded arrays in XDR protocols (Daniel P. Berrange)
- Add bounds checking on virConnectListAllSecrets RPC call (Daniel P. Berrange)
- Add bounds checking on virConnectListAllNWFilters RPC call (Daniel P. Berrange)
- Add bounds checking on virConnectListAllNodeDevices RPC call (Daniel P. Berrange)
- Add bounds checking on virConnectListAllInterfaces RPC call (Daniel P. Berrange)
- Add bounds checking on virConnectListAllNetworks RPC call (Daniel P. Berrange)
- Add bounds checking on virStoragePoolListAllVolumes RPC call (Daniel P. Berrange)
- Add bounds checking on virConnectListAllStoragePools RPC call (Daniel P. Berrange)
- Add bounds checking on virConnectListAllDomains RPC call (Daniel P. Berrange)
- Add bounds checking on virDomain{SnapshotListAllChildren,ListAllSnapshots} RPC calls
(Daniel P. Berrange)
- Add bounds checking on virDomainGetJobStats RPC call (Daniel P. Berrange)
- autogen.sh: Correctly detect .git as a file (Michal Privoznik)
- bridge_driver: Introduce networkObjFromNetwork (Michal Privoznik)
- virsh-pool.c: Don't jump over variable declaration (Michal Privoznik)
- Remove the space before the slash in network XML (Ján Tomko)
- Build QEMU command line for pcihole64 (Ján Tomko)
- Add pcihole64 element to root PCI controllers (Ján Tomko)
- Allow controller XML parsing to use XPath context (Ján Tomko)
- Move virDomainParseScaledValue earlier (Ján Tomko)
- Add ftp protocol support for cdrom disk (Aline Manera)
- Add http protocol support for cdrom disk (Aline Manera)
- virsh: C99 style for info_domfstrim and opts_lxc_enter_namespace (Tomas Meszaros)
- qemuDomainAttachHostPciDevice: Fall back to mem balloon if there's no hard_limit
(Michal Privoznik)
- qemuhotplugtest: Add tests for virtio SCSI disk hotplug (Jiri Denemark)
- qemuhotplugtest: Add tests for USB disk hotplug (Jiri Denemark)
- qemuhotplugtest: Add tests for async virtio disk detach (Jiri Denemark)
- qemuhotplugtest: Add support for DEVICE_DELETED event (Jiri Denemark)
- qemu: Let tests override waiting time for device unplug (Jiri Denemark)
- qemu: Export qemuProcessHandleDeviceDeleted for tests (Jiri Denemark)
- tests: Add support for passing driver to qemu monitor (Jiri Denemark)
- tests: Add support for passing vm to qemu monitor (Jiri Denemark)
- qemuhotplugtest: Add tests for virtio disk hotplug (Jiri Denemark)
- qemuxml2argvtest: Add XML for testing device hotplug (Jiri Denemark)
- qemuhotplugtest: Define QMP_OK for the most common reply (Jiri Denemark)
- qemuhotplugtest: Compare domain XML after device hotplug (Jiri Denemark)
- qemuhotplugtest: Generate better output (Jiri Denemark)
- qemu: Move qemuDomainDetachDeviceDiskLive to qemu_hotplug.c (Jiri Denemark)
- qemu: Move qemuDomainAttachDeviceDiskLive to qemu_hotplug.c (Jiri Denemark)
- qemu: Avoid using global qemu_driver in event handlers (Jiri Denemark)
- qemu: Typedef monitor callbacks (Jiri Denemark)
- python: simplify complicated conditional assignment (Claudio Bley)
- Test for object identity when checking for None in Python (Claudio Bley)
- qemuagenttest.c: Missing documentation (Timeout) (Nehal J Wani)
- python: Use RELRO_LDFLAGS and NO_INDIRECT_LDFLAGS (Guido Günther)
- Set security label on FD for virDomainOpenGraphics (Daniel P. Berrange)
- qemuBuildNicDevStr: Add mq=on for multiqueue networking (Michal Privoznik)
- virBitmapParse: Fix behavior in case of error and fix up callers (Peter Krempa)
- VMX: Improve disk parse error for unknown values (Doug Goldstein)
- bridge driver: implement networkEnableIpForwarding for BSD (Roman Bogorodskiy)
- BSD: implement virNetDev(Set|Clear)IPv4Address (Roman Bogorodskiy)
- Test handling of non-existent x509 certs (Daniel P. Berrange)
- Report secret usage error message similarly (John Ferlan)
- virsh: Print cephx and iscsi usage (John Ferlan)
- selinux: enhance test to cover nfs label failure (Eric Blake)
- selinux: distinguish failure to label from request to avoid label (Eric Blake)
- virsh-pool: Improve error message in cmdPoolList (Peter Krempa)
- virsh: modify vshStringToArray to duplicate the elements too (Peter Krempa)
- qemuBuildCommandLine: Fall back to mem balloon if there's no hard_limit (Michal
Privoznik)
- qemuSetupMemoryCgroup: Handle hard_limit properly (Michal Privoznik)
- virt-xml-validate: add missing schemas (Eric Blake)
- libxl: implement NUMA capabilities reporting (Jim Fehlig)
- virdbus: Add virDBusHasSystemBus() (Peter Krempa)
- Make max_clients in virtlockd configurable (David Weber)
- snapshot_conf: Allow parsing an XML node (Cole Robinson)
- test: Unify object XML parsing (Cole Robinson)
- test: Simplify args passed to testDomainStartState (Cole Robinson)
- test: Split object parsing into their own functions (Cole Robinson)
- maint: slightly reduce configure size (Eric Blake)
- libxl: refactor capabilities code (Jim Fehlig)
- virbitmaptest: Fix function header formatting (Peter Krempa)
- maint: update gnulib submodule (Eric Blake)
- maint: fix typo for 'switch' (Eric Blake)
- examples: support crash events in event-test.py (Giuseppe Scrivano)
- cpu: Add Power7+ and Power8 CPU definition in map.xml (Li Zhang)
- Ensure that /dev exists in the container root filesystem (Daniel P. Berrange)
- Properly handle -h / -V for --help/--version aliases in virtlockd/libvirtd (Daniel P.
Berrange)
- Address missed feedback from review of virt-login-shell (Daniel P. Berrange)
- Honour root prefix in lxcContainerMountFSBlockAuto (Daniel P. Berrange)
- tests: Fix parallel runs of TLS test suites (Martin Kletzander)
- cgroup macros refactoring, part 5 (Roman Bogorodskiy)
- cgroup macros refactoring, part 4 (Roman Bogorodskiy)
- cgroup macros refactoring, part 3 (Roman Bogorodskiy)
- cgroup macros refactoring, part 2 (Roman Bogorodskiy)
- cgroup macros refactoring, part 1 (Roman Bogorodskiy)
- cgroup: functional sort (Eric Blake)
- cgroup: topological sort (Eric Blake)
- cgroup: use consistent formatting (Eric Blake)
- Add missing ATTRIBUTE_UNUSED (Guido Günther)
- virsh: nicer abort of blockcopy (Eric Blake)
- tests: Skip virsh-all test as expensive (Peter Krempa)
- qemuagenttest: Test timeout of agent commands (Peter Krempa)
- tests: add helper to determine when to skip expensive tests (Eric Blake)
- build: add configure option to disable gnulib tests (Eric Blake)
- qemuagenttest: Test arbitrary command passthrough (Peter Krempa)
- Record the where the auto-generated data comes from (Daniel P. Berrange)
- tests: test negative number through dbus (Eric Blake)
- libxl: Create per-domain log file (Jim Fehlig)
- Fix parallel runs of TLS test suites (Daniel P. Berrange)
- configure: fix formatting of missing pkg-config modules error (Giuseppe Scrivano)
- Ensure securityfs is mounted readonly in container (Dan Walsh)
- Change data passed into TLS test cases (Daniel P. Berrange)
- Avoid re-generating certs every time (Daniel P. Berrange)
- Split TLS test into two separate tests (Daniel P. Berrange)
- maint: avoid C99 loop declaration (Eric Blake)
- qemu: support to drop disk with 'optional' startupPolicy (Guannan Ren)
- nwfilter: Use -m conntrack rather than -m state (Stefan Berger)
- virGetGroupList: always include the primary group (Guido Günther)
- qemu: improve error reporting during PCI address validation (Laine Stump)
- qemu: enable using implicit sata controller in q35 machines (Laine Stump)
- qemu: properly set/use device alias for pci controllers (Laine Stump)
- qemu: fix handling of default/implicit devices for q35 (Laine Stump)
- qemu: add dmi-to-pci-bridge controller (Laine Stump)
- qemu: add pcie-root controller (Laine Stump)
- qemu: enable auto-allocate of all PCI addresses (Laine Stump)
- Introduce max_queued_clients (Michal Privoznik)
- RPC: Don't accept client if it would overcommit max_clients (Michal Privoznik)
- qemu: eliminate almost-duplicate code in qemu_command.c (Laine Stump)
- qemu: rename some functions in qemu_command.c (Laine Stump)
- conf: add default USB controller in qemu post-parse callback (Laine Stump)
- spec: Explicitly claim ownership of channel subdir (Jiri Denemark)
- Ensure LXC/QEMU APIs set the filename for errors (Daniel P. Berrange)
- Remove reference to python/tests from RPM %doc (Daniel P. Berrange)
- qemuagenttest: Check invalid response in shutdown test (Peter Krempa)
- qemuagenttest: Fix checking of shutdown mode (Peter Krempa)
- bridge driver: extract platform specifics (Roman Bogorodskiy)
- valgrind: Adjust filter for _dl_allocate_tls (John Ferlan)
- maint: use modern autoconf idioms (Eric Blake)
- qemu: check presence of each disk and its backing file as well (Guannan Ren)
- qemu: add helper functions for diskchain checking (Guannan Ren)
- qemu: refactor qemuDomainCheckDiskPresence for only disk presence check (Guannan Ren)
- Enable support for systemd-machined in cgroups creation (Daniel P. Berrange)
- Cope with races while killing processes (Daniel P. Berrange)
- Add support for systemd cgroup mount (Daniel P. Berrange)
- Add APIs for formatting systemd slice/scope names (Daniel P. Berrange)
- qemuagenttest: Add tests for CPU plug functions and helpers (Peter Krempa)
- qemuagenttest: Introduce testing of shutdown commands (Peter Krempa)
- qemuagenttest: Add testing of agent suspend modes (Peter Krempa)
- qemuagenttest: Test the filesystem trimming (Peter Krempa)
- tests: Add qemuagenttest (Peter Krempa)
- qemumonitortestutils: Add the ability to check arguments of commands (Peter Krempa)
- qemumonitortestutils: Improve error reporting from mock qemu monitor (Peter Krempa)
- qemumonitortestutils: Add instrumentation for guest agent testing (Peter Krempa)
- qemumonitortestutils: Split lines on \n instead of \r\n (Peter Krempa)
- qemumonitortestutils: Refactor the test helpers to allow reuse (Peter Krempa)
- qemumonitortestutils: Split up creation of the test to allow reuse (Peter Krempa)
- qemumonitortestutils: Don't crash on non fully initialized test (Peter Krempa)
- qemumonitortestutils: remove multiline function calls (Peter Krempa)
- qemumonitortestutils: Use VIR_DELETE_ELEMENT and VIR_APPEND_ELEMENT (Peter Krempa)
- qemumonitortestutils: Use consistent header style and line spacing (Peter Krempa)
- qemu_agent: Remove obvious comments (Peter Krempa)
- qemu_agent: Move updater function for VCPU hotplug into qemu_agent.c (Peter Krempa)
- qemu_agent: Output newline at the end of the sync JSON message (Peter Krempa)
- conf: Export virDomainChrSourceDefClear() (Peter Krempa)
- add console support in libxl (Bamvor Jian Zhang)
- util: add virGetUserDirectoryByUID (Dan Walsh)
- maint: fix typo for SENTINEL (Eric Blake)
- spec: Don't mix commands with macro definitions (Jiri Denemark)
- spec: Use --enable-werror on RHEL (Jiri Denemark)
- tests: Put a mock library at the start of LD_PRELOAD (Jiri Denemark)
- Support apparmor in RPM spec (Daniel P. Berrange)
- Delete obsolete / unused python test files (Daniel P. Berrange)
Cleanups:
- qemu_hotplug: Fix whitespace around addition in argument (Peter Krempa)
- qemu: Drop qemuDomainMemoryLimit (Michal Privoznik)
- maint: avoid bootstrap warning (Eric Blake)
- libxl: remove unnecessary curly braces (Jim Fehlig)
- virtio-rng: Remove double space in error message (Peter Krempa)
- Don't mark parentIndex with ATTRIBUTE_UNUSED (Ján Tomko)
Thanks everybody who contributed to this release in some ways, ideas,
bug reports, patches or reviews ! Including localization updates, we now
have a dozen of languague with complete or near complate translations :-)
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit
http://xmlsoft.org/
http://veillard.com/ | virtualization library
http://libvirt.org/