[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/sid] 2 commits: Rediff patches
Guido Günther
gitlab at salsa.debian.org
Fri Apr 24 13:38:35 BST 2020
Guido Günther pushed to branch debian/sid at Libvirt Packaging Team / libvirt
Commits:
41c33eba by Guido Günther at 2020-04-24T14:08:38+02:00
Rediff patches
- - - - -
da804f9d by Guido Günther at 2020-04-24T14:10:37+02:00
Backport fix for CVE-2020-10701
Closes: #955841
Thanks: Carnil for the triage
- - - - -
18 changed files:
- debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
- debian/patches/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
- debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch
- debian/patches/Skip-vircgrouptest.patch
- + debian/patches/api-disallow-virDomainAgentSetResponseTimeout-on-read-onl.patch
- debian/patches/apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
- debian/patches/debian/Debianize-libvirt-guests.patch
- debian/patches/debian/Debianize-systemd-service-files.patch
- debian/patches/debian/Debianize-virtlockd.patch
- debian/patches/debian/Debianize-virtlogd.patch
- debian/patches/debian/Don-t-enable-default-network-on-boot.patch
- debian/patches/debian/Prefer-sbin-over-usr-sbin.patch
- debian/patches/debian/Use-upstreams-polkit-rule.patch
- debian/patches/debian/apparmor_profiles_local_include.patch
- debian/patches/openpty-Skip-test-if-no-pty-is-available.patch
- debian/patches/series
- debian/patches/skip-qemuhotplugtest.patch
- debian/patches/test-posix_openpt-don-t-fail-on-EACCESS.patch
Changes:
=====================================
debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
=====================================
@@ -10,7 +10,7 @@ Issue reported upstresm.
1 file changed, 4 insertions(+)
diff --git a/gnulib/tests/test-nonblocking-pipe.sh b/gnulib/tests/test-nonblocking-pipe.sh
-index dd692be..9690791 100755
+index f86e134..8a3fb1c 100755
--- a/gnulib/tests/test-nonblocking-pipe.sh
+++ b/gnulib/tests/test-nonblocking-pipe.sh
@@ -1,5 +1,9 @@
=====================================
debian/patches/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
=====================================
@@ -12,9 +12,11 @@ require the 'TERM' environment variable to be set to the terminal type.
src/rpc/virnetsocket.c | 2 ++
1 file changed, 2 insertions(+)
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 9ad7c2c..966cff1 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
-@@ -863,6 +863,8 @@ int virNetSocketNewConnectSSH(const char
+@@ -863,6 +863,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
virCommandAddEnvPass(cmd, "KRB5CCNAME");
virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
virCommandAddEnvPass(cmd, "SSH_ASKPASS");
=====================================
debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch
=====================================
@@ -10,10 +10,10 @@ Closes: #663931
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virutil.c b/src/util/virutil.c
-index 84ccc1a..a9b1f04 100644
+index a0fd761..68b0d13 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
-@@ -1488,7 +1488,7 @@ void virWaitForDevices(void)
+@@ -1317,7 +1317,7 @@ void virWaitForDevices(void)
if (!(udev = virFindFileInPath(UDEVADM)))
return;
=====================================
debian/patches/Skip-vircgrouptest.patch
=====================================
@@ -9,7 +9,7 @@ without sysfs mounted.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c
-index 20f4c57..76108ae 100644
+index 2d6f52f..fcaa8b6 100644
--- a/tests/vircgrouptest.c
+++ b/tests/vircgrouptest.c
@@ -20,7 +20,7 @@
=====================================
debian/patches/api-disallow-virDomainAgentSetResponseTimeout-on-read-onl.patch
=====================================
@@ -0,0 +1,30 @@
+From: Jonathon Jongsma <jjongsma at redhat.com>
+Date: Fri, 20 Mar 2020 09:43:13 -0500
+Subject: api: disallow virDomainAgentSetResponseTimeout() on read-only
+ connections
+
+This function changes the amount of time that libvirt waits for a
+response from the guest agent for all guest agent commands. Since this
+is a configuration change, it should not be allowed on read-only
+connections.
+
+Signed-off-by: Jonathon Jongsma <jjongsma at redhat.com>
+Reviewed-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
+Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
+---
+ src/libvirt-domain.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index eb66999..3deee54 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -12554,6 +12554,8 @@ virDomainAgentSetResponseTimeout(virDomainPtr domain,
+ virCheckDomainReturn(domain, -1);
+ conn = domain->conn;
+
++ virCheckReadOnlyGoto(conn->flags, error);
++
+ if (conn->driver->domainAgentSetResponseTimeout) {
+ if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, flags) < 0)
+ goto error;
=====================================
debian/patches/apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
=====================================
@@ -8,7 +8,7 @@ Closes: #882979
1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-index 577fc77..ee02744 100644
+index 70550d4..1cc8a40 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -3,6 +3,7 @@
=====================================
debian/patches/debian/Debianize-libvirt-guests.patch
=====================================
@@ -8,6 +8,8 @@ Origin: vendor
tools/libvirt-guests.sysconf | 4 ++--
2 files changed, 30 insertions(+), 19 deletions(-)
+diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
+index a881f62..22ac873 100644
--- a/tools/libvirt-guests.sh.in
+++ b/tools/libvirt-guests.sh.in
@@ -1,5 +1,17 @@
@@ -88,6 +90,8 @@ Origin: vendor
rh_status() {
if [ -f "$LISTFILE" ]; then
gettext "stopped, with saved guests"; echo
+diff --git a/tools/libvirt-guests.sysconf b/tools/libvirt-guests.sysconf
+index 669b046..1c4b450 100644
--- a/tools/libvirt-guests.sysconf
+++ b/tools/libvirt-guests.sysconf
@@ -8,7 +8,7 @@
=====================================
debian/patches/debian/Debianize-systemd-service-files.patch
=====================================
@@ -7,6 +7,8 @@ Subject: Debianize systemd service files
tools/libvirt-guests.service.in | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
+diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
+index 9c8c54a..544e449 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -25,8 +25,8 @@ Documentation=https://libvirt.org
@@ -20,6 +22,8 @@ Subject: Debianize systemd service files
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
+diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in
+index 10c6640..e858be5 100644
--- a/tools/libvirt-guests.service.in
+++ b/tools/libvirt-guests.service.in
@@ -10,7 +10,7 @@ Documentation=man:libvirtd(8)
=====================================
debian/patches/debian/Debianize-virtlockd.patch
=====================================
@@ -6,6 +6,8 @@ Subject: Debianize virtlockd
src/locking/virtlockd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
+index e7f8057..6d52f0e 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -7,7 +7,7 @@ Documentation=man:virtlockd(8)
=====================================
debian/patches/debian/Debianize-virtlogd.patch
=====================================
@@ -6,6 +6,8 @@ Subject: Debianize virtlogd
src/logging/virtlogd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
+index daff48e..0e3b3d1 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -7,7 +7,7 @@ Documentation=man:virtlogd(8)
=====================================
debian/patches/debian/Don-t-enable-default-network-on-boot.patch
=====================================
@@ -8,10 +8,10 @@ to not interfere with existing network configurations
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
-index 23cf39b..ca516c3 100644
+index 3eeab74..3090fe1 100644
--- a/src/network/Makefile.inc.am
+++ b/src/network/Makefile.inc.am
-@@ -87,8 +87,7 @@ install-data-network:
+@@ -167,8 +167,7 @@ install-data-network:
$(DESTDIR)$(confdir)/qemu/networks/default.xml && \
rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
=====================================
debian/patches/debian/Prefer-sbin-over-usr-sbin.patch
=====================================
@@ -11,10 +11,10 @@ Closes: #895145
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index d18d427..9fe0aea 100644
+index 002a3dc..3e042cc 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -116,7 +116,7 @@ then
+@@ -122,7 +122,7 @@ then
fi
dnl Where we look for daemons and admin binaries during configure
=====================================
debian/patches/debian/Use-upstreams-polkit-rule.patch
=====================================
@@ -8,10 +8,10 @@ As of 1.2.16 upstream ships a Polkit rule like Debian does.
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
-index 0cf00cb..75b7290 100644
+index b706e5f..cb0264f 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
-@@ -226,12 +226,12 @@ install-polkit:
+@@ -361,12 +361,12 @@ install-polkit:
$(DESTDIR)$(polkitactionsdir)/org.libvirt.unix.policy
$(MKDIR_P) $(DESTDIR)$(polkitrulesdir)
$(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
=====================================
debian/patches/debian/apparmor_profiles_local_include.patch
=====================================
@@ -9,10 +9,10 @@ Include local apparmor profile
2 files changed, 4 insertions(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-index bf6bd29..577fc77 100644
+index 11e9c03..70550d4 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-@@ -67,5 +67,6 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
+@@ -70,5 +70,6 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
=====================================
debian/patches/openpty-Skip-test-if-no-pty-is-available.patch
=====================================
@@ -12,7 +12,7 @@ Works around #817236
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/gnulib/tests/test-openpty.c b/gnulib/tests/test-openpty.c
-index 267b403..c300938 100644
+index 69bad37..885097a 100644
--- a/gnulib/tests/test-openpty.c
+++ b/gnulib/tests/test-openpty.c
@@ -25,6 +25,7 @@
=====================================
debian/patches/series
=====================================
@@ -17,3 +17,4 @@ apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
debian/Prefer-sbin-over-usr-sbin.patch
Include-etc-pki-qemu-in-apparmor.patch
apparmor-Allow-run-pygrub.patch
+api-disallow-virDomainAgentSetResponseTimeout-on-read-onl.patch
=====================================
debian/patches/skip-qemuhotplugtest.patch
=====================================
@@ -1,10 +1,19 @@
-Description: skip failing tests in qemuhotplugtest
- Due to the fact that some Debian/Ubuntu build environments run with
- $HOME set to a non existing paths some tests fail.
- For now let us skip those few sub-tests.
+From: Christian Ehrhardt <christian.ehrhardt at canonical.com>
+Date: Fri, 24 Apr 2020 14:08:33 +0200
+Subject: skip failing tests in qemuhotplugtest
+
Forwarded: yes (https://www.redhat.com/archives/libvir-list/2020-January/msg00705.html)
-Author: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Last-Update: 2020-01-29
+
+Due to the fact that some Debian/Ubuntu build environments run with
+$HOME set to a non existing paths some tests fail.
+For now let us skip those few sub-tests.
+---
+ tests/qemuhotplugtest.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/qemuhotplugtest.c b/tests/qemuhotplugtest.c
+index a60c8d1..6c11f16 100644
--- a/tests/qemuhotplugtest.c
+++ b/tests/qemuhotplugtest.c
@@ -803,6 +803,7 @@ mymain(void)
=====================================
debian/patches/test-posix_openpt-don-t-fail-on-EACCESS.patch
=====================================
@@ -10,7 +10,7 @@ Works around #817236
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnulib/tests/test-posix_openpt.c b/gnulib/tests/test-posix_openpt.c
-index 32f518c..f55d281 100644
+index a1cf2d0..cafe987 100644
--- a/gnulib/tests/test-posix_openpt.c
+++ b/gnulib/tests/test-posix_openpt.c
@@ -43,7 +43,7 @@ main (void)
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/3ee1c87354eb6271b7fe53e2017caf7caa6d222d...da804f9dcbad023d3f054655d3753ce95926761e
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/3ee1c87354eb6271b7fe53e2017caf7caa6d222d...da804f9dcbad023d3f054655d3753ce95926761e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20200424/8b423f39/attachment-0001.html>
More information about the Pkg-libvirt-commits
mailing list