Guido Günther · Guido Günther · f53db44e · f53db44e · f53db44e · f53db44e
--- a/debian/changelog
+++ b/debian/changelog
-libvirt (4.2.0-1~1.gbp91aebf) UNRELEASED; urgency=medium
-
-  ** SNAPSHOT build @91aebf3f9c4a6bd399fd46031712e83a38daa085 **
+libvirt (4.2.0-1) unstable; urgency=medium

  [ Laurent Bigonville ]
  * [8d62a8c] Start admin sockets on installation (Closes: #893484)

  [ Guido Günther ]
-  * [417534b] New upstream version 4.2.0
-
- -- Guido Günther <agx@sigxcpu.org>  Tue, 03 Apr 2018 13:24:38 +0200
+  * [417534b] New upstream version 4.2.0 (Closes: #894985)
+  * [9d7fa44] Bump symbol versions
+  * [c23ed3d] Rediff patches.
+    Applied upstream:
+      lockd-fix-typo-in-virtlockd-admin.socket.patch
+      CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
+
+ -- Guido Günther <agx@sigxcpu.org>  Fri, 06 Apr 2018 12:33:30 +0200

 libvirt (4.1.0-2) unstable; urgency=medium


--- a/debian/patches/debian/Debianize-libvirt-guests.patch
+++ b/debian/patches/debian/Debianize-libvirt-guests.patch
@@ -9,7 +9,7 @@ Origin: vendor
 2 files changed, 30 insertions(+), 19 deletions(-)

 diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
-index d5e68e5..6bfab4e 100644
+index fcada31..f486070 100644
 --- a/tools/libvirt-guests.sh.in
 +++ b/tools/libvirt-guests.sh.in
 @@ -1,5 +1,17 @@

--- a/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
+++ b/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
@@ -4,29 +4,15 @@ Subject: Don't enable default network on boot

 to not interfere with existing network configurations
 ---
- src/Makefile.am | 3 +--
 src/Makefile.in             | 3 +--
+ src/network/Makefile.inc.am | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

-diff --git a/src/Makefile.am b/src/Makefile.am
-index 3bf2da5..c17f474 100644
--- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -2896,8 +2896,7 @@ if WITH_NETWORK
- 	      $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
- 	    rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
- 	( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
-	  rm -f default.xml && \
-	  $(LN_S) ../default.xml default.xml )
-+	  rm -f default.xml )
- endif WITH_NETWORK
- 
- uninstall-local:: uninstall-init uninstall-systemd uninstall-upstart \
 diff --git a/src/Makefile.in b/src/Makefile.in
-index 99ba050..4014d22 100644
+index 771464d..d9d7146 100644
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
-@@ -13122,8 +13122,7 @@ install-data-local: install-init install-systemd install-upstart \
+@@ -13023,8 +13023,7 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
 @WITH_NETWORK_TRUE@	      $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
 @WITH_NETWORK_TRUE@	    rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
 @WITH_NETWORK_TRUE@	( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
@@ -34,5 +20,19 @@ index 99ba050..4014d22 100644
 -@WITH_NETWORK_TRUE@	  $(LN_S) ../default.xml default.xml )
 +@WITH_NETWORK_TRUE@	  rm -f default.xml )
 
- uninstall-local:: uninstall-init uninstall-systemd uninstall-upstart \
- 		uninstall-sysctl uninstall-polkit uninstall-sasl \
+ @WITH_NETWORK_TRUE@uninstall-data-network:
+ @WITH_NETWORK_TRUE@	rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml
+diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
+index 508c8c0..b0df5ec 100644
+--- a/src/network/Makefile.inc.am
+++ b/src/network/Makefile.inc.am
+@@ -85,8 +85,7 @@ install-data-network:
+ 	      $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
+ 	    rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
+ 	( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
+-	  rm -f default.xml && \
+-	  $(LN_S) ../default.xml default.xml )
+	  rm -f default.xml )
+ 
+ uninstall-data-network:
+ 	rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml
--- a/debian/patches/debian/Use-upstreams-polkit-rule.patch
+++ b/debian/patches/debian/Use-upstreams-polkit-rule.patch
@@ -4,27 +4,58 @@ Subject: Use upstreams polkit rule

 As of 1.2.16 upstream ships a Polkit rule like Debian does.
 ---
- src/Makefile.am | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ src/Makefile.am            | 1 -
+ src/Makefile.in            | 4 ++--
+ src/remote/Makefile.inc.am | 4 ++--
+ 3 files changed, 4 insertions(+), 5 deletions(-)

 diff --git a/src/Makefile.am b/src/Makefile.am
-index c17f474..af604d5 100644
+index 8b1e4c8..5cce0d7 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -2251,14 +2251,14 @@ install-polkit::
- if ! WITH_POLKIT0
+@@ -811,7 +811,6 @@ else ! WITH_LIBVIRTD
+ install-logrotate:
+ uninstall-logrotate:
+ endif ! WITH_LIBVIRTD
+-
+ if LIBVIRT_INIT_SCRIPT_RED_HAT
+ install-init:: $(SYSVINIT_FILES) install-sysconfig
+ 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
+diff --git a/src/Makefile.in b/src/Makefile.in
+index d9d7146..01d41e6 100644
+--- a/src/Makefile.in
+++ b/src/Makefile.in
+@@ -13072,12 +13072,12 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@		$(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	$(MKDIR_P) $(DESTDIR)$(datadir)/polkit-1/rules.d
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	$(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
+-@WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@		$(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
+@WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@		$(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
+ 
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@uninstall-polkit::
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	rmdir $(DESTDIR)$(policydir) || :
+-@WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
+@WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	rmdir $(DESTDIR)$(datadir)/polkit-1/rules.d || :
+ 
+ @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_FALSE@install-polkit::
+diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
+index 12600b8..8b374a7 100644
+--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
+@@ -213,12 +213,12 @@ install-polkit::
+ 		$(DESTDIR)$(policydir)/org.libvirt.unix.policy
 	$(MKDIR_P) $(DESTDIR)$(datadir)/polkit-1/rules.d
 	$(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
 -		$(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
 +		$(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
- endif ! WITH_POLKIT0
 
 uninstall-polkit::
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 	rmdir $(DESTDIR)$(policydir) || :
- if ! WITH_POLKIT0
 -	rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules
 +	rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/60-libvirt.rules
 	rmdir $(DESTDIR)$(datadir)/polkit-1/rules.d || :
- endif ! WITH_POLKIT0
 
+ else ! WITH_POLKIT
--- a/debian/patches/debian/remove-RHism.diff.patch
+++ b/debian/patches/debian/remove-RHism.diff.patch
@@ -7,7 +7,7 @@ Subject: remove-RHism.diff
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/tools/virsh.pod b/tools/virsh.pod
-index 8f0e8d7..2625565 100644
+index 9d69a75..b29d628 100644
 --- a/tools/virsh.pod
 +++ b/tools/virsh.pod
 @@ -119,7 +119,7 @@ virsh is coming from and which options and driver are compiled in.

--- a/debian/patches/lockd-fix-typo-in-virtlockd-admin.socket.patch
+++ b/debian/patches/lockd-fix-typo-in-virtlockd-admin.socket.patch
-From: Jim Fehlig <jfehlig@suse.com>
-Date: Wed, 14 Mar 2018 16:42:39 -0600
-Subject: lockd: fix typo in virtlockd-admin.socket
-
-Commit ce7ae55ea1 introduced a typo in virtlockd-admin socket file
-
-/usr/lib/systemd/system/virtlockd-admin.socket:7: Unknown lvalue
-'Server' in section 'Socket'
-
-Change 'Server' to 'Service'.
-
-Signed-off-by: Jim Fehlig <jfehlig@suse.com>
-Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
- src/locking/virtlockd-admin.socket.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
-index 1fa0a3d..2a7500f 100644
--- a/src/locking/virtlockd-admin.socket.in
-+++ b/src/locking/virtlockd-admin.socket.in
-@@ -4,7 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
-Server=virtlockd.service
-+Service=virtlockd.service
- 
- [Install]
- WantedBy=sockets.target
--- a/debian/patches/security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
+++ b/debian/patches/security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
-From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange@redhat.com>
-Date: Thu, 1 Mar 2018 14:55:26 +0000
-Subject: CVE-2018-1064: qemu: avoid denial of service reading from QEMU guest
- agent
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: base64
-
-V2UgcmVhZCBmcm9tIHRoZSBhZ2VudCB1bnRpbCBzZWVpbmcgYSBcclxuIHBhaXIgdG8gaW5kaWNh
-dGUgYSBjb21wbGV0ZWQKcmVwbHkgb3IgZXZlbnQuIFRvIGF2b2lkIG1lbW9yeSBkZW5pYWwtb2Yt
-c2VydmljZSB0aG91Z2gsIHdlIG11c3QgaGF2ZSBhCnNpemUgbGltaXQgb24gYW1vdW50IG9mIGRh
-dGEgd2UgYnVmZmVyLiAxMCBNQiBpcyBsYXJnZSBlbm91Z2ggdGhhdCBpdApvdWdodCB0byBjb3Bl
-IHdpdGggbm9ybWFsIGFnZW50IHJlcGxpZXMsIGFuZCBzbWFsbCBlbm91Z2ggdGhhdCB3ZSdyZSBu
-b3QKY29uc3VtaW5nIHVucmVhc29uYWJsZSBtZW0uCgpUaGlzIGlzIGlkZW50aWNhbCB0byB0aGUg
-ZmxhdyB3ZSBoYWQgcmVhZGluZyBmcm9tIHRoZSBRRU1VIG1vbml0b3IKYXMgQ1ZFLTIwMTgtNTc0
-OCwgc28gcmF0aGVyIGVtYmFycmFzc2luZyB0aGF0IHdlIGZvcmdvdCB0byBmaXgKdGhlIGFnZW50
-IGNvZGUgYXQgdGhlIHNhbWUgdGltZS4KClNpZ25lZC1vZmYtYnk6IERhbmllbCBQLiBCZXJyYW5n
-w6kgPGJlcnJhbmdlQHJlZGhhdC5jb20+Cg==
---
- src/qemu/qemu_agent.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
-index 0f36054..89183c3 100644
--- a/src/qemu/qemu_agent.c
-+++ b/src/qemu/qemu_agent.c
-@@ -53,6 +53,15 @@ VIR_LOG_INIT("qemu.qemu_agent");
- #define DEBUG_IO 0
- #define DEBUG_RAW_IO 0
- 
-+/* We read from QEMU until seeing a \r\n pair to indicate a
-+ * completed reply or event. To avoid memory denial-of-service
-+ * though, we must have a size limit on amount of data we
-+ * buffer. 10 MB is large enough that it ought to cope with
-+ * normal QEMU replies, and small enough that we're not
-+ * consuming unreasonable mem.
-+ */
-+#define QEMU_AGENT_MAX_RESPONSE (10 * 1024 * 1024)
-+
- /* When you are the first to uncomment this,
-  * don't forget to uncomment the corresponding
-  * part in qemuAgentIOProcessEvent as well.
-@@ -535,6 +544,12 @@ qemuAgentIORead(qemuAgentPtr mon)
-     int ret = 0;
- 
-     if (avail < 1024) {
-+        if (mon->bufferLength >= QEMU_AGENT_MAX_RESPONSE) {
-+            virReportSystemError(ERANGE,
-+                                 _("No complete agent response found in %d bytes"),
-+                                 QEMU_AGENT_MAX_RESPONSE);
-+            return -1;
-+        }
-         if (VIR_REALLOC_N(mon->buffer,
-                           mon->bufferLength + 1024) < 0)
-             return -1;
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,5 +17,3 @@ debian/apparmor_profiles_local_include.patch
 Set-defaults-for-zfs-tools.patch
 Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
 apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
-security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
-lockd-fix-typo-in-virtlockd-admin.socket.patch