Andrea Bolognani · Guido Günther · Andrea Bolognani · Guido Günther · Andrea Bolognani · Guido Günther
--- a/debian/libvirt0.symbols
+++ b/debian/libvirt0.symbols
@@ -119,7 +119,8 @@ libvirt.so.0 libvirt0 #MINVER#
 *@LIBVIRT_4.10.0 4.10.0
 *@LIBVIRT_5.0.0 5.0.0
 *@LIBVIRT_5.2.0 5.2.0~rc1
- *@LIBVIRT_PRIVATE_5.2.0 5.2.0~rc1
+ *@LIBVIRT_5.3.0 5.3.0
+ *@LIBVIRT_PRIVATE_5.3.0 5.3.0

 libvirt-qemu.so.0 libvirt0 #MINVER#
 *@LIBVIRT_QEMU_0.8.3 0.8.3
@@ -141,4 +142,4 @@ libvirt-admin.so.0 libvirt0 #MINVER#
 *@LIBVIRT_ADMIN_1.3.0 1.2.18
 *@LIBVIRT_ADMIN_2.0.0 2.0.0~rc1
 *@LIBVIRT_ADMIN_3.0.0 3.0.0
- *@LIBVIRT_ADMIN_PRIVATE_5.2.0 5.2.0~rc1
+ *@LIBVIRT_ADMIN_PRIVATE_5.3.0 5.3.0
--- a/debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch
+++ b/debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch
@@ -10,10 +10,10 @@ Closes: #663931
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/src/util/virutil.c b/src/util/virutil.c
-index 0d58f1e..2858505 100644
+index e5917d3..e24b5c3 100644
 --- a/src/util/virutil.c
 +++ b/src/util/virutil.c
-@@ -1655,7 +1655,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
+@@ -1483,7 +1483,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
 void virWaitForDevices(void)
 {
 # ifdef UDEVADM

--- a/debian/patches/api-disallow-virDomainGetHostname-for-read-only-connectio.patch
+++ b/debian/patches/api-disallow-virDomainGetHostname-for-read-only-connectio.patch
-From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange@redhat.com>
-Date: Wed, 3 Apr 2019 15:00:49 +0100
-Subject: api: disallow virDomainGetHostname for read-only connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-The virDomainGetHostname API is fetching guest information and this may
-involve use of an untrusted guest agent. As such its use must be
-forbidden on a read-only connection to libvirt.
-
-Fixes CVE-2019-3886
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/libvirt-domain.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index be5b1f6..baf2182 100644
--- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
-     virCheckDomainReturn(domain, NULL);
-     conn = domain->conn;
- 
-+    virCheckReadOnlyGoto(domain->conn->flags, error);
-+
-     if (conn->driver->domainGetHostname) {
-         char *ret;
-         ret = conn->driver->domainGetHostname(domain, flags);
--- a/debian/patches/debian/Debianize-libvirt-guests.patch
+++ b/debian/patches/debian/Debianize-libvirt-guests.patch
@@ -9,7 +9,7 @@ Origin: vendor
 2 files changed, 30 insertions(+), 19 deletions(-)

 diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
-index 4bc6e86..9ec4064 100644
+index 4bc6e86..f94f1b3 100644
 --- a/tools/libvirt-guests.sh.in
 +++ b/tools/libvirt-guests.sh.in
 @@ -1,5 +1,17 @@

--- a/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
+++ b/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
@@ -9,10 +9,10 @@ to not interfere with existing network configurations
 2 files changed, 2 insertions(+), 4 deletions(-)

 diff --git a/src/Makefile.in b/src/Makefile.in
-index fe2d19f..2700a1d 100644
+index 99217f9..e9e5ee0 100644
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
-@@ -13398,8 +13398,7 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
+@@ -13426,8 +13426,7 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
 @WITH_NETWORK_TRUE@	      $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
 @WITH_NETWORK_TRUE@	    rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
 @WITH_NETWORK_TRUE@	( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
@@ -23,10 +23,10 @@ index fe2d19f..2700a1d 100644
 @WITH_FIREWALLD_ZONE_TRUE@@WITH_NETWORK_TRUE@	$(INSTALL_DATA) $(srcdir)/network/libvirt.zone \
 @WITH_FIREWALLD_ZONE_TRUE@@WITH_NETWORK_TRUE@	  $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml
 diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
-index cbaaa7e..cb0228d 100644
+index 3fed59c..13ae858 100644
 --- a/src/network/Makefile.inc.am
 +++ b/src/network/Makefile.inc.am
-@@ -85,8 +85,7 @@ install-data-network:
+@@ -87,8 +87,7 @@ install-data-network:
 	      $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
 	    rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
 	( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \

--- a/debian/patches/debian/Prefer-sbin-over-usr-sbin.patch
+++ b/debian/patches/debian/Prefer-sbin-over-usr-sbin.patch
@@ -11,10 +11,10 @@ Closes: #895145
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/configure.ac b/configure.ac
-index 880a3a7..307aff0 100644
+index dcd78f6..1b77c97 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -110,7 +110,7 @@ then
+@@ -116,7 +116,7 @@ then
 fi
 
 dnl Where we look for daemons and admin binaries during configure

--- a/debian/patches/debian/Use-upstreams-polkit-rule.patch
+++ b/debian/patches/debian/Use-upstreams-polkit-rule.patch
@@ -9,10 +9,10 @@ As of 1.2.16 upstream ships a Polkit rule like Debian does.
 2 files changed, 4 insertions(+), 4 deletions(-)

 diff --git a/src/Makefile.in b/src/Makefile.in
-index 2700a1d..4abd388 100644
+index e9e5ee0..c780453 100644
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
-@@ -13447,12 +13447,12 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
+@@ -13475,12 +13475,12 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \
 @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@		$(DESTDIR)$(polkitactionsdir)/org.libvirt.unix.policy
 @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	$(MKDIR_P) $(DESTDIR)$(polkitrulesdir)
 @WITH_LIBVIRTD_TRUE@@WITH_POLKIT_TRUE@	$(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \
@@ -28,10 +28,10 @@ index 2700a1d..4abd388 100644
 
 .PHONY: \
 diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
-index dccecf8..c1916bd 100644
+index 0671424..9e7227d 100644
 --- a/src/remote/Makefile.inc.am
 +++ b/src/remote/Makefile.inc.am
-@@ -213,12 +213,12 @@ install-polkit:
+@@ -221,12 +221,12 @@ install-polkit:
 		$(DESTDIR)$(polkitactionsdir)/org.libvirt.unix.policy
 	$(MKDIR_P) $(DESTDIR)$(polkitrulesdir)
 	$(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \

--- a/debian/patches/remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+++ b/debian/patches/remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
-From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange@redhat.com>
-Date: Wed, 3 Apr 2019 15:00:50 +0100
-Subject: remote: enforce ACL write permission for getting guest time &
- hostname
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Getting the guest time and hostname both require use of guest agent
-commands. These must not be allowed for read-only users, so the
-permissions check must validate "write" permission not "read".
-
-Fixes CVE-2019-3886
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/remote/remote_protocol.x | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index 74be4b3..11f44ee 100644
--- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -5513,7 +5513,7 @@ enum remote_procedure {
- 
-     /**
-      * @generate: both
-     * @acl: domain:read
-+     * @acl: domain:write
-      */
-     REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
- 
-@@ -5908,7 +5908,7 @@ enum remote_procedure {
- 
-     /**
-      * @generate: none
-     * @acl: domain:read
-+     * @acl: domain:write
-      */
-     REMOTE_PROC_DOMAIN_GET_TIME = 337,
- 
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,6 +14,3 @@ Set-defaults-for-zfs-tools.patch
 Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
 apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
 debian/Prefer-sbin-over-usr-sbin.patch
-api-disallow-virDomainGetHostname-for-read-only-connectio.patch
-remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
-tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
--- a/debian/patches/tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
+++ b/debian/patches/tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 27 Mar 2019 13:42:45 -0500
-Subject: tests: Avoid writing into $HOME during virsh-snapshot
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-In a constrained CI environment, where it is intentional that attempts
-to write outside the current directory will fail, virsh-snapshot was
-failing:
-
- error: invalid argument: parent s3 for snapshot s2 not found
- error: marker
-+error: Failed to create '/home/travis/.cache/libvirt/virsh': Permission denied
-FAIL virsh-snapshot (exit status: 1)
-
-But we've already solved the problem in virsh-uriprecedence: tell
-virsh to use XDG locations pointing to somewhere we can write rather
-than its default of falling back to $HOME with the test being at risk
-of breaking due to the user's environment and/or unacceptably altering
-the user's normal cache.  Hoist that solution into test-lib.sh, so
-that all scripts can use it as needed. While at it, fix a latent typo
-where XDG_RUNTIME_HOME was set to a literal relative directory name
-"XDG_CACHE_HOME" (the typo did not affect virsh-uriprecedence, but
-could matter to other clients).
-
-Fixes: 280a2b41
-Fixes: 398de147
-Reported-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-
-(cherry picked from commit b18866086516b6fb1dc5bcc45dcde7b8df324850)
---
- tests/test-lib.sh         | 13 +++++++++++++
- tests/virsh-snapshot      |  2 ++
- tests/virsh-uriprecedence | 12 +-----------
- 3 files changed, 16 insertions(+), 11 deletions(-)
-
-diff --git a/tests/test-lib.sh b/tests/test-lib.sh
-index 49e8d22..ef5a47b 100644
--- a/tests/test-lib.sh
-+++ b/tests/test-lib.sh
-@@ -222,6 +222,19 @@ mkfifo_or_skip_()
-   fi
- }
- 
-+# Create mock XDG files/directories to avoid permission problems.
-+# As it points inside $test_dir_, it is automatically cleaned.
-+mock_xdg_()
-+{
-+  export XDG_CONFIG_HOME="$t_/.config"
-+  export XDG_CACHE_HOME="$t_/.cache"
-+  export XDG_RUNTIME_HOME="$XDG_CACHE_HOME"
-+
-+  mkdir -p "$XDG_CONFIG_HOME/libvirt" "$XDG_CONFIG_HOME/virsh"
-+  mkdir -p "$XDG_CACHE_HOME/libvirt" "$XDG_CACHE_HOME/virsh"
-+  mkdir -p "$XDG_RUNTIME_HOME/libvirt" "$XDG_RUNTIME_HOME/virsh"
-+}
-+
- test_dir_=$(pwd)
- 
- this_test_() { echo "./$0" | sed 's,.*/,,'; }
-diff --git a/tests/virsh-snapshot b/tests/virsh-snapshot
-index fb8a99d..cb498cf 100755
--- a/tests/virsh-snapshot
-+++ b/tests/virsh-snapshot
-@@ -26,6 +26,8 @@ fi
- 
- fail=0
- 
-+mock_xdg_ || framework_failure
-+
- # The test driver loses states between restarts, so we perform a script
- # with some convenient markers for later post-processing of output.
- $abs_top_builddir/tools/virsh --connect test:///default >out 2>err '
-diff --git a/tests/virsh-uriprecedence b/tests/virsh-uriprecedence
-index 564e3dc..fd6ce10 100755
--- a/tests/virsh-uriprecedence
-+++ b/tests/virsh-uriprecedence
-@@ -11,17 +11,7 @@ virsh_cmd="$virsh_bin"
- counter=0
- ret=0
- 
-cleanup_() { rm -rf "$tmphome"; }
-
-# Create all mock files/directories to avoid permission problems
-tmphome="$PWD/tmp_home"
-export XDG_CONFIG_HOME="$tmphome/.config"
-export XDG_CACHE_HOME="$tmphome/.cache"
-export XDG_RUNTIME_HOME="XDG_CACHE_HOME"
-
-mkdir -p "$XDG_CONFIG_HOME/libvirt" "$XDG_CONFIG_HOME/virsh"
-mkdir -p "$XDG_CACHE_HOME/libvirt" "$XDG_CACHE_HOME/virsh"
-mkdir -p "$XDG_RUNTIME_HOME/libvirt" "$XDG_RUNTIME_HOME/virsh"
-+mock_xdg_ || framework_failure
- 
- is_uri_good()
- {
--- a/debian/rules
+++ b/debian/rules
@@ -150,14 +150,13 @@ LOGROTATE = $(basename $(basename $(notdir $(wildcard src/remote/libvirtd*.logro
 EXAMPLES_DIR = $(CURDIR)/debian/libvirt-doc/usr/share/doc/libvirt-doc/examples/

 %:
-	dh $@ --builddirectory=$(DEB_BUILDDIR) --with autoreconf
+	dh $@ --builddirectory=$(DEB_BUILDDIR)

 override_dh_auto_configure:
 	IPTABLES_PATH=/usr/sbin/iptables \
 	IP6TABLES_PATH=/usr/sbin/ip6tables \
 	EBTABLES_PATH=/usr/sbin/ebtables \
 	dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_ARGS) $(shell dpkg-buildflags --export=configure)
-	mkdir -p debian/build/docs/internals

 override_dh_auto_test:
 	export LD_PRELOAD="";     \
@@ -233,7 +232,8 @@ override_dh_installsystemd:
 	dh_installsystemd -p libvirt-daemon-system --no-stop-on-upgrade $(LIBVIRT_SYSTEM_SERVICES)

 override_dh_installdocs:
-	dh_installdocs
+	dh_installdocs -plibvirt-doc --doc-main-package libvirt-doc
+	dh_installdocs -Nlibvirt-doc
 	# Remove binaries and object files examples
 	[ ! -d $(EXAMPLES_DIR) ] || find $(EXAMPLES_DIR) -name "*.o" -type f -delete -o -name .libs -type d -exec rm -rf {} \;
 	rm -f $(EXAMPLES_DIR)domain-events/events-c/event-test \
@@ -257,6 +257,3 @@ override_dh_auto_clean:
 override_dh_installchangelogs:
 	dh_installchangelogs -plibvirt0
 	dh_installchangelogs -Nlibvirt0 -XChangeLog
-
-override_dh_missing:
-	dh_missing --list-missing