* Fri Jul 3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-4.fc12

- Fix libvirtd crash with bad capabilities data (bug #505635)

.cvsignore

@@ -7,3 +7,4 @@ libvirt-0.6.0.tar.gz
 libvirt-0.6.1.tar.gz
 libvirt-0.6.2.tar.gz
 libvirt-0.6.3.tar.gz
+libvirt-0.6.4.tar.gz

libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch

@@ -0,0 +1,47 @@
+From ae4523336ac06e3ff7cc7b416fad9e57998c6b54 Mon Sep 17 00:00:00 2001
+From: Tim Waugh <twaugh@redhat.com>
+Date: Fri, 3 Jul 2009 10:29:01 +0100
+Subject: [PATCH 2/3] Don't unnecessarily try to change a file context
+
+As pointed out by Tim Waugh here:
+
+  https://bugzilla.redhat.com/507555
+
+We shouldn't bother trying to set the context of a file if it already
+matches what we want.
+
+(Fixed to use STREQ() and not use tabs, as pointed out by danpb)
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ src/security_selinux.c |   11 ++++++++++-
+ 1 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/src/security_selinux.c b/src/security_selinux.c
+index db1c27d..c2015a1 100644
+--- a/src/security_selinux.c
++++ b/src/security_selinux.c
+@@ -280,10 +280,19 @@ static int
+ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
+ {
+     char ebuf[1024];
++    security_context_t econ;
+ 
+     VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
+ 
+-    if(setfilecon(path, tcon) < 0) {
++    if (setfilecon(path, tcon) < 0) {
++        if (getfilecon(path, &econ) >= 0) {
++            if (STREQ(tcon, econ)) {
++                freecon(econ);
++                /* It's alright, there's nothing to change anyway. */
++                return 0;
++            }
++            freecon(econ);
++        }
+         virSecurityReportError(conn, VIR_ERR_ERROR,
+                                _("%s: unable to set security context "
+                                  "'\%s\' on %s: %s."), __func__,
+-- 
+1.6.2.5
+

libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch

@@ -0,0 +1,130 @@
+From 80965bff6d46dea1808c8bbf02f50f0e289a0e65 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 29 Jun 2009 10:41:56 +0000
+Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data
+
+---
+ src/qemu_driver.c |   80 +++++++++++++++++++++++++++++++++++-----------------
+ 1 files changed, 54 insertions(+), 26 deletions(-)
+
+diff -up libvirt-0.6.2/src/qemu_driver.c.bad-caps libvirt-0.6.2/src/qemu_driver.c
+--- libvirt-0.6.2/src/qemu_driver.c.bad-caps	2009-07-03 10:07:03.275252815 +0100
++++ libvirt-0.6.2/src/qemu_driver.c	2009-07-03 10:08:52.143502961 +0100
+@@ -360,12 +360,43 @@ next:
+     return 0;
+ }
+ 
++
++static int
++qemudSecurityCapsInit(virSecurityDriverPtr secdrv,
++                      virCapsPtr caps)
++{
++    const char *doi, *model;
++
++    doi = virSecurityDriverGetDOI(secdrv);
++    model = virSecurityDriverGetModel(secdrv);
++
++    caps->host.secModel.model = strdup(model);
++    if (!caps->host.secModel.model) {
++        char ebuf[1024];
++        VIR_ERROR(_("Failed to copy secModel model: %s"),
++                  virStrerror(errno, ebuf, sizeof ebuf));
++        return -1;
++    }
++
++    caps->host.secModel.doi = strdup(doi);
++    if (!caps->host.secModel.doi) {
++        char ebuf[1024];
++        VIR_ERROR(_("Failed to copy secModel DOI: %s"),
++                  virStrerror(errno, ebuf, sizeof ebuf));
++        return -1;
++    }
++
++    VIR_DEBUG("Initialized caps for security driver \"%s\" with "
++              "DOI \"%s\"", model, doi);
++
++    return 0;
++}
++
++
+ static int
+ qemudSecurityInit(struct qemud_driver *qemud_drv)
+ {
+     int ret;
+-    const char *doi, *model;
+-    virCapsPtr caps;
+     virSecurityDriverPtr security_drv;
+ 
+     ret = virSecurityDriverStartup(&security_drv,
+@@ -381,36 +412,17 @@ qemudSecurityInit(struct qemud_driver *q
+     }
+ 
+     qemud_drv->securityDriver = security_drv;
+-    doi = virSecurityDriverGetDOI(security_drv);
+-    model = virSecurityDriverGetModel(security_drv);
+ 
+-    VIR_DEBUG("Initialized security driver \"%s\" with "
+-              "DOI \"%s\"", model, doi);
++    VIR_INFO("Initialized security driver %s", security_drv->name);
+ 
+     /*
+      * Add security policy host caps now that the security driver is
+      * initialized.
+      */
+-    caps = qemud_drv->caps;
+-
+-    caps->host.secModel.model = strdup(model);
+-    if (!caps->host.secModel.model) {
+-        char ebuf[1024];
+-        VIR_ERROR(_("Failed to copy secModel model: %s"),
+-                  virStrerror(errno, ebuf, sizeof ebuf));
+-        return -1;
+-    }
++    return qemudSecurityCapsInit(security_drv, qemud_drv->caps);
++}
+ 
+-    caps->host.secModel.doi = strdup(doi);
+-    if (!caps->host.secModel.doi) {
+-        char ebuf[1024];
+-        VIR_ERROR(_("Failed to copy secModel DOI: %s"),
+-                  virStrerror(errno, ebuf, sizeof ebuf));
+-        return -1;
+-    }
+ 
+-    return 0;
+-}
+ 
+ /**
+  * qemudStartup:
+@@ -1852,13 +1864,29 @@ static int qemudGetNodeInfo(virConnectPt
+ 
+ static char *qemudGetCapabilities(virConnectPtr conn) {
+     struct qemud_driver *driver = conn->privateData;
++    virCapsPtr caps;
+     char *xml = NULL;
+ 
+     qemuDriverLock(driver);
++    if ((caps = qemudCapsInit()) == NULL) {
++        virReportOOMError(conn);
++        goto cleanup;
++    }
++
++    if (qemu_driver->securityDriver &&
++        qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) {
++        virCapabilitiesFree(caps);
++        virReportOOMError(conn);
++        goto cleanup;
++    }
++
+     virCapabilitiesFree(qemu_driver->caps);
+-    if ((qemu_driver->caps = qemudCapsInit()) == NULL ||
+-        (xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
++    qemu_driver->caps = caps;
++
++    if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
+         virReportOOMError(conn);
++
++cleanup:
+     qemuDriverUnlock(driver);
+ 
+     return xml;

libvirt-0.6.4-fix-nosource-label.patch

@@ -0,0 +1,35 @@
+From 06f607a9c5cfd50433ae27cc7729c31f81d87f19 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 3 Jul 2009 10:40:55 +0100
+Subject: [PATCH 3/3] Skip labelling if no src path present
+
+Fixes startup of guest's with sourceless cdrom devices.
+
+Patch originall posted here:
+
+  https://bugzilla.redhat.com/499569
+
+but never sent upstream.
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ src/security_selinux.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/src/security_selinux.c b/src/security_selinux.c
+index c2015a1..eb8d308 100644
+--- a/src/security_selinux.c
++++ b/src/security_selinux.c
+@@ -342,6 +342,9 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
+ {
+     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ 
++    if (!disk->src)
++        return 0;
++
+     if (disk->shared) {
+         return SELinuxSetFilecon(conn, disk->src, default_image_context);
+     } else if (disk->readonly) {
+-- 
+1.6.2.5
+

libvirt-0.6.4-shared-readonly-label.patch

@@ -1,6 +1,23 @@
-diff -rup libvirt-0.6.2/src/security_selinux.c libvirt-0.6.2.new/src/security_selinux.c
---- libvirt-0.6.2/src/security_selinux.c	2009-04-03 15:36:56.000000000 +0100
-+++ libvirt-0.6.2.new/src/security_selinux.c	2009-05-05 13:39:42.000000000 +0100
+From e700e17c3989d32e04ef98c63ac9b9414fefb366 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Fri, 3 Jul 2009 10:24:50 +0100
+Subject: [PATCH 1/3] Re-label shared and readonly images
+
+This patch was posted ages ago here:
+
+  https://bugzilla.redhat.com/493692
+
+But was never posted upstream AFAICT.
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ src/security_selinux.c |   27 +++++++++++++++++----------
+ 1 files changed, 17 insertions(+), 10 deletions(-)
+
+diff --git a/src/security_selinux.c b/src/security_selinux.c
+index ac317d7..db1c27d 100644
+--- a/src/security_selinux.c
++++ b/src/security_selinux.c
 @@ -24,11 +24,12 @@
  #include "virterror_internal.h"
  #include "util.h"
@@ -31,7 +48,7 @@ diff -rup libvirt-0.6.2/src/security_selinux.c libvirt-0.6.2.new/src/security_se
      return 0;
  }
  
-@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, co
+@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
  {
      char ebuf[1024];
  
@@ -40,16 +57,17 @@ diff -rup libvirt-0.6.2/src/security_selinux.c libvirt-0.6.2.new/src/security_se
      if(setfilecon(path, tcon) < 0) {
          virSecurityReportError(conn, VIR_ERR_ERROR,
                                 _("%s: unable to set security context "
-@@ -299,6 +307,8 @@ SELinuxRestoreSecurityImageLabel(virConn
+@@ -299,9 +307,6 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
      char *newpath = NULL;
      const char *path = disk->src;
  
-+    /* Don't restore labels on readoly/shared disks, because
-+     * other VMs may still be accessing these */
-     if (disk->readonly || disk->shared)
-         return 0;
- 
-@@ -328,8 +338,13 @@ SELinuxSetSecurityImageLabel(virConnectP
+-    if (disk->readonly || disk->shared)
+-        return 0;
+-
+     if ((err = virFileResolveLink(path, &newpath)) < 0) {
+         virReportSystemError(conn, err,
+                              _("cannot resolve symlink %s"), path);
+@@ -328,8 +333,13 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
  {
      const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
  
@@ -64,7 +82,7 @@ diff -rup libvirt-0.6.2/src/security_selinux.c libvirt-0.6.2.new/src/security_se
  
      return 0;
  }
-@@ -403,9 +418,6 @@ SELinuxSetSecurityLabel(virConnectPtr co
+@@ -403,9 +413,6 @@ SELinuxSetSecurityLabel(virConnectPtr conn,
  
      if (secdef->imagelabel) {
          for (i = 0 ; i < vm->def->ndisks ; i++) {
@@ -74,3 +92,6 @@ diff -rup libvirt-0.6.2/src/security_selinux.c libvirt-0.6.2.new/src/security_se
              if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
                  return -1;
          }
+-- 
+1.6.2.5
+

libvirt-0.6.4-svirt-sound.patch

@@ -1,8 +1,8 @@
---- src/qemu_conf.c.orig	2009-04-02 11:50:10.000000000 +0200
-+++ src/qemu_conf.c	2009-04-03 17:46:59.000000000 +0200
-@@ -779,6 +779,20 @@ int qemudBuildCommandLine(virConnectPtr 
+--- src/qemu_conf.c.orig	2009-05-29 19:24:59.000000000 +0200
++++ src/qemu_conf.c	2009-05-29 19:19:39.000000000 +0200
+@@ -792,6 +792,20 @@ int qemudBuildCommandLine(virConnectPtr 
+     char uuid[VIR_UUID_STRING_BUFLEN];
      char domid[50];
-     char *pidfile;
      const char *cpu = NULL;
 +    int skipSound = 0;
 +
@@ -21,7 +21,7 @@
  
      uname_normalize(&ut);
  
-@@ -1425,7 +1439,8 @@ int qemudBuildCommandLine(virConnectPtr 
+@@ -1429,7 +1443,8 @@ int qemudBuildCommandLine(virConnectPtr 
      }
  
      /* Add sound hardware */

libvirt.spec

@@ -54,19 +54,24 @@
 
 Summary: Library providing a simple API virtualization
 Name: libvirt
-Version: 0.6.3
+Version: 0.6.4
 Release: 4%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: libvirt-%{version}.tar.gz
 
-# Patches cherry-picked from upstream
-# N/A
-Patch1: libvirt-0.6.3-shared-readonly-label.patch
+# Handle shared/readonly image labelling (bug #493692)
+Patch1: libvirt-0.6.4-shared-readonly-label.patch
+# Don't unnecessarily try to change a file context (bug #507555)
+Patch2: libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch
+# Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)
+Patch3: libvirt-0.6.4-fix-nosource-label.patch
+# Fix libvirtd crash with bad capabilities data (bug #505635)
+Patch4 :libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch
 
-# Not for upstream. Temporary hack till PulseAudio autostart
-# problems are sorted out when SELinux enforcing
-Patch200: libvirt-0.6.3-svirt-sound.patch
+# Temporary hack till PulseAudio autostart problems are sorted
+# out when SELinux enforcing (bz 486112)
+Patch200: libvirt-0.6.4-svirt-sound.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
@@ -136,9 +141,6 @@ BuildRequires: avahi-devel
 BuildRequires: libselinux-devel
 BuildRequires: dnsmasq
 BuildRequires: bridge-utils
-%if %{with_qemu}
-BuildRequires: qemu
-%endif
 %if %{with_sasl}
 BuildRequires: cyrus-sasl-devel
 %endif
@@ -216,7 +218,11 @@ of recent versions of Linux (and other OSes).
 
 %prep
 %setup -q
+
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %patch200 -p0
 
@@ -547,6 +553,45 @@ fi
 %endif
 
 %changelog
+* Fri Jul  3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-4.fc12
+- Fix libvirtd crash with bad capabilities data (bug #505635)
+
+* Fri Jul  3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-3.fc12
+- Handle shared/readonly image labelling (bug #493692)
+- Don't unnecessarily try to change a file context (bug #507555)
+- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)
+
+* Fri Jun  5 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-2.fc12
+- Remove the qemu BuildRequires
+
+* Fri May 29 2009 Daniel Veillard <veillard@redhat.com> - 0.6.4-1.fc12
+- Upstream release of 0.6.4
+- new APIs
+- fixes for latests QEmu/KVM versions
+- various assorted fixes
+
+* Mon May 25 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-11.fc12
+- Bring up the bridge, even if it doesn't have an IP address (bug #501912)
+
+* Thu May 21 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-10.fc12
+- Fix XML attribute escaping (bug #499791)
+- Fix serious event handling issues causing guests to be destroyed (bug #499698)
+
+* Thu May 21 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-9.fc12
+- Fix qemu argv detection with latest qemu (bug #501923)
+
+* Sun May 10 2009 Cole Robinson <crobinso@redhat.com> - 0.6.2-8.fc12
+- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)
+
+* Thu May  7 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-7.fc12
+- Enable migration for qemu 0.10 (bug #499704)
+
+* Wed May  6 2009 Cole Robinson <crobinso@redhat.com> - 0.6.3-6.fc12
+- Refresh qemu caps when getCapabilities is called (bug #460649)
+
+* Wed May  6 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.3-5.fc12
+- Fix handling of <hostdev managed='yes'> (bug #499386)
+
 * Tue May  5 2009 Daniel Berrange <berrange@redhat.com> - 0.6.3-4.fc12
 - Fix readonly/shared disk image labelling (rhbz #493692)
 

sources

@@ -1 +1 @@
-dd618bf0943a0be853ccc08308c7f427  libvirt-0.6.3.tar.gz
+344a6913a94582ea3ab0ad75a9bfef22  libvirt-0.6.4.tar.gz