[El-errata] ELSA-2013-0276 Moderate: Oracle Linux 6 libvirt security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 28 06:11:39 PST 2013

Oracle Linux Security Advisory ELSA-2013-0276


The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:




Description of changes:

- Replace docs/et.png in tarball with blank image

- rpc: Fix crash on error paths of message dispatching (CVE-2013-0170)
- spec: Disable libssh2 support (rhbz#513363)

- storage: Fix lvcreate parameter for backingStore. (rhbz#896398)
- qemu: Don't return success if creation of snapshot save file fails 
- qemu: Reject attempts to create snapshots with names containig '/' 

- qemu_agent: Remove agent reference only when disposing it (rhbz#892079)
- Add RESUME event listener to qemu monitor. (rhbz#894085)

- snapshot: conf: Make virDomainSnapshotIsExternal more reusable 
- snapshot: qemu: Separate logic blocks with newlines (rhbz#889407)
- snapshot: qemu: Fix segfault and vanishing snapshots when redefining 
- snapshot: qemu: Allow redefinition of external snapshots (rhbz#889407)
- util: Prepare helpers for unpriv_sgio setting (rhbz#878578)
- qemu: Add a hash table for the shared disks (rhbz#878578)
- docs: Add docs and rng schema for new XML tag sgio (rhbz#878578)
- conf: Parse and format the new XML (rhbz#878578)
- qemu: Set unpriv_sgio when starting domain and attaching disk 
- qemu: Check if the shared disk's cdbfilter conflicts with others 
- qemu: Relax hard RSS limit (rhbz#891653)

- util: Add missing error log messages when failing to get netlink 
VFINFO (rhbz#889319)
- util: Fix functions that retrieve SRIOV VF info (rhbz#889319)
- util: Fix botched check for new netlink request filters (rhbz#889319)
- blockjob: Fix memleak that prevented block pivot (rhbz#888426)
- sanlock: Chown lease files as well (rhbz#820173)

- network: Prevent dnsmasq from listening on localhost (rhbz#886821)
- sanlock: Re-add lockspace unconditionally (rhbz#820173)
- Fix "virsh create" example (rhbz#887187)
- docs: Fix some typos in examples (rhbz#887187)
- network: Don't require private addresses if dnsmasq uses 
SO_BINDTODEVICE (rhbz#882265)

- qemu: Eliminate bogus error log when changing netdev's bridge 
- remote: Avoid the thread race condition (rhbz#866524)
- storage: Error out earlier if the volume target path already exists 
- dnsmasq: Fix parsing of the version number (rhbz#885727)
- qemu: Restart CPUs with valid async job type when doing external 
snapshots (rhbz#885081)
- examples: Fix balloon event callback (rhbz#884650)
- util: Don't fail virGetGroupIDByName when group not found (rhbz#883832)
- util: Don't fail virGetUserIDByName when user not found (rhbz#883832)
- util: Rework error reporting in virGet(User|Group)IDByName (rhbz#883832)
- util: Fix warning message in previous patch (rhbz#883832)

- Fix uninitialized variable in virLXCControllerSetupDevPTS (rhbz#880064)
- storage: Fix device detach regression with cgroup ACLs (rhbz#876828)
- storage: Fix bug of fs pool destroying (rhbz#878400)
- qemu: Fix a crash when save file can't be opened (rhbz#880919)
- bitmap: Fix typo to use UL type of integer constant in 
virBitmapIsAllSet (rhbz#876415)
- virsh: Rewrite cmdDomDisplay (rhbz#878779)
- network: Fix crash when portgroup has no name (rhbz#879473)
- util: Capabilities detection for dnsmasq (rhbz#882265)
- util: New virSocketAddrIsPrivate function (rhbz#882265)
- network: Use dnsmasq --bind-dynamic when available (rhbz#882265)
- storage: Fix scsi detach regression with cgroup ACLs (rhbz#876828)
- libssh2_session: Support DSS keys as well (rhbz#878376)
- virsh: Fix error messages in iface-bridge (rhbz#878376)
- virsh: Check the return value of virStoragePoolGetAutostart (rhbz#878376)
- conf: Check the return value of virXPathNodeSet (rhbz#878376)
- conf: snapshot: Check return value of virDomainSnapshotObjListNum 
- util: Fix virBitmap allocation in virProcessInfoGetAffinity (rhbz#878376)
- virsh: Use correct sizeof when allocating cpumap (rhbz#878376)
- rpc: Don't destroy xdr before creating it in virNetMessageEncodeHeader 
- virsh: Do timing even for unusable connections (rhbz#878376)
- conf: Fix uninitialized variable in virDomainListSnapshots (rhbz#878376)
- Fix error handling in virSecurityManagerGetMountOptions (rhbz#878376)
- conf: Prevent crash with no uuid in cephx auth secret (rhbz#878376)
- conf: Fix virDomainNetGetActualDirect*() and BridgeName() (rhbz#881480)
- virsh: Report errors if arguments of the schedinfo command are 
incorrect (rhbz#882915)
- systemd: Require dbus service (rhbz#830201)
- spec: Require dbus-daemon when using libvirtd in Fedora (rhbz#830201)
- qemu: Don't free PCI device if adding it to activePciHostdevs fails 
- util: Slightly refactor PCI list functions (rhbz#877095)
- qemu: Fix memory (and FD) leak on PCI device detach (rhbz#877095)
- util: Do not keep PCI device config file open (rhbz#877095)
- node_memory: Improve the docs (rhbz#872656)
- node_memory: Do not fail if there is parameter unsupported (rhbz#872656)
- node_memory: Fix bug of node_memory_tune (rhbz#872656)

- Add note about numeric domain names to manpage (rhbz#824253)
- Use virNetServerRun instead of custom main loop (rhbz#867246)
- qemu: Fix RBD attach regression (rhbz#878862)
- qemu: Stop recursive detection of image chains when an image is 
missing (rhbz#878862)
- Fix exiting of libvirt_lxc program on container quit (rhbz#879360)
- snapshot: qemu: Add support for external inactive snapshots (rhbz#876816)
- conf: Fix private symbols exported by files in conf (rhbz#876816)
- snapshot: qemu: Fix detection of external snapshots when deleting 
- snapshot: Require user to supply external memory file name (rhbz#876816)
- snapshot: Add two more filter sets to API (rhbz#876817)
- snapshot: Add virsh back-compat support for new filters (rhbz#876817)
- snapshot: Implement new filter sets (rhbz#876817)
- snapshot: Expose location through virsh snapshot-info (rhbz#876817)
- sanlock: Retry after EINPROGRESS (rhbz#820173)
- storage: Fix logical volume cloning (rhbz#879780)
- cpu: Add Intel Haswell cpu model (fix previous downstream definition) 
- virsh: Report error when taking a snapshot with empty --memspec 
argument (rhbz#879130)
- lxc: Don't crash if no security driver is specified in libvirt_lxc 
- lxc: Avoid segfault of libvirt_lxc helper on early cleanup paths 

- util: Improve error reporting from absolutePathFromBaseFile helper 
- storage: Fix broken backing chain (rhbz#874860)
- nodeinfo: Add check and workaround to guarantee valid cpu topologies 
- nodeinfotest: Add test data for 2 processor host with broken NUMA 
- nodeinfotest: Add test data from a AMD bulldozer machine. (rhbz#874050)
- virsh: save: Report an error if XML file can't be read (rhbz#876868)
- virsh: Fix uninitialized variable in cmdSnapshotEdit (rhbz#877303)
- qemu: Allow larger discrepency between memory & currentMemory in 
domain xml (rhbz#873134)

- iohelper: Don't report errors on special FDs (rhbz#866369)
- esx: Yet another connection fix for 5.1 (rhbz#873538)
- qemu: Don't corrupt pointer in qemuDomainSaveMemory() (rhbz#873537)
- build: Place attributes in correct location (rhbz#873934)
- Introduce new VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR event (rhbz#866388)
- qemu: Emit event if 'cont' fails (rhbz#866388)
- virsh: Make ,, escape parsing common (rhbz#874171)
- virsh: Add snapshot-create-as memspec support (rhbz#874171)
- qemu: Fix domain ID numbering race condition (rhbz#874330)
- qemu: Allow migration to be cancelled at prepare phase (rhbz#873792)
- AbortJob: Fix documentation (rhbz#873792)

- sanlock: Introduce 'user' and 'group' conf variables (rhbz#820173)
- esx: Fix connection to ESX 5.1 (rhbz#865670)
- cpu: Fix definition of flag smap (rhbz#797283)
- util: Do a better job of matching up pids with their binaries 
- qemu: Fix EmulatorPinInfo without emulatorpin (rhbz#871312)
- build: Fix RPM build for non-x86 platforms (rhbz#820173)
- qemu: Report errors from iohelper (rhbz#866369)
- build: Fix linking with systemtap probes (rhbz#866369)
- iohelper: Fdatasync() at the end (rhbz#866369)
- net-update docs: S/domain/network/ (rhbz#872104)
- cpu: Add newly added cpu flags (rhbz#838127)
- cpu: Add AMD Opteron G5 cpu model (rhbz#838127)
- cpu: Add Intel Haswell cpu model (rhbz#843087)
- snapshot: New XML for external system checkpoint (rhbz#638512)
- snapshot: Improve disk align checking (rhbz#638512)
- snapshot: Populate new XML info for qemu snapshots (rhbz#638512)
- snapshot: Merge pre-snapshot checks (rhbz#638512)
- qemu: Fix possible race when pausing guest (rhbz#638512)
- qemu: Clean up snapshot retrieval to use the new helper (rhbz#638512)
- qemu: Split out domain memory saving code to allow reuse (rhbz#638512)
- snapshot: Add flag to enable creating checkpoints in live state 
- snapshot: qemu: Add async job type for snapshots (rhbz#638512)
- snapshot: qemu: Rename qemuDomainSnapshotCreateActive (rhbz#638512)
- snapshot: qemu: Add support for external checkpoints (rhbz#638512)
- snapshot: qemu: Remove restrictions preventing external checkpoints 

- xml: Omit domain name from comment if it contains double hyphen 
- cpu: Add recently added cpu feature flags. (rhbz#797283)
- esx: Update version checks for vSphere 5.1 (rhbz#865670)
- qemu: Add helper to prepare cpumap for affinity setting (rhbz#869096)
- qemu: Keep the affinity when creating cgroup for emulator thread 
- qemu: Prohibit chaning affinity of domain process if placement is 
'auto' (rhbz#870099)
- network: Fix networkValidate check for default portgroup and vlan 
- qemu: Fix attach/detach of netdevs with matching mac addrs (rhbz#862515)
- snapshot: Improve snapshot-list error message (rhbz#869100)
- virsh: Remove --flags from nodesuspend (rhbz#869508)
- virsh: Fix POD syntax (rhbz#870273)
- xml: Print uuids in the warning (rhbz#868692)
- blockjob: Support both RHEL and upstream qemu drive-mirror (rhbz#871055)

- qemu: Clear async job when p2p migration fails early (rhbz#867412)
- qemu: Pin the emulator when only cpuset is specified (rhbz#867372)
- qemu: Correctly wait for spice to migrate (rhbz#867724)
- qemu: Fixed default machine detection in qemuCapsParseMachineTypesStr 
- conf: Make tri-state feature options more universal (rhbz#864606)
- conf: Add support for HyperV Enlightenment features (rhbz#864606)
- qemu: Add support for HyperV Enlightenment feature "relaxed" (rhbz#864606)
- network: Set to NULL after virNetworkDefFree() (rhbz#866364)
- qemu: Always format CPU topology (rhbz#866999)
- qemu: Don't fail without emulatorpin or cpumask (rhbz#867372)
- qemu: Allow migration with host USB devices (rhbz#843560)
- qemu: Do not require hostuuid in migration cookie (rhbz#863059)
- network: Free/null newDef if network fails to start (rhbz#866364)
- migrate: v2: Use VIR_DOMAIN_XML_MIGRATABLE when available (rhbz#856864)
- qemu: Avoid holding the driver lock in trivial snapshot API's 
- storage: List more file types (rhbz#772088)
- storage: Treat 'aio' like 'raw' at parse time (rhbz#772088)
- storage: Match RNG to supported driver types (rhbz#772088)
- storage: Use enum for default driver type (rhbz#772088)
- storage: Use enum for disk driver type (rhbz#772088)
- storage: Use enum for snapshot driver type (rhbz#772088)
- storage: Don't probe non-files (rhbz#772088)
- storage: Get entire metadata chain in one call (rhbz#772088)
- storage: Don't require caller to pre-allocate metadata struct 
- storage: Remember relative names in backing chain (rhbz#772088)
- storage: Make it easier to find file within chain (rhbz#772088)
- storage: Cache backing chain while qemu domain is live (rhbz#772088)
- storage: Use cache to walk backing chain (rhbz#772088)
- blockjob: Remove unused parameters after previous patch (rhbz#772088)
- blockjob: Manage qemu block-commit monitor command (rhbz#772088)
- blockjob: Wire up online qemu block-commit (rhbz#772088)
- blockjob: Implement shallow commit flag in qemu (rhbz#772088)
- blockjob: Refactor qemu disk chain permission grants (rhbz#772088)
- blockjob: Properly label disks for qemu block-commit (rhbz#772088)
- blockjob: Avoid segv on early error (rhbz#772088)
- blockjob: Accommodate early RHEL backport naming (rhbz#772088)
- virsh: Fix segfault of snapshot-list (rhbz#837544)
- network: Always create dnsmasq hosts and addnhosts files, even if 
empty (rhbz#868389)
- network: Don't allow multiple default portgroups (rhbz#868483)
- selinux: Use raw contexts (rhbz#851981)
- selinux: Add security selinux function to label tapfd (rhbz#851981)
- selinux: Use raw contexts 2 (rhbz#851981)
- selinux: Fix wrong tapfd relablling (rhbz#851981)
- selinux: Remove unused variables in socket labelling (rhbz#851981)
- selinux: Relabel tapfd in qemuPhysIfaceConnect (rhbz#851981)
- storage: Let format probing work on root-squash NFS (rhbz#856247)
- snapshot: Sanity check when reusing file for snapshot (rhbz#856247)
- blockjob: Add qemu capabilities related to block jobs (rhbz#856247)
- blockjob: React to active block copy (rhbz#856247)
- blockjob: Return appropriate event and info (rhbz#856247)
- blockjob: Support pivot operation on cancel (rhbz#856247)
- blockjob: Make drive-reopen safer (rhbz#856247)
- blockjob: Implement block copy for qemu (rhbz#856247)
- blockjob: Allow for existing files in block-copy (rhbz#856247)
- blockjob: Allow mirroring under SELinux and cgroup (rhbz#856247)
- blockjob: Relabel entire existing chain (rhbz#856247)

- node_memory: Add new parameter field to tune the new sysfs knob 
- daemon: Fix removing abstract namespaces (rhbz#859331)
- tests: Fix domain-events python test (rhbz#839661)
- conf: Fix crash with cleanup (rhbz#866288)
- spec: Add runtime requirement for libssh2 (rhbz#866508)
- spec: Require newer sanlock on recent distros (rhbz#832156)
- spec: Require newer sanlock on recent distros 2 (rhbz#832156)

- conf: Rename life cycle actions to event actions (rhbz#832156)
- conf: Add on_lockfailure event configuration (rhbz#832156)
- locking: Add const char * parameter to avoid ugly typecasts (rhbz#832156)
- locking: Pass hypervisor driver name when acquiring locks (rhbz#832156)
- locking: Add support for lock failure action (rhbz#832156)
- locking: Implement lock failure action in sanlock driver (rhbz#832156)
- conf: Add support for startupPolicy for USB devices (rhbz#843560)
- qemu: Introduce qemuFindHostdevUSBDevice (rhbz#843560)
- qemu: Add option to treat missing USB devices as success (rhbz#843560)
- qemu: Implement startupPolicy for USB passed through devices (rhbz#843560)
- Add MIGRATABLE flag for virDomainGetXMLDesc (rhbz#843560)
- qemu: Make save/restore with USB devices usable (rhbz#843560)
- conf: Mark missing optional USB devices in domain XML (rhbz#843560)
- security: Also parse user/group names instead of just IDs for DAC 
labels (rhbz#860519)
- doc: Update description about security labels on formatdomain.html 
- util: Extend virGetUserID and virGetGroupID to support names and IDs 
- security: Update user and group parsing in security_dac.c (rhbz#860519)
- doc: Update description about user/group in qemu.conf (rhbz#860519)
- Fix kvm_pv_eoi with kvmclock (rhbz#860971)
- Change qemuSetSchedularParameters to use AFFECT_CURRENT (rhbz#852260)
- Fix handling of itanium arch name in QEMU driver (rhbz#863115)
- Add a qemu capabilities cache manager (rhbz#863115)
- Switch over to use cache for building QEMU capabilities (rhbz#863115)
- Remove probing of flags when launching QEMU guests (rhbz#863115)
- Remove probing of machine types when canonicalizing XML (rhbz#863115)
- Remove probing of CPU models when launching QEMU guests (rhbz#863115)
- Make qemuCapsProbeMachineTypes & qemuCapsProbeCPUModels static 
- Remove xenner support (rhbz#863115)
- Refactor guest init to support qemu-system-i386 binary too (rhbz#863115)
- Add a qemuMonitorGetVersion() method for QMP query-version command 
- Add a qemuMonitorGetMachines() method for QMP query-machines command 
- Add a qemuMonitorGetCPUDefinitions method for QMP 
query-cpu-definitions command (rhbz#863115)
- Add a qemuMonitorGetCommands() method for QMP query-commands command 
- Add a qemuMonitorGetEvents() method for QMP query-events command 
- Add a qemuMonitorGetObjectTypes() method for QMP qom-list-types 
command (rhbz#863115)
- Add a qemuMonitorGetObjectProps() method for QMP 
device-list-properties command (rhbz#863115)
- Add a qemuMonitorGetTargetArch() method for QMP query-target command 
- Remove some unused includes in QEMU code (rhbz#863115)
- Move command/event capabilities detection out of QEMU monitor code 
- Fix regression starting QEMU instances without query-events (rhbz#863115)
- Refactor qemuCapsParseDeviceStr to work from data tables (rhbz#863115)
- Fix QEMU test with 1.2.0 help output (rhbz#863115)
- Ignore error from query-cpu-definitions (rhbz#863115)
- Fix potential deadlock when agent is closed (rhbz#859712)
- Fix (rare) deadlock in QEMU monitor callbacks (rhbz#859712)
- Convert virLXCMonitor to use virObject (rhbz#864336)
- Remove pointless virLXCProcessMonitorDestroy method (rhbz#864336)
- Simplify some redundant locking while unref'ing objects (rhbz#859712)
- Fix deadlock in handling EOF in LXC monitor (rhbz#864336)
- Avoid bogus I/O event errors when closing the QEMU monitor (rhbz#859712)
- qemu: Fix parsing of x86 CPU models (rhbz#864097)
- python: Keep consistent handling of Python integer conversion 
- esx: Fix and improve esxListAllDomains function (rhbz#864384)
- virsh: Block SIGINT while getting BlockJobInfo (rhbz#845448)
- spec: Add support for libssh2 transport (rhbz#513363)
- Revert "Use XDG Base Directories instead of storing in home directory" 
- conf: Ignore vcpupin for not onlined vcpus when parsing (rhbz#855218)
- conf: Initialize the pinning policy for vcpus (rhbz#855218)
- qemu: Create or remove cgroup when doing vcpu hotpluging (rhbz#857013)
- qemu: Initialize cpuset for hotplugged vcpu as def->cpuset (rhbz#855218)
- conf: Ignore emulatorpin if vcpu placement is auto (rhbz#855218)
- qemu: Ignore def->cpumask if emulatorpin is specified (rhbz#855218)
- conf: Fix virDevicePCIAddressEqual args (rhbz#805071)
- conf: VirDomainDeviceInfoCopy utility function (rhbz#805071)
- qemu: Reorganize qemuDomainChangeNet and qemuDomainChangeNetBridge 
- Add support for SUSPEND_DISK event (rhbz#839661)

- qemu: Wait for SPICE to migrate (rhbz#836135)
- lxc: Correctly report active cgroups (rhbz#860907)
- network: Backend for virNetworkUpdate of interface list (rhbz#844404)
- Fix start of containers with custom root filesystem (rhbz#861564)
- Correct checking of virStrcpyStatic() return value (rhbz#864122)

- New build based on upstream release 0.10.2 (rhbz#836934)
- network: define new API virNetworkUpdate
- add support for QEmu sandbox support
- blockjob: add virDomainBlockCommit
- New APIs to get/set Node memory parameters
- new API virConnectListAllSecrets
- new API virConnectListAllNWFilters
- new API virConnectListAllNodeDevices
- new API virConnectListAllInterfaces
- new API virConnectListAllNetworks
- new API virStoragePoolListAllVolumes
- Add PMSUSPENDED life cycle event
- new API virStorageListAllStoragePools
- Add per-guest S3/S4 state configuration
- qemu: Support for Block Device IO Limits
- a lot of bug fixes, improvements and portability work

- New build based on upstream release candidate 1 of 0.10.2 (rhbz#836934)

- Don't assume use of /sys/fs/cgroup (rhbz#842979)

- New build based on upstream release 0.10.1 (rhbz#836934)
- many fixes on top of 0.10.0

- New build based on upstream release 0.10.0 (rhbz#836934)
- agent: add qemuAgentArbitraryCommand() for general qemu agent command
- Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo functions
- network: use firewalld instead of iptables, when available
- network: make network driver vlan-aware
- esx: Implement network driver
- Various LXC improvements
- Add virDomainGetHostname
- a lot of bug fixes, improvements and portability work

- New build based on upstream snapshot 0.10.0-0rc1 (rhbz#836934)

- New build based on upstream snapshot 0.10.0-0rc0 (rhbz#836934)
- Cleanup and rebase of the few RHEL-only patches

- fix the package split to be similar to 6.3 one instead of upstream

- fix a package dependency problem making -1 uninstallable

- first rebase for 6.4 more to come
- kvm-guest failed to start; double-close bug in libvirt (rhbz#823716)
- potential to deadlock libvirt on EPIPE (rhbz#827234)
- fix keepalive issues (rhbz#832081)
- CPU topology parsing bug on special NUMA platform (rhbz#828729)
- libvirtd will crash when tight loop of hotplug/unplug PCI device 

-------------- next part --------------

More information about the El-errata mailing list