Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: libv...@packages.debian.org Control: affects -1 + src:libvirt
[ Reason ] The update would cover a number of issues that have been found to affect the version of libvirt in bookworm. The first one is a user-visible issue where the "virsh domif-setlink" command can only be successfully used in certain conditions: this has been reported as * https://bugs.debian.org/1075718 and has already been fixed upstream, so fixing it in stable involves cherry-picking the relevant upstream change. The remaining ones are all security issues, which have CVEs assigned to them and are tracked in the Debian security tracker: * https://security-tracker.debian.org/tracker/CVE-2023-3750 * https://security-tracker.debian.org/tracker/CVE-2024-1441 * https://security-tracker.debian.org/tracker/CVE-2024-2494 * https://security-tracker.debian.org/tracker/CVE-2024-2496 For all of them too, the fix has already been committed upstream and so we just need to cherry-pick those changes. In a couple of cases the cherry-pick is not a completely clean one, but the conflict resolution is trivial and documented. [ Impact ] If the update isn't approved, stable users will keep being unable to use the "virsh domif-setlink" command in some scenarios and will remain exposed to a number of security issues. [ Tests ] The update was smoke-tested by starting and connecting to a few VMs. I have manually inspected all the added patches to confirm that they appear to do what they claim to; since they are all cherry-picked from upstream, I have high confidence that they are correct. [ Risks ] The fixes are all extremely small and targeted, and have already been validated upstream. libvirt has an extremely high bar for breaking backwards compatibility, so the risk of that being an issue is very low. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] Already detailed above. [ Other info ] This is my first time preparing a stable update, so it's not unreasonable to expect that I might have gotten something wrong. Please bear with me :) The only thing that strikes me as a bit odd and we might need to rectify is that CVE-2024-2496, while properly tracked in the Debian security tracker, doesn't have a corresponding Debian bug. Should one be filed? I have been preparing unstable/experimental uploads for 4+ years, and I'm also one of the upstream developers, so I am familiar both with the Debian packaging and the underlying software. -- Andrea Bolognani <e...@kiyuko.org> Resistance is futile, you will be garbage collected.
diff -Nru libvirt-9.0.0/debian/changelog libvirt-9.0.0/debian/changelog --- libvirt-9.0.0/debian/changelog 2023-05-21 11:31:31.000000000 +0200 +++ libvirt-9.0.0/debian/changelog 2024-07-13 21:00:26.000000000 +0200 @@ -1,3 +1,23 @@ +libvirt (9.0.0-4+deb12u1) bookworm; urgency=medium + + [ Cyril Brulebois ] + * [923b6a8] patches: Add backports + - backport/virsh-Make-domif-setlink-work-more-than-once.patch + - Closes: #1075718 + + [ Andrea Bolognani ] + * [94893a2] patches: Add backports + - backport/Fix-off-by-one-error-in-udevListInterfacesByStatus.patch + - Fixes CVE-2024-1441 + - backport/interface-fix-udev_device_get_sysattr_value-return-value-.patch + - Fixes CVE-2024-2496 + - backport/remote-check-for-negative-array-lengths-before-allocation.patch + - Fixes CVE-2024-2494 + - backport/storage-Fix-returning-of-locked-objects-from-virStoragePo.patch + - Fixes CVE-2023-3750 + + -- Andrea Bolognani <e...@kiyuko.org> Sat, 13 Jul 2024 21:00:26 +0200 + libvirt (9.0.0-4) unstable; urgency=medium * [79f6669] patches: Add backports diff -Nru libvirt-9.0.0/debian/patches/backport/Fix-off-by-one-error-in-udevListInterfacesByStatus.patch libvirt-9.0.0/debian/patches/backport/Fix-off-by-one-error-in-udevListInterfacesByStatus.patch --- libvirt-9.0.0/debian/patches/backport/Fix-off-by-one-error-in-udevListInterfacesByStatus.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvirt-9.0.0/debian/patches/backport/Fix-off-by-one-error-in-udevListInterfacesByStatus.patch 2024-07-13 21:00:26.000000000 +0200 @@ -0,0 +1,46 @@ +From: Martin Kletzander <mklet...@redhat.com> +Date: Tue, 27 Feb 2024 16:20:12 +0100 +Subject: Fix off-by-one error in udevListInterfacesByStatus +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Ever since this function was introduced in 2012 it could've tried +filling in an extra interface name. That was made worse in 2019 when +the caller functions started accepting NULL arrays of size 0. + +This is assigned CVE-2024-1441. + +Signed-off-by: Martin Kletzander <mklet...@redhat.com> +Reported-by: Alexander Kuznetsov <kuznetso...@altlinux.org> +Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca +Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15 +Reviewed-by: Ján Tomko <jto...@redhat.com> +(cherry picked from commit c664015fe3a7bf59db26686e9ed69af011c6ebb8) + +Conflicts: + + * NEWS.rst + - missing context; the hunk is not relevant to the Debian + package anyway and has been dropped + +Forwarded: not-needed +Origin: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 +Bug-Debian: https://bugs.debian.org/1066058 +--- + src/interface/interface_backend_udev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c +index 54b43fb..01d6f55 100644 +--- a/src/interface/interface_backend_udev.c ++++ b/src/interface/interface_backend_udev.c +@@ -219,7 +219,7 @@ udevListInterfacesByStatus(virConnectPtr conn, + g_autoptr(virInterfaceDef) def = NULL; + + /* Ensure we won't exceed the size of our array */ +- if (count > names_len) ++ if (count >= names_len) + break; + + path = udev_list_entry_get_name(dev_entry); diff -Nru libvirt-9.0.0/debian/patches/backport/interface-fix-udev_device_get_sysattr_value-return-value-.patch libvirt-9.0.0/debian/patches/backport/interface-fix-udev_device_get_sysattr_value-return-value-.patch --- libvirt-9.0.0/debian/patches/backport/interface-fix-udev_device_get_sysattr_value-return-value-.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvirt-9.0.0/debian/patches/backport/interface-fix-udev_device_get_sysattr_value-return-value-.patch 2024-07-13 21:00:26.000000000 +0200 @@ -0,0 +1,97 @@ +From: Dmitry Frolov <fro...@swemel.ru> +Date: Tue, 12 Sep 2023 15:56:47 +0300 +Subject: interface: fix udev_device_get_sysattr_value return value check + +Reviewing the code I found that return value of function +udev_device_get_sysattr_value() is dereferenced without a check. +udev_device_get_sysattr_value() may return NULL by number of reasons. + +v2: VIR_DEBUG added, replaced STREQ(NULLSTR()) with STREQ_NULLABLE() +v3: More checks added, to skip earlier. More verbose VIR_DEBUG. + +Signed-off-by: Dmitry Frolov <fro...@swemel.ru> +Reviewed-by: Martin Kletzander <mklet...@redhat.com> +(cherry picked from commit 2ca94317ac642a70921947150ced8acc674ccdc8) + +Conflicts: + + * src/interface/interface_backend_udev.c + - slightly different (but functionally identical) format + string due to not having commit + be664663fab7c3fe008595767404ee2868f41a31 + +Forwarded: not-needed +Origin: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8 + +CVE-2024-2496 +--- + src/interface/interface_backend_udev.c | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c +index 01d6f55..b1702f6 100644 +--- a/src/interface/interface_backend_udev.c ++++ b/src/interface/interface_backend_udev.c +@@ -23,6 +23,7 @@ + #include <dirent.h> + #include <libudev.h> + ++#include "virlog.h" + #include "virerror.h" + #include "virfile.h" + #include "datatypes.h" +@@ -40,6 +41,8 @@ + + #define VIR_FROM_THIS VIR_FROM_INTERFACE + ++VIR_LOG_INIT("interface.interface_backend_udev"); ++ + struct udev_iface_driver { + struct udev *udev; + /* pid file FD, ensures two copies of the driver can't use the same root */ +@@ -354,11 +357,20 @@ udevConnectListAllInterfaces(virConnectPtr conn, + const char *macaddr; + g_autoptr(virInterfaceDef) def = NULL; + +- path = udev_list_entry_get_name(dev_entry); +- dev = udev_device_new_from_syspath(udev, path); +- name = udev_device_get_sysname(dev); ++ if (!(path = udev_list_entry_get_name(dev_entry))) { ++ VIR_DEBUG("Skipping interface, path == NULL"); ++ continue; ++ } ++ if (!(dev = udev_device_new_from_syspath(udev, path))) { ++ VIR_DEBUG("Skipping interface '%s', dev == NULL", path); ++ continue; ++ } ++ if (!(name = udev_device_get_sysname(dev))) { ++ VIR_DEBUG("Skipping interface '%s', name == NULL", path); ++ continue; ++ } + macaddr = udev_device_get_sysattr_value(dev, "address"); +- status = STREQ(udev_device_get_sysattr_value(dev, "operstate"), "up"); ++ status = STREQ_NULLABLE(udev_device_get_sysattr_value(dev, "operstate"), "up"); + + def = udevGetMinimalDefForDevice(dev); + if (!virConnectListAllInterfacesCheckACL(conn, def)) { +@@ -962,9 +974,9 @@ udevGetIfaceDef(struct udev *udev, const char *name) + + /* MTU */ + mtu_str = udev_device_get_sysattr_value(dev, "mtu"); +- if (virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) { ++ if (!mtu_str || virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, +- _("Could not parse MTU value '%s'"), mtu_str); ++ _("Could not parse MTU value '%s'"), NULLSTR(mtu_str)); + goto error; + } + ifacedef->mtu = mtu; +@@ -1087,7 +1099,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo) + goto cleanup; + + /* Check if it's active or not */ +- status = STREQ(udev_device_get_sysattr_value(dev, "operstate"), "up"); ++ status = STREQ_NULLABLE(udev_device_get_sysattr_value(dev, "operstate"), "up"); + + udev_device_unref(dev); + diff -Nru libvirt-9.0.0/debian/patches/backport/remote-check-for-negative-array-lengths-before-allocation.patch libvirt-9.0.0/debian/patches/backport/remote-check-for-negative-array-lengths-before-allocation.patch --- libvirt-9.0.0/debian/patches/backport/remote-check-for-negative-array-lengths-before-allocation.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvirt-9.0.0/debian/patches/backport/remote-check-for-negative-array-lengths-before-allocation.patch 2024-07-13 21:00:26.000000000 +0200 @@ -0,0 +1,217 @@ +From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berra...@redhat.com> +Date: Fri, 15 Mar 2024 10:47:50 +0000 +Subject: remote: check for negative array lengths before allocation +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +While the C API entry points will validate non-negative lengths +for various parameters, the RPC server de-serialization code +will need to allocate memory for arrays before entering the C +API. These allocations will thus happen before the non-negative +length check is performed. + +Passing a negative length to the g_new0 function will usually +result in a crash due to the negative length being treated as +a huge positive number. + +This was found and diagnosed by ALT Linux Team with AFLplusplus. + +CVE-2024-2494 +Reviewed-by: Michal Privoznik <mpriv...@redhat.com> +Found-by: Alexandr Shashkin <duty...@altlinux.org> +Co-developed-by: Alexander Kuznetsov <kuznetso...@altlinux.org> +Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> +(cherry picked from commit 8a3f8d957507c1f8223fdcf25a3ff885b15557f2) + +Forwarded: not-needed +Origin: https://gitlab.com/libvirt/libvirt/-/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2 +Bug-Debian: https://bugs.debian.org/1067461 +--- + src/remote/remote_daemon_dispatch.c | 65 +++++++++++++++++++++++++++++++++++++ + src/rpc/gendispatch.pl | 5 +++ + 2 files changed, 70 insertions(+) + +diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c +index 6c56e9e..a847bd6 100644 +--- a/src/remote/remote_daemon_dispatch.c ++++ b/src/remote/remote_daemon_dispatch.c +@@ -2287,6 +2287,10 @@ remoteDispatchDomainGetSchedulerParameters(virNetServer *server G_GNUC_UNUSED, + if (!conn) + goto cleanup; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -2335,6 +2339,10 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServer *server G_GNUC_UNUS + if (!conn) + goto cleanup; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -2493,6 +2501,10 @@ remoteDispatchDomainBlockStatsFlags(virNetServer *server G_GNUC_UNUSED, + goto cleanup; + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_BLOCK_STATS_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -2718,6 +2730,14 @@ remoteDispatchDomainGetVcpuPinInfo(virNetServer *server G_GNUC_UNUSED, + if (!(dom = get_nonnull_domain(conn, args->dom))) + goto cleanup; + ++ if (args->ncpumaps < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("ncpumaps must be non-negative")); ++ goto cleanup; ++ } ++ if (args->maplen < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maplen must be non-negative")); ++ goto cleanup; ++ } + if (args->ncpumaps > REMOTE_VCPUINFO_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("ncpumaps > REMOTE_VCPUINFO_MAX")); + goto cleanup; +@@ -2812,6 +2832,11 @@ remoteDispatchDomainGetEmulatorPinInfo(virNetServer *server G_GNUC_UNUSED, + if (!(dom = get_nonnull_domain(conn, args->dom))) + goto cleanup; + ++ if (args->maplen < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maplen must be non-negative")); ++ goto cleanup; ++ } ++ + /* Allocate buffers to take the results */ + if (args->maplen > 0) + cpumaps = g_new0(unsigned char, args->maplen); +@@ -2859,6 +2884,14 @@ remoteDispatchDomainGetVcpus(virNetServer *server G_GNUC_UNUSED, + if (!(dom = get_nonnull_domain(conn, args->dom))) + goto cleanup; + ++ if (args->maxinfo < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo must be non-negative")); ++ goto cleanup; ++ } ++ if (args->maplen < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo must be non-negative")); ++ goto cleanup; ++ } + if (args->maxinfo > REMOTE_VCPUINFO_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo > REMOTE_VCPUINFO_MAX")); + goto cleanup; +@@ -3098,6 +3131,10 @@ remoteDispatchDomainGetMemoryParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3158,6 +3195,10 @@ remoteDispatchDomainGetNumaParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_NUMA_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3218,6 +3259,10 @@ remoteDispatchDomainGetBlkioParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_BLKIO_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3279,6 +3324,10 @@ remoteDispatchNodeGetCPUStats(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_NODE_CPU_STATS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3346,6 +3395,10 @@ remoteDispatchNodeGetMemoryStats(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_NODE_MEMORY_STATS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3526,6 +3579,10 @@ remoteDispatchDomainGetBlockIoTune(virNetServer *server G_GNUC_UNUSED, + if (!conn) + goto cleanup; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -5092,6 +5149,10 @@ remoteDispatchDomainGetInterfaceParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_INTERFACE_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -5312,6 +5373,10 @@ remoteDispatchNodeGetMemoryParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_NODE_MEMORY_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl +index 54d55d9..d295c09 100755 +--- a/src/rpc/gendispatch.pl ++++ b/src/rpc/gendispatch.pl +@@ -1077,6 +1077,11 @@ elsif ($mode eq "server") { + print "\n"; + + if ($single_ret_as_list) { ++ print " if (args->$single_ret_list_max_var < 0) {\n"; ++ print " virReportError(VIR_ERR_RPC,\n"; ++ print " \"%s\", _(\"max$single_ret_list_name must be non-negative\"));\n"; ++ print " goto cleanup;\n"; ++ print " }\n"; + print " if (args->$single_ret_list_max_var > $single_ret_list_max_define) {\n"; + print " virReportError(VIR_ERR_RPC,\n"; + print " \"%s\", _(\"max$single_ret_list_name > $single_ret_list_max_define\"));\n"; diff -Nru libvirt-9.0.0/debian/patches/backport/storage-Fix-returning-of-locked-objects-from-virStoragePo.patch libvirt-9.0.0/debian/patches/backport/storage-Fix-returning-of-locked-objects-from-virStoragePo.patch --- libvirt-9.0.0/debian/patches/backport/storage-Fix-returning-of-locked-objects-from-virStoragePo.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvirt-9.0.0/debian/patches/backport/storage-Fix-returning-of-locked-objects-from-virStoragePo.patch 2024-07-13 21:00:26.000000000 +0200 @@ -0,0 +1,56 @@ +From: Peter Krempa <pkre...@redhat.com> +Date: Thu, 13 Jul 2023 16:16:37 +0200 +Subject: storage: Fix returning of locked objects from + 'virStoragePoolObjListSearch' +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +CVE-2023-3750 + +'virStoragePoolObjListSearch' explicitly documents that it's returning +a pointer to a locked and ref'd pool that maches the lookup function. + +This was not the case as in commit 0c4b391e2a9 (released in +libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD' +which auto-unlocked it when leaving the scope, even when the code was +originally "leaking" the lock. + +Revert the corresponding conversion and add a comment that this function +is intentionally leaking a locked object. + +Fixes: 0c4b391e2a9 +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851 +Signed-off-by: Peter Krempa <pkre...@redhat.com> +Reviewed-by: Ján Tomko <jto...@redhat.com> +(cherry picked from commit 9a47442366fcf8a7b6d7422016d7bbb6764a1098) + +Forwarded: not-needed +Origin: https://gitlab.com/libvirt/libvirt/-/commit/9a47442366fcf8a7b6d7422016d7bbb6764a1098 +Bug-Debian: https://bugs.debian.org/1041811 +--- + src/conf/virstorageobj.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/conf/virstorageobj.c b/src/conf/virstorageobj.c +index e6c187e..4e89f79 100644 +--- a/src/conf/virstorageobj.c ++++ b/src/conf/virstorageobj.c +@@ -454,11 +454,16 @@ virStoragePoolObjListSearchCb(const void *payload, + virStoragePoolObj *obj = (virStoragePoolObj *) payload; + struct _virStoragePoolObjListSearchData *data = + (struct _virStoragePoolObjListSearchData *)opaque; +- VIR_LOCK_GUARD lock = virObjectLockGuard(obj); + ++ virObjectLock(obj); ++ ++ /* If we find the matching pool object we must return while the object is ++ * locked as the caller wants to return a locked object. */ + if (data->searcher(obj, data->opaque)) + return 1; + ++ virObjectUnlock(obj); ++ + return 0; + } + diff -Nru libvirt-9.0.0/debian/patches/backport/virsh-Make-domif-setlink-work-more-than-once.patch libvirt-9.0.0/debian/patches/backport/virsh-Make-domif-setlink-work-more-than-once.patch --- libvirt-9.0.0/debian/patches/backport/virsh-Make-domif-setlink-work-more-than-once.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvirt-9.0.0/debian/patches/backport/virsh-Make-domif-setlink-work-more-than-once.patch 2024-07-13 21:00:26.000000000 +0200 @@ -0,0 +1,45 @@ +From: Michal Privoznik <mpriv...@redhat.com> +Date: Mon, 30 Jan 2023 10:55:22 +0100 +Subject: virsh: Make domif-setlink work more than once +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +In virsh, we have this convenient domif-setlink command, which is +just a wrapper over virDomainUpdateDeviceFlags() and which allows +setting link state of given guest NIC. It does so by fetching +corresponding <interface/> XML snippet and either putting <link +state=''/> into it, OR if the element already exists setting the +attribute to desired value. The XML is then fed into the update +API. + +There's, however, a small bug in detecting the pre-existence of +the element and its attribute. The code looks at "link" +attribute, while in fact, the attribute is called "state". + +Resolves: https://gitlab.com/libvirt/libvirt/-/issues/426 +Fixes: e575bf082ed4889280be07c986375f1ca15bb7ee +Signed-off-by: Michal Privoznik <mpriv...@redhat.com> +Reviewed-by: Ján Tomko <jto...@redhat.com> +(cherry-picked from commit 6f3f6c0f763b9ffd8ef93eb124c88dd0b79138fc) + +Forwarded: not-needed +Origin: https://gitlab.com/libvirt/libvirt/-/commit/6f3f6c0f763b9ffd8ef93eb124c88dd0b79138fc +Bug-Debian: https://bugs.debian.org/1075718 +--- + tools/virsh-domain.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c +index 6b431bd..59b2b3c 100644 +--- a/tools/virsh-domain.c ++++ b/tools/virsh-domain.c +@@ -3209,7 +3209,7 @@ cmdDomIfSetLink(vshControl *ctl, const vshCmd *cmd) + } + } + +- if (xmlHasProp(linkNode, BAD_CAST "link")) ++ if (xmlHasProp(linkNode, BAD_CAST "state")) + stateAttr = xmlSetProp(linkNode, BAD_CAST "state", BAD_CAST state); + else + stateAttr = xmlNewProp(linkNode, BAD_CAST "state", BAD_CAST state); diff -Nru libvirt-9.0.0/debian/patches/series libvirt-9.0.0/debian/patches/series --- libvirt-9.0.0/debian/patches/series 2023-05-21 11:31:31.000000000 +0200 +++ libvirt-9.0.0/debian/patches/series 2024-07-13 21:00:26.000000000 +0200 @@ -10,6 +10,11 @@ backport/rpc-Don-t-warn-about-max_client_requests-in-single-thread.patch backport/conf-Fix-migration-in-some-firmware-autoselection-scenari.patch backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch +backport/virsh-Make-domif-setlink-work-more-than-once.patch +backport/storage-Fix-returning-of-locked-objects-from-virStoragePo.patch +backport/Fix-off-by-one-error-in-udevListInterfacesByStatus.patch +backport/remote-check-for-negative-array-lengths-before-allocation.patch +backport/interface-fix-udev_device_get_sysattr_value-return-value-.patch forward/Skip-vircgrouptest.patch forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch forward/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
signature.asc
Description: PGP signature
