As planned the release of libvirt 1.2.9 is available, tagged in git, signed sources and rpms are available at the usual place: ftp://libvirt.org/libvirt/ I also pushed the libvirt-python release 1.2.9 to its own location: ftp://libvirt.org/libvirt/python/ This release introduce some new APIs and functionalities as well as a number of bug fixes including 2 security fixes: CVE-2014-3633 and CVE-2014-3657 which has been pushed as part of the release. There is also a number of improvements available. In a nutshell users are invited to upgrade. Features: - Introduce virNodeAllocPages (Michal Privoznik) - event: introduce new event for tunable values (Pavel Hrdina) - add migration support for OpenVZ driver (Hongbin Lu) - Add support for fetching statistics of completed jobs (Jiri Denemark) Security: - CVE-2014-3657: domain_conf: fix domain deadlock (Pavel Hrdina) - CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk (Peter Krempa) Documentation: - LXC: emphasis uid start of idmap only accept '0' in docs (Chen Hanxiao) - specify vhost-net instead of net-vhost (Jianwei Hu) - LXC: add HOME environment variable docs (Chen Hanxiao) - update zfs documentation (Roman Bogorodskiy) - man: virsh: Add docs for supported stats groups (Peter Krempa) - lib: Document that virConnectGetAllDomainStats may omit some stats fields (Peter Krempa) - lib: De-duplicate stats group documentation for all stats functions (Peter Krempa) - util: Fix copy-paste error in virXPathLongLong description (Martin Kletzander) - formatdomain: Update <loader/> example to match the rest (Michal Privoznik) - virsh: desc command in --title mode mentions description instead of title (Peter Krempa) - fix encryption format attribute in example (Ján Tomko) Bug Fixes: - Allow setting migration max downtime any time (Chris St. Pierre) - qemu: monitor: return block stats data as a hash to avoid disk mixup (Peter Krempa) - Also filter out non-migratable features out of host-passthrough (Ján Tomko) - Don't verify CPU features with host-passthrough (Ján Tomko) - Fix crash cpu_shares change event crash on domain startup (Ján Tomko) - storage: Fix logical pool fmt type (Erik Skultety) - virsh: Fix help message of allocpages (Tomoki Sekiyama) - qemu: remove capabilities.monitor.sock when done (Guido Günther) - conf: report error in virCPUDefParseXML (Jincheng Miao) - Check for NULL in qemu monitor event filter (Ján Tomko) - qemuPrepareNVRAM: Save domain after NVRAM path generation (Michal Privoznik) - remoteNodeGetFreePages: Don't alloc args.pages.pages_val (Michal Privoznik) - virNodeAllocPages: Disallow RO connection (Michal Privoznik) - polkit_driver: fix possible segfault (Pavel Hrdina) - blkdeviotune: fix bug with saving values into live XML (Pavel Hrdina) - security: Fix labelling host devices (bz 1145968) (Cole Robinson) - nodeinfo: fix nodeGetFreePages when max node is zero (Jincheng Miao) - Fix bug with loading bridge name for active domain during libvirtd start (Pavel Hrdina) - libvirt-guests: run after time-sync.target (Jim Fehlig) - qemu: Fix memory leak in RDMA migration code (Jiri Denemark) - nodeinfo: report error when given node is out of range (Jincheng Miao) - virsh-host: fix pagesize unit of freepages (Jincheng Miao) - qemu: raise an error when trying to use readonly sata disks (Giuseppe Scrivano) - qemu: Add missing goto on rawio (John Ferlan) - Move the FIPS detection from capabilities (Pavel Hrdina) - virSecuritySELinuxSetTapFDLabel: Temporarily revert to old behavior (Michal Privoznik) - audit: fix memory leak without WITH_AUDIT (Ján Tomko) - Fixes for domains with no iothreads (Ján Tomko) - Fix leak in x86UpdateHostModel (Ján Tomko) - Fix libvirtd crash when removing metadata (Erik Skultety) - qemu: Don't fail startup/attach for IOThreads if no JSON (John Ferlan) - qemu: fix crash with shared disks (Ján Tomko) - qemu: Honor hugepages for UMA domains (Michal Privoznik) - conf: Disallow nonexistent NUMA nodes for hugepages (Michal Privoznik) - domaincapstest: Run cleanly on systems missing OVMF firmware (Michal Privoznik) - util: storage: Copy driver type when initializing chain element (Peter Krempa) - qemu: time: Report errors if agent command fails (Peter Krempa) - network: check negative values in bridge queues (Erik Skultety) - openvz: fixed two memory leaks on migration code (Hongbin Lu) - util: storage: Fix qcow(2) header parser according to docs (Peter Krempa) - qemu: Fix call in qemuDomainSetNumaParamsLive for virCgroupNewIOThread (John Ferlan) - qemu: Fix iothreads issue (John Ferlan) - domain_conf: Add iothreadpin to cputune (John Ferlan) - network: check for invalid forward delay time (Erik Skultety) - qemu: Fix build breaker on printf directive (John Ferlan) - daemon: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity BAD_SIZEOF (John Ferlan) - Resolve Coverity CHECKED_RETURN (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - domain_conf: Resolve Coverity COPY_PASTE_ERROR (John Ferlan) - virtime: Resolve Coverity DEADCODE (John Ferlan) - remote_driver: Resolve Coverity RESOURCE_LEAK (John Ferlan) - node_device_udev: Try harder to get human readable vendor:product (Lubomir Rintel) - util: fix potential leak in error codepath (Martin Kletzander) - network: try to eliminate default network conflict during package install (Laine Stump) - libxl: Resolve Coverity CHECKED_RETURN (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - virfile: Resolve Coverity RESOURCE_LEAK (John Ferlan) - virutil: Resolve Coverity RESOURCE_LEAK (John Ferlan) - daemon: Resolve Coverity RESOURCE_LEAK (John Ferlan) - virsh: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - libvirt.spec: Fix permission even for libvirt-driver-qemu (Michal Privoznik) - libxl: fix mapping of libvirt and libxl lifecycle actions (Jim Fehlig) - nvram: Fix permissions (Michal Privoznik) - libxl: Resolve Coverity NULL_RETURNS (John Ferlan) - qemu: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - qemu: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - xen: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - nodeinfo: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - qemu: Resolve Coverity NEGATIVE_RETURNS (John Ferlan) - network_conf: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - virstring: Resolve Coverity FORWARD_NULL (John Ferlan) - network: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - lxc: Resolve Coverity FORWARD_NULL (John Ferlan) - qemu: Resolve Coverity FORWARD_NULL (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - tests: Resolve Coverity DEADCODE (John Ferlan) - qemu: Resolve Coverity DEADCODE (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - virfile: Resolve Coverity DEADCODE (John Ferlan) - virsh: Resolve Coverity DEADCODE (John Ferlan) - storage: Resolve Coverity OVERFLOW_BEFORE_WIDEN (John Ferlan) - qemu: Resolve Coverity REVERSE_INULL (John Ferlan) - vbox: Resolve Coverity UNUSED_VALUE (John Ferlan) - storage: Resolve Coverity UNUSED_VALUE (John Ferlan) - qemu_driver: Resolve Coverity COPY_PASTE_ERROR (John Ferlan) - selinux: Properly check TAP FD label (Michal Privoznik) - qemu: Silence coverity on optional migration stats (Jiri Denemark) - qemu: panic device: check for invalid address type (Erik Skultety) - qemu: Propagate QEMU errors during incoming migrations (Jiri Denemark) - selinux: Avoid label reservations for type = none (Shivaprasad G Bhat) - storage_conf: Fix libvirtd crash when defining scsi storage pool (Pradipta Kr. Banerjee) - Don't include non-migratable features in host-model (Ján Tomko) - conf: Fix even implicit labels (Michal Privoznik) - apparmor: allow reading cap_last_cap (Felix Geyer) - security: fix DH key generation when FIPS mode is on (Giuseppe Scrivano) - lxc_container: Resolve Coverity RESOURCE_LEAK (Wang Rui) - vircgroup: Resolve Coverity RESOURCE_LEAK (Wang Rui) - qemu_process: Resolve Coverity RESOURCE_LEAK (Wang Rui) - remote: Resolve Coverity RESOURCE_LEAK (Wang Rui) - test_conf: Resolve Coverity RESOURCE_LEAK (Wang Rui) - tests: Resolve Coverity RESOURCE_LEAK in commandhelper (Wang Rui) - sanlock: Avoid freeing uninitialized value (Jiri Denemark) - qemu: ensure sane umask for qemu process (Chunyan Liu) - spec: Fix preun script for daemon (Jiri Denemark) - remote: Fix memory leak on error path when deserializing bulk stats (Peter Krempa) - Free ifname in testDomainGenerateIfnames (Ján Tomko) Portability: - qemu: monitor: Avoid shadowing variable "devname" on FreeBSD (Peter Krempa) - lxc_monitor_protocol: Redefine xdr_uint64_t if needed (Michal Privoznik) - Fix build without polkit (Pavel Hrdina) - Fix MinGW build (Pavel Hrdina) - Fix build in qemu_command (Roman Bogorodskiy) - Fix build in qemu_capabilities (Roman Bogorodskiy) - bhyve: tests: fix build (Roman Bogorodskiy) - virprocess: Extend list of platforms for setns wrapper (Michal Privoznik) - vircgroup: Fix broken builds without cgroups (John Ferlan) - util/virprocess.c: fix MinGW build (Pavel Hrdina) - blockjob: avoid 32-bit compilation warning (Eric Blake) Improvements: - Fix typo s/EMULATORIN/EMULATORPIN/ (Daniel P. Berrange) - Rename tunable event constants (Daniel P. Berrange) - qemu: Always re-detect backing chain (Peter Krempa) - event_example: cleanup example code for tunable event (Pavel Hrdina) - parallels: login to parallels SDK (Dmitry Guryanov) - parallels: build with parallels SDK (Dmitry Guryanov) - virnetserver: Raise log level of max_clients related messages (Michal Privoznik) - blkdeviotune: trigger tunable event for blkdeviotune updates (Pavel Hrdina) - tunable_event: extend debug message and tweak limit for remote message (Pavel Hrdina) - virsh: Expose virNodeAllocPages (Michal Privoznik) - nodeinfo: Implement nodeAllocPages (Michal Privoznik) - virnuma: Introduce virNumaSetPagePoolSize (Michal Privoznik) - nodeGetFreePages: Push forgotten change (Michal Privoznik) - Convert polkit code to use DBus API instead of CLI helper (Daniel P. Berrange) - Support passing dict by reference for dbus messages (Daniel P. Berrange) - Convert remote daemon & acl code to use polkit API (Daniel P. Berrange) - Convert callers to use typesafe APIs for getting identity attrs (Daniel P. Berrange) - Convert callers to use typesafe APIs for setting identity attrs (Daniel P. Berrange) - Add typesafe APIs for virIdentity attributes (Daniel P. Berrange) - Add common API for doing polkit authentication (Daniel P. Berrange) - qemu: wire up virtio-net segment offloading options (Ján Tomko) - conf: add options for disabling segment offloading (Ján Tomko) - storage: Improve error message when traversing backing chains (Peter Krempa) - qemu: Report better errors from broken backing chains (Peter Krempa) - qemu: Sanitize argument names and empty disk check in qemuDomainDetermineDiskChain (Peter Krempa) - util: storage: Allow metadata crawler to report useful errors (Peter Krempa) - cputune_event: queue the event for cputune updates (Pavel Hrdina) - add an example how to use tunable event (Pavel Hrdina) - conf: sanitize tap and vhost paths (Martin Kletzander) - qemuBuildNumaArgStr: Discard def->cpu check (Michal Privoznik) - nodeinfo: Prefer MIN in nodeGetFreePages (Michal Privoznik) - domain_conf: separate structures from virDomainDef (Pavel Hrdina) - Fix typo of virNodeGetFreePages comment (Jincheng Miao) - qemu: Memory pre-pinning support for RDMA migration (Michael R. Hines) - qemu: RDMA migration support (Michael R. Hines) - qemu: Add RDMA migration capabilities (Jiri Denemark) - qemu: Prepare support for arbitrary migration protocol (Jiri Denemark) - qemu: Fix old tcp:host URIs more cleanly (Jiri Denemark) - qemu: Expose additional migration statistics (Michael R. Hines) - cpu: fix wrong single quote mark (Chen Fan) - cpu: remove repeated word in error message (Daniel P. Berrange) - qemu: hook: Provide hook when restoring a domain save image (Peter Krempa) - schema: properly set tap and vhost backend attributes optional (Jianwei Hu) - qemu: save image: Split out checks done only when editing the save img (Peter Krempa) - qemu: save image: Split out new definition check/update (Peter Krempa) - qemu: save image: Add possibility to return XML stored in the image (Peter Krempa) - qemu: save image: Split out user provided XML checker (Peter Krempa) - libxl: Drop driver lock in libxlDomainDefineXML (Jim Fehlig) - qemu: Process the hostdev "rawio" setting (John Ferlan) - hostdev: Add "rawio" attribute to _virDomainHostdevSubsysSCSI (John Ferlan) - domain_conf: Change virDomainDiskDef 'rawio' to use virTristateBool (John Ferlan) - storage: zfs: implement pool build and delete (Roman Bogorodskiy) - qemu: Improve check for local storage (Peter Krempa) - maint: clean up _virDomainMemoryStat (Wang Yufei) - maint: clean up _virDomainBlockStats (Wang Yufei) - maint: clean up _virDomainInterfaceStats (Wang Yufei) - virsh: add options to query bulk stats group (Francesco Romani) - qemu: bulk stats: implement block group (Francesco Romani) - qemu: bulk stats: implement interface group (Francesco Romani) - qemu: bulk stats: implement VCPU group (Francesco Romani) - qemu: bulk stats: implement balloon group (Francesco Romani) - qemu: bulk stats: implement CPU stats group (Francesco Romani) - qemu: bulk stats: extend internal collection API (Francesco Romani) - rpc: make daemon spawning a bit more intelligent (Martin Kletzander) - domaincaps: Expose UEFI binary path, if it exists (Michal Privoznik) - qemu_capabilities: Change virQEMUCapsFillDomainCaps signature (Michal Privoznik) - qemu: add support for shared memory mapping (Martin Kletzander) - docs, conf, schema: add support for shared memory mapping (Martin Kletzander) - schemas: finish virTristate{Bool,Switch} transition (Martin Kletzander) - qemu: Add support for multiple versions of 'pseries' machine type (Pradipta Kr. Banerjee) - domaincaps: Expose UEFI capability (Michal Privoznik) - Wire up the interface backend options (Ján Tomko) - conf: add backend element to interfaces (Ján Tomko) - conf: remove redundant local variable (Ján Tomko) - conf: split out virtio net driver formatting (Ján Tomko) - qemu: Need to check for capability before query (John Ferlan) - cputune: allow interleaved xml (Eric Blake) - network: detect conflicting route even if it is the final entry (Laine Stump) - qemu: Allow pinning specific IOThreads to a CPU (John Ferlan) - qemu_cgroup: Introduce cgroup functions for IOThreads (John Ferlan) - qemu_domain: Add niothreadpids and iothreadpids (John Ferlan) - vircgroup: Introduce virCgroupNewIOThread (John Ferlan) - qemu: Issue query-iothreads and to get list of active IOThreads (John Ferlan) - virsh: Add iothread to 'attach-disk' (John Ferlan) - util: get rid of unnecessary umask() call (Martin Kletzander) - remove redundant pidfile path constructions (Martin Kletzander) - rpc: reformat the flow to make a bit more sense (Martin Kletzander) - blockjob: allow finer bandwidth tuning for set speed (Eric Blake) - blockcopy: add qemu implementation of new tunables (Eric Blake) - blockcopy: add qemu implementation of new API (Eric Blake) - blockcopy: tweak how rebase calls into copy (Eric Blake) - virDomainUndefineFlags: Allow NVRAM unlinking (Michal Privoznik) - virsh: Move --completed from resume to domjobinfo (Jiri Denemark) - conf: snapshot: Don't default-snapshot empty drives (Peter Krempa) - util: Add function to check if a virStorageSource is "empty" (Peter Krempa) - tests: Add more test suite mock helpers (Daniel P. Berrange) - util: Allow port allocator to skip bind() check (Daniel P. Berrange) - qemu: remove leftover virResetLastError (Ján Tomko) - util: storage: Convert disk locality check to switch statement (Peter Krempa) - virprocess: Introduce our own setns() wrapper (Michal Privoznik) - qemu: dump: Resume CPUs only when the VM is still alive (Peter Krempa) - util: process: Don't report OOM errors in helper (Peter Krempa) - qemu: Automatically create NVRAM store (Michal Privoznik) - qemu: Implement extended loader and nvram (Michal Privoznik) - conf: Extend <loader/> and introduce <nvram/> (Michal Privoznik) - qemu: Transfer recomputed stats back to source (Jiri Denemark) - qemu: Recompute downtime and total time when migration completes (Jiri Denemark) - qemu: Transfer migration statistics to destination (Jiri Denemark) - virsh: Add support for completed job stats (Jiri Denemark) - qemu: Avoid incrementing jobs_queued if virTimeMillisNow fails (Jiri Denemark) - Refactor job statistics (Jiri Denemark) - virsh: additional scaled output units (Eric Blake) - util: let virSetSockReuseAddr report unified error message (Martin Kletzander) - blockcopy: add a way to parse disk source (Eric Blake) - qemu: snapshot: Simplify error paths (Peter Krempa) - qemu: snapshot: Fix snapshot function header formatting and spacing (Peter Krempa) - qemu: snapshot: Acquire job earlier on snapshot revert/delete (Jincheng Miao) - qemu: snapshot: Fix job handling when creating snapshots (Peter Krempa) - qemu: Rename DEFAULT_JOB_MASK to QEMU_DEFAULT_JOB_MASK (Peter Krempa) - blockcopy: remote implementation for new API (Eric Blake) - blockcopy: expose new API in virsh (Eric Blake) - maint: update to latest gnulib (Eric Blake) - blockcopy: split out virsh implementation (Eric Blake) - blockcopy: allow block device destination (Eric Blake) - blockjob: add new --bytes flag to virsh blockjob (Eric Blake) - blockjob: add new --raw flag to virsh blockjob (Eric Blake) - blockjob: split up virsh blockjob info (Eric Blake) - blockjob: allow finer bandwidth tuning for query (Eric Blake) - blockjob: add new monitor json conversions (Eric Blake) - blockjob: hoist bandwidth scaling out of monitor code (Eric Blake) - blockjob: split out block info monitor handling (Eric Blake) - tests: Add test cases for previous commit (Michal Privoznik) - blockjob: split out block info driver handling (Eric Blake) - blockjob: shuffle block rebase code (Eric Blake) - maint: tighten curly brace syntax checking (Eric Blake) - maint: use hanging curly braces (Eric Blake) - maint: enforce previous if-else {} cleanups (Eric Blake) - maint: use consistent if-else braces in remaining spots (Eric Blake) - maint: use consistent if-else braces in lxc, vbox, phyp (Eric Blake) - maint: use consistent if-else braces in xen and friends (Eric Blake) - maint: use consistent if-else braces in qemu (Eric Blake) - maint: use consistent if-else braces in conf and friends (Eric Blake) - LXC: add HOME environment variable (Chen Hanxiao) - tests: force FIPS testing mode with new enough GNU TLS versions (Giuseppe Scrivano) - command: test umask support (Eric Blake) - util: don't shadow global umask declaration (Martin Kletzander) - util: Introduce flags field for macvtap creation (Matthew Rosato) Cleanups: - nodeinfo: fix version of nodeAllocPages (Tomoki Sekiyama) - audit: remove redundant NULL assignment (Ján Tomko) - qemu: Drop unused formatting of uuid (Peter Krempa) - qemu_cgroup: Adjust spacing around incrementor (John Ferlan) - qemu: dump: Fix formatting of function headers and code inline (Peter Krempa) - virsh: domain: Clean up handling of "dom" in "save" command (Peter Krempa) Thanks everybody who helped with this release, with ideas, reports, patches, documentation or localizations ! Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard@xxxxxxxxxx | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list