As scheduled I have pushed the tarballs and rpms of the new release at the usual place: ftp://libvirt.org/libvirt/ This is a medium sized release with less than 300 commits, with a inclination toward code improvements and bugs fixes, in particular fixes for 4 CVEs. It may be a good idea to upgrade ! Features: - various improvements to libxl driver (Jim Fehlig, Bamvor Jian Zhang) - systemd integration improvements (Daniel P. Berrange, Mooli Tayer) - Add flag to BaselineCPU API to return detailed CPU features (Don Dugger) - Introduce a virt-login-shell binary (Dan Walsh) - conf: add startupPolicy attribute for harddisk (Guannan Ren) Security: - provide supplemental groups even when parsing label (CVE-2013-4291) (Eric Blake) - Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292) (Daniel P. Berrange) - CVE-2013-5651 virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array (Peter Krempa) - CVE-2013-4239 xen: fix memory corruption in legacy driver (Jim Fehlig) Documentation: - Reformat <disk> attribute description in formatdomain (John Ferlan) - Update iSCSI storage pool example (John Ferlan) - Update formatsecrets to include more examples of each type (John Ferlan) - Update the formatdomain disk examples (John Ferlan) - Clean 09adfdc62de2b up (Michal Privoznik) - virt-pki-validate: add --help/--version option (Eric Blake) - virt-xml-validate: add --help/--version option (Eric Blake) - Discourage users to set hard_limit (Michal Privoznik) - Update polkit examples to use 'lookup' method (Daniel P. Berrange) - fix usb node device sub-element names (Xuesong Zhang) - virt-login-shell: improve error message grammar (Ruben Kerkhof) - storage pool permission copy-paste fix (Philipp Hahn) - mention VIR_TEST_RANGE (Eric Blake) - Document use of systemd socket activation (Daniel P. Berrange) - Remove leftovers from hyperv spinlocks documentation (Ján Tomko) - Fix typo in domain name in polkit acl example (Daniel P. Berrange) - Add documentation for access control system (Daniel P. Berrange) - Add an example config file for virtlockd (Daniel P. Berrange) - Add a man page for virtlockd daemon (Daniel P. Berrange) - Add info about access control checks into API reference (Daniel P. Berrange) - Fix minor typos in messages and docs (Yuri Chornoivan) Portability: - build: fix virtlockd file distribution (Eric Blake) - build: shipped files must not depend on BUILT_SOURCES (Eric Blake) - build: only create virt-login-shell for lxc builds (Eric Blake) - qemu: Only setup vhost if virtType == "kvm" (Cole Robinson) - Process virtlockd.conf instead of libvirtd.conf (Guido Günther) - Change way we fake dbus method calls (Daniel P. Berrange) - random: don't mix RAND_MAX with random_r (Eric Blake) - tests: skip schema validation tests if xmllint is missing (Eric Blake) - Check for --no-copy-dt-needed linker flag (Guido Günther) - Simplify RELRO_LDFLAGS (Guido Günther) - tests: fix building without xattr support (Claudio Bley) - nwfilter: Don't fail to start if DBus isn't available (Peter Krempa) - virsystemd: Don't fail to start VM if DBus isn't available or compiled in (Peter Krempa) - tools: Make sure to distribute conf_DATA, fix RPM build (Cole Robinson) - Directly link against needed libraries (Guido Günther) - Directly link against needed libraries (Guido Günther) - build: avoid -lgcrypt with newer gnutls (Eric Blake) - build: more workarounds for if_bridge.h (Eric Blake) - tests: avoid too-large constants (Eric Blake) - tests: work with older dbus (Eric Blake) - build: fix compilation of virt-login-shell.c (Jim Fehlig) - maint: the compiler is not always named gcc (Eric Blake) - build: fix qemuagenttest build with -O0 in fedora 19. (Jincheng Miao) - spec: RHEL-7 does not have sanlock on i686 (Jiri Denemark) - spec: Disable libssh2 support for RHEL (Peter Krempa) Bug Fixes: - qemu_hotplug: Resolve DEADCODE coverity error (John Ferlan) - Fix memory leak in cmdAttachDisk (Hongwei Bi) - python: Fix a PyList usage mistake (Guan Qiang) - qemu: Remove hostdev entry when freeing the depending network entry (Peter Krempa) - virsh: detect programming errors with option parsing (Eric Blake) - virt-sanlock-cleanup; Fix augtool usage (Jiri Denemark) - virsh: Fix debugging (Martin Kletzander) - virsh: free the caps list properly if one of them is invalid (Ján Tomko) - virsh: free the formatting string when listing pool details (Ján Tomko) - virsh: free the list from ListAll APIs even for 0 items (Ján Tomko) - virsh: free messages after logging them to a file (Ján Tomko) - Test network update XML parsing (Ján Tomko) - Always specify qcow2 compat level on qemu-img command line (Ján Tomko) - virsh: fix return value error of cpu-stats (Guannan Ren) - Don't free NULL network in cmdNetworkUpdate (Ján Tomko) - schema: Allow dots in device aliases (Jiri Denemark) - qemu: Don't update count of vCPUs if hot-plug fails silently (Peter Krempa) - tests: Add URI precedence checking (Martin Kletzander) - Fix URI connect precedence (Martin Kletzander) - libxl: fix libvirtd crash when reconnecting domains (Jim Fehlig) - migration: do not restore labels on failed migration (Eric Blake) - storage: Fix the use-after-free memory bug (Osier Yang) - storage: Fix coverity warning (Osier Yang) - qemu_conf: Fix broken logic for adding passthrough iscsi lun (Osier Yang) - libxl: Resolve possible NULL dereference (John Ferlan) - virsh: Don't leak list of volumes when undefining domain with storage (Peter Krempa) - virbitmaptest: Shut coverity up in case of broken test (Peter Krempa) - storage: Update pool metadata after adding/removing/resizing volume (Osier Yang) - virbitmaptest: Add test for out of bounds condition (Peter Krempa) - virsh-domain: Fix memleak in cmdCPUBaseline (Peter Krempa) - libxl: unref DomainObjPrivate on error path (Jim Fehlig) - virsh-domain: Fix memleak in cmdUndefine with storage (Peter Krempa) - Fix qemuProcessReadLog with non-zero offset (Ján Tomko) - network: permit upstream forwarding of unqualified DNS names (Laine Stump) - virsh-domain: Flip logic in cmdSetvcpus (Peter Krempa) - Don't crash in qemuBuildDeviceAddressStr (Guido Günther) - libxl: fix libvirtd segfault (Jim Fehlig) - Make check for /dev/loop device names stricter to avoid /dev/loop-control (Daniel P. Berrange) - libxl: fix node ranges in libxlNodeGetCellsFreeMemory() (Dario Faggioli) - Fix double-free and broken logic in virt-login-shell (Daniel P. Berrange) - virnettlscontext: Resolve Coverity warnings (UNINIT) (John Ferlan) - remote: Fix a segfault in remoteDomainCreateWithFlags (Alex Jia) - qemu: Allow hotplug of multiple SCSI devices (Eric Farman) - Fix validation of CA certificate chains (Daniel P. Berrange) - Reverse logic allowing partial DHCP host XML (Ján Tomko) - xen: Use internal interfaces in xenDomainUsedCpus (Stefan Bader) - qemu_migration: Don't error on tunelled migration with --copy-storage (Michal Privoznik) - build: fix missing max_queued_clients in augeas test file for libvirtd.conf (Laine Stump) - Fix crashing upgrading from older libvirts with running guests (Daniel P. Berrange) - Avoid crash if NULL is passed for filename/funcname in logging (Daniel P. Berrange) - qemumonitortestutils: Don't skip va_end() on error path (Peter Krempa) - tests: Coverity found new NULL_RETURNS (John Ferlan) - Configuring systemd to restart libvirt on failure (Mooli Tayer) - xen: Avoid double free of virDomainDef in xenDaemonCreateXML (Stefan Bader) Improvements: - build: fix 'make distcheck' out of the box (Eric Blake) - virsh-domain: rename print_job_progress to vshPrintJobProgress (Peter Krempa) - Prohibit unbounded arrays in XDR protocols (Daniel P. Berrange) - Add bounds checking on virConnectListAllSecrets RPC call (Daniel P. Berrange) - Add bounds checking on virConnectListAllNWFilters RPC call (Daniel P. Berrange) - Add bounds checking on virConnectListAllNodeDevices RPC call (Daniel P. Berrange) - Add bounds checking on virConnectListAllInterfaces RPC call (Daniel P. Berrange) - Add bounds checking on virConnectListAllNetworks RPC call (Daniel P. Berrange) - Add bounds checking on virStoragePoolListAllVolumes RPC call (Daniel P. Berrange) - Add bounds checking on virConnectListAllStoragePools RPC call (Daniel P. Berrange) - Add bounds checking on virConnectListAllDomains RPC call (Daniel P. Berrange) - Add bounds checking on virDomain{SnapshotListAllChildren,ListAllSnapshots} RPC calls (Daniel P. Berrange) - Add bounds checking on virDomainGetJobStats RPC call (Daniel P. Berrange) - autogen.sh: Correctly detect .git as a file (Michal Privoznik) - bridge_driver: Introduce networkObjFromNetwork (Michal Privoznik) - virsh-pool.c: Don't jump over variable declaration (Michal Privoznik) - Remove the space before the slash in network XML (Ján Tomko) - Build QEMU command line for pcihole64 (Ján Tomko) - Add pcihole64 element to root PCI controllers (Ján Tomko) - Allow controller XML parsing to use XPath context (Ján Tomko) - Move virDomainParseScaledValue earlier (Ján Tomko) - Add ftp protocol support for cdrom disk (Aline Manera) - Add http protocol support for cdrom disk (Aline Manera) - virsh: C99 style for info_domfstrim and opts_lxc_enter_namespace (Tomas Meszaros) - qemuDomainAttachHostPciDevice: Fall back to mem balloon if there's no hard_limit (Michal Privoznik) - qemuhotplugtest: Add tests for virtio SCSI disk hotplug (Jiri Denemark) - qemuhotplugtest: Add tests for USB disk hotplug (Jiri Denemark) - qemuhotplugtest: Add tests for async virtio disk detach (Jiri Denemark) - qemuhotplugtest: Add support for DEVICE_DELETED event (Jiri Denemark) - qemu: Let tests override waiting time for device unplug (Jiri Denemark) - qemu: Export qemuProcessHandleDeviceDeleted for tests (Jiri Denemark) - tests: Add support for passing driver to qemu monitor (Jiri Denemark) - tests: Add support for passing vm to qemu monitor (Jiri Denemark) - qemuhotplugtest: Add tests for virtio disk hotplug (Jiri Denemark) - qemuxml2argvtest: Add XML for testing device hotplug (Jiri Denemark) - qemuhotplugtest: Define QMP_OK for the most common reply (Jiri Denemark) - qemuhotplugtest: Compare domain XML after device hotplug (Jiri Denemark) - qemuhotplugtest: Generate better output (Jiri Denemark) - qemu: Move qemuDomainDetachDeviceDiskLive to qemu_hotplug.c (Jiri Denemark) - qemu: Move qemuDomainAttachDeviceDiskLive to qemu_hotplug.c (Jiri Denemark) - qemu: Avoid using global qemu_driver in event handlers (Jiri Denemark) - qemu: Typedef monitor callbacks (Jiri Denemark) - python: simplify complicated conditional assignment (Claudio Bley) - Test for object identity when checking for None in Python (Claudio Bley) - qemuagenttest.c: Missing documentation (Timeout) (Nehal J Wani) - python: Use RELRO_LDFLAGS and NO_INDIRECT_LDFLAGS (Guido Günther) - Set security label on FD for virDomainOpenGraphics (Daniel P. Berrange) - qemuBuildNicDevStr: Add mq=on for multiqueue networking (Michal Privoznik) - virBitmapParse: Fix behavior in case of error and fix up callers (Peter Krempa) - VMX: Improve disk parse error for unknown values (Doug Goldstein) - bridge driver: implement networkEnableIpForwarding for BSD (Roman Bogorodskiy) - BSD: implement virNetDev(Set|Clear)IPv4Address (Roman Bogorodskiy) - Test handling of non-existent x509 certs (Daniel P. Berrange) - Report secret usage error message similarly (John Ferlan) - virsh: Print cephx and iscsi usage (John Ferlan) - selinux: enhance test to cover nfs label failure (Eric Blake) - selinux: distinguish failure to label from request to avoid label (Eric Blake) - virsh-pool: Improve error message in cmdPoolList (Peter Krempa) - virsh: modify vshStringToArray to duplicate the elements too (Peter Krempa) - qemuBuildCommandLine: Fall back to mem balloon if there's no hard_limit (Michal Privoznik) - qemuSetupMemoryCgroup: Handle hard_limit properly (Michal Privoznik) - virt-xml-validate: add missing schemas (Eric Blake) - libxl: implement NUMA capabilities reporting (Jim Fehlig) - virdbus: Add virDBusHasSystemBus() (Peter Krempa) - Make max_clients in virtlockd configurable (David Weber) - snapshot_conf: Allow parsing an XML node (Cole Robinson) - test: Unify object XML parsing (Cole Robinson) - test: Simplify args passed to testDomainStartState (Cole Robinson) - test: Split object parsing into their own functions (Cole Robinson) - maint: slightly reduce configure size (Eric Blake) - libxl: refactor capabilities code (Jim Fehlig) - virbitmaptest: Fix function header formatting (Peter Krempa) - maint: update gnulib submodule (Eric Blake) - maint: fix typo for 'switch' (Eric Blake) - examples: support crash events in event-test.py (Giuseppe Scrivano) - cpu: Add Power7+ and Power8 CPU definition in map.xml (Li Zhang) - Ensure that /dev exists in the container root filesystem (Daniel P. Berrange) - Properly handle -h / -V for --help/--version aliases in virtlockd/libvirtd (Daniel P. Berrange) - Address missed feedback from review of virt-login-shell (Daniel P. Berrange) - Honour root prefix in lxcContainerMountFSBlockAuto (Daniel P. Berrange) - tests: Fix parallel runs of TLS test suites (Martin Kletzander) - cgroup macros refactoring, part 5 (Roman Bogorodskiy) - cgroup macros refactoring, part 4 (Roman Bogorodskiy) - cgroup macros refactoring, part 3 (Roman Bogorodskiy) - cgroup macros refactoring, part 2 (Roman Bogorodskiy) - cgroup macros refactoring, part 1 (Roman Bogorodskiy) - cgroup: functional sort (Eric Blake) - cgroup: topological sort (Eric Blake) - cgroup: use consistent formatting (Eric Blake) - Add missing ATTRIBUTE_UNUSED (Guido Günther) - virsh: nicer abort of blockcopy (Eric Blake) - tests: Skip virsh-all test as expensive (Peter Krempa) - qemuagenttest: Test timeout of agent commands (Peter Krempa) - tests: add helper to determine when to skip expensive tests (Eric Blake) - build: add configure option to disable gnulib tests (Eric Blake) - qemuagenttest: Test arbitrary command passthrough (Peter Krempa) - Record the where the auto-generated data comes from (Daniel P. Berrange) - tests: test negative number through dbus (Eric Blake) - libxl: Create per-domain log file (Jim Fehlig) - Fix parallel runs of TLS test suites (Daniel P. Berrange) - configure: fix formatting of missing pkg-config modules error (Giuseppe Scrivano) - Ensure securityfs is mounted readonly in container (Dan Walsh) - Change data passed into TLS test cases (Daniel P. Berrange) - Avoid re-generating certs every time (Daniel P. Berrange) - Split TLS test into two separate tests (Daniel P. Berrange) - maint: avoid C99 loop declaration (Eric Blake) - qemu: support to drop disk with 'optional' startupPolicy (Guannan Ren) - nwfilter: Use -m conntrack rather than -m state (Stefan Berger) - virGetGroupList: always include the primary group (Guido Günther) - qemu: improve error reporting during PCI address validation (Laine Stump) - qemu: enable using implicit sata controller in q35 machines (Laine Stump) - qemu: properly set/use device alias for pci controllers (Laine Stump) - qemu: fix handling of default/implicit devices for q35 (Laine Stump) - qemu: add dmi-to-pci-bridge controller (Laine Stump) - qemu: add pcie-root controller (Laine Stump) - qemu: enable auto-allocate of all PCI addresses (Laine Stump) - Introduce max_queued_clients (Michal Privoznik) - RPC: Don't accept client if it would overcommit max_clients (Michal Privoznik) - qemu: eliminate almost-duplicate code in qemu_command.c (Laine Stump) - qemu: rename some functions in qemu_command.c (Laine Stump) - conf: add default USB controller in qemu post-parse callback (Laine Stump) - spec: Explicitly claim ownership of channel subdir (Jiri Denemark) - Ensure LXC/QEMU APIs set the filename for errors (Daniel P. Berrange) - Remove reference to python/tests from RPM %doc (Daniel P. Berrange) - qemuagenttest: Check invalid response in shutdown test (Peter Krempa) - qemuagenttest: Fix checking of shutdown mode (Peter Krempa) - bridge driver: extract platform specifics (Roman Bogorodskiy) - valgrind: Adjust filter for _dl_allocate_tls (John Ferlan) - maint: use modern autoconf idioms (Eric Blake) - qemu: check presence of each disk and its backing file as well (Guannan Ren) - qemu: add helper functions for diskchain checking (Guannan Ren) - qemu: refactor qemuDomainCheckDiskPresence for only disk presence check (Guannan Ren) - Enable support for systemd-machined in cgroups creation (Daniel P. Berrange) - Cope with races while killing processes (Daniel P. Berrange) - Add support for systemd cgroup mount (Daniel P. Berrange) - Add APIs for formatting systemd slice/scope names (Daniel P. Berrange) - qemuagenttest: Add tests for CPU plug functions and helpers (Peter Krempa) - qemuagenttest: Introduce testing of shutdown commands (Peter Krempa) - qemuagenttest: Add testing of agent suspend modes (Peter Krempa) - qemuagenttest: Test the filesystem trimming (Peter Krempa) - tests: Add qemuagenttest (Peter Krempa) - qemumonitortestutils: Add the ability to check arguments of commands (Peter Krempa) - qemumonitortestutils: Improve error reporting from mock qemu monitor (Peter Krempa) - qemumonitortestutils: Add instrumentation for guest agent testing (Peter Krempa) - qemumonitortestutils: Split lines on \n instead of \r\n (Peter Krempa) - qemumonitortestutils: Refactor the test helpers to allow reuse (Peter Krempa) - qemumonitortestutils: Split up creation of the test to allow reuse (Peter Krempa) - qemumonitortestutils: Don't crash on non fully initialized test (Peter Krempa) - qemumonitortestutils: remove multiline function calls (Peter Krempa) - qemumonitortestutils: Use VIR_DELETE_ELEMENT and VIR_APPEND_ELEMENT (Peter Krempa) - qemumonitortestutils: Use consistent header style and line spacing (Peter Krempa) - qemu_agent: Remove obvious comments (Peter Krempa) - qemu_agent: Move updater function for VCPU hotplug into qemu_agent.c (Peter Krempa) - qemu_agent: Output newline at the end of the sync JSON message (Peter Krempa) - conf: Export virDomainChrSourceDefClear() (Peter Krempa) - add console support in libxl (Bamvor Jian Zhang) - util: add virGetUserDirectoryByUID (Dan Walsh) - maint: fix typo for SENTINEL (Eric Blake) - spec: Don't mix commands with macro definitions (Jiri Denemark) - spec: Use --enable-werror on RHEL (Jiri Denemark) - tests: Put a mock library at the start of LD_PRELOAD (Jiri Denemark) - Support apparmor in RPM spec (Daniel P. Berrange) - Delete obsolete / unused python test files (Daniel P. Berrange) Cleanups: - qemu_hotplug: Fix whitespace around addition in argument (Peter Krempa) - qemu: Drop qemuDomainMemoryLimit (Michal Privoznik) - maint: avoid bootstrap warning (Eric Blake) - libxl: remove unnecessary curly braces (Jim Fehlig) - virtio-rng: Remove double space in error message (Peter Krempa) - Don't mark parentIndex with ATTRIBUTE_UNUSED (Ján Tomko) Thanks everybody who contributed to this release in some ways, ideas, bug reports, patches or reviews ! Including localization updates, we now have a dozen of languague with complete or near complate translations :-) Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard@xxxxxxxxxx | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list