Bug#777568: unblock: libvirt/1.2.9-9
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libvirt
This upload fixes two bugs with qemu/kvm preventing VMs to start. The
cleanup is an upgrade issue while the caps probing is a race with
recent (as in jessie) qemu.
Please unblock libvirt.
Cheers,
-- Guido
unblock libvirt/1.2.9-9
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-rc6 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 3f49894..5932017 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+libvirt (1.2.9-9) unstable; urgency=medium
+
+ * [4c14b83] qemu: Don't try to parse -help for new QEMU.
+ Closes: #777138, #775773
+ Thanks to Mathieu Malaterre for the debugging
+ * [1addae5] Force capability refresh on upgrades. This makes sure we
+ refresh the capabilities at least once when upgrading from Wheezy.
+ (Closes: #731815)
+
+ -- Guido Günther <agx@sigxcpu.org> Fri, 06 Feb 2015 15:40:21 +0100
+
libvirt (1.2.9-8) unstable; urgency=medium
* [885f33d] Fix CVE-2015-0236.
diff --git a/debian/libvirt-daemon-system.postinst b/debian/libvirt-daemon-system.postinst
index ff68fd3..5d3ebd0 100644
--- a/debian/libvirt-daemon-system.postinst
+++ b/debian/libvirt-daemon-system.postinst
@@ -108,6 +108,9 @@ case "$1" in
if [ -d /run/systemd/system ] && systemctl status virtlockd.service >/dev/null; then
systemctl reload virtlockd.service
fi
+
+ # Force refresh of capabilties (#731815)
+ rm -f /var/cache/libvirt/qemu/capabilities/*.xml
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/patches/qemu-Don-t-try-to-parse-help-for-new-QEM.patch b/debian/patches/qemu-Don-t-try-to-parse-help-for-new-QEM.patch
new file mode 100644
index 0000000..cdadbaf
--- /dev/null
+++ b/debian/patches/qemu-Don-t-try-to-parse-help-for-new-QEM.patch
@@ -0,0 +1,39 @@
+From: Mathieu Malaterre <malat@debian.org>
+Date: Thu, 5 Feb 2015 16:05:49 +0100
+Subject: Description: qemu: Don't try to parse -help for new QEMU
+
+Since QEMU 1.2.0, we switched to QMP probing instead of parsing -help
+(and other commands, such as -cpu ?) output. However, if QMP probing
+failed, we still tried starting QEMU with various options and parsing
+the output, which was guaranteed to fail because the output changed.
+Let's just refuse parsing -help for QEMU >= 1.2.0.
+
+Author: Jiri Denemark <jdenemar redhat com>
+Bug-Debian: https://bugs.debian.org/777138
+Origin: upstream, https://www.redhat.com/archives/libvir-list/2014-November/msg00407.html
+Reviewed-By: Mathieu Malaterre <malat@debian.org>
+---
+ src/qemu/qemu_capabilities.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
+index a409aaf..9e0158c 100644
+--- a/src/qemu/qemu_capabilities.c
++++ b/src/qemu/qemu_capabilities.c
+@@ -1382,6 +1382,16 @@ int virQEMUCapsParseHelpStr(const char *qemu,
+
+ *version = (major * 1000 * 1000) + (minor * 1000) + micro;
+
++ /* Refuse to parse -help output for QEMU releases >= 1.2.0 that should be
++ * using QMP probing.
++ */
++ if (*version > 1002000) {
++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
++ _("QEMU %u.%u.%u is too new for help parsing"),
++ major, minor, micro);
++ goto cleanup;
++ }
++
+ if (virQEMUCapsComputeCmdFlags(help, *version, *is_kvm, *kvm_version,
+ qemuCaps, check_yajl) < 0)
+ goto cleanup;
diff --git a/debian/patches/series b/debian/patches/series
index fb694c9..fcb95a0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,4 @@ lxc-Don-t-crash-on-NULL-ifname_guest_actual.patch
upstream/vbox-fix-a-bug-in-_machineStateInactive.patch
security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
+qemu-Don-t-try-to-parse-help-for-new-QEM.patch
Reply to: