1 |
cardoe 13/12/29 01:11:36 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: libvirt-1.2.0-r1.ebuild |
5 |
Log: |
6 |
Bump for CVE-2013-6436 and CVE-2013-6457 |
7 |
|
8 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key D7DFA8D318FA9AEF!) |
9 |
|
10 |
Revision Changes Path |
11 |
1.345 app-emulation/libvirt/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/ChangeLog?rev=1.345&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/ChangeLog?rev=1.345&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/ChangeLog?r1=1.344&r2=1.345 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v |
20 |
retrieving revision 1.344 |
21 |
retrieving revision 1.345 |
22 |
diff -u -r1.344 -r1.345 |
23 |
--- ChangeLog 7 Dec 2013 18:08:29 -0000 1.344 |
24 |
+++ ChangeLog 29 Dec 2013 01:11:36 -0000 1.345 |
25 |
@@ -1,6 +1,11 @@ |
26 |
# ChangeLog for app-emulation/libvirt |
27 |
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.344 2013/12/07 18:08:29 nimiux Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.345 2013/12/29 01:11:36 cardoe Exp $ |
30 |
+ |
31 |
+*libvirt-1.2.0-r1 (29 Dec 2013) |
32 |
+ |
33 |
+ 29 Dec 2013; Doug Goldstein <cardoe@g.o> +libvirt-1.2.0-r1.ebuild: |
34 |
+ Bump for CVE-2013-6436 and CVE-2013-6457 |
35 |
|
36 |
07 Dec 2013; Chema Alonso <nimiux@g.o> libvirt-1.1.3.1.ebuild: |
37 |
Stable for amd64 wrt bug #491458 |
38 |
|
39 |
|
40 |
|
41 |
1.1 app-emulation/libvirt/libvirt-1.2.0-r1.ebuild |
42 |
|
43 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/libvirt-1.2.0-r1.ebuild?rev=1.1&view=markup |
44 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/libvirt-1.2.0-r1.ebuild?rev=1.1&content-type=text/plain |
45 |
|
46 |
Index: libvirt-1.2.0-r1.ebuild |
47 |
=================================================================== |
48 |
# Copyright 1999-2013 Gentoo Foundation |
49 |
# Distributed under the terms of the GNU General Public License v2 |
50 |
# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-1.2.0-r1.ebuild,v 1.1 2013/12/29 01:11:36 cardoe Exp $ |
51 |
|
52 |
EAPI=5 |
53 |
|
54 |
BACKPORTS=36378d1a |
55 |
AUTOTOOLIZE=yes |
56 |
|
57 |
MY_P="${P/_rc/-rc}" |
58 |
|
59 |
inherit eutils user autotools linux-info systemd readme.gentoo |
60 |
|
61 |
if [[ ${PV} = *9999* ]]; then |
62 |
inherit git-2 |
63 |
EGIT_REPO_URI="git://libvirt.org/libvirt.git" |
64 |
AUTOTOOLIZE=yes |
65 |
SRC_URI="" |
66 |
KEYWORDS="" |
67 |
else |
68 |
SRC_URI="http://libvirt.org/sources/${MY_P}.tar.gz |
69 |
ftp://libvirt.org/libvirt/${MY_P}.tar.gz |
70 |
${BACKPORTS:+ |
71 |
http://dev.gentoo.org/~cardoe/distfiles/${MY_P}-${BACKPORTS}.tar.xz}" |
72 |
KEYWORDS="~amd64 ~x86" |
73 |
fi |
74 |
S="${WORKDIR}/${P%_rc*}" |
75 |
|
76 |
DESCRIPTION="C toolkit to manipulate virtual machines" |
77 |
HOMEPAGE="http://www.libvirt.org/" |
78 |
LICENSE="LGPL-2.1" |
79 |
SLOT="0/${PV}" |
80 |
IUSE="audit avahi +caps firewalld fuse iscsi +libvirtd lvm lxc +macvtap nfs \ |
81 |
nls numa openvz parted pcap phyp policykit +qemu rbd sasl \ |
82 |
selinux +udev uml +vepa virtualbox virt-network xen elibc_glibc \ |
83 |
systemd" |
84 |
REQUIRED_USE="libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) ) |
85 |
lxc? ( caps libvirtd ) |
86 |
openvz? ( libvirtd ) |
87 |
qemu? ( libvirtd ) |
88 |
uml? ( libvirtd ) |
89 |
vepa? ( macvtap ) |
90 |
virtualbox? ( libvirtd ) |
91 |
xen? ( libvirtd ) |
92 |
virt-network? ( libvirtd ) |
93 |
firewalld? ( virt-network )" |
94 |
|
95 |
# gettext.sh command is used by the libvirt command wrappers, and it's |
96 |
# non-optional, so put it into RDEPEND. |
97 |
# We can use both libnl:1.1 and libnl:3, but if you have both installed, the |
98 |
# package will use 3 by default. Since we don't have slot pinning in an API, |
99 |
# we must go with the most recent |
100 |
RDEPEND="sys-libs/readline |
101 |
sys-libs/ncurses |
102 |
>=net-misc/curl-7.18.0 |
103 |
dev-libs/libgcrypt |
104 |
>=dev-libs/libxml2-2.7.6 |
105 |
dev-libs/libnl:3 |
106 |
>=net-libs/gnutls-1.0.25 |
107 |
net-libs/libssh2 |
108 |
sys-apps/dmidecode |
109 |
>=sys-apps/util-linux-2.17 |
110 |
sys-devel/gettext |
111 |
>=net-analyzer/netcat6-1.0-r2 |
112 |
app-misc/scrub |
113 |
audit? ( sys-process/audit ) |
114 |
avahi? ( >=net-dns/avahi-0.6[dbus] ) |
115 |
caps? ( sys-libs/libcap-ng ) |
116 |
fuse? ( >=sys-fs/fuse-2.8.6 ) |
117 |
iscsi? ( sys-block/open-iscsi ) |
118 |
lxc? ( sys-power/pm-utils ) |
119 |
lvm? ( >=sys-fs/lvm2-2.02.48-r2 ) |
120 |
nfs? ( net-fs/nfs-utils ) |
121 |
numa? ( |
122 |
>sys-process/numactl-2.0.2 |
123 |
sys-process/numad |
124 |
) |
125 |
openvz? ( sys-kernel/openvz-sources ) |
126 |
parted? ( |
127 |
>=sys-block/parted-1.8[device-mapper] |
128 |
sys-fs/lvm2 |
129 |
) |
130 |
pcap? ( >=net-libs/libpcap-1.0.0 ) |
131 |
policykit? ( >=sys-auth/polkit-0.9 ) |
132 |
qemu? ( |
133 |
>=app-emulation/qemu-0.13.0 |
134 |
dev-libs/yajl |
135 |
sys-power/pm-utils |
136 |
) |
137 |
rbd? ( sys-cluster/ceph ) |
138 |
sasl? ( dev-libs/cyrus-sasl ) |
139 |
selinux? ( >=sys-libs/libselinux-2.0.85 ) |
140 |
virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) ) |
141 |
xen? ( app-emulation/xen-tools app-emulation/xen ) |
142 |
udev? ( virtual/udev >=x11-libs/libpciaccess-0.10.9 ) |
143 |
virt-network? ( net-dns/dnsmasq |
144 |
>=net-firewall/iptables-1.4.10 |
145 |
net-misc/radvd |
146 |
net-firewall/ebtables |
147 |
sys-apps/iproute2[-minimal] |
148 |
firewalld? ( net-firewall/firewalld ) |
149 |
) |
150 |
elibc_glibc? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )" |
151 |
# one? ( dev-libs/xmlrpc-c ) |
152 |
DEPEND="${RDEPEND} |
153 |
virtual/pkgconfig |
154 |
app-text/xhtml1 |
155 |
dev-lang/perl |
156 |
dev-libs/libxslt" |
157 |
|
158 |
DOC_CONTENTS="For the basic networking support (bridged and routed networks) |
159 |
you don't need any extra software. For more complex network modes |
160 |
including but not limited to NATed network, you can enable the |
161 |
'virt-network' USE flag.\n\n |
162 |
If you are using dnsmasq on your system, you will have |
163 |
to configure /etc/dnsmasq.conf to enable the following settings:\n\n |
164 |
bind-interfaces\n |
165 |
interface or except-interface\n\n |
166 |
Otherwise you might have issues with your existing DNS server." |
167 |
|
168 |
LXC_CONFIG_CHECK=" |
169 |
~CGROUPS |
170 |
~CGROUP_FREEZER |
171 |
~CGROUP_DEVICE |
172 |
~CGROUP_CPUACCT |
173 |
~CGROUP_SCHED |
174 |
~CGROUP_PERF |
175 |
~BLK_CGROUP |
176 |
~NET_CLS_CGROUP |
177 |
~NETPRIO_CGROUP |
178 |
~CPUSETS |
179 |
~RESOURCE_COUNTERS |
180 |
~NAMESPACES |
181 |
~UTS_NS |
182 |
~IPC_NS |
183 |
~PID_NS |
184 |
~NET_NS |
185 |
~USER_NS |
186 |
~DEVPTS_MULTIPLE_INSTANCES |
187 |
~VETH |
188 |
~MACVLAN |
189 |
~POSIX_MQUEUE |
190 |
~SECURITYFS |
191 |
~!GRKERNSEC_CHROOT_MOUNT |
192 |
~!GRKERNSEC_CHROOT_DOUBLE |
193 |
~!GRKERNSEC_CHROOT_PIVOT |
194 |
~!GRKERNSEC_CHROOT_CHMOD |
195 |
~!GRKERNSEC_CHROOT_CAPS |
196 |
" |
197 |
|
198 |
VIRTNET_CONFIG_CHECK=" |
199 |
~BRIDGE_NF_EBTABLES |
200 |
~BRIDGE_EBT_MARK_T |
201 |
~NETFILTER_ADVANCED |
202 |
~NETFILTER_XT_TARGET_CHECKSUM |
203 |
~NETFILTER_XT_CONNMARK |
204 |
~NETFILTER_XT_MARK |
205 |
" |
206 |
|
207 |
MACVTAP_CONFIG_CHECK=" ~MACVTAP" |
208 |
|
209 |
LVM_CONFIG_CHECK=" ~BLK_DEV_DM ~DM_SNAPSHOT ~DM_MULTIPATH" |
210 |
|
211 |
ERROR_USER_NS="Optional depending on LXC configuration." |
212 |
|
213 |
pkg_setup() { |
214 |
enewgroup qemu 77 |
215 |
enewuser qemu 77 -1 -1 qemu kvm |
216 |
|
217 |
# Some people used the masked ebuild which was not adding the qemu |
218 |
# user to the kvm group originally. This results in VMs failing to |
219 |
# start for some users. bug #430808 |
220 |
egetent group kvm | grep -q qemu |
221 |
if [[ $? -ne 0 ]]; then |
222 |
gpasswd -a qemu kvm |
223 |
fi |
224 |
|
225 |
# Handle specific kernel versions for different features |
226 |
kernel_is lt 3 6 && LXC_CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR" |
227 |
kernel_is ge 3 6 && LXC_CONFIG_CHECK+=" ~MEMCG ~MEMCG_SWAP ~MEMCG_KMEM" |
228 |
|
229 |
CONFIG_CHECK="" |
230 |
use fuse && CONFIG_CHECK+=" ~FUSE_FS" |
231 |
use lvm && CONFIG_CHECK+="${LVM_CONFIG_CHECK}" |
232 |
use lxc && CONFIG_CHECK+="${LXC_CONFIG_CHECK}" |
233 |
use macvtap && CONFIG_CHECK+="${MACVTAP_CONFIG_CHECK}" |
234 |
use virt-network && CONFIG_CHECK+="${VIRTNET_CONFIG_CHECK}" |
235 |
if [[ -n ${CONFIG_CHECK} ]]; then |
236 |
linux-info_pkg_setup |
237 |
fi |
238 |
} |
239 |
|
240 |
src_prepare() { |
241 |
touch "${S}/.mailmap" |
242 |
[[ -n ${BACKPORTS} ]] && \ |
243 |
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ |
244 |
epatch |
245 |
|
246 |
if [[ ${PV} = *9999* ]]; then |
247 |
|
248 |
# git checkouts require bootstrapping to create the configure script. |
249 |
# Additionally the submodules must be cloned to the right locations |
250 |
# bug #377279 |
251 |
./bootstrap || die "bootstrap failed" |
252 |
( |
253 |
git submodule status | sed 's/^[ +-]//;s/ .*//' |
254 |
git hash-object bootstrap.conf |
255 |
) >.git-module-status |
256 |
fi |
257 |
|
258 |
epatch_user |
259 |
|
260 |
[[ -n ${AUTOTOOLIZE} ]] && eautoreconf |
261 |
|
262 |
# Tweak the init script |
263 |
local avahi_init= |
264 |
local iscsi_init= |
265 |
local rbd_init= |
266 |
local firewalld_init= |
267 |
cp "${FILESDIR}/libvirtd.init-r13" "${S}/libvirtd.init" |
268 |
use avahi && avahi_init='avahi-daemon' |
269 |
use iscsi && iscsi_init='iscsid' |
270 |
use rbd && rbd_init='ceph' |
271 |
use firewalld && firewalld_init='need firewalld' |
272 |
|
273 |
sed -e "s/USE_FLAG_FIREWALLD/${firewalld_init}/" -i "${S}/libvirtd.init" |
274 |
sed -e "s/USE_FLAG_AVAHI/${avahi_init}/" -i "${S}/libvirtd.init" |
275 |
sed -e "s/USE_FLAG_ISCSI/${iscsi_init}/" -i "${S}/libvirtd.init" |
276 |
sed -e "s/USE_FLAG_RBD/${rbd_init}/" -i "${S}/libvirtd.init" |
277 |
} |
278 |
|
279 |
src_configure() { |
280 |
local myconf="" |
281 |
|
282 |
## enable/disable daemon, otherwise client only utils |
283 |
myconf="${myconf} $(use_with libvirtd)" |
284 |
|
285 |
## enable/disable the daemon using avahi to find VMs |
286 |
myconf="${myconf} $(use_with avahi)" |
287 |
|
288 |
## hypervisors on the local host |
289 |
myconf="${myconf} $(use_with xen) $(use_with xen xen-inotify)" |
290 |
myconf+=" --without-xenapi" |
291 |
if use xen && has_version ">=app-emulation/xen-tools-4.2.0"; then |
292 |
myconf+=" --with-libxl" |
293 |
else |
294 |
myconf+=" --without-libxl" |
295 |
fi |
296 |
myconf="${myconf} $(use_with openvz)" |
297 |
myconf="${myconf} $(use_with lxc)" |
298 |
if use virtualbox && has_version app-emulation/virtualbox-ose; then |
299 |
myconf="${myconf} --with-vbox=/usr/lib/virtualbox-ose/" |
300 |
else |
301 |
myconf="${myconf} $(use_with virtualbox vbox)" |
302 |
fi |
303 |
myconf="${myconf} $(use_with uml)" |
304 |
myconf="${myconf} $(use_with qemu)" |
305 |
myconf="${myconf} $(use_with qemu yajl)" # Use QMP over HMP |
306 |
myconf="${myconf} $(use_with phyp)" |
307 |
myconf="${myconf} --with-esx" |
308 |
myconf="${myconf} --with-vmware" |
309 |
|
310 |
## additional host drivers |
311 |
myconf="${myconf} $(use_with virt-network network)" |
312 |
myconf="${myconf} --with-storage-fs" |
313 |
myconf="${myconf} $(use_with lvm storage-lvm)" |
314 |
myconf="${myconf} $(use_with iscsi storage-iscsi)" |
315 |
myconf="${myconf} $(use_with parted storage-disk)" |
316 |
myconf="${myconf} $(use_with lvm storage-mpath)" |
317 |
myconf="${myconf} $(use_with rbd storage-rbd)" |
318 |
myconf="${myconf} $(use_with numa numactl)" |
319 |
myconf="${myconf} $(use_with numa numad)" |
320 |
myconf="${myconf} $(use_with selinux)" |
321 |
myconf="${myconf} $(use_with fuse)" |
322 |
|
323 |
# udev for device support details |
324 |
myconf="${myconf} $(use_with udev)" |
325 |
|
326 |
# linux capability support so we don't need privileged accounts |
327 |
myconf="${myconf} $(use_with caps capng)" |
328 |
|
329 |
## auth stuff |
330 |
myconf="${myconf} $(use_with policykit polkit)" |
331 |
myconf="${myconf} $(use_with sasl)" |
332 |
|
333 |
# network bits |
334 |
myconf="${myconf} $(use_with macvtap)" |
335 |
myconf="${myconf} $(use_with pcap libpcap)" |
336 |
myconf="${myconf} $(use_with vepa virtualport)" |
337 |
myconf="${myconf} $(use_with firewalld)" |
338 |
|
339 |
## other |
340 |
myconf="${myconf} $(use_enable nls)" |
341 |
|
342 |
# user privilege bits fir qemu/kvm |
343 |
if use caps; then |
344 |
myconf="${myconf} --with-qemu-user=qemu" |
345 |
myconf="${myconf} --with-qemu-group=qemu" |
346 |
else |
347 |
myconf="${myconf} --with-qemu-user=root" |
348 |
myconf="${myconf} --with-qemu-group=root" |
349 |
fi |
350 |
|
351 |
# audit support |
352 |
myconf="${myconf} $(use_with audit)" |
353 |
|
354 |
## stuff we don't yet support |
355 |
myconf="${myconf} --without-netcf" |
356 |
|
357 |
# we use udev over hal |
358 |
myconf="${myconf} --without-hal" |
359 |
|
360 |
# locking support |
361 |
myconf="${myconf} --without-sanlock" |
362 |
|
363 |
# systemd unit files |
364 |
use systemd && myconf="${myconf} --with-init-script=systemd" |
365 |
|
366 |
# this is a nasty trick to work around the problem in bug |
367 |
# #275073. The reason why we don't solve this properly is that |
368 |
# it'll require us to rebuild autotools (and we don't really want |
369 |
# to do that right now). The proper solution has been sent |
370 |
# upstream and should hopefully land in 0.7.7, in the mean time, |
371 |
# mime the same functionality with this. |
372 |
case ${CHOST} in |
373 |
*cygwin* | *mingw* ) |
374 |
;; |
375 |
*) |
376 |
ac_cv_prog_WINDRES=no |
377 |
;; |
378 |
esac |
379 |
|
380 |
econf \ |
381 |
${myconf} \ |
382 |
--disable-static \ |
383 |
--docdir=/usr/share/doc/${PF} \ |
384 |
--with-remote \ |
385 |
--localstatedir=/var |
386 |
|
387 |
if [[ ${PV} = *9999* ]]; then |
388 |
# Restore gnulib's config.sub and config.guess |
389 |
# bug #377279 |
390 |
(cd .gnulib && git reset --hard > /dev/null) |
391 |
fi |
392 |
} |
393 |
|
394 |
src_test() { |
395 |
# Explicitly allow parallel build of tests |
396 |
export VIR_TEST_DEBUG=1 |
397 |
HOME="${T}" emake check || die "tests failed" |
398 |
} |
399 |
|
400 |
src_install() { |
401 |
emake install \ |
402 |
DESTDIR="${D}" \ |
403 |
HTML_DIR=/usr/share/doc/${PF}/html \ |
404 |
DOCS_DIR=/usr/share/doc/${PF} \ |
405 |
EXAMPLE_DIR=/usr/share/doc/${PF}/examples \ |
406 |
SYSTEMD_UNIT_DIR="$(systemd_get_unitdir)" \ |
407 |
|| die "emake install failed" |
408 |
|
409 |
find "${D}" -name '*.la' -delete || die |
410 |
|
411 |
use libvirtd || return 0 |
412 |
# From here, only libvirtd-related instructions, be warned! |
413 |
|
414 |
newinitd "${S}/libvirtd.init" libvirtd || die |
415 |
newconfd "${FILESDIR}/libvirtd.confd-r4" libvirtd || die |
416 |
newinitd "${FILESDIR}/virtlockd.init" virtlockd || die |
417 |
|
418 |
keepdir /var/lib/libvirt/images |
419 |
|
420 |
readme.gentoo_create_doc |
421 |
} |
422 |
|
423 |
pkg_preinst() { |
424 |
# we only ever want to generate this once |
425 |
if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then |
426 |
rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml |
427 |
fi |
428 |
|
429 |
# We really don't want to use or support old PolicyKit cause it |
430 |
# screws with the new polkit integration |
431 |
if has_version sys-auth/policykit; then |
432 |
rm -rf "${D}"/usr/share/PolicyKit/policy/org.libvirt.unix.policy |
433 |
fi |
434 |
|
435 |
# Only sysctl files ending in .conf work |
436 |
dodir /etc/sysctl.d |
437 |
mv "${D}"/usr/lib/sysctl.d/libvirtd.conf "${D}"/etc/sysctl.d/libvirtd.conf |
438 |
} |
439 |
|
440 |
pkg_postinst() { |
441 |
if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then |
442 |
touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml |
443 |
fi |
444 |
|
445 |
# support for dropped privileges |
446 |
if use qemu; then |
447 |
fperms 0750 "${EROOT}/var/lib/libvirt/qemu" |
448 |
fperms 0750 "${EROOT}/var/cache/libvirt/qemu" |
449 |
fi |
450 |
|
451 |
if use caps && use qemu; then |
452 |
fowners -R qemu:qemu "${EROOT}/var/lib/libvirt/qemu" |
453 |
fowners -R qemu:qemu "${EROOT}/var/cache/libvirt/qemu" |
454 |
elif use qemu; then |
455 |
fowners -R root:root "${EROOT}/var/lib/libvirt/qemu" |
456 |
fowners -R root:root "${EROOT}/var/cache/libvirt/qemu" |
457 |
fi |
458 |
|
459 |
if ! use policykit; then |
460 |
elog "To allow normal users to connect to libvirtd you must change the" |
461 |
elog "unix sock group and/or perms in /etc/libvirt/libvirtd.conf" |
462 |
fi |
463 |
|
464 |
use libvirtd || return 0 |
465 |
# From here, only libvirtd-related instructions, be warned! |
466 |
|
467 |
readme.gentoo_print_elog |
468 |
|
469 |
if use caps && use qemu; then |
470 |
elog "libvirt will now start qemu/kvm VMs with non-root privileges." |
471 |
elog "Ensure any resources your VMs use are accessible by qemu:qemu" |
472 |
fi |
473 |
} |