summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version 1.10.12.1.10.12Richard W.M. Jones2011-12-2217-174/+150
|
* df: Disable part of virt-df test.Richard W.M. Jones2011-12-221-8/+10
| | | | | | See: https://www.redhat.com/archives/libguestfs/2011-November/msg00051.html (cherry picked from commit 6e6b3ff35f9baafb22d5459ca13c112b1e00ae1b)
* daemon: Use pkg-config to locate Augeas CFLAGS / libraries.Richard W.M. Jones2011-12-223-11/+16
| | | | | | | | | | | | | | | | | | | | | | Augeas 0.10 depends on libxml2, so this is now required in the appliance (in fact, it was already present). However this exposed two bugs: (1) In libguestfs we use a home-brewed recipe for Augeas flags, resulting in this error: /usr/include/augeas.h:24:25: fatal error: libxml/tree.h: No such file or directory (2) Augeas's own augeas.pc didn't include the libxml2 flags, so it was broken. This requires a patch to Augeas 0.10, see: https://www.redhat.com/archives/augeas-devel/2011-December/msg00008.html Change to using pkg-config to detect Augeas. It is still an optional library. Cherry picked from commit 615924abaa968398d6529529fa2f31ae23de825b and rebased for old libguestfs branches that had separate daemon/configure.ac.
* Security: Mitigate possible privilege escalation via SG_IO ioctl ↵Richard W.M. Jones2011-12-221-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (CVE-2011-4127, RHBZ#757071) CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from the underlying host device to be read and written. Significantly, neither qemu nor the host kernel checks that the range of sectors is within the partition / LV assigned to the guest. For example, if the guest is assigned host partition /dev/sda3, it would be able to read or write any part of /dev/sda including other partitions and the boot sector. Exploits through LVs passed to the guest are also possible, with some limitations. File-backed virtual block devices are not vulnerable. Non-virtio block devices are not vulnerable. This patch mitigates the problem by disabling the SG_IO ioctl passthrough in qemu. Thus if libguestfs is examining an untrusted guest and the libguestfs appliance/daemon is compromised (eg. by executing guest commands, or through some other compromise), then the compromised appliance will not be able to issue the above SG_IO ioctls and exploit the host. Note that this is just mitigation for libguestfs. Users will still want to fully update their host kernel, qemu/KVM and libvirt, in order to prevent other (non-libguestfs) routes to compromise. The following versions of libguestfs (will/have) this patch applied. libguestfs >= 1.15.13 libguestfs >= 1.14.8 libguestfs >= 1.12.11 libguestfs >= 1.10.12 libguestfs >= 1.8.16 Earlier versions may be vulnerable unless a downstream packager has applied this patch. Cc: Hilko Bengen <bengen@hilluzination.de> (cherry picked from commit 9a5f784d511a8f00a8386f316eab41fe660430db)
* Version 1.10.11.1.10.11Richard W.M. Jones2011-11-1017-19/+22
|
* daemon: Don't use files with fixed names in /tmp (thanks Steve Kemp).Richard W.M. Jones2011-11-092-20/+46
| | | | | | | Although this doesn't matter for the ordinary (appliance) case, it matters for the libguestfs live case. In that case it could cause the guest to be exploited by a tmp/symlink attack. (cherry picked from commit 6011b1f803ba7308c6a94b9bf6b7212cfccb9f42)
* Version 1.10.10.1.10.10Richard W.M. Jones2011-10-3117-138/+132
|
* Update to latest gnulib for stable-1.10 branch.Richard W.M. Jones2011-10-313-0/+78
|
* bootstrap: use --libtoolJim Meyering2011-10-311-0/+1
| | | | (cherry picked from commit 343ba6d482643882c3ab3a529f3d882ee1ba36f9)
* perl: Add %guestfs_introspection hash with introspection information.Richard W.M. Jones2011-10-312-2/+132
| | | | | | Because this is a useful introspection API, it is a candidate for being backported into older stable branches. (cherry picked from commit 365885dab2ae6dcdf0b2c45d0adeb803ade03f63)
* Add test for qemu broken -machine option (RHBZ#748266).Richard W.M. Jones2011-10-312-1/+58
| | | | | | | | Also add this option, if necessary, when testing for virtio-serial support. When the workaround is enabled, we specify machine type 'pc'. (cherry picked from commit 3814680423984b3c46c2f99e944c2a71862bde9f)
* appliance: udev-174 moves udevd to /lib/udev/udevd (instead of /sbin/udevd)Richard W.M. Jones2011-10-311-0/+5
| | | | (cherry picked from commit fef0ff3d869d2ebdb48eea0c538270fc98f5952d)
* Version 1.10.9.1.10.9Richard W.M. Jones2011-09-1619-6988/+7095
|
* Version 1.10.9.Richard W.M. Jones2011-09-161-1/+1
|
* Add an optional group ("grub") for the guestfs_grub_install API.Richard W.M. Jones2011-09-162-6/+35
| | | | | | | | | This also improves the documentation for this call, pointing out several pitfalls in using it. This unfortunately breaks existing callers that might use guestfs_grub_install without checking for this new group. (cherry picked from commit 99624d29226ece1abbbdd921183b360f5f80de91)
* Remove old regression test that mainly tested a buggy API.Richard W.M. Jones2011-09-162-44/+0
| | | | | | | The guestfs_ll command currently lists files in the appliance if you prefix filenames with "/..". However this is a bug, not a feature, and we should not be testing it. (cherry picked from commit 8ab2b85b2a67270b8cc5a91bb62a70c84cd6a02c)
* daemon: Factor out name of virtio serial channel.Richard W.M. Jones2011-09-161-3/+5
| | | | | This is just code motion. (cherry picked from commit 73be6db9bf1c0ae96262a5f4fa9328bb4e648637)
* Create /sys directory if it doesn't exist already.Richard W.M. Jones2011-09-161-0/+1
| | | | | Ubuntu 10.04 LTS packages don't create /sys. (cherry picked from commit 5b012024c49672cc69635ff01f9b9e4f87de1c65)
* ruby: Check Ruby callback exists before we call it (RHBZ#733297).Richard W.M. Jones2011-09-161-6/+14
| | | | (cherry picked from commit 1a4f1df77eecee053eaae35d5544f151d37342e2)
* ruby: Use a regular C array to pass the arguments through rb_rescue.Richard W.M. Jones2011-09-161-18/+17
| | | | (cherry picked from commit 675f336319058fdbaf11ee004968b4543a5a9815)
* ruby: Append newline character after printing exception in callback.Richard W.M. Jones2011-09-161-1/+1
| | | | (cherry picked from commit 0cd5b9ac15c62eb570ec74d19b4aebde4990fd82)
* python: Newer versions want parentheses around arguments of "print"Hilko Bengen2011-09-161-2/+2
| | | | (cherry picked from commit 54911bdd325393d1f7f2861f298463c364b45469)
* php: Fix bug in PHP tests.Richard W.M. Jones2011-09-161-2/+2
| | | | | | | | | | | We partitioned the disk, and then tried to create a PV on the whole disk. LVM gave the error: Device /dev/vda not found (or ignored by filtering). It is unclear how this bug persisted for so long. It might be due to a change in LVM. (cherry picked from commit 4fb3b23fb69e4274f434f9258e38f185426298f7)
* Coverity: fix memory leak along error path.Richard W.M. Jones2011-09-161-0/+12
| | | | (cherry picked from commit ce18be33cd5279a8d4120eedd037400c275585c0)
* Coverity: Initialize msg buffer.Richard W.M. Jones2011-09-161-0/+2
| | | | | | msg_flags was not being initialized and would have been passed to sendmsg with a random value. (cherry picked from commit a31ac8fc32297cc9185fd20a5578d2bc81cc1bce)
* Coverity: fix memory leak in guestfish.Richard W.M. Jones2011-09-161-2/+1
| | | | (cherry picked from commit c38cb92ec478c4dca83e4d38963720f463d52314)
* Coverity: in daemon, free struct in RStruct, RStructList functions.Richard W.M. Jones2011-09-161-0/+2
| | | | (cherry picked from commit b2edcbe1b9c9d161e96cb56d0efd944e84d84526)
* pclose: Fix other places where we only tested pclose == -1.Richard W.M. Jones2011-09-164-4/+4
| | | | | pclose can return > 0 when the status of the command was non-zero. (cherry picked from commit 631faad97171d7c1238b2e413c663cf61476f440)
* test_qemu: pclose may return any != 0 on error.Richard W.M. Jones2011-09-161-1/+1
| | | | | In particular pclose returns a status > 0 if the command fails. (cherry picked from commit a24652c7b27e8494268ccb6c9a5a2e5541ba5efd)
* qemu detection: Free up previous qemu help/version strings if they exist.Richard W.M. Jones2011-09-161-0/+5
| | | | (cherry picked from commit 2ace9be4cd69e84cd88e5b0fd74de861a4973c91)
* Coverity: test_qemu: Ensure FILE * is not leaked along error paths.Richard W.M. Jones2011-09-161-15/+22
| | | | | | This refactors the code in test_qemu slightly to ensure that FILE *fp is not leaked on error paths. (cherry picked from commit 08e77ad8cb4e8ac70d4217ebd5d236eba81645b5)
* Coverity: Check guestfs_inspect_get_product_name() != NULL before using.Richard W.M. Jones2011-09-161-1/+1
| | | | (cherry picked from commit fa44536b0ff12102c72ae0337e51d272f0fc2353)
* rescue: Ignore errno after guestfs_launch.Richard W.M. Jones2011-09-161-10/+0
| | | | | | | | errno is pretty much random on the error path back from guestfs_launch so there is nothing useful to be gained by checking it. We could do with a better way to detect if appliance launch failed. (cherry picked from commit 00fef9eed6a53e10a975814beef775483ff0b3dd)
* Coverity: Ignore return value from guestfs_launch in virt-rescue.Richard W.M. Jones2011-09-161-1/+4
| | | | | We expect guestfs_launch to fail in this program. (cherry picked from commit 9bab154d48e367702b65852c3c822341b474ffd2)
* Coverity: Check return value from sscanf in bindtests calls.Richard W.M. Jones2011-09-161-5/+22
| | | | (cherry picked from commit 4c76aaa391d591c5917a06b0277fb9eb7d6d790f)
* configure: Add --with-extra flag to allow setting the extra version string.Richard W.M. Jones2011-09-161-9/+19
| | | | | | | | Intended use in Fedora and RHEL is to encode the release string, eg. ./configure [...] --with-extra="-%{release}" (cherry picked from commit a4db75521d6026410425187fc2c5c9cb931a69b5)
* protocol: Fix case where download can fail for small files.Richard W.M. Jones2011-09-162-6/+26
| | | | | | | | | | | | | | There is another case where downloads of small files could fail if the library side (writer) fails. In this case the library would send back a cancellation, but it would be received after the daemon had finished sending the whole file (because the file is small enough). The daemon would reenter the main loop and immediately get an unexpected cancel message, causing the daemon to die. This commit also makes test-cancellation-download-librarycancels.sh more robust. We use Monte-Carlo testing with a range of file sizes. Small file sizes should trigger the error case. (cherry picked from commit e4cba8f2b1a68e7361ce342ff659cccb0490446e)
* Escape special/non-printing characters in debug output (RHBZ#731744).Richard W.M. Jones2011-09-161-12/+42
| | | | | | | | | | | | | | | | | | | The default event handler in libguestfs was simply writing all debug output directly to stderr. However if the output contains non-printable characters such as terminal control codes then these would also be sent directly. With newer SeaBIOS there is a lame attempt to implement a splash screen using terminal control codes, thus when libguestfs tries to display debugging output it would cause the screen to clear and debug output to be lost. This commit causes all non-printing characters to be escaped. (\n and \r characters from the appliance are treated somewhat specially). Furthermore, instead of using write(2), use buffered stderr calls. (cherry picked from commit 06019bc82e107f7715ebc59e491610e06dad1e39)
* Vesion 1.10.8.1.10.8Richard W.M. Jones2011-08-1719-16984/+17017
|
* ruby: Fix typo in Ruby bindings file.Richard W.M. Jones2011-08-171-2/+2
| | | | (cherry picked from commit 44c3a300265ef7bfa5d49d2b9a2a8faccd9db2de)
* Note that additional memory may be required to typecheck Augeas lenses ↵Richard W.M. Jones2011-08-171-1/+6
| | | | | | (RHBZ#729887). (cherry picked from commit 7739d7f471f9575828bd32489695d92dde005a9c)
* fish: Document that remote run in cmd substitution context hangs.Richard W.M. Jones2011-08-171-0/+11
| | | | | This documents bug 592910. (cherry picked from commit 6cabc1cd02e181063596b48df55c3f6db51a6bb9)
* Fix 'unknown filesystem' warnings in old inspection code (RHBZ#678231 ↵Richard W.M. Jones2011-08-171-14/+20
| | | | | | | | | | | RHBZ#666578). This is a comprehensive fix for the warnings from the old (and obsolete) Perl inspection code. For a full description and reproducer, see: https://bugzilla.redhat.com/show_bug.cgi?id=678231#c5 (cherry picked from commit b9838001015a06a69a08b69d9f013d82f0ea3139)
* inspection: Better checking for Windows root disks (RHBZ#729075).Richard W.M. Jones2011-08-173-30/+75
| | | | | | | | | | | | | | | | | | | | Previously any disk that had /autoexec.bat or /boot.ini or /ntldr would be picked up as a candidate for a Windows root disk. If further checking could not find any systemroot (eg. /windows) then this would result in complete failure of inspection. In particular, this got confused by Hp_recovery partitions which have /autoexec.bat, but don't have a systemroot in one of the usual places (they have /MiniNT instead). What we do now is to properly investigate all possible systemroot places before deciding this is a Windows systemroot, so the subsequent failure cannot occur. (Thanks to lorimar for reporting this bug). Cherry picked from commit 2c57305f72cd6181d1849ae6e1b892aa01c7f844 and backported to stable-1.10 branch.
* build: Set TMPDIR for local testing.Richard W.M. Jones2011-08-1717-14/+40
| | | | | | | | | This avoids conflicts with the globally installed libguestfs appliance, or lets us build in multiple local directories at the same time without conflicts. Cherry picked from commit f7d18c84dde596699ffc5100fec2cf7b0d582450 and backported to stable-1.10 branch.
* fish: Add fish-cmds.h to generator_built.Richard W.M. Jones2011-08-171-0/+1
| | | | | This updates commit 3064277680ad11f887691646d0fa17bb35f38c19. (cherry picked from commit 85efbc6aa70d522af066a38fd1aae05b790c46d3)
* fish: Declare run_* functions in a generated header file.Richard W.M. Jones2011-08-174-38/+24
| | | | | | | | Calls to these functions are generated, so there is no need to declare the functions by hand. Cherry picked from commit 3064277680ad11f887691646d0fa17bb35f38c19 and backported to stable-1.10 branch.
* Version 1.10.7.1.10.7Richard W.M. Jones2011-08-0719-156/+381
|
* docs: Fix function names in deprecation notices.Richard W.M. Jones2011-08-072-4/+4
| | | | (cherry picked from commit 60adf092a8900323c048c94f3f0934be416a3eb6)
* docs: guestfs_set_out_of_memory_handler returns void, not int.Richard W.M. Jones2011-08-071-2/+2
| | | | | It always has done. The documentation was wrong. (cherry picked from commit 70f44cc0ea0bcdd025ed657461e07f6778be44ba)
generated by cgit (git 2.34.1) at 2025-08-29 23:45:42 +0000