Sync with v1.1.2-maint

Rebuild for libswan soname bump (bz #1009701)
CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332)
CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667)
CVE-2013-4297: Invalid free in NBDDeviceAssociate (bz #1006505, bz #1006511)
Fix virsh block-commit abort (bz #1010056)

0001-qemu-Set-QEMU_AUDIO_DRV-none-with-nographic.patch

@@ -1,7 +1,7 @@
-From cc80f2dc06d46cb32a5cd6d12c6c47ddf64e72b6 Mon Sep 17 00:00:00 2001
+From 0f30e63c7d763278204f99e10ba47b08457f1d41 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Mon, 2 Sep 2013 11:23:59 +0100
-Subject: [PATCH 1/8] qemu: Set QEMU_AUDIO_DRV=none with -nographic
+Subject: [PATCH] qemu: Set QEMU_AUDIO_DRV=none with -nographic
 
 On my machine, a guest fails to boot if it has a sound card, but not
 graphical device/display is configured, because pulseaudio fails to
@@ -3568,6 +3568,3 @@ index 29cf9c3..26038a0 100644
  /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor \
  unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
  /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none
--- 
-1.8.3.1
-

0002-domain_conf-Add-default-memballoon-in-PostParse-call.patch

@@ -1,8 +1,7 @@
-From 79c38961565eb2d352f101cbd6806314894614cb Mon Sep 17 00:00:00 2001
+From 1bab38008dbfb16329e73b419fd9871e6f15990c Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Fri, 30 Aug 2013 12:41:30 -0400
-Subject: [PATCH 2/8] domain_conf: Add default memballoon in PostParse
- callbacks
+Subject: [PATCH] domain_conf: Add default memballoon in PostParse callbacks
 
 This should be a no-op change for now.
 ---
@@ -76,6 +75,3 @@ index cb64de6..6cb4f4f 100644
      return 0;
  }
  
--- 
-1.8.3.1
-

0003-qemu-Don-t-add-default-memballoon-device-on-ARM.patch

@@ -1,7 +1,7 @@
-From 5ed47b89c6cb59c9ec5169bcc99a67e9a75fb2af Mon Sep 17 00:00:00 2001
+From d85bc1315cc00800ed6d4a1baeda9a91c34e52c4 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Fri, 30 Aug 2013 12:41:31 -0400
-Subject: [PATCH 3/8] qemu: Don't add default memballoon device on ARM
+Subject: [PATCH] qemu: Don't add default memballoon device on ARM
 
 And add test cases for a basic working ARM guest.
 ---
@@ -189,6 +189,3 @@ index fac83b2..92433ef 100644
      if (virTestGetDebug()) {
          char *caps_str;
  
--- 
-1.8.3.1
-

0004-qemu-Fix-specifying-char-devs-for-ARM.patch

@@ -1,7 +1,7 @@
-From 20f2f4c07d8e8d4373094473114ae16909fe4005 Mon Sep 17 00:00:00 2001
+From c72361536b151a2b9bd839bd528671bafbd5dee2 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Fri, 30 Aug 2013 12:41:32 -0400
-Subject: [PATCH 4/8] qemu: Fix specifying char devs for ARM
+Subject: [PATCH] qemu: Fix specifying char devs for ARM
 
 QEMU ARM boards don't give us any way to explicitly wire in
 a -chardev, so use the old style -serial options.
@@ -154,6 +154,3 @@ index dfe8142..abe0060 100644
          if ((logfd = qemuDomainOpenLog(driver, vm, pos)) < 0)
              return -1;
  
--- 
-1.8.3.1
-

0005-qemu-Don-t-try-to-allocate-PCI-addresses-for-ARM.patch

@@ -1,7 +1,7 @@
-From 5772cbdfb807842685d05665f285745ca79acc89 Mon Sep 17 00:00:00 2001
+From c8e47add2fe77905523f6112ceb6b844337f6d3f Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Fri, 30 Aug 2013 12:41:33 -0400
-Subject: [PATCH 5/8] qemu: Don't try to allocate PCI addresses for ARM
+Subject: [PATCH] qemu: Don't try to allocate PCI addresses for ARM
 
 ---
  src/qemu/qemu_command.c | 16 ++++++++++++++--
@@ -41,6 +41,3 @@ index a8e532c..87345c7 100644
      }
  
      if (obj && obj->privateData) {
--- 
-1.8.3.1
-

0006-domain_conf-Add-disk-bus-sd-wire-it-up-for-qemu.patch

@@ -1,7 +1,7 @@
-From 019eccdb20e824aabb12da3699664ba2625ef4b4 Mon Sep 17 00:00:00 2001
+From e534a73a71655d45a0b0af98b4b9b9176d701fb3 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Fri, 30 Aug 2013 12:41:34 -0400
-Subject: [PATCH 6/8] domain_conf: Add disk bus=sd, wire it up for qemu
+Subject: [PATCH] domain_conf: Add disk bus=sd, wire it up for qemu
 
 This corresponds to '-sd' and '-drive if=sd' on the qemu command line.
 Needed for many ARM boards which don't provide any other way to
@@ -144,6 +144,3 @@ index 87345c7..6733709 100644
          ignore_value(VIR_STRDUP(def->dst, "sda"));
      } else if (def->bus == VIR_DOMAIN_DISK_BUS_VIRTIO) {
          ignore_value(VIR_STRDUP(def->dst, "vda"));
--- 
-1.8.3.1
-

0007-qemu-Fix-networking-for-ARM-guests.patch

@@ -1,7 +1,7 @@
-From 7a73b81f1021c76d02fe54f927cd033fe949590f Mon Sep 17 00:00:00 2001
+From b09ab6961b8dd60691839f0b1a5f259925819425 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Fri, 30 Aug 2013 12:41:35 -0400
-Subject: [PATCH 7/8] qemu: Fix networking for ARM guests
+Subject: [PATCH] qemu: Fix networking for ARM guests
 
 Similar to the chardev bit, ARM boards depend on the old style '-net nic'
 for actually instantiating net devices. But we can't block out
@@ -204,6 +204,3 @@ index cb6106f..6ecabbf 100644
  
      virObjectUnref(driver.config);
      virObjectUnref(driver.caps);
--- 
-1.8.3.1
-

0008-qemu-Support-virtio-mmio-transport-for-virtio-on-ARM.patch

@@ -1,7 +1,7 @@
-From 1ec41110747764f89f522e9e010326944da8d96d Mon Sep 17 00:00:00 2001
+From cddd76962c2a0fcbb8c80240d234b7d0d657324d Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Fri, 30 Aug 2013 12:41:36 -0400
-Subject: [PATCH 8/8] qemu: Support virtio-mmio transport for virtio on ARM
+Subject: [PATCH] qemu: Support virtio-mmio transport for virtio on ARM
 
 Starting with qemu 1.6, the qemu-system-arm vexpress-a9 model has a
 hardcoded virtio-mmio transport which enables attaching all virtio
@@ -446,6 +446,3 @@ index 6ecabbf..ae8cc3b 100644
  
      virObjectUnref(driver.config);
      virObjectUnref(driver.caps);
--- 
-1.8.3.1
-

0101-virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch

@@ -0,0 +1,26 @@
+From 580025d7a58ee4c07312d33aa78186dbe7e0d9ee Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 3 Sep 2013 18:56:06 +0200
+Subject: [PATCH] virFileNBDDeviceAssociate: Avoid use of uninitialized
+ variable
+
+The @qemunbd variable can be used uninitialized.
+
+(cherry picked from commit 2dba0323ff0cec31bdcea9dd3b2428af297401f2)
+---
+ src/util/virfile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/virfile.c b/src/util/virfile.c
+index 2b07ac9..7af0843 100644
+--- a/src/util/virfile.c
++++ b/src/util/virfile.c
+@@ -732,7 +732,7 @@ int virFileNBDDeviceAssociate(const char *file,
+                               char **dev)
+ {
+     char *nbddev;
+-    char *qemunbd;
++    char *qemunbd = NULL;
+     virCommandPtr cmd = NULL;
+     int ret = -1;
+     const char *fmtstr = NULL;

0102-Fix-AM_LDFLAGS-typo.patch

@@ -0,0 +1,23 @@
+From a0ed55a9ab7c90723490363febabd27fa59877c8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Sun, 1 Sep 2013 09:53:03 +0200
+Subject: [PATCH] Fix AM_LDFLAGS typo (cherry picked from commit
+ fe502de3bcdd76a0d256206111945ca7e4f4388a)
+
+---
+ src/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 636bcbc..19dfb81 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -1455,7 +1455,7 @@ libvirt_driver_nwfilter_la_CFLAGS = \
+ 		-I$(top_srcdir)/src/access \
+ 		-I$(top_srcdir)/src/conf \
+ 		$(AM_CFLAGS)
+-libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS)
++libvirt_driver_nwfilter_la_LDFLAGS = $(AM_LDFLAGS)
+ libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS)
+ if WITH_DRIVER_MODULES
+ libvirt_driver_nwfilter_la_LIBADD += ../gnulib/lib/libgnu.la

0103-Pass-AM_LDFLAGS-to-driver-modules-too.patch

@@ -0,0 +1,88 @@
+From bd4e7f927fcc2edcba29e441973389ad845d648c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Sun, 1 Sep 2013 08:50:58 +0200
+Subject: [PATCH] Pass AM_LDFLAGS to driver modules too
+
+This gives us a RO got, otherwise Debian's lintian complains:
+
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_vbox.so
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
+W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
+W: libvirt-sanlock: hardening-no-relro usr/lib/libvirt/lock-driver/sanlock.so
+(cherry picked from commit f1f0e53b0814aab3c093f1219da95c0f836cdf4a)
+---
+ src/Makefile.am | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 19dfb81..097682c 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -1000,7 +1000,7 @@ libvirt_driver_xen_la_LIBADD = libvirt_driver_xen_impl.la
+ if WITH_DRIVER_MODULES
+ mod_LTLIBRARIES += libvirt_driver_xen.la
+ libvirt_driver_xen_la_LIBADD += ../gnulib/lib/libgnu.la
+-libvirt_driver_xen_la_LDFLAGS = -module -avoid-version
++libvirt_driver_xen_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
+ else
+ noinst_LTLIBRARIES += libvirt_driver_xen.la
+ # Stateful, so linked to daemon instead
+@@ -1050,7 +1050,7 @@ libvirt_driver_vbox_la_LIBADD = libvirt_driver_vbox_impl.la
+ if WITH_DRIVER_MODULES
+ mod_LTLIBRARIES += libvirt_driver_vbox.la
+ libvirt_driver_vbox_la_LIBADD += ../gnulib/lib/libgnu.la
+-libvirt_driver_vbox_la_LDFLAGS = -module -avoid-version
++libvirt_driver_vbox_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
+ else
+ noinst_LTLIBRARIES += libvirt_driver_vbox.la
+ # GPLv2-only license requries that it be linked into
+@@ -1083,7 +1083,7 @@ libvirt_driver_libxl_la_LIBADD = libvirt_driver_libxl_impl.la
+ if WITH_DRIVER_MODULES
+ mod_LTLIBRARIES += libvirt_driver_libxl.la
+ libvirt_driver_libxl_la_LIBADD += ../gnulib/lib/libgnu.la
+-libvirt_driver_libxl_la_LDFLAGS = -module -avoid-version
++libvirt_driver_libxl_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
+ else
+ noinst_LTLIBRARIES += libvirt_driver_libxl.la
+ # Stateful, so linked to daemon instead
+@@ -1108,7 +1108,7 @@ libvirt_driver_qemu_la_LIBADD = libvirt_driver_qemu_impl.la
+ if WITH_DRIVER_MODULES
+ mod_LTLIBRARIES += libvirt_driver_qemu.la
+ libvirt_driver_qemu_la_LIBADD += ../gnulib/lib/libgnu.la
+-libvirt_driver_qemu_la_LDFLAGS = -module -avoid-version
++libvirt_driver_qemu_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
+ else
+ noinst_LTLIBRARIES += libvirt_driver_qemu.la
+ # Stateful, so linked to daemon instead
+@@ -1184,7 +1184,7 @@ libvirt_driver_uml_la_LIBADD = libvirt_driver_uml_impl.la
+ if WITH_DRIVER_MODULES
+ mod_LTLIBRARIES += libvirt_driver_uml.la
+ libvirt_driver_uml_la_LIBADD += ../gnulib/lib/libgnu.la
+-libvirt_driver_uml_la_LDFLAGS = -module -avoid-version
++libvirt_driver_uml_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
+ else
+ noinst_LTLIBRARIES += libvirt_driver_uml.la
+ # Stateful, so linked to daemon instead
+@@ -1361,7 +1361,7 @@ libvirt_driver_storage_la_LIBADD = libvirt_driver_storage_impl.la
+ if WITH_DRIVER_MODULES
+ mod_LTLIBRARIES += libvirt_driver_storage.la
+ libvirt_driver_storage_la_LIBADD += ../gnulib/lib/libgnu.la
+-libvirt_driver_storage_la_LDFLAGS = -module -avoid-version
++libvirt_driver_storage_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
+ else
+ noinst_LTLIBRARIES += libvirt_driver_storage.la
+ # Stateful, so linked to daemon instead
+@@ -2114,7 +2114,7 @@ if WITH_SANLOCK
+ lockdriver_LTLIBRARIES += sanlock.la
+ sanlock_la_SOURCES = $(LOCK_DRIVER_SANLOCK_SOURCES)
+ sanlock_la_CFLAGS = -I$(top_srcdir)/src/conf $(AM_CFLAGS)
+-sanlock_la_LDFLAGS = -module -avoid-version
++sanlock_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
+ sanlock_la_LIBADD = -lsanlock_client \
+ 		../gnulib/lib/libgnu.la
+ 

0104-build-fix-build-with-latest-rawhide-kernel-headers.patch

@@ -0,0 +1,125 @@
+From bcba68498f698dedfdc83687c72e0e6dd7dc0e96 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 13 Sep 2013 10:11:26 -0600
+Subject: [PATCH] build: fix build with latest rawhide kernel headers
+
+Bother those kernel developers.  In the latest rawhide, kernel
+and glibc have now been unified so that <netinet/in.h> and
+<linux/in6.h> no longer clash; but <linux/if_bridge.h> is still
+not self-contained.  Because of the latest header change, the
+build is failing with:
+
+checking for linux/param.h... no
+configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
+
+with details:
+
+In file included from conftest.c:561:0:
+/usr/include/linux/in6.h:71:18: error: field 'flr_dst' has incomplete type
+  struct in6_addr flr_dst;
+
+We need a workaround to avoid our workaround :)
+
+* configure.ac (NETINET_LINUX_WORKAROUND): New test.
+* src/util/virnetdevbridge.c (includes): Use it.
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+(cherry picked from commit e62e0094dcd0ca1484491a9cc62919473b647f11)
+---
+ configure.ac               | 39 +++++++++++++++++++++++++++++----------
+ src/util/virnetdevbridge.c | 24 ++++++++++++++----------
+ 2 files changed, 43 insertions(+), 20 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f853e03..1956717 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1003,18 +1003,37 @@ dnl check for kernel headers required by src/bridge.c
+ dnl
+ if test "$with_linux" = "yes"; then
+   if test "$with_qemu" = "yes" || test "$with_lxc" = "yes" ; then
++    # Various kernel versions have headers that are not self-standing, but
++    # yet are incompatible with the corresponding glibc headers.  In order
++    # to guarantee compilation across a wide range of versions (from RHEL 5
++    # to rawhide), we first have to probe whether glibc and kernel can be
++    # used in tandem; and if not, provide workarounds that ensure that
++    # ABI-compatible IPv6 types are present for use by the kernel headers.
++    # These probes mirror the usage in virnetdevbridge.c
++    AC_CACHE_CHECK(
++      [whether <linux/*.h> and <netinet/*.h> headers are compatible],
++      [lv_cv_netinet_linux_compatible],
++      [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
++        #include <netinet/in.h>
++        #include <linux/in6.h>
++      ]])],
++      [lv_cv_netinet_linux_compatible=yes],
++      [lv_cv_netinet_linux_compatible=no])])
++    if test "x$lv_cv_netinet_linux_compatible" != xyes; then
++      AC_DEFINE([NETINET_LINUX_WORKAROUND], [1],
++        [define to 1 if Linux kernel headers require a workaround to avoid
++        compilation errors when mixed with glibc netinet headers])
++    fi
+     AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h],,
+       [AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support])],
+-      [[/* The kernel folks broke their headers when used with particular
+-         * glibc versions; although the structs are ABI compatible, the
+-         * C type system doesn't like struct redefinitions.  We work around
+-         * the problem here in the same manner as in virnetdevbridge.c.  */
+-        #include <netinet/in.h>
+-        #define in6_addr in6_addr_
+-        #define sockaddr_in6 sockaddr_in6_
+-        #define ipv6_mreq ipv6_mreq_
+-        #define in6addr_any in6addr_any_
+-        #define in6addr_loopback in6addr_loopback_
++      [[#include <netinet/in.h>
++        #if NETINET_LINUX_WORKAROUND
++        # define in6_addr in6_addr_
++        # define sockaddr_in6 sockaddr_in6_
++        # define ipv6_mreq ipv6_mreq_
++        # define in6addr_any in6addr_any_
++        # define in6addr_loopback in6addr_loopback_
++        #endif
+         #include <linux/in6.h>
+       ]])
+   fi
+diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c
+index e4daa27..1a3740a 100644
+--- a/src/util/virnetdevbridge.c
++++ b/src/util/virnetdevbridge.c
+@@ -39,22 +39,26 @@
+ #ifdef __linux__
+ # include <linux/sockios.h>
+ # include <linux/param.h>     /* HZ                 */
++# if NETINET_LINUX_WORKAROUND
+ /* Depending on the version of kernel vs. glibc, there may be a collision
+  * between <net/in.h> and kernel IPv6 structures.  The different types
+  * are ABI compatible, but choke the C type system; work around it by
+  * using temporary redefinitions.  */
+-# define in6_addr in6_addr_
+-# define sockaddr_in6 sockaddr_in6_
+-# define ipv6_mreq ipv6_mreq_
+-# define in6addr_any in6addr_any_
+-# define in6addr_loopback in6addr_loopback_
++#  define in6_addr in6_addr_
++#  define sockaddr_in6 sockaddr_in6_
++#  define ipv6_mreq ipv6_mreq_
++#  define in6addr_any in6addr_any_
++#  define in6addr_loopback in6addr_loopback_
++# endif
+ # include <linux/in6.h>
+ # include <linux/if_bridge.h> /* SYSFS_BRIDGE_ATTR  */
+-# undef in6_addr
+-# undef sockaddr_in6
+-# undef ipv6_mreq
+-# undef in6addr_any
+-# undef in6addr_loopback
++# if NETINET_LINUX_WORKAROUND
++#  undef in6_addr
++#  undef sockaddr_in6
++#  undef ipv6_mreq
++#  undef in6addr_any
++#  undef in6addr_loopback
++# endif
+ 
+ # define JIFFIES_TO_MS(j) (((j)*1000)/HZ)
+ # define MS_TO_JIFFIES(ms) (((ms)*HZ)/1000)

0105-Also-store-user-group-ID-values-in-virIdentity.patch

@@ -0,0 +1,154 @@
+From 2fb7c4d202da975a1498fd205cc3e1bc49595d3c Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Thu, 22 Aug 2013 16:00:01 +0100
+Subject: [PATCH] Also store user & group ID values in virIdentity
+
+Future improvements to the polkit code will require access to
+the numeric user ID, not merely user name.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+(cherry picked from commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176)
+---
+ src/rpc/virnetserverclient.c | 18 ++++++++++++++++++
+ src/util/viridentity.c       | 23 +++++++++++++++++++----
+ src/util/viridentity.h       |  2 ++
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
+index 83d5cf1..19c4100 100644
+--- a/src/rpc/virnetserverclient.c
++++ b/src/rpc/virnetserverclient.c
+@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+     char *processid = NULL;
+     char *processtime = NULL;
+     char *username = NULL;
++    char *userid = NULL;
+     char *groupname = NULL;
++    char *groupid = NULL;
+ #if WITH_SASL
+     char *saslname = NULL;
+ #endif
+@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+ 
+         if (!(username = virGetUserName(uid)))
+             goto cleanup;
++        if (virAsprintf(&userid, "%d", (int)uid) < 0)
++            goto cleanup;
+         if (!(groupname = virGetGroupName(gid)))
+             goto cleanup;
++        if (virAsprintf(&userid, "%d", (int)gid) < 0)
++            goto cleanup;
+         if (virAsprintf(&processid, "%llu",
+                         (unsigned long long)pid) < 0)
+             goto cleanup;
+@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+                            username) < 0)
+         goto error;
++    if (userid &&
++        virIdentitySetAttr(ret,
++                           VIR_IDENTITY_ATTR_UNIX_USER_ID,
++                           userid) < 0)
++        goto error;
+     if (groupname &&
+         virIdentitySetAttr(ret,
+                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+                            groupname) < 0)
+         goto error;
++    if (groupid &&
++        virIdentitySetAttr(ret,
++                           VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
++                           groupid) < 0)
++        goto error;
+     if (processid &&
+         virIdentitySetAttr(ret,
+                            VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+ 
+ cleanup:
+     VIR_FREE(username);
++    VIR_FREE(userid);
+     VIR_FREE(groupname);
++    VIR_FREE(groupid);
+     VIR_FREE(processid);
+     VIR_FREE(processtime);
+     VIR_FREE(seccontext);
+diff --git a/src/util/viridentity.c b/src/util/viridentity.c
+index 781f660..03c375b 100644
+--- a/src/util/viridentity.c
++++ b/src/util/viridentity.c
+@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident)
+ virIdentityPtr virIdentityGetSystem(void)
+ {
+     char *username = NULL;
++    char *userid = NULL;
+     char *groupname = NULL;
++    char *groupid = NULL;
+     char *seccontext = NULL;
+     virIdentityPtr ret = NULL;
+ #if WITH_SELINUX
+@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void)
+ 
+     if (!(username = virGetUserName(getuid())))
+         goto cleanup;
++    if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
++        goto cleanup;
++
+     if (!(groupname = virGetGroupName(getgid())))
+         goto cleanup;
++    if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
++        goto cleanup;
+ 
+ #if WITH_SELINUX
+     if (getcon(&con) < 0) {
+@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void)
+     if (!(ret = virIdentityNew()))
+         goto cleanup;
+ 
+-    if (username &&
+-        virIdentitySetAttr(ret,
++    if (virIdentitySetAttr(ret,
+                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+                            username) < 0)
+         goto error;
+-    if (groupname &&
+-        virIdentitySetAttr(ret,
++    if (virIdentitySetAttr(ret,
++                           VIR_IDENTITY_ATTR_UNIX_USER_ID,
++                           userid) < 0)
++        goto error;
++    if (virIdentitySetAttr(ret,
+                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+                            groupname) < 0)
+         goto error;
++    if (virIdentitySetAttr(ret,
++                           VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
++                           groupid) < 0)
++        goto error;
+     if (seccontext &&
+         virIdentitySetAttr(ret,
+                            VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
+@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void)
+ 
+ cleanup:
+     VIR_FREE(username);
++    VIR_FREE(userid);
+     VIR_FREE(groupname);
++    VIR_FREE(groupid);
+     VIR_FREE(seccontext);
+     VIR_FREE(processid);
+     return ret;
+diff --git a/src/util/viridentity.h b/src/util/viridentity.h
+index 4bae8d6..a240c2d 100644
+--- a/src/util/viridentity.h
++++ b/src/util/viridentity.h
+@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
+ 
+ typedef enum {
+       VIR_IDENTITY_ATTR_UNIX_USER_NAME,
++      VIR_IDENTITY_ATTR_UNIX_USER_ID,
+       VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
++      VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+       VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+       VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
+       VIR_IDENTITY_ATTR_SASL_USER_NAME,

0106-Ensure-system-identity-includes-process-start-time.patch

@@ -0,0 +1,68 @@
+From fe544fd4c18d6982e652a1d5cd016816c609b72c Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Wed, 28 Aug 2013 15:22:05 +0100
+Subject: [PATCH] Ensure system identity includes process start time
+
+The polkit access driver will want to use the process start
+time field. This was already set for network identities, but
+not for the system identity.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+(cherry picked from commit e65667c0c6e016d42abea077e31628ae43f57b74)
+---
+ src/util/viridentity.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/util/viridentity.c b/src/util/viridentity.c
+index 03c375b..f681f85 100644
+--- a/src/util/viridentity.c
++++ b/src/util/viridentity.c
+@@ -35,6 +35,7 @@
+ #include "virthread.h"
+ #include "virutil.h"
+ #include "virstring.h"
++#include "virprocess.h"
+ 
+ #define VIR_FROM_THIS VIR_FROM_IDENTITY
+ 
+@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void)
+     security_context_t con;
+ #endif
+     char *processid = NULL;
++    unsigned long long timestamp;
++    char *processtime = NULL;
+ 
+     if (virAsprintf(&processid, "%llu",
+                     (unsigned long long)getpid()) < 0)
+         goto cleanup;
+ 
++    if (virProcessGetStartTime(getpid(), &timestamp) < 0)
++        goto cleanup;
++
++    if (timestamp != 0 &&
++        virAsprintf(&processtime, "%llu", timestamp) < 0)
++        goto cleanup;
++
+     if (!(username = virGetUserName(getuid())))
+         goto cleanup;
+     if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
+@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void)
+                            VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+                            processid) < 0)
+         goto error;
++    if (processtime &&
++        virIdentitySetAttr(ret,
++                           VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
++                           processtime) < 0)
++        goto error;
+ 
+ cleanup:
+     VIR_FREE(username);
+@@ -206,6 +221,7 @@ cleanup:
+     VIR_FREE(groupid);
+     VIR_FREE(seccontext);
+     VIR_FREE(processid);
++    VIR_FREE(processtime);
+     return ret;
+ 
+ error:

0107-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch

@@ -0,0 +1,178 @@
+From dcba8ce65b0ee9f18dca6ac4bdbb57f5cbcc75c6 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Wed, 28 Aug 2013 15:25:40 +0100
+Subject: [PATCH] Add support for using 3-arg pkcheck syntax for process
+ (CVE-2013-4311)
+
+With the existing pkcheck (pid, start time) tuple for identifying
+the process, there is a race condition, where a process can make
+a libvirt RPC call and in another thread exec a setuid application,
+causing it to change to effective UID 0. This in turn causes polkit
+to do its permission check based on the wrong UID.
+
+To address this, libvirt must get the UID the caller had at time
+of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
+triple to the pkcheck program.
+
+This fix requires that libvirt is re-built against a version of
+polkit that has the fix for its CVE-2013-4288, so that libvirt
+can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'
+
+Signed-off-by: Colin Walters <walters@redhat.com>
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+(cherry picked from commit 922b7fda77b094dbf022d625238262ea05335666)
+---
+ configure.ac                       |  8 ++++++++
+ daemon/remote.c                    | 22 ++++++++++++++++++---
+ libvirt.spec.in                    |  3 +--
+ src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++-----
+ 4 files changed, 63 insertions(+), 10 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1956717..8baf6fa 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1203,6 +1203,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
+   AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
+   if test "x$PKCHECK_PATH" != "x" ; then
+     AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
++    AC_MSG_CHECKING([whether pkcheck supports uid value])
++    pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1`
++    if test "x$pkcheck_supports_uid" = "xtrue"; then
++      AC_MSG_RESULT([yes])
++      AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
++    else
++      AC_MSG_RESULT([no])
++    fi
+     AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
+         [use PolicyKit for UNIX socket access checks])
+     AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 6ace7af..b5395dd 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -2738,10 +2738,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+     int status = -1;
+     char *ident = NULL;
+     bool authdismissed = 0;
++    bool supportsuid = false;
+     char *pkout = NULL;
+     struct daemonClientPrivate *priv =
+         virNetServerClientGetPrivateData(client);
+     virCommandPtr cmd = NULL;
++    static bool polkitInsecureWarned;
+ 
+     virMutexLock(&priv->lock);
+     action = virNetServerClientGetReadonly(client) ?
+@@ -2763,14 +2765,28 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+         goto authfail;
+     }
+ 
++    if (timestamp == 0) {
++        VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
++                 (long long)callerPid);
++        goto authfail;
++    }
++
+     VIR_INFO("Checking PID %lld running as %d",
+              (long long) callerPid, callerUid);
+ 
+     virCommandAddArg(cmd, "--process");
+-    if (timestamp != 0) {
+-        virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
++# ifdef PKCHECK_SUPPORTS_UID
++    supportsuid = true;
++# endif
++    if (supportsuid) {
++        virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
++                               (long long) callerPid, timestamp, (unsigned long) callerUid);
+     } else {
+-        virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
++        if (!polkitInsecureWarned) {
++            VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
++            polkitInsecureWarned = true;
++        }
++        virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+     }
+     virCommandAddArg(cmd, "--allow-user-interaction");
+ 
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index e94901a..b9c8c91 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -508,8 +508,7 @@ BuildRequires: cyrus-sasl-devel
+ %endif
+ %if %{with_polkit}
+     %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+-# Only need the binary, not -devel
+-BuildRequires: polkit >= 0.93
++BuildRequires: polkit-devel >= 0.93
+     %else
+ BuildRequires: PolicyKit-devel >= 0.6
+     %endif
+diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
+index 4c76e64..bb170b5 100644
+--- a/src/access/viraccessdriverpolkit.c
++++ b/src/access/viraccessdriverpolkit.c
+@@ -72,8 +72,12 @@ static char *
+ virAccessDriverPolkitFormatProcess(const char *actionid)
+ {
+     virIdentityPtr identity = virIdentityGetCurrent();
+-    const char *process = NULL;
++    const char *callerPid = NULL;
++    const char *callerTime = NULL;
++    const char *callerUid = NULL;
+     char *ret = NULL;
++    bool supportsuid = false;
++    static bool polkitInsecureWarned;
+ 
+     if (!identity) {
+         virAccessError(VIR_ERR_ACCESS_DENIED,
+@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const char *actionid)
+                        actionid);
+         return NULL;
+     }
+-    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0)
++    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0)
++        goto cleanup;
++    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0)
++        goto cleanup;
++    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0)
+         goto cleanup;
+ 
+-    if (!process) {
++    if (!callerPid) {
+         virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("No UNIX process ID available"));
+         goto cleanup;
+     }
+-
+-    if (VIR_STRDUP(ret, process) < 0)
++    if (!callerTime) {
++        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
++                       _("No UNIX process start time available"));
++        goto cleanup;
++    }
++    if (!callerUid) {
++        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
++                       _("No UNIX caller UID available"));
+         goto cleanup;
++    }
++
++#ifdef PKCHECK_SUPPORTS_UID
++    supportsuid = true;
++#endif
++    if (supportsuid) {
++        if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0)
++            goto cleanup;
++    } else {
++        if (!polkitInsecureWarned) {
++            VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
++            polkitInsecureWarned = true;
++        }
++        if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0)
++            goto cleanup;
++    }
+ 
+ cleanup:
+     virObjectUnref(identity);

0108-Fix-crash-in-remoteDispatchDomainMemoryStats-CVE-201.patch

@@ -0,0 +1,38 @@
+From 3bee40f9bd3b3c11d782b79eb90f46087d3ab9be Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Tue, 3 Sep 2013 16:52:06 +0100
+Subject: [PATCH] Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
+
+The 'stats' variable was not initialized to NULL, so if some
+early validation of the RPC call fails, it is possible to jump
+to the 'cleanup' label and VIR_FREE an uninitialized pointer.
+This is a security flaw, since the API can be called from a
+readonly connection which can trigger the validation checks.
+
+This was introduced in release v0.9.1 onwards by
+
+  commit 158ba8730e44b7dd07a21ab90499996c5dec080a
+  Author: Daniel P. Berrange <berrange@redhat.com>
+  Date:   Wed Apr 13 16:21:35 2011 +0100
+
+    Merge all returns paths from dispatcher into single path
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+(cherry picked from commit e7f400a110e2e3673b96518170bfea0855dd82c0)
+---
+ daemon/remote.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index b5395dd..afd9fb5 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -1146,7 +1146,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED,
+                                 remote_domain_memory_stats_ret *ret)
+ {
+     virDomainPtr dom = NULL;
+-    struct _virDomainMemoryStat *stats;
++    struct _virDomainMemoryStat *stats = NULL;
+     int nr_stats;
+     size_t i;
+     int rv = -1;

0109-virsh-add-missing-async-option-in-opts_block_commit.patch

@@ -0,0 +1,59 @@
+From f19543baee399bf6b3d91da38fa0b7025f233dee Mon Sep 17 00:00:00 2001
+From: Simone Gotti <simone.gotti@gmail.com>
+Date: Thu, 19 Sep 2013 15:08:29 +0200
+Subject: [PATCH] virsh: add missing "async" option in opts_block_commit
+
+After commit 8aecd351266a66efa59b7f7be77bf66693d99ce0 it'll detect
+that a required option is not defined and it will assert and exit with:
+
+virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.
+
+Problem has been latent since commit ed23b106.
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+(cherry picked from commit fe64499dd14315b2d9d62cdf421bd3c97a46b7ac)
+---
+ tools/virsh-domain.c | 4 ++++
+ tools/virsh.pod      | 7 +++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
+index 568d61d..da6ab87 100644
+--- a/tools/virsh-domain.c
++++ b/tools/virsh-domain.c
+@@ -1544,6 +1544,10 @@ static const vshCmdOptDef opts_block_commit[] = {
+      .type = VSH_OT_INT,
+      .help = N_("with --wait, abort if copy exceeds timeout (in seconds)")
+     },
++    {.name = "async",
++     .type = VSH_OT_BOOL,
++     .help = N_("with --wait, don't wait for cancel to finish")
++    },
+     {.name = NULL}
+ };
+ 
+diff --git a/tools/virsh.pod b/tools/virsh.pod
+index 0ae5178..2864f3d 100644
+--- a/tools/virsh.pod
++++ b/tools/virsh.pod
+@@ -737,7 +737,7 @@ I<domif-setlink>) will accept the MAC address printed by this command.
+ 
+ =item B<blockcommit> I<domain> I<path> [I<bandwidth>]
+ {[I<base>] | [I<--shallow>]} [I<top>] [I<--delete>]
+-[I<--wait> [I<--verbose>] [I<--timeout> B<seconds>]]
++[I<--wait> [I<--verbose>] [I<--timeout> B<seconds>] [I<--async>]]
+ 
+ Reduce the length of a backing image chain, by committing changes at the
+ top of the chain (snapshot or delta files) into backing images.  By
+@@ -756,7 +756,10 @@ operation can be checked with B<blockjob>.  However, if I<--wait> is
+ specified, then this command will block until the operation completes,
+ or cancel the operation if the optional I<timeout> in seconds elapses
+ or SIGINT is sent (usually with C<Ctrl-C>).  Using I<--verbose> along
+-with I<--wait> will produce periodic status updates.
++with I<--wait> will produce periodic status updates.  If job cancellation
++is triggered, I<--async> will return control to the user as fast as
++possible, otherwise the command may continue to block a little while
++longer until the job is done cleaning up.
+ 
+ I<path> specifies fully-qualified path of the disk; it corresponds
+ to a unique target name (<target dev='name'/>) or source file (<source

0110-Fix-typo-in-identity-code-which-is-pre-requisite-for.patch

@@ -0,0 +1,38 @@
+From b4e1fb2febb00173b1489634262169554e8f6a1d Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Mon, 23 Sep 2013 12:46:25 +0100
+Subject: [PATCH] Fix typo in identity code which is pre-requisite for
+ CVE-2013-4311
+
+The fix for CVE-2013-4311 had a pre-requisite enhancement
+to the identity code
+
+  commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
+  Author: Daniel P. Berrange <berrange@redhat.com>
+  Date:   Thu Aug 22 16:00:01 2013 +0100
+
+    Also store user & group ID values in virIdentity
+
+This had a typo which caused the group ID to overwrite the
+user ID string. This meant any checks using this would have
+the wrong ID value. This only affected the ACL code, not the
+initial polkit auth. It also leaked memory.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ src/rpc/virnetserverclient.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
+index 19c4100..0b9ab52 100644
+--- a/src/rpc/virnetserverclient.c
++++ b/src/rpc/virnetserverclient.c
+@@ -678,7 +678,7 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+             goto cleanup;
+         if (!(groupname = virGetGroupName(gid)))
+             goto cleanup;
+-        if (virAsprintf(&userid, "%d", (int)gid) < 0)
++        if (virAsprintf(&groupid, "%d", (int)gid) < 0)
+             goto cleanup;
+         if (virAsprintf(&processid, "%llu",
+                         (unsigned long long)pid) < 0)

0111-Add-a-virNetSocketNewConnectSockFD-method.patch

@@ -0,0 +1,69 @@
+From 9e7cec4d755341cfb4c27c16aa59b22135612f0e Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Mon, 23 Sep 2013 12:46:26 +0100
+Subject: [PATCH] Add a virNetSocketNewConnectSockFD method
+
+To allow creation of a virNetSocketPtr instance from a pre-opened
+socketpair FD, add a virNetSocketNewConnectSockFD method.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ src/libvirt_private.syms |  1 +
+ src/rpc/virnetsocket.c   | 18 ++++++++++++++++++
+ src/rpc/virnetsocket.h   |  2 ++
+ 3 files changed, 21 insertions(+)
+
+diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
+index 35f0f1b..873d93d 100644
+--- a/src/libvirt_private.syms
++++ b/src/libvirt_private.syms
+@@ -1008,6 +1008,7 @@ virNetSocketLocalAddrString;
+ virNetSocketNewConnectCommand;
+ virNetSocketNewConnectExternal;
+ virNetSocketNewConnectLibSSH2;
++virNetSocketNewConnectSockFD;
+ virNetSocketNewConnectSSH;
+ virNetSocketNewConnectTCP;
+ virNetSocketNewConnectUNIX;
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index ae81512..b311aae 100644
+--- a/src/rpc/virnetsocket.c
++++ b/src/rpc/virnetsocket.c
+@@ -884,6 +884,24 @@ int virNetSocketNewConnectExternal(const char **cmdargv,
+ }
+ 
+ 
++int virNetSocketNewConnectSockFD(int sockfd,
++                                 virNetSocketPtr *retsock)
++{
++    virSocketAddr localAddr;
++
++    localAddr.len = sizeof(localAddr.data);
++    if (getsockname(sockfd, &localAddr.data.sa, &localAddr.len) < 0) {
++        virReportSystemError(errno, "%s", _("Unable to get local socket name"));
++        return -1;
++    }
++
++    if (!(*retsock = virNetSocketNew(&localAddr, NULL, true, sockfd, -1, -1)))
++        return -1;
++
++    return 0;
++}
++
++
+ virNetSocketPtr virNetSocketNewPostExecRestart(virJSONValuePtr object)
+ {
+     virSocketAddr localAddr;
+diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
+index ca9ae91..86bc2f6 100644
+--- a/src/rpc/virnetsocket.h
++++ b/src/rpc/virnetsocket.h
+@@ -97,6 +97,8 @@ int virNetSocketNewConnectLibSSH2(const char *host,
+ int virNetSocketNewConnectExternal(const char **cmdargv,
+                                    virNetSocketPtr *addr);
+ 
++int virNetSocketNewConnectSockFD(int sockfd,
++                                 virNetSocketPtr *retsock);
+ 
+ virNetSocketPtr virNetSocketNewPostExecRestart(virJSONValuePtr object);
+ 

0112-Add-test-case-for-virNetServerClient-object-identity.patch

@@ -0,0 +1,305 @@
+From 7e1b75ca5d4127a86ff1eaa0dfe37b485eeb0a7a Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Mon, 23 Sep 2013 12:46:27 +0100
+Subject: [PATCH] Add test case for virNetServerClient object identity code
+
+Start a test case for the virNetServerClient object, which
+initially checks the creation of a virIdentityPtr object.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ cfg.mk                         |   2 +-
+ tests/Makefile.am              |  14 +++-
+ tests/virnetserverclientmock.c |  64 +++++++++++++++++
+ tests/virnetserverclienttest.c | 159 +++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 237 insertions(+), 2 deletions(-)
+ create mode 100644 tests/virnetserverclientmock.c
+ create mode 100644 tests/virnetserverclienttest.c
+
+diff --git a/cfg.mk b/cfg.mk
+index 9a9616c..7f817ef 100644
+--- a/cfg.mk
++++ b/cfg.mk
+@@ -939,7 +939,7 @@ exclude_file_name_regexp--sc_prohibit_asprintf = \
+   ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|examples/domain-events/events-c/event-test\.c$$|tests/vircgroupmock\.c$$)
+ 
+ exclude_file_name_regexp--sc_prohibit_strdup = \
+-  ^(docs/|examples/|python/|src/util/virstring\.c$$)
++  ^(docs/|examples/|python/|src/util/virstring\.c|tests/virnetserverclientmock.c$$)
+ 
+ exclude_file_name_regexp--sc_prohibit_close = \
+   (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vircgroupmock\.c)$$)
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index c800179..ae99b38 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -114,7 +114,7 @@ test_programs = virshtest sockettest \
+ 	nodeinfotest virbuftest \
+ 	commandtest seclabeltest \
+ 	virhashtest virnetmessagetest virnetsockettest \
+-	viratomictest \
++	viratomictest virnetserverclienttest \
+ 	utiltest shunloadtest \
+ 	virtimetest viruritest virkeyfiletest \
+ 	virauthconfigtest \
+@@ -281,6 +281,7 @@ EXTRA_DIST += $(test_scripts)
+ 
+ test_libraries = libshunload.la \
+ 		libvirportallocatormock.la \
++		virnetserverclientmock.la \
+ 		vircgroupmock.la \
+ 		$(NULL)
+ if WITH_QEMU
+@@ -611,6 +612,17 @@ virnetsockettest_SOURCES = \
+ 	virnetsockettest.c testutils.h testutils.c
+ virnetsockettest_LDADD = $(LDADDS)
+ 
++virnetserverclienttest_SOURCES = \
++	virnetserverclienttest.c \
++	testutils.h testutils.c
++virnetserverclienttest_LDADD = $(LDADDS)
++
++virnetserverclientmock_la_SOURCES = \
++	virnetserverclientmock.c
++virnetserverclientmock_la_CFLAGS = $(AM_CFLAGS)
++virnetserverclientmock_la_LDFLAGS = -module -avoid-version \
++        -rpath /evil/libtool/hack/to/force/shared/lib/creation
++
+ if WITH_GNUTLS
+ virnettlscontexttest_SOURCES = \
+ 	virnettlscontexttest.c \
+diff --git a/tests/virnetserverclientmock.c b/tests/virnetserverclientmock.c
+new file mode 100644
+index 0000000..caef1e3
+--- /dev/null
++++ b/tests/virnetserverclientmock.c
+@@ -0,0 +1,64 @@
++/*
++ * Copyright (C) 2013 Red Hat, Inc.
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library.  If not, see
++ * <http://www.gnu.org/licenses/>.
++ *
++ * Author: Daniel P. Berrange <berrange@redhat.com>
++ */
++
++#include <config.h>
++
++#include "rpc/virnetsocket.h"
++#include "virutil.h"
++#include "internal.h"
++
++int virEventAddTimeout(int frequency ATTRIBUTE_UNUSED,
++                       virEventTimeoutCallback cb ATTRIBUTE_UNUSED,
++                       void *opaque ATTRIBUTE_UNUSED,
++                       virFreeCallback ff ATTRIBUTE_UNUSED)
++{
++    return 0;
++}
++
++int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
++                                uid_t *uid,
++                                gid_t *gid,
++                                pid_t *pid,
++                                unsigned long long *timestamp)
++{
++    *uid = 666;
++    *gid = 7337;
++    *pid = 42;
++    *timestamp = 12345678;
++    return 0;
++}
++
++char *virGetUserName(uid_t uid ATTRIBUTE_UNUSED)
++{
++    return strdup("astrochicken");
++}
++
++char *virGetGroupName(gid_t gid ATTRIBUTE_UNUSED)
++{
++    return strdup("fictionalusers");
++}
++
++int virNetSocketGetSELinuxContext(virNetSocketPtr sock ATTRIBUTE_UNUSED,
++                                  char **context)
++{
++    if (!(*context = strdup("foo_u:bar_r:wizz_t:s0-s0:c0.c1023")))
++        return -1;
++    return 0;
++}
+diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c
+new file mode 100644
+index 0000000..1ddff3e
+--- /dev/null
++++ b/tests/virnetserverclienttest.c
+@@ -0,0 +1,159 @@
++/*
++ * Copyright (C) 2013 Red Hat, Inc.
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library.  If not, see
++ * <http://www.gnu.org/licenses/>.
++ *
++ * Author: Daniel P. Berrange <berrange@redhat.com>
++ */
++
++#include <config.h>
++
++#include "testutils.h"
++#include "virerror.h"
++#include "rpc/virnetserverclient.h"
++
++#define VIR_FROM_THIS VIR_FROM_RPC
++
++#ifdef HAVE_SOCKETPAIR
++static int testIdentity(const void *opaque ATTRIBUTE_UNUSED)
++{
++    int sv[2];
++    int ret = -1;
++    virNetSocketPtr sock = NULL;
++    virNetServerClientPtr client = NULL;
++    virIdentityPtr ident = NULL;
++    const char *gotUsername = NULL;
++    const char *gotUserID = NULL;
++    const char *gotGroupname = NULL;
++    const char *gotGroupID = NULL;
++    const char *gotSELinuxContext = NULL;
++
++    if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) {
++        virReportSystemError(errno, "%s",
++                             "Cannot create socket pair");
++        return -1;
++    }
++
++    if (virNetSocketNewConnectSockFD(sv[0], &sock) < 0) {
++        virDispatchError(NULL);
++        goto cleanup;
++    }
++    sv[0] = -1;
++
++    if (!(client = virNetServerClientNew(sock, 0, false, 1,
++# ifdef WITH_GNUTLS
++                                         NULL,
++# endif
++                                         NULL, NULL, NULL, NULL))) {
++        virDispatchError(NULL);
++        goto cleanup;
++    }
++
++    if (!(ident = virNetServerClientGetIdentity(client))) {
++        fprintf(stderr, "Failed to create identity\n");
++        goto cleanup;
++    }
++
++    if (virIdentityGetAttr(ident,
++                           VIR_IDENTITY_ATTR_UNIX_USER_NAME,
++                           &gotUsername) < 0) {
++        fprintf(stderr, "Missing username in identity\n");
++        goto cleanup;
++    }
++    if (STRNEQ_NULLABLE("astrochicken", gotUsername)) {
++        fprintf(stderr, "Want username 'astrochicken' got '%s'\n",
++                NULLSTR(gotUsername));
++        goto cleanup;
++    }
++
++    if (virIdentityGetAttr(ident,
++                           VIR_IDENTITY_ATTR_UNIX_USER_ID,
++                           &gotUserID) < 0) {
++        fprintf(stderr, "Missing user ID in identity\n");
++        goto cleanup;
++    }
++    if (STRNEQ_NULLABLE("666", gotUserID)) {
++        fprintf(stderr, "Want username '666' got '%s'\n",
++                NULLSTR(gotUserID));
++        goto cleanup;
++    }
++
++    if (virIdentityGetAttr(ident,
++                           VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
++                           &gotGroupname) < 0) {
++        fprintf(stderr, "Missing groupname in identity\n");
++        goto cleanup;
++    }
++    if (STRNEQ_NULLABLE("fictionalusers", gotGroupname)) {
++        fprintf(stderr, "Want groupname 'fictionalusers' got '%s'\n",
++                NULLSTR(gotGroupname));
++        goto cleanup;
++    }
++
++    if (virIdentityGetAttr(ident,
++                           VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
++                           &gotGroupID) < 0) {
++        fprintf(stderr, "Missing group ID in identity\n");
++        goto cleanup;
++    }
++    if (STRNEQ_NULLABLE("7337", gotGroupID)) {
++        fprintf(stderr, "Want groupname '7337' got '%s'\n",
++                NULLSTR(gotGroupID));
++        goto cleanup;
++    }
++
++    if (virIdentityGetAttr(ident,
++                           VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
++                           &gotSELinuxContext) < 0) {
++        fprintf(stderr, "Missing SELinux context in identity\n");
++        goto cleanup;
++    }
++    if (STRNEQ_NULLABLE("foo_u:bar_r:wizz_t:s0-s0:c0.c1023", gotSELinuxContext)) {
++        fprintf(stderr, "Want groupname 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n",
++                NULLSTR(gotGroupID));
++        goto cleanup;
++    }
++
++    ret = 0;
++ cleanup:
++    virObjectUnref(sock);
++    virObjectUnref(client);
++    virObjectUnref(ident);
++    VIR_FORCE_CLOSE(sv[0]);
++    VIR_FORCE_CLOSE(sv[1]);
++    return ret;
++}
++
++
++static int
++mymain(void)
++{
++    int ret = 0;
++
++
++    if (virtTestRun("Identity", 1,
++                    testIdentity, NULL) < 0)
++        ret = -1;
++
++    return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
++}
++#else
++static int
++mymain(void)
++{
++    return AM_TEST_SKIP;
++}
++#endif
++VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virnetserverclientmock.so")

libvirt.spec

@@ -13,6 +13,9 @@
 # touch configure.ac or Makefile.am.
 %{!?enable_autotools:%define enable_autotools 0}
 
+# Drop after libvirt-1.1.3 is rebased
+%define enable_autotools 1
+
 # A client only build will create a libvirt.so only containing
 # the generic RPC driver, and test driver and no libvirtd
 # Default to a full server + client build
@@ -366,7 +369,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 1.1.2
-Release: 2%{?dist}%{?extra_release}
+Release: 3%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -387,6 +390,20 @@ Patch0006: 0006-domain_conf-Add-disk-bus-sd-wire-it-up-for-qemu.patch
 Patch0007: 0007-qemu-Fix-networking-for-ARM-guests.patch
 Patch0008: 0008-qemu-Support-virtio-mmio-transport-for-virtio-on-ARM.patch
 
+# Sync with v1.1.2-maint
+Patch0101: 0101-virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch
+Patch0102: 0102-Fix-AM_LDFLAGS-typo.patch
+Patch0103: 0103-Pass-AM_LDFLAGS-to-driver-modules-too.patch
+Patch0104: 0104-build-fix-build-with-latest-rawhide-kernel-headers.patch
+Patch0105: 0105-Also-store-user-group-ID-values-in-virIdentity.patch
+Patch0106: 0106-Ensure-system-identity-includes-process-start-time.patch
+Patch0107: 0107-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch
+Patch0108: 0108-Fix-crash-in-remoteDispatchDomainMemoryStats-CVE-201.patch
+Patch0109: 0109-virsh-add-missing-async-option-in-opts_block_commit.patch
+Patch0110: 0110-Fix-typo-in-identity-code-which-is-pre-requisite-for.patch
+Patch0111: 0111-Add-a-virNetSocketNewConnectSockFD-method.patch
+Patch0112: 0112-Add-test-case-for-virNetServerClient-object-identity.patch
+
 %if %{with_libvirtd}
 Requires: libvirt-daemon = %{version}-%{release}
     %if %{with_network}
@@ -608,6 +625,7 @@ BuildRequires: audit-libs-devel
 BuildRequires: systemtap-sdt-devel
 %endif
 
+
 %if %{with_storage_fs}
 # For mount/umount in FS driver
 BuildRequires: util-linux
@@ -1172,6 +1190,20 @@ of recent versions of Linux (and other OSes).
 %patch0007 -p1
 %patch0008 -p1
 
+# Sync with v1.1.2-maint
+%patch0101 -p1
+%patch0102 -p1
+%patch0103 -p1
+%patch0104 -p1
+%patch0105 -p1
+%patch0106 -p1
+%patch0107 -p1
+%patch0108 -p1
+%patch0109 -p1
+%patch0110 -p1
+%patch0111 -p1
+%patch0112 -p1
+
 %build
 %if ! %{with_xen}
     %define _without_xen --without-xen
@@ -2125,6 +2157,14 @@ fi
 %endif
 
 %changelog
+* Mon Sep 23 2013 Cole Robinson <crobinso@redhat.com> - 1.1.2-3
+- Sync with v1.1.2-maint
+- Rebuild for libswan soname bump (bz #1009701)
+- CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332)
+- CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667)
+- CVE-2013-4297: Invalid free in NBDDeviceAssociate (bz #1006505, bz #1006511)
+- Fix virsh block-commit abort (bz #1010056)
+
 * Wed Sep 18 2013 Daniel P. Berrange <berrange@redhat.com> - 1.1.2-2
 - Rebuild for soname break in openswman package