Name: | libvirt-daemon-driver-nwfilter |
---|---|
Version: | 4.5.0 |
Release: | 23.2.0.1.module+el8.0.0+5225+ce2eb65e |
Architecture: | aarch64 |
Module: | virt:ol:8000020190516125745:55190bc5 virt:ol:8000020190529063309:55190bc5 |
Group: | Unspecified |
Size: | 228088 |
License: | LGPLv2+ |
RPM: | libvirt-daemon-driver-nwfilter-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e.aarch64.rpm |
Source RPM: | libvirt-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e.src.rpm |
Build Date: | Tue Jul 02 2019 |
Build Host: | ca-arm-builder-03.us.oracle.com |
Vendor: | Oracle America |
URL: | https://libvirt.org/ |
Summary: | Nwfilter driver plugin for the libvirtd daemon |
Description: | The nwfilter driver plugin for the libvirtd daemon, providing an implementation of the firewall APIs using the ebtables, iptables and ip6tables capabilities |
- added librbd1 as dependency (Keshav Sharma)
- admin: reject clients unless their UID matches the current UID (CVE-2019-10132) - locking: restrict sockets to mode 0600 (CVE-2019-10132) - logging: restrict sockets to mode 0600 (CVE-2019-10132)
- cpu_x86: Do not cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127) - qemu: Don't cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127) - cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127) - cpu_map: Define md-clear CPUID bit (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)
- network: explicitly allow icmp/icmpv6 in libvirt zonefile (rhbz#1650320)
- util: fix memory leak in virFirewallDInterfaceSetZone() (rhbz#1650320)
- docs: Drop /dev/net/tun from the list of shared devices (rhbz#1665400) - qemu: conf: Remove /dev/sev from the default cgroup device acl list (rhbz#1665400) - qemu: cgroup: Expose /dev/sev/ only to domains that require SEV (rhbz#1665400) - qemu: domain: Add /dev/sev into the domain mount namespace selectively (rhbz#1665400) - security: dac: Relabel /dev/sev in the namespace (rhbz#1665400) - qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues (rhbz#1665400) - qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root (rhbz#1665400) - Revert "RHEL: Require firewalld-filesystem for firewalld rpm macros" (rhbz#1650320) - Revert "RHEL: network: regain guest network connectivity after firewalld switch to nftables" (rhbz#1650320) - configure: change HAVE_FIREWALLD to WITH_FIREWALLD (rhbz#1650320) - util: move all firewalld-specific stuff into its own files (rhbz#1650320) - util: new virFirewallD APIs + docs (rhbz#1650320) - configure: selectively install a firewalld 'libvirt' zone (rhbz#1650320) - network: set firewalld zone of bridges to "libvirt" zone when appropriate (rhbz#1650320) - network: allow configuring firewalld zone for virtual network bridge device (rhbz#1650320) - util: remove test code accidentally committed to virFirewallDZoneExists (rhbz#1650320) - qemu: command: Don't skip 'readonly' and throttling info for empty drive (rhbz#1670337)
- RHEL: qemu: Fix crash trying to use iSCSI hostdev (rhbz#1669424)
- qemu: Fix logic error in qemuSetUnprivSGIO (rhbz#1666605) - tests: qemuxml2argv: Add test case for empty CDROM with cache mode (rhbz#1553255) - qemu: command: Don't format image properties for empty -drive (rhbz#1553255)
- conf: correct false boot order error during domain parse (rhbz#1630393) - qemu: Remove duplicated qemuAgentCheckError (rhbz#1665000) - qemu: require reply from guest agent in qemuAgentGetInterfaces (rhbz#1665000) - qemu: Filter non SCSI hostdevs in qemuHostdevPrepareSCSIDevices (rhbz#1665244) - util: remove const specifier from nlmsghdr arg to virNetlinkDumpCallback() (rhbz#1583131) - util: add a function to insert new interfaces to IPv6CheckForwarding list (rhbz#1583131) - util: use nlmsg_find_attr() instead of an open-coded loop (rhbz#1583131) - util: check accept_ra for all nexthop interfaces of multipath routes (rhbz#1583131) - util: make forgotten changes suggested during review of commit d40b820c (rhbz#1583131)
- virsh: Strip XML declaration when extracting CPU XMLs (rhbz#1659048) - RHEL: qemu: Add ability to set sgio values for hostdev (rhbz#1582424) - RHEL: qemu: Add check for unpriv sgio for SCSI generic host device (rhbz#1582424) - qemu: Alter @val usage in qemuSetUnprivSGIO (rhbz#1656362) - qemu: Alter qemuSetUnprivSGIO hostdev shareable logic (rhbz#1656362)