[Libvirt-announce] Release of libvirt-5.4.0

Daniel Veillard veillard at redhat.com
Mon Jun 3 16:09:16 UTC 2019 

 It's out ! The release is tagged in git, and I provided signed tarball
and source rpms to the usual place:

   https://libvirt.org/sources/


I also cut off a 5.4.0 release of the python bindings but code is same a 5.3.0
one, you can find signed tarball and source rpms at:

   https://libvirt.org/sources/python/


Main theme of this release is security, there is a set of advisory covered
so users are invited to update, along with some improvements and bug fixes.


Security:

- cpu: Introduce support for the md-clear CPUID bit
  This bit is set when microcode provides the mechanism to invoke a flush
  of various exploitable CPU buffers by invoking the x86 VERW
  instruction. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
  CVE-2019-11091.

- Restrict user access to virt-admin, virtlogd and virtlockd
  The intended users for these facilities are the root user and the
  libvirtd service respectively, but these restrictions were not enforced
  correctly. CVE-2019-10132.

Improvements:

- test driver: Expand API coverage
  Several APIs that were missing from the test driver have now been
  implemented.

- Avoid unnecessary static linking
  Most binaries shipped as part of libvirt, for example virtlogd and
  libvirt_iohelper, were embedding parts of the library even though they
  also linked against the libvirt.so dynamic library. This is no longer
  the case, which results in both the disk and memory footprint being
  reduced.

- qemu: Report stat-htlb-pgalloc and stat-htlb-pgfail balloon stats
  These stats have been introduced in QEMU 3.0.

Bug fixes:

- qemu: Fix emulator scheduler support
  Setting the scheduler for QEMU's main thread before QEMU had a chance
  to start up other threads was misleading as it would affect other
  threads (vCPU and I/O) as well. In some particular situations this
  could also lead to an error when the thread for vCPU #0 was being moved
  to its cpu,cpuacct cgroup. This was fixed so that the scheduler for the
  main thread is set after QEMU starts.

- apparmor: Allow hotplug of vhost-scsi devices

  Thanks everybody who contributed to this release, be it with bug reports,
patches, reviews, docs ...

    Enjoy !

Daniel

-- 
Daniel Veillard      | Red Hat Developers Tools http://developer.redhat.com/
veillard at redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/

More information about the Libvirt-announce mailing list