1. Patchew
  2. Libvirt
  3. View series

[libvirt PATCH 00/17] Bump minimum dnsmasq version

Ján Tomko posted 17 patches 2 years, 4 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1639508754.git.jtomko@redhat.com
libvirt.spec.in                               |   2 -
meson.build                                   |   1 -
src/conf/virnetworkobj.c                      |  16 -
src/conf/virnetworkobj.h                      |   7 -
src/libvirt_private.syms                      |   4 -
src/network/bridge_driver.c                   | 459 ++----------------
src/network/bridge_driver_platform.h          |   1 -
src/util/virdnsmasq.c                         |  69 +--
src/util/virdnsmasq.h                         |  24 -
.../networkxml2confdata/isolated-network.conf |   5 +-
.../nat-network-dns-srv-record-minimal.conf   |  10 +-
.../nat-network-dns-srv-record.conf           |   2 +
.../nat-network-dns-txt-record.conf           |   2 +
.../nat-network-name-with-quotes.conf         |  10 +-
.../networkxml2confdata/netboot-network.conf  |   4 +-
.../netboot-proxy-network.conf                |   4 +-
tests/networkxml2conftest.c                   |  32 +-
17 files changed, 83 insertions(+), 569 deletions(-)
[libvirt PATCH 00/17] Bump minimum dnsmasq version
Posted by Ján Tomko 2 years, 4 months ago 
This bumps the minimum dnsmasq version to the point where we do not need
capability probing, reducing it to a version check (which I will be
happy to remove on request).

Unless I missed something, this also means we no longer need to spawn
radvd manually.

Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream
mitigation of a CVE that should no longer be needed if we have
--bind-dynamic

Ján Tomko (17):
  util: dnsmasqCapsSetFromBuffer: use error label
  tests: do not test dnsmasq older than 2.67
  util: dnsmasq: mandate at least version 2.67
  network: assume DNSMASQ_DHCPv6_SUPPORT
  network: assume DNSMASQ_RA_SUPPORT
  util: remove DNSMASQ_RA_SUPPORT
  network: assume DNSMASQ_CAPS_BIND_DYNAMIC
  network: assume DNSMASQ_CAPS_RA_PARAM
  util: dnsmasq: delete assumed capability flags
  network: remove any code dealing with radvd
  network: driver: remove unused radvdStateDir variable
  conf: remove radvdPid from virNetworkObj
  build: do not search for radvd binary
  spec: do not require radvd
  util: remove dnsmasqCapsGetVersion
  util: dnsmasq: remove caps completely
  network: remove unused 'driver' parameter

 libvirt.spec.in                               |   2 -
 meson.build                                   |   1 -
 src/conf/virnetworkobj.c                      |  16 -
 src/conf/virnetworkobj.h                      |   7 -
 src/libvirt_private.syms                      |   4 -
 src/network/bridge_driver.c                   | 459 ++----------------
 src/network/bridge_driver_platform.h          |   1 -
 src/util/virdnsmasq.c                         |  69 +--
 src/util/virdnsmasq.h                         |  24 -
 .../networkxml2confdata/isolated-network.conf |   5 +-
 .../nat-network-dns-srv-record-minimal.conf   |  10 +-
 .../nat-network-dns-srv-record.conf           |   2 +
 .../nat-network-dns-txt-record.conf           |   2 +
 .../nat-network-name-with-quotes.conf         |  10 +-
 .../networkxml2confdata/netboot-network.conf  |   4 +-
 .../netboot-proxy-network.conf                |   4 +-
 tests/networkxml2conftest.c                   |  32 +-
 17 files changed, 83 insertions(+), 569 deletions(-)

-- 
2.31.1
Re: [libvirt PATCH 00/17] Bump minimum dnsmasq version
Posted by Laine Stump 2 years, 4 months ago 
On 12/14/21 2:09 PM, Ján Tomko wrote:
> This bumps the minimum dnsmasq version to the point where we do not need
> capability probing, reducing it to a version check (which I will be
> happy to remove on request).
> 
> Unless I missed something, this also means we no longer need to spawn
> radvd manually.

The code doesn't lie! If removing the bits that were only true for older 
dnsmasq removed the lines that ran radvd, then it's true. (I recall that 
support for RA was added to dnsmasq fairly soon after the original ipv6 
support was added, and radvd was left in libvirt only because there were 
so many downstreams that still had an older dnsmasq).

> 
> Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream
> mitigation of a CVE that should no longer be needed if we have
> --bind-dynamic
> 
>[...]

>   17 files changed, 83 insertions(+), 569 deletions(-)

Nice!!!

After the minor fixes I noted in 03/17 and 08/17

Reviewed-by: Laine Stump <laine@redhat.com>

/me ponders what I should idly suggest be removed next...
Re: [libvirt PATCH 00/17] Bump minimum dnsmasq version
Posted by Michal Prívozník 2 years, 4 months ago 
On 12/14/21 21:06, Laine Stump wrote:
> On 12/14/21 2:09 PM, Ján Tomko wrote:
>> This bumps the minimum dnsmasq version to the point where we do not need
>> capability probing, reducing it to a version check (which I will be
>> happy to remove on request).
>>
>> Unless I missed something, this also means we no longer need to spawn
>> radvd manually.
> 
> The code doesn't lie! If removing the bits that were only true for older
> dnsmasq removed the lines that ran radvd, then it's true. (I recall that
> support for RA was added to dnsmasq fairly soon after the original ipv6
> support was added, and radvd was left in libvirt only because there were
> so many downstreams that still had an older dnsmasq).
> 
>>
>> Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream
>> mitigation of a CVE that should no longer be needed if we have
>> --bind-dynamic
>>
>> [...]
> 
>>   17 files changed, 83 insertions(+), 569 deletions(-)
> 
> Nice!!!
> 
> After the minor fixes I noted in 03/17 and 08/17
> 
> Reviewed-by: Laine Stump <laine@redhat.com>
> 
> /me ponders what I should idly suggest be removed next...

Parallels driver (src/vz/)? ;-)

Michal

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.