Merge remote-tracking branch 'up/f38' into f38-riscv64

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>

0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch

@@ -1,10 +1,10 @@
+From e54512fe75f85640c0c73e53e6f8bd0b9d193529 Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 1 Feb 2022 20:09:37 +0100
-Subject: [PATCH] target/i386: the sgx_epc_get_section stub is reachable
+Subject: [PATCH 1/7] target/i386: the sgx_epc_get_section stub is reachable
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
-Content-type: text/plain
 
 The sgx_epc_get_section stub is reachable from cpu_x86_cpuid.  It
 should not assert, instead it should just return true just like
@@ -28,3 +28,6 @@ index 26833eb233..16b1dfd90b 100644
 -    g_assert_not_reached();
 +    return true;
  }
+-- 
+2.37.3
+

0002-tests-Disable-pci_virtio_vga-for-ppc64.patch

@@ -1,7 +1,7 @@
-From f6d5fd60f54fb9dcdc3733154637a3a214f5d5af Mon Sep 17 00:00:00 2001
+From 2f0a0afbf915d36c39c5cfac1e31c6edc7f47bef Mon Sep 17 00:00:00 2001
 From: "Eduardo Lima (Etrunko)" <etrunko@redhat.com>
 Date: Thu, 1 Sep 2022 12:43:49 -0300
-Subject: [PATCH] tests: Disable pci_virtio_vga for ppc64
+Subject: [PATCH 2/7] tests: Disable pci_virtio_vga for ppc64
 
 starting QEMU: exec ./qemu-system-ppc64 -qtest unix:/tmp/qtest-2378197.sock -qtest-log /dev/null -chardev socket,path=/tmp/qtest-2378197.qmp,id=char0 -mon chardev=char0,mode=control -display none -vga none -device virtio-vga -accel qtest
 stderr:
@@ -28,5 +28,5 @@ index ace3bb28e0..628dad4cf2 100644
      }
  
 -- 
-2.37.2
+2.37.3
 

0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch

@@ -1,7 +1,7 @@
-From ebff02a43374c1138d4f8b2c07d2088a3921c288 Mon Sep 17 00:00:00 2001
+From 5c1d2f920c14d6e8f4ac7abc62714eadaa60f228 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
 Date: Tue, 10 Jan 2023 12:37:14 -0500
-Subject: [PATCH 1/2] Revert "linux-user: add more compat ioctl definitions"
+Subject: [PATCH 3/7] Revert "linux-user: add more compat ioctl definitions"
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -27,7 +27,7 @@ Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
  1 file changed, 25 deletions(-)
 
 diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 1f8c10f8ef..9c1e9555e1 100644
+index 24b25759be..10af5e0d8e 100644
 --- a/linux-user/syscall.c
 +++ b/linux-user/syscall.c
 @@ -111,31 +111,6 @@
@@ -63,5 +63,5 @@ index 1f8c10f8ef..9c1e9555e1 100644
  #include <linux/fs.h>
  #endif
 -- 
-2.38.1
+2.37.3
 

0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch

@@ -1,7 +1,7 @@
-From f0f11a1435802b5c8ee8337a7b0c0f337d8f9936 Mon Sep 17 00:00:00 2001
+From b40cf0a490c28d5b79e05382d061983b92a7b2b3 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
 Date: Tue, 10 Jan 2023 12:37:25 -0500
-Subject: [PATCH 2/2] Revert "linux-user: fix compat with glibc >= 2.36
+Subject: [PATCH 4/7] Revert "linux-user: fix compat with glibc >= 2.36
  sys/mount.h"
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
@@ -29,7 +29,7 @@ Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
  2 files changed, 20 deletions(-)
 
 diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 9c1e9555e1..f2b7634f5e 100644
+index 10af5e0d8e..d974c76b60 100644
 --- a/linux-user/syscall.c
 +++ b/linux-user/syscall.c
 @@ -95,25 +95,7 @@
@@ -59,10 +59,10 @@ index 9c1e9555e1..f2b7634f5e 100644
  #if defined(CONFIG_FIEMAP)
  #include <linux/fiemap.h>
 diff --git a/meson.build b/meson.build
-index 175517eafd..32fed7ea6e 100644
+index 5c6b5a1c75..3172b01089 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -2039,8 +2039,6 @@ config_host_data.set('HAVE_OPTRESET',
+@@ -2032,8 +2032,6 @@ config_host_data.set('HAVE_OPTRESET',
                       cc.has_header_symbol('getopt.h', 'optreset'))
  config_host_data.set('HAVE_IPPROTO_MPTCP',
                       cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP'))
@@ -72,5 +72,5 @@ index 175517eafd..32fed7ea6e 100644
  # has_member
  config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID',
 -- 
-2.38.1
+2.37.3
 

0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch

@@ -0,0 +1,43 @@
+From 930def8769940600dd7dd587ec2accd4a8b6e1f8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
+Date: Mon, 27 Feb 2023 16:02:51 +0000
+Subject: [PATCH 6/7] [PATCH] test-vmstate: fix bad GTree usage, use-after-free
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+According to g_tree_foreach() documentation:
+"The tree may not be modified while iterating over it (you can't
+add/remove items)."
+
+Fixes: 9a85e4b8f6 ("migration: Support gtree migration")
+Cc: Eric Auger <eric.auger@redhat.com>
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+---
+ tests/unit/test-vmstate.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/tests/unit/test-vmstate.c b/tests/unit/test-vmstate.c
+index 541bb4f63e..36b253eb67 100644
+--- a/tests/unit/test-vmstate.c
++++ b/tests/unit/test-vmstate.c
+@@ -1074,7 +1074,6 @@ static gboolean diff_tree(gpointer key, gpointer value, gpointer data)
+     struct match_node_data d = {tp->tree2, key, value};
+ 
+     g_tree_foreach(tp->tree2, tp->match_node, &d);
+-    g_tree_remove(tp->tree1, key);
+     return false;
+ }
+ 
+@@ -1084,7 +1083,7 @@ static void compare_trees(GTree *tree1, GTree *tree2,
+     struct tree_cmp_data tp = {tree1, tree2, function};
+ 
+     g_tree_foreach(tree1, diff_tree, &tp);
+-    assert(g_tree_nnodes(tree1) == 0);
++    g_tree_destroy(g_tree_ref(tree1));
+     assert(g_tree_nnodes(tree2) == 0);
+ }
+ 
+-- 
+2.37.3
+

0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch

@@ -0,0 +1,42 @@
+From 4021e0a116b568c312b864dfc27dfeed3317538a Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Mon, 27 Feb 2023 17:37:10 +0000
+Subject: [PATCH 7/7] tests: Ensure TAP version is printed before other
+ messages
+
+These two tests were failing with this error:
+
+  stderr:
+  TAP parsing error: version number must be on the first line
+  [...]
+  Unknown TAP version. The first line MUST be `TAP version <int>`. Assuming version 12.
+
+This can be fixed by ensuring we always call g_test_init first in the
+body of main.
+
+Thanks: Daniel Berrange, for diagnosing the problem
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+---
+ tests/qtest/rtl8139-test.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/tests/qtest/rtl8139-test.c b/tests/qtest/rtl8139-test.c
+index 8fa3313cc3..90bb616974 100644
+--- a/tests/qtest/rtl8139-test.c
++++ b/tests/qtest/rtl8139-test.c
+@@ -196,9 +196,10 @@ int main(int argc, char **argv)
+ {
+     int ret;
+ 
+-    qtest_start("-device rtl8139");
+-
+     g_test_init(&argc, &argv, NULL);
++
++    qtest_start("-device rtl8139");
++
+     qtest_add_func("/rtl8139/nop", nop);
+     qtest_add_func("/rtl8139/timer", test_init);
+ 
+-- 
+2.37.3
+

0008-qga-win32-local-privilege-escalation.patch

@@ -0,0 +1,129 @@
+From 0575c4d5cb7520850359aeff62e11e80e5b65c55 Mon Sep 17 00:00:00 2001
+From: Konstantin Kostiuk <kkostiuk@redhat.com>
+Date: Fri, 3 Mar 2023 21:20:08 +0200
+Subject: [PATCH] qga/win32: Use rundll for VSS installation
+
+The custom action uses cmd.exe to run VSS Service installation
+and removal which causes an interactive command shell to spawn.
+This shell can be used to execute any commands as a SYSTEM user.
+Even if call qemu-ga.exe directly the interactive command shell
+will be spawned as qemu-ga.exe is a console application and used
+by users from the console as well as a service.
+
+As VSS Service runs from DLL which contains the installer and
+uninstaller code, it can be run directly by rundll32.exe without
+any interactive command shell.
+
+Add specific entry points for rundll which is just a wrapper
+for COMRegister/COMUnregister functions with proper arguments.
+
+resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
+fixes: CVE-2023-0664 (part 2 of 2)
+
+Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
+Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>
+Reported-by: Brian Wiltse <brian.wiltse@live.com>
+---
+ qga/installer/qemu-ga.wxs | 10 +++++-----
+ qga/vss-win32/install.cpp |  9 +++++++++
+ qga/vss-win32/qga-vss.def |  2 ++
+ 3 files changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
+index 813d1c6ca6..de006c8785 100644
+--- a/qga/installer/qemu-ga.wxs
++++ b/qga/installer/qemu-ga.wxs
+@@ -115,22 +115,22 @@
+       </Directory>
+     </Directory>
+
+-    <Property Id="cmd" Value="cmd.exe"/>
++    <Property Id="rundll" Value="rundll32.exe"/>
+     <Property Id="REINSTALLMODE" Value="amus"/>
+
+     <?ifdef var.InstallVss?>
+     <CustomAction Id="RegisterCom"
+-              ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s vss-install'
++              ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMRegister'
+               Execute="deferred"
+-              Property="cmd"
++              Property="rundll"
+               Impersonate="no"
+               Return="check"
+               >
+     </CustomAction>
+     <CustomAction Id="UnRegisterCom"
+-              ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s vss-uninstall'
++              ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMUnregister'
+               Execute="deferred"
+-              Property="cmd"
++              Property="rundll"
+               Impersonate="no"
+               Return="check"
+               >
+diff --git a/qga/vss-win32/install.cpp b/qga/vss-win32/install.cpp
+index b57508fbe0..68662a6dfc 100644
+--- a/qga/vss-win32/install.cpp
++++ b/qga/vss-win32/install.cpp
+@@ -357,6 +357,15 @@ out:
+     return hr;
+ }
+
++STDAPI_(void) CALLBACK DLLCOMRegister(HWND, HINSTANCE, LPSTR, int)
++{
++    COMRegister();
++}
++
++STDAPI_(void) CALLBACK DLLCOMUnregister(HWND, HINSTANCE, LPSTR, int)
++{
++    COMUnregister();
++}
+
+ static BOOL CreateRegistryKey(LPCTSTR key, LPCTSTR value, LPCTSTR data)
+ {
+diff --git a/qga/vss-win32/qga-vss.def b/qga/vss-win32/qga-vss.def
+index 927782c31b..ee97a81427 100644
+--- a/qga/vss-win32/qga-vss.def
++++ b/qga/vss-win32/qga-vss.def
+@@ -1,6 +1,8 @@
+ LIBRARY      "QGA-PROVIDER.DLL"
+
+ EXPORTS
++	DLLCOMRegister
++	DLLCOMUnregister
+ 	COMRegister		PRIVATE
+ 	COMUnregister		PRIVATE
+ 	DllCanUnloadNow		PRIVATE
+
+From e7e43c4e11390aba32cb42421c68790c10501232 Mon Sep 17 00:00:00 2001
+From: Konstantin Kostiuk <kkostiuk@redhat.com>
+Date: Fri, 3 Mar 2023 21:20:07 +0200
+Subject: [PATCH] qga/win32: Remove change action from MSI installer
+
+Remove the 'change' button from "Programs and Features" because it does
+not checks if a user is an admin or not. The installer has no components
+to choose from and always installs everything. So the 'change' button is
+not obviously needed but can create a security issue.
+
+resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
+fixes: CVE-2023-0664 (part 1 of 2)
+
+Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
+Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>
+Reported-by: Brian Wiltse <brian.wiltse@live.com>
+---
+ qga/installer/qemu-ga.wxs | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
+index de006c8785..949ba07fd2 100644
+--- a/qga/installer/qemu-ga.wxs
++++ b/qga/installer/qemu-ga.wxs
+@@ -31,6 +31,7 @@
+       />
+     <Media Id="1" Cabinet="qemu_ga.$(var.QEMU_GA_VERSION).cab" EmbedCab="yes" />
+     <Property Id="WHSLogo">1</Property>
++    <Property Id="ARPNOMODIFY" Value="yes" Secure="yes" />
+     <MajorUpgrade
+       DowngradeErrorMessage="Error: A newer version of QEMU guest agent is already installed."
+       />

qemu.spec

@@ -114,6 +114,11 @@
 %global have_dbus_display 0
 %endif
 
+%global have_libblkio 0
+%if 0%{?fedora} >= 37
+%global have_libblkio 1
+%endif
+
 %global have_sdl_image %{defined fedora}
 %global have_fdt 1
 %global have_opengl 1
@@ -163,7 +168,11 @@
 %global qemudocdir %{_docdir}/%{name}
 %define evr %{epoch}:%{version}-%{release}
 
+%if %{have_libblkio}
 %define requires_block_blkio Requires: %{name}-block-blkio = %{evr}
+%else
+%define requires_block_blkio %{nil}
+%endif
 %define requires_block_curl Requires: %{name}-block-curl = %{evr}
 %define requires_block_dmg Requires: %{name}-block-dmg = %{evr}
 %if %{have_block_gluster}
@@ -312,11 +321,11 @@ Obsoletes: %{name}-system-unicore32-core <= %{epoch}:%{version}-%{release}
 %endif
 
 # To prevent rpmdev-bumpspec breakage
-%global baserelease 6
+%global baserelease 2
 
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
-Version: 7.2.0
+Version: 7.2.1
 Release: %{baserelease}%{?rcrel}.0.riscv64%{?dist}
 Epoch: 2
 License: GPLv2 and BSD and MIT and CC-BY
@@ -337,10 +346,19 @@ Source36: README.tests
 
 # Fix SGX assert
 Patch: 0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
-Patch: 0001-tests-Disable-pci_virtio_vga-for-ppc64.patch
+Patch: 0002-tests-Disable-pci_virtio_vga-for-ppc64.patch
 # Fix compat with kernel-headers >= 6.1
 Patch: 0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch
 Patch: 0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch
+# Fix build with glib2 2.75.3
+# https://bugzilla.redhat.com/show_bug.cgi?id=2173639
+# https://gitlab.com/qemu-project/qemu/-/issues/1518
+# Patch is NOT UPSTREAM.
+Patch: 0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch
+# Fix one of the tests.  Sent upstream 2023-02-27.
+Patch: 0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch
+# qga/win32: Fix local privilege escalation issue (CVE-2023-0664)
+Patch: 0008-qga-win32-local-privilege-escalation.patch
 
 BuildRequires: meson >= %{meson_version}
 BuildRequires: zlib-devel
@@ -404,7 +422,9 @@ BuildRequires: pkgconfig(gbm)
 BuildRequires: perl-Test-Harness
 BuildRequires: libslirp-devel
 BuildRequires: libbpf-devel >= 1.0.0
+%if %{have_libblkio}
 BuildRequires: libblkio-devel
+%endif
 
 
 # Fedora specific
@@ -615,6 +635,7 @@ Install this package if you want access to the avocado_qemu
 tests, or qemu-iotests.
 
 
+%if %{have_libblkio}
 %package  block-blkio
 Summary: QEMU blkio block driver
 Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
@@ -623,6 +644,7 @@ This package provides the additional blkio block driver for QEMU.
 
 Install this package if you want to access disks over vhost-user-blk, vdpa-blk,
 and other transports using the libblkio library.
+%endif
 
 
 %package  block-curl
@@ -1610,7 +1632,9 @@ run_configure \
 %ifarch %{ix86} x86_64
   --enable-avx2 \
 %endif
+%if %{have_libblkio}
   --enable-blkio \
+%endif
   --enable-bpf \
   --enable-cap-ng \
   --enable-capstone \
@@ -2226,8 +2250,10 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %{testsdir}
 %{_libdir}/%{name}/accel-qtest-*.so
 
+%if %{have_libblkio}
 %files block-blkio
 %{_libdir}/%{name}/block-blkio.so
+%endif
 %files block-curl
 %{_libdir}/%{name}/block-curl.so
 %files block-iscsi
@@ -2767,9 +2793,20 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 
 
 %changelog
-* Thu Apr 06 2023 David Abdurachmanov <davidlt@rivosinc.com> - 7.2.0-6.0.riscv64
+* Fri May 12 2023 David Abdurachmanov <davidlt@rivosinc.com> - 2:7.2.1-2.0.riscv64
 - Add support for riscv64
 
+* Fri Apr 21 2023 Mauro Matteo Cascella <mcascell@redhat.com> - 2:7.2.1-2
+- qga/win32: Fix local privilege escalation issue (CVE-2023-0664) (rhbz#2175700)
+
+* Wed Apr 19 2023 Eduardo Lima (Etrunko) <etrunko@redhat.com> - 7.2.1-1
+- Rebase to qemu 7.2.1
+
+* Mon Feb 27 2023 Richard W.M. Jones <rjones@redhat.com> - 7.2.0-7
+- Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357)
+- Fix build with glib2 2.75.3 (RHBZ#2173639)
+- Disable the tests on i686
+
 * Tue Jan 31 2023 Stefan Hajnoczi <stefanha@redhat.com> - 7.2.0-6
 - Enable libblkio
 

sources

@@ -1 +1 @@
-SHA512 (qemu-7.2.0.tar.xz) = f3cfa00da739ba819a218d7e6e95c77fb79a8e0f487b024ddd281602e785249b81144595e3f8c746c32a4f5c4d1a88c6aebae3c162603edfbb50ae3722d7ed13
+SHA512 (qemu-7.2.1.tar.xz) = e286dc66c923a5df77eb02d69235d048e80a7cced638fae52fbed385b4c3cd736cfea66bb3c9843bebf0a33e81ea141fc015e0bd82108df304f148ce59d9ae8a