3d039dc5d8
CVE-2017-7718: cirrus: OOB read access issue (bz #1443443 )
...
CVE-2016-9603: cirrus: heap buffer overflow via vnc connection (bz #1432040 )
CVE-2017-7377: 9pfs: fix file descriptor leak (bz #1437872 )
CVE-2017-7980: cirrus: OOB r/w access issues in bitblt (bz #1444372 )
CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2 (bz #1445622 )
CVE-2017-8309: audio: host memory lekage via capture buffer (bz #1446520 )
CVE-2017-8379: input: host memory lekage via keyboard events (bz #1446560 )
CVE-2017-8380: scsi: megasas: out-of-bounds read in megasas_mmio_write (bz #1446578 )
CVE-2017-9060: virtio-gpu: host memory leakage in Virtio GPU device (bz #1452598 )
CVE-2017-9310: net: infinite loop in e1000e NIC emulation (bz #1452623 )
CVE-2017-9330: usb: ohci: infinite loop due to incorrect return value (bz #1457699 )
CVE-2017-9374: usb: ehci host memory leakage during hotunplug (bz #1459137 )
CVE-2017-10806: usb-redirect: stack buffer overflow in debug logging (bz #1468497 )
2017-07-12 18:19:21 -04:00
f081074661
chardev data is dropped when host side closed (bz #1352977 )
...
CVE-2016-8667: dma: divide by zero error in set_next_tick (bz #1384876 )
IPv6 DNS problems in qemu user networking (bz #1401165 )
Fix crash in qxl memslot_get_virt (bz #1405847 )
CVE-2017-5579: serial: fix memory leak in serial exit (bz #1416161 )
spec: Pull in ipxe/vgabios links via -common package (bz #1431403 )
Clean up binfmt.d configuration files (bz #1394859 )
2017-04-13 20:46:57 -04:00
01e01cbfac
spec: Pull in ipxe/vgabios links via -common package (bz 1431403)
2017-04-13 20:07:10 -04:00
6d8a1cbc57
Clean up binfmt.d configuration files
...
In particular, I performed the following changes:
1. Add the (missing) aarch64 configuration.
2. Mask out e_ident[EI_OSABI]. A single OS can have multiple values
here. We just pass them all to qemu. I personally ran into this issue
(where filtering was too strict) on ppc64.
3. Mask out e_ident[EI_ABIVERSION]. On Linux, this value is ignored.
4. Mask out e_ident[EI_PAD]. The current check insists they are zero
when they are, in fact, undefined.
5. Don't mask any bits for e_ident[EI_VERSION]. We want an exact match
on this since there has only ever been one version. However, alpha, i386
and i486 were masking out the least significant bit.
6. Don't mask any bits for e_ident[EI_DATA]. You can't mask out bits for
endianness because it controls the byte order of later bytes in the
binfmt match (starting at offset 0x10). So you can never have a rule
which works with bits masked out on this field. However, alpha, i386 and
i486 were masking out the least significant bit.
(cherry picked from commit 0583426e3d
2017-04-13 20:04:08 -04:00
d481c533c1
* Workaround hangs with recent glib (bz #1435432 , gnome.org bz #761102 )
2017-04-04 16:47:06 +02:00
eaa6ce4fe2
CVE-2016-7907: net: imx: infinite loop (bz #1381182 )
...
CVE-2017-5525: audio: memory leakage in ac97 (bz #1414110 )
CVE-2017-5526: audio: memory leakage in es1370 (bz #1414210 )
CVE-2016-10155 watchdog: memory leakage in i6300esb (bz #1415200 )
CVE-2017-5552: virtio-gpu-3d: memory leakage (bz #1415283 )
CVE-2017-5578: virtio-gpu: memory leakage (bz #1415797 )
CVE-2017-5667: sd: sdhci OOB access during multi block transfer (bz #1417560 )
CVE-2017-5856: scsi: megasas: memory leakage (bz #1418344 )
CVE-2017-5857: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref (bz #1418383 )
CVE-2017-5898: usb: integer overflow in emulated_apdu_from_guest (bz #1419700 )
CVE-2017-5987: sd: infinite loop issue in multi block transfers (bz #1422001 )
CVE-2017-6058: vmxnet3: OOB access when doing vlan stripping (bz #1423359 )
CVE-2017-6505: usb: an infinite loop issue in ohci_service_ed_list (bz #1429434 )
CVE-2017-2615: cirrus: oob access while doing bitblt copy backward (bz #1418206 )
CVE-2017-2620: cirrus: potential arbitrary code execution (bz #1425419 )
Fix spice GL with new mesa/libglvnd (bz #1431905 )
2017-03-15 08:12:24 -04:00
11f3efdec3
Drop texi2html BR, since QEMU switched to using makeinfo back in 2010
...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-02-21 15:43:33 +00:00
a0f61528af
CVE-2016-6836: vmxnet: Information leakage in vmxnet3_complete_packet (bz #1366370 )
...
CVE-2016-7909: pcnet: Infinite loop in pcnet_rdra_addr (bz #1381196 )
CVE-2016-7994: virtio-gpu: memory leak in resource_create_2d (bz #1382667 )
CVE-2016-8577: 9pfs: host memory leakage in v9fs_read (bz #1383286 )
CVE-2016-8578: 9pfs: potential NULL dereferencein 9pfs routines (bz #1383292 )
CVE-2016-8668: OOB buffer access in rocker switch emulation (bz #1384898 )
CVE-2016-8669: divide by zero error in serial_update_parameters (bz #1384911 )
CVE-2016-8909: intel-hda: infinite loop in dma buffer stream (bz #1388053 )
Infinite loop vulnerability in a9_gtimer_update (bz #1388300 )
CVE-2016-9101: eepro100: memory leakage at device unplug (bz #1389539 )
CVE-2016-9103: 9pfs: information leakage via xattr (bz #1389643 )
CVE-2016-9102: 9pfs: memory leakage when creating extended attribute (bz #1389551 )
CVE-2016-9104: 9pfs: integer overflow leading to OOB access (bz #1389687 )
CVE-2016-9105: 9pfs: memory leakage in v9fs_link (bz #1389704 )
CVE-2016-9106: 9pfs: memory leakage in v9fs_write (bz #1389713 )
CVE-2016-9381: xen: incautious about shared ring processing (bz #1397385 )
CVE-2016-9921: Divide by zero vulnerability in cirrus_do_copy (bz #1399054 )
CVE-2016-9776: infinite loop while receiving data in mcf_fec_receive (bz #1400830 )
CVE-2016-9845: information leakage in virgl_cmd_get_capset_info (bz #1402247 )
CVE-2016-9846: virtio-gpu: memory leakage while updating cursor data (bz #1402258 )
CVE-2016-9907: usbredir: memory leakage when destroying redirector (bz #1402266 )
CVE-2016-9911: usb: ehci: memory leakage in ehci_init_transfer (bz #1402273 )
CVE-2016-9913: 9pfs: memory leakage via proxy/handle callbacks (bz #1402277 )
CVE-2016-10028: virtio-gpu-3d: OOB access while reading virgl capabilities (bz #1406368 )
CVE-2016-9908: virtio-gpu: information leakage in virgl_cmd_get_capset (bz #1402263 )
CVE-2016-9912: virtio-gpu: memory leakage when destroying gpu resource (bz #1402285 )
2017-01-16 16:04:06 -05:00
633dc2ad9f
Update to qemu 2.7.1
2017-01-09 09:27:44 -05:00
6438461c91
Fix sending of data with -net socket (bz #1391497 )
...
Fix keyboard issues with -ui gtk + host wayland (bz #1401211 )
2016-12-12 21:01:54 -05:00
8a588691e2
Fix PPC64 build with memlock file (bz #1387601 )
2016-10-25 10:18:57 -04:00
b8878c0ca6
Add "F" flag to static user emulators' binfmt, to make them
...
available in containers (#1384615 )
- Also fixes the path of those emulators in the binfmt configurations
2016-10-19 19:19:36 +02:00
cf816402f7
Fix nested PPC 'Unknown MMU model' error (bz #1374749 )
...
Fix flickering display with boxes + wayland VM (bz #1266484 )
Add ppc64 kvm memlock file (bz #1293024 )
2016-10-19 13:17:38 -04:00
d19693d908
Add ppc64 kvm memlock file (bz 1293024)
2016-10-19 12:23:45 -04:00
8dd6b5e9c8
spec: Use power64 macro consistently
2016-10-19 12:17:47 -04:00
3a13ddd514
CVE-2016-7155: pvscsi: OOB read and infinite loop (bz #1373463 )
...
CVE-2016-7156: pvscsi: infinite loop when building SG list (bz #1373480 )
CVE-2016-7156: pvscsi: infinite loop when processing IO requests (bz #1373480 )
CVE-2016-7170: vmware_vga: OOB stack memory access (bz #1374709 )
CVE-2016-7157: mptsas: invalid memory access (bz #1373505 )
CVE-2016-7466: usb: xhci memory leakage during device unplug (bz #1377838 )
CVE-2016-7423: scsi: mptsas: OOB access (bz #1376777 )
CVE-2016-7422: virtio: null pointer dereference (bz #1376756 )
CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx (bz #1381193 )
CVE-2016-8576: usb: xHCI: infinite loop vulnerability (bz #1382322 )
CVE-2016-7995: usb: hcd-ehci: memory leak (bz #1382669 )
2016-10-15 22:24:48 -04:00
a2729a240b
Fix interrupt endpoints not working with network/spice USB redirection
...
on guest with an emulated xhci controller (rhbz#1382331)
2016-10-10 10:50:30 +02:00
504e25420b
Fix build on MIPS
2016-09-21 09:29:36 +01:00
57dbb7a5be
Don't depend on edk2 roms where they aren't available (bz 1373576)
2016-09-08 15:56:28 -04:00
435be3635e
Rebase to qemu 2.7.0 GA
2016-09-08 15:52:09 -04:00
94ddf1cc6a
Rebase to qemu 2.7.0-rc3
2016-08-19 09:20:37 -04:00
d52607ebe6
Also disable static builds on ppc64 due to glibc fubarness
2016-08-17 09:47:57 +01:00
4ff778e7b3
Add new sources
2016-08-08 20:07:27 -04:00
ef34be9e72
Rebase to qemu 2.7.0-rc2
...
* kvm_stat was moved to the kernel tree
* trace-events renamed to trace-events-all
* several new pxe roms added
2016-08-08 20:05:39 -04:00
84e6ecadd9
Rebuild to attempt to fix '2:qemu-system-xtensa-2.6.0-5.fc25.x86_64 requires libxenctrl.so.4.6()(64bit)'
2016-07-23 16:37:42 +01:00
51223f941f
Ignore build logs, src RPMs and x84_64 RPM output dir too
...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-15 14:39:08 +01:00
d0bc223280
Add skip for s390x as well as s390
2016-07-15 14:28:04 +01:00
9868109a5e
Disable qemu-user-static on s390 too
2016-07-14 11:20:48 +01:00
ecee1eccfe
Add explicit BR on alsa-lib-devel
...
Previously we'd get alsa-lib-devel pulled in by accident due to
dep from another package. Latest rawhide doesn't get this so we
must add the dep explicitly in QEMU.
2016-07-13 15:08:58 +01:00
a8a5dc38f8
Cat config.log when configure fails during build
...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 15:08:17 +01:00
9e71574671
Use precise version in obsoletes line
...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 13:49:06 +01:00
0835325a86
Introduce qemu-user-static sub-RPM
...
The i686 build of this is temp disabled due to fubar
glibc-static on i686
The hardended build macro is disabled due to fubar
rpm macros for static linking while hardened, but
the equivalent hardening is turned on manually.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 13:42:21 +01:00
cf91b1dfd9
CVE-2016-4002: net: buffer overflow in MIPSnet (bz #1326083 )
...
CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue
CVE-2016-4964: scsi: mptsas infinite loop (bz #1339157 )
CVE-2016-5106: scsi: megasas: out-of-bounds write (bz #1339581 )
CVE-2016-5105: scsi: megasas: stack information leakage (bz #1339585 )
CVE-2016-5107: scsi: megasas: out-of-bounds read (bz #1339573 )
CVE-2016-4454: display: vmsvga: out-of-bounds read (bz #1340740 )
CVE-2016-4453: display: vmsvga: infinite loop (bz #1340744 )
CVE-2016-5126: block: iscsi: buffer overflow (bz #1340925 )
CVE-2016-5238: scsi: esp: OOB write (bz #1341932 )
CVE-2016-5338: scsi: esp: OOB r/w access (bz #1343325 )
CVE-2016-5337: scsi: megasas: information leakage (bz #1343910 )
Fix crash with -nodefaults -sdl (bz #1340931 )
Add deps on edk2-ovmf and edk2-aarch64
2016-06-22 09:40:57 -04:00
f9730dab94
Add deps on fedora edk2-ovmf and edk2-aarch64
2016-06-22 08:22:36 -04:00
f0208c9e42
CVE-2016-4020: memory leak in kvmvapic.c (bz #1326904 )
...
CVE-2016-4439: scsi: esb: OOB write #1 (bz #1337503 )
CVE-2016-4441: scsi: esb: OOB write #2 (bz #1337506 )
Fix regression installing windows 7 with qxl/vga (bz #1339267 )
Fix crash with aarch64 gic-version=host and accel=tcg (bz #1339977 )
2016-05-26 11:32:16 -04:00
f8dc431e37
Explicitly error if spice GL setup fails
...
Fix monitor resizing with virgl (bz #1337564 )
Fix libvirt noise when introspecting qemu-kvm without hw virt
2016-05-20 16:36:01 -04:00
c3911a29b3
qemu-kvm: Don't try to init KVM during libvirt introspection
...
If it's disabled on the host, libvirt logs a ton of errors to
syslog.
2016-05-19 18:15:26 -04:00
837eb7efa2
qemu: Clean up BuildRequires
...
Drop outdated:
nss-devel (old libcacard)
rsync (no longer used)
which (no longer used)
pciutils-devel (no longer used)
Add libcap-ng-devel for extra qemu-bridge-helper restrictions
Document all BuildRequires
Separate buildsystem bits vs feature bits
2016-05-15 14:52:29 -04:00
e200903264
Rebase to v2.6.0 GA
2016-05-13 14:18:07 -04:00
35faab4c45
Fix gtk UI crash when switching to monitor (bz #1333424 )
...
Fix sdl2 UI lockup lockup when switching to monitor
Rebased to qemu-2.6.0-rc5
2016-05-09 13:36:06 -04:00
bc7ce050b0
Rebased to version 2.6.0-rc4
...
Fix test suite on big endian hosts (bz 1330174)
2016-05-02 16:08:20 -04:00
b455e4b103
Rebuild to pick up spice GL support
2016-04-25 09:01:59 -04:00
b0b55fdca8
Rebased to version 2.6.0-rc3
...
Fix s390 sysctl file install (bz 1327870)
Adjust spice gl version check to expect F24 backported version
2016-04-22 08:03:02 -04:00
6138a983a3
- Rebased to version 2.6.0-rc2
...
- Fix GL deps (bz 1325966)
- Ship sysctl file to fix s390x kvm (bz 1290589)
- Fix FTBFS on s390 (bz 1326247)
2016-04-14 18:48:51 -04:00
c752245c96
Ship sysctl file to fix s390x kvm (bz 1290589)
2016-04-14 18:46:31 -04:00
fa6cd1dad5
Fix GL deps (bz 1325966)
2016-04-14 18:34:08 -04:00
a503b12a16
Add sources
2016-04-07 13:03:15 -04:00
4097206ab3
Rebased to version 2.6.0-rc1
2016-04-07 13:00:29 -04:00
54cb1301c6
CVE-2016-2857: net: out of bounds read (bz #1309564 )
...
CVE-2016-2392: usb: null pointer dereference (bz #1307115 )
2016-03-17 13:45:47 -04:00
ae11374147
Rebuild for tcmalloc ifunc issues on non x86 arches (see rhbz 1312462)
2016-03-09 15:12:12 +00:00
Cole Robinson
Nathaniel McCallum
Paolo Bonzini
Daniel P. Berrange
Bastien Nocera
Hans de Goede
Michal Toman
Richard W.M. Jones
Peter Robinson