Cole Robinson
10ec804850
CVE-2015-8745: vmxnet3: don't assert reading registers in bar0 (bz #1295442 )
...
CVE-2015-8567: net: vmxnet3: host memory leakage (bz #1289818 )
CVE-2016-1922: i386: avoid null pointer dereference (bz #1292766 )
CVE-2015-8613: buffer overflow in megasas_ctrl_get_info (bz #1284008 )
CVE-2015-8701: Buffer overflow in tx_consume in rocker.c (bz #1293720 )
CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bz #1294787 )
CVE-2016-1568: Use-after-free vulnerability in ahci (bz #1297023 )
Fix modules.d/kvm.conf example syntax (bz #1298823 )
2016-01-20 19:30:26 -05:00
Cole Robinson
51a9cb48fd
CVE-2015-7549: pci: null pointer dereference issue (bz #1291138 )
...
CVE-2015-8558: DoS by infinite loop in ehci_advance_state (bz #1291309 )
CVE-2015-8666: Heap-based buffer overrun during VM migration (bz #1294027 )
CVE-2015-8744: vmxnet3: fix crash with short packets (bz #1295440 )
CVE-2015-8745: vmxnet3: don't assert reading registers in bar0 (bz #1295442 )
2016-01-09 12:24:17 -05:00
Paolo Bonzini
ae1103b465
fix previous commit
2016-01-07 21:00:58 +01:00
Paolo Bonzini
d0a4a32955
add /etc/modprobe.d/kvm.conf
2015-12-23 10:23:07 +01:00
Cole Robinson
828eab12a2
vnc: avoid floating point exceptions (bz #1289541 , bz #1289542 )
2015-12-08 10:49:03 -05:00
Cole Robinson
61dd8f57d1
Fix SSE4 emulation with accel=tcg (bz #1270703 )
...
CVE-2015-8345: Fix infinite loop in eepro100 (bz #1285214 )
CVE-2015-7504: Fix heap overflow in pcnet (bz #1286543 )
CVE-2015-7512: Fix buffer overflow in pcnet (bz #1286549 )
2015-12-07 14:03:07 -05:00
Cole Robinson
2e7b59e5fe
Rebased to version 2.4.1
2015-11-04 15:39:41 -05:00
Cole Robinson
37b11e133b
Rebased to version 2.4.0.1
...
CVE-2015-7295: virtio-net possible remote DoS (bz #1264393 )
drive-mirror: Fix coroutine reentrance (bz #1266936 )
2015-10-08 13:58:41 -04:00
Cole Robinson
628515809f
spec: Fix builddep on libepoxy
2015-09-29 17:11:28 -04:00
Cole Robinson
08c84279b7
CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225 )
...
CVE-2015-6855: ide: divide by zero issue (bz #1261793 )
CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263284 )
CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() (bz #1263287 )
2015-09-21 18:21:02 -04:00
Richard W.M. Jones
62a7362da2
Fix emulation of various instructions, required by libm in F22 ppc64 guests.
...
(cherry picked from commit c5e57685f9
)
2015-09-20 10:23:57 +01:00
Cole Robinson
8211390ac8
CVE-2015-5255: heap memory corruption in vnc_refresh_server_surface (bz #1255899 )
2015-08-31 20:18:31 -04:00
Cole Robinson
74717053dc
Rebased to version 2.4.0
...
Support for virtio-gpu, 2D only
Support for virtio-based keyboard/mouse/tablet emulation
x86 support for memory hot-unplug
ACPI v5.1 table support for 'virt' board
2015-08-11 18:08:40 -04:00
Cole Robinson
d5417f465c
Drop perl-Storable requires, texinfo rawhide is fixed now
2015-08-10 10:31:45 -04:00
Cole Robinson
6ac2a80eae
Add temporary dep on perl-Storable
...
see https://bugzilla.redhat.com/show_bug.cgi?id=1251766 for more info
2015-08-09 15:07:58 -04:00
Cole Robinson
4c6dc5b3d6
CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536 )
...
CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728 )
CVE-2015-5158: scsi stack buffer overflow (bz #1246025 )
CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz #1247141 )
CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz #1249755 )
CVE-2015-5166: BlockBackend object use after free issue (bz #1249758 )
CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160 )
2015-08-09 13:08:31 -04:00
Cole Robinson
de4550957e
Rebased to v2.4.0-rc0
2015-07-14 17:12:37 -04:00
Richard W.M. Jones
61ce511be4
Bump and rebuild.
2015-07-03 19:23:12 +01:00
Richard W.M. Jones
74ab99f1a6
Revert "Enable -fPIC and -fPIE on every architecture (rhbz 1232499)."
...
This reverts commit 77b7d81b2b
.
See https://bugzilla.redhat.com/show_bug.cgi?id=1232499#36
2015-07-03 19:20:51 +01:00
Richard W.M. Jones
77b7d81b2b
Enable -fPIC and -fPIE on every architecture (rhbz 1232499).
2015-07-03 18:45:22 +01:00
Daniel P. Berrange
bcb37b2ec0
Fix conditional in previous commit
2015-07-03 17:22:51 +01:00
Daniel P. Berrange
d4803feead
Use explicit --(enable,disable)-spice args (rhbz #1239102 )
2015-07-03 15:02:57 +01:00
Peter Robinson
1ec8e52bb2
Build aarch64 with -fPIC (rhbz 1232499)
2015-07-02 16:32:23 +01:00
Peter Robinson
806ecbe49c
Disable stack protection for AArch64. F23's GCC thinks that it is available but F23's glibc does not support it.
2015-07-01 11:26:59 +01:00
Paolo Bonzini
749c3c43c3
Rebuild for libiscsi soname bump
2015-06-26 11:10:12 +02:00
Paolo Bonzini
260c0ac680
Re-enable tcmalloc on arm
2015-06-19 12:03:04 +02:00
Dennis Gilmore
6626651b28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-18 21:39:31 +00:00
Dan Horák
94a40ce774
- gperftools not available on s390(x)
2015-06-10 22:28:01 +02:00
Cole Robinson
6fc6504bd8
CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894 )
2015-06-05 19:55:57 -04:00
Cole Robinson
d43799b0b3
spec: Drop now unused kvm_target and kvm_archs globals
2015-06-05 18:21:57 -04:00
Daniel P. Berrange
7bf3158612
Fix conditional enablement of tcmalloc
...
Opps, cant have comments in the middle of multi-line continuations.
2015-06-01 14:43:36 +01:00
Daniel P. Berrange
aa972b9106
Disable broken tcmalloc on arm and re-enable tests
2015-06-01 14:12:15 +01:00
Cole Robinson
198e142c7d
Disable _all_ tests on arm, since they are all currently hanging
2015-05-21 14:07:03 -04:00
Cole Robinson
31085aa400
Temporarily disable hanging test on arm
2015-05-20 16:51:14 -04:00
Cole Robinson
7c5a423647
Remove %autopatch macro from changelog
2015-05-13 23:15:28 -04:00
Cole Robinson
18eddd1631
Backport upstream 2.4 patch to link with tcmalloc, enable it
...
CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152 )
2015-05-13 18:39:05 -04:00
Paolo Bonzini
af53ec630c
Backport upstream 2.4 patch to link with tcmalloc, enable it
2015-05-13 15:33:19 +02:00
poma
343c57952d
Fix ksm.service (bz 1218814)
2015-05-06 12:52:09 -04:00
Dan Horák
5059f25c8e
- Require libseccomp only when built with it
2015-05-05 17:03:52 +02:00
Cole Robinson
41aca9586f
Rebased to version 2.3.0 GA
...
Another attempt at fixing default /dev/kvm permissions (bz 950436)
2015-04-27 13:33:41 -04:00
Cole Robinson
b26fb5a551
qemu: Drop kvm.modules
...
Looked into this because recent packaging changes broke kvm.modules
installation, see https://bugzilla.redhat.com/show_bug.cgi?id=1212328
But nowadays this isn't even required I don't think. According to
comments here:
https://bugzilla.redhat.com/show_bug.cgi?id=963198
The reason for shipping it is missing devname:kvm for ppc and s390 kvm
modules. But those have been in upstream kernel.git since late 2013,
so it should be safe to drop entirely.
2015-04-16 09:11:00 -04:00
Cole Robinson
9b9ad7bb74
Rebased to version 2.3.0-rc3
2015-04-14 14:51:42 -04:00
Cole Robinson
c61e67e86b
Rebased to version 2.3.0-rc2
...
Don't install ksm services as executable (bz #1192720 )
Skip hanging tests on s390 (bz #1206057 )
CVE-2015-1779 vnc: insufficient resource limiting in VNC websockets decoder
(bz #1205051 , bz #1199572 )
2015-04-03 10:21:46 -04:00
Cole Robinson
c2770435bf
Big specfile cleanup
...
- Drop all the crazy kvmonly and separate_kvm bits
- Drop outdates conditionals
- Drop old style things like defattr and RPM_BUILD_ROOT
- Readability improvements
2015-03-27 17:08:26 -04:00
Cole Robinson
355b03ef5c
Rebased to version 2.3.0-rc1
2015-03-25 08:48:20 -04:00
Cole Robinson
8055ee2da9
Rebase to qemu-2.3.0-rc0
2015-03-22 11:06:24 -04:00
Richard W.M. Jones
5a454effcf
Revert "- Enable seccomp on ARM (thanks: Peter Robinson)."
...
This reverts commit 76a74e853f
.
The upstream (qemu) configure script hard-codes x86 & x86-64,
so you cannot enable seccomp on arm yet.
2015-02-17 15:07:06 +00:00
Richard W.M. Jones
76a74e853f
- Enable seccomp on ARM (thanks: Peter Robinson).
2015-02-17 13:37:05 +00:00
Richard W.M. Jones
6c3741c276
- Add -fPIC flag to build to avoid
...
'relocation R_X86_64_PC32 against undefined symbol' errors.
- Add a hopefully temporary hack so that -fPIC is used to build
NSS files in libcacard.
2015-02-17 13:35:59 +00:00
Richard W.M. Jones
391fb81c16
Add UEFI support for aarch64.
2015-02-04 15:54:41 +00:00