Commit Graph

557 Commits

Author SHA1 Message Date
Daniel P. Berrange
a8a5dc38f8 Cat config.log when configure fails during build
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 15:08:17 +01:00
Daniel P. Berrange
9e71574671 Use precise version in obsoletes line
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 13:49:06 +01:00
Daniel P. Berrange
0835325a86 Introduce qemu-user-static sub-RPM
The i686 build of this is temp disabled due to fubar
glibc-static on i686

The hardended build macro is disabled due to fubar
rpm macros for static linking while hardened, but
the equivalent hardening is turned on manually.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 13:42:21 +01:00
Cole Robinson
cf91b1dfd9 CVE-2016-4002: net: buffer overflow in MIPSnet (bz #1326083)
CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue
CVE-2016-4964: scsi: mptsas infinite loop (bz #1339157)
CVE-2016-5106: scsi: megasas: out-of-bounds write (bz #1339581)
CVE-2016-5105: scsi: megasas: stack information leakage (bz #1339585)
CVE-2016-5107: scsi: megasas: out-of-bounds read (bz #1339573)
CVE-2016-4454: display: vmsvga: out-of-bounds read (bz #1340740)
CVE-2016-4453: display: vmsvga: infinite loop (bz #1340744)
CVE-2016-5126: block: iscsi: buffer overflow (bz #1340925)
CVE-2016-5238: scsi: esp: OOB write (bz #1341932)
CVE-2016-5338: scsi: esp: OOB r/w access (bz #1343325)
CVE-2016-5337: scsi: megasas: information leakage (bz #1343910)
Fix crash with -nodefaults -sdl (bz #1340931)
Add deps on edk2-ovmf and edk2-aarch64
2016-06-22 09:40:57 -04:00
Cole Robinson
f9730dab94 Add deps on fedora edk2-ovmf and edk2-aarch64 2016-06-22 08:22:36 -04:00
Cole Robinson
f0208c9e42 CVE-2016-4020: memory leak in kvmvapic.c (bz #1326904)
CVE-2016-4439: scsi: esb: OOB write #1 (bz #1337503)
CVE-2016-4441: scsi: esb: OOB write #2 (bz #1337506)
Fix regression installing windows 7 with qxl/vga (bz #1339267)
Fix crash with aarch64 gic-version=host and accel=tcg (bz #1339977)
2016-05-26 11:32:16 -04:00
Cole Robinson
f8dc431e37 Explicitly error if spice GL setup fails
Fix monitor resizing with virgl (bz #1337564)
Fix libvirt noise when introspecting qemu-kvm without hw virt
2016-05-20 16:36:01 -04:00
Cole Robinson
837eb7efa2 qemu: Clean up BuildRequires
Drop outdated:
    nss-devel (old libcacard)
    rsync (no longer used)
    which (no longer used)
    pciutils-devel (no longer used)

Add libcap-ng-devel for extra qemu-bridge-helper restrictions
Document all BuildRequires
Separate buildsystem bits vs feature bits
2016-05-15 14:52:29 -04:00
Cole Robinson
e200903264 Rebase to v2.6.0 GA 2016-05-13 14:18:07 -04:00
Cole Robinson
35faab4c45 Fix gtk UI crash when switching to monitor (bz #1333424)
Fix sdl2 UI lockup lockup when switching to monitor
Rebased to qemu-2.6.0-rc5
2016-05-09 13:36:06 -04:00
Cole Robinson
bc7ce050b0 Rebased to version 2.6.0-rc4
Fix test suite on big endian hosts (bz 1330174)
2016-05-02 16:08:20 -04:00
Cole Robinson
b455e4b103 Rebuild to pick up spice GL support 2016-04-25 09:01:59 -04:00
Cole Robinson
b0b55fdca8 Rebased to version 2.6.0-rc3
Fix s390 sysctl file install (bz 1327870)
Adjust spice gl version check to expect F24 backported version
2016-04-22 08:03:02 -04:00
Cole Robinson
6138a983a3 - Rebased to version 2.6.0-rc2
- Fix GL deps (bz 1325966)
- Ship sysctl file to fix s390x kvm (bz 1290589)
- Fix FTBFS on s390 (bz 1326247)
2016-04-14 18:48:51 -04:00
Cole Robinson
c752245c96 Ship sysctl file to fix s390x kvm (bz 1290589) 2016-04-14 18:46:31 -04:00
Cole Robinson
fa6cd1dad5 Fix GL deps (bz 1325966) 2016-04-14 18:34:08 -04:00
Cole Robinson
4097206ab3 Rebased to version 2.6.0-rc1 2016-04-07 13:00:29 -04:00
Cole Robinson
54cb1301c6 CVE-2016-2857: net: out of bounds read (bz #1309564)
CVE-2016-2392: usb: null pointer dereference (bz #1307115)
2016-03-17 13:45:47 -04:00
Peter Robinson
ae11374147 Rebuild for tcmalloc ifunc issues on non x86 arches (see rhbz 1312462) 2016-03-09 15:12:12 +00:00
Paolo Bonzini
43821749cc Disable xfsctl, fallocate works fine in newer kernels (bz #1305512) 2016-03-01 13:14:39 +01:00
Peter Robinson
73731f9ecd All Fedora arches have libseccomp support (ARMv7, aarch64, Power64, s390(x)) 2016-03-01 11:46:16 +00:00
Cole Robinson
7d975d9810 CVE-2015-8619: Fix sendkey out of bounds (bz #1292757)
CVE-2016-1981: infinite loop in e1000 (bz #1299995)
Fix Out-of-bounds read in usb-ehci (bz #1300234, bz #1299455)
CVE-2016-2197: ahci: null pointer dereference (bz #1302952)
Fix gdbstub for VSX registers for ppc64 (bz #1304377)
Fix qemu-img vmdk images to work with VMware (bz #1299185)
2016-02-15 17:05:41 -05:00
Fedora Release Engineering
95a588650f - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 21:38:06 +00:00
Cole Robinson
b24b7f1644 CVE-2015-8567: net: vmxnet3: host memory leakage (bz #1289818)
CVE-2016-1922: i386: avoid null pointer dereference (bz #1292766)
CVE-2015-8613: buffer overflow in megasas_ctrl_get_info (bz #1284008)
CVE-2015-8701: Buffer overflow in tx_consume in rocker.c (bz #1293720)
CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bz #1294787)
CVE-2016-1568: Use-after-free vulnerability in ahci (bz #1297023)
Fix modules.d/kvm.conf example syntax (bz #1298823)
2016-01-20 20:17:04 -05:00
Cole Robinson
78f4db5d1d Fix virtio 9p thread pool usage
CVE-2015-8558: DoS by infinite loop in ehci_advance_state (bz #1291309)
Re-add dist tag
2016-01-09 12:35:08 -05:00
Cole Robinson
2a77992272 spec: Re-add dist tag 2016-01-09 11:18:17 -05:00
Cole Robinson
e8a6e4f833 Replace %define usage with %global 2016-01-09 11:16:52 -05:00
Paolo Bonzini
c9396159e8 oops, it is now 2016 2016-01-07 21:07:39 +01:00
Paolo Bonzini
15489f4108 fix previous commit 2016-01-07 21:04:45 +01:00
Paolo Bonzini
0d5e9f6618 add 0001-virtio-9p-use-accessor-to-get-thread-pool.patch 2016-01-07 20:57:53 +01:00
Paolo Bonzini
dda6c386a5 add /etc/modprobe.d/kvm.conf 2016-01-07 20:57:53 +01:00
Cole Robinson
6176f1d7e2 Reabsed to version 2.5.0 2015-12-23 17:49:55 -05:00
Cole Robinson
89aacd5f7a Rebased to version 2.5.0-rc3 2015-12-08 10:29:09 -05:00
Cole Robinson
6baf84acf1 Rebased to version 2.5.0-rc2 2015-11-30 18:00:49 -05:00
Cole Robinson
191c302918 qemu 2.5.0 rc1 2015-11-20 22:24:11 -05:00
Cole Robinson
7bf1a680e6 Drop needless ksm dep on qemu-common 2015-11-20 21:04:54 -05:00
Cole Robinson
48e07c5c6e spec: code movement for clarity
- Order packages consistently across sections
- Group all %post sections
2015-11-18 10:28:10 -05:00
Cole Robinson
88b3793f29 2.5.0 rc0 wip 2015-11-18 10:20:33 -05:00
Cole Robinson
4f68392c26 Rebased to version 2.4.1 2015-11-04 15:48:36 -05:00
Cole Robinson
86d7b9f29b Rebuild for xen 4.6 2015-10-11 16:08:44 -04:00
Cole Robinson
b448bfad34 Rebased to version 2.4.0.1
CVE-2015-7295: virtio-net possible remote DoS (bz #1264393)
drive-mirror: Fix coroutine reentrance (bz #1266936)
2015-10-08 13:38:49 -04:00
Cole Robinson
1ae1f09f33 spec: Fix builddep on libepoxy 2015-09-29 17:09:48 -04:00
Cole Robinson
cf8819083b CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225)
CVE-2015-6855: ide: divide by zero issue (bz #1261793)
CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263284)
CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() (bz #1263287)
2015-09-21 18:01:46 -04:00
Richard W.M. Jones
c5e57685f9 Fix emulation of various instructions, required by libm in F22 ppc64 guests. 2015-09-20 10:23:16 +01:00
Cole Robinson
8211390ac8 CVE-2015-5255: heap memory corruption in vnc_refresh_server_surface (bz #1255899) 2015-08-31 20:18:31 -04:00
Cole Robinson
74717053dc Rebased to version 2.4.0
Support for virtio-gpu, 2D only
Support for virtio-based keyboard/mouse/tablet emulation
x86 support for memory hot-unplug
ACPI v5.1 table support for 'virt' board
2015-08-11 18:08:40 -04:00
Cole Robinson
d5417f465c Drop perl-Storable requires, texinfo rawhide is fixed now 2015-08-10 10:31:45 -04:00
Cole Robinson
6ac2a80eae Add temporary dep on perl-Storable
see https://bugzilla.redhat.com/show_bug.cgi?id=1251766 for more info
2015-08-09 15:07:58 -04:00
Cole Robinson
4c6dc5b3d6 CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536)
CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728)
CVE-2015-5158: scsi stack buffer overflow (bz #1246025)
CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz #1247141)
CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz #1249755)
CVE-2015-5166: BlockBackend object use after free issue (bz #1249758)
CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160)
2015-08-09 13:08:31 -04:00
Cole Robinson
de4550957e Rebased to v2.4.0-rc0 2015-07-14 17:12:37 -04:00
Richard W.M. Jones
61ce511be4 Bump and rebuild. 2015-07-03 19:23:12 +01:00
Richard W.M. Jones
74ab99f1a6 Revert "Enable -fPIC and -fPIE on every architecture (rhbz 1232499)."
This reverts commit 77b7d81b2b.

See https://bugzilla.redhat.com/show_bug.cgi?id=1232499#36
2015-07-03 19:20:51 +01:00
Richard W.M. Jones
77b7d81b2b Enable -fPIC and -fPIE on every architecture (rhbz 1232499). 2015-07-03 18:45:22 +01:00
Daniel P. Berrange
bcb37b2ec0 Fix conditional in previous commit 2015-07-03 17:22:51 +01:00
Daniel P. Berrange
d4803feead Use explicit --(enable,disable)-spice args (rhbz #1239102) 2015-07-03 15:02:57 +01:00
Peter Robinson
1ec8e52bb2 Build aarch64 with -fPIC (rhbz 1232499) 2015-07-02 16:32:23 +01:00
Peter Robinson
806ecbe49c Disable stack protection for AArch64. F23's GCC thinks that it is available but F23's glibc does not support it. 2015-07-01 11:26:59 +01:00
Paolo Bonzini
749c3c43c3 Rebuild for libiscsi soname bump 2015-06-26 11:10:12 +02:00
Paolo Bonzini
260c0ac680 Re-enable tcmalloc on arm 2015-06-19 12:03:04 +02:00
Dennis Gilmore
6626651b28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 21:39:31 +00:00
Dan Horák
94a40ce774 - gperftools not available on s390(x) 2015-06-10 22:28:01 +02:00
Cole Robinson
6fc6504bd8 CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894) 2015-06-05 19:55:57 -04:00
Cole Robinson
d43799b0b3 spec: Drop now unused kvm_target and kvm_archs globals 2015-06-05 18:21:57 -04:00
Daniel P. Berrange
7bf3158612 Fix conditional enablement of tcmalloc
Opps, cant have comments in the middle of multi-line continuations.
2015-06-01 14:43:36 +01:00
Daniel P. Berrange
aa972b9106 Disable broken tcmalloc on arm and re-enable tests 2015-06-01 14:12:15 +01:00
Cole Robinson
198e142c7d Disable _all_ tests on arm, since they are all currently hanging 2015-05-21 14:07:03 -04:00
Cole Robinson
31085aa400 Temporarily disable hanging test on arm 2015-05-20 16:51:14 -04:00
Cole Robinson
7c5a423647 Remove %autopatch macro from changelog 2015-05-13 23:15:28 -04:00
Cole Robinson
18eddd1631 Backport upstream 2.4 patch to link with tcmalloc, enable it
CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152)
2015-05-13 18:39:05 -04:00
Paolo Bonzini
af53ec630c Backport upstream 2.4 patch to link with tcmalloc, enable it 2015-05-13 15:33:19 +02:00
poma
343c57952d Fix ksm.service (bz 1218814) 2015-05-06 12:52:09 -04:00
Dan Horák
5059f25c8e - Require libseccomp only when built with it 2015-05-05 17:03:52 +02:00
Cole Robinson
41aca9586f Rebased to version 2.3.0 GA
Another attempt at fixing default /dev/kvm permissions (bz 950436)
2015-04-27 13:33:41 -04:00
Cole Robinson
b26fb5a551 qemu: Drop kvm.modules
Looked into this because recent packaging changes broke kvm.modules
installation, see https://bugzilla.redhat.com/show_bug.cgi?id=1212328

But nowadays this isn't even required I don't think. According to
comments here:

https://bugzilla.redhat.com/show_bug.cgi?id=963198

The reason for shipping it is missing devname:kvm for ppc and s390 kvm
modules. But those have been in upstream kernel.git since late 2013,
so it should be safe to drop entirely.
2015-04-16 09:11:00 -04:00
Cole Robinson
9b9ad7bb74 Rebased to version 2.3.0-rc3 2015-04-14 14:51:42 -04:00
Cole Robinson
c61e67e86b Rebased to version 2.3.0-rc2
Don't install ksm services as executable (bz #1192720)
Skip hanging tests on s390 (bz #1206057)
CVE-2015-1779 vnc: insufficient resource limiting in VNC websockets decoder
(bz #1205051, bz #1199572)
2015-04-03 10:21:46 -04:00
Cole Robinson
c2770435bf Big specfile cleanup
- Drop all the crazy kvmonly and separate_kvm bits
- Drop outdates conditionals
- Drop old style things like defattr and RPM_BUILD_ROOT
- Readability improvements
2015-03-27 17:08:26 -04:00
Cole Robinson
355b03ef5c Rebased to version 2.3.0-rc1 2015-03-25 08:48:20 -04:00
Cole Robinson
8055ee2da9 Rebase to qemu-2.3.0-rc0 2015-03-22 11:06:24 -04:00
Richard W.M. Jones
5a454effcf Revert "- Enable seccomp on ARM (thanks: Peter Robinson)."
This reverts commit 76a74e853f.

The upstream (qemu) configure script hard-codes x86 & x86-64,
so you cannot enable seccomp on arm yet.
2015-02-17 15:07:06 +00:00
Richard W.M. Jones
76a74e853f - Enable seccomp on ARM (thanks: Peter Robinson). 2015-02-17 13:37:05 +00:00
Richard W.M. Jones
6c3741c276 - Add -fPIC flag to build to avoid
'relocation R_X86_64_PC32 against undefined symbol' errors.
- Add a hopefully temporary hack so that -fPIC is used to build
  NSS files in libcacard.
2015-02-17 13:35:59 +00:00
Richard W.M. Jones
391fb81c16 Add UEFI support for aarch64. 2015-02-04 15:54:41 +00:00
Daniel P. Berrange
f287dc5662 Re-enable SPICE after previous build fixes circular dep 2015-02-03 14:05:24 +00:00
Daniel P. Berrange
fc57f44566 Stop libcacard linking against the entire world 2015-02-03 11:36:06 +00:00
Daniel P. Berrange
cad2bcb6a1 Temporarily disable SPICE to break circular build-dep on libcacard 2015-02-03 10:57:50 +00:00
Daniel P. Berrange
0716c2e68a Rebuild for changed xen soname 2015-02-03 09:25:11 +00:00
Daniel P. Berrange
10fa62ffc3 Set pkgversion when running configure 2015-01-28 13:25:27 +00:00
Cole Robinson
c88cc7e403 Rebased to version 2.2.0 2014-12-09 16:25:38 -05:00
Cole Robinson
1be48f0df6 Update to qemu-2.2.0-rc3 2014-11-30 17:19:56 -05:00
Cole Robinson
259393612c Update to qemu-2.2.0-rc1 2014-11-15 20:39:24 -05:00
Cole Robinson
725f84b743 CVE-2014-7815 vnc: insufficient bits_per_pixel from the client sanitization (bz #1157647, bz #1157641)
CVE-2014-3689 vmware_vga: insufficient parameter validation in rectangle functions (bz #1153038, bz #1153035)
2014-10-29 15:58:32 -04:00
Daniel P. Berrange
145f8dccfa Fix dep on numactl-devel to be build time not install time
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-10-24 16:38:01 +01:00
Cole Robinson
fbbbab2c57 Fix PPC virtio regression (bz #1144490) 2014-10-06 12:32:22 -04:00
Dan Horák
215b584050 fix typo 2014-09-30 16:48:14 +02:00
Dan Horák
3a39bf78f1 add ppc64le to KVM arches 2014-09-30 16:46:25 +02:00
Cole Robinson
6c2b2d8a11 Fix date in changelog 2014-09-26 12:51:48 -04:00
Richard W.M. Jones
6ce0be8333 Add Requires seabios >= 1.7.5, otherwise Windows virtio booting does not work. 2014-09-26 16:56:20 +01:00
Cole Robinson
46f3a5c276 Rebased to version 2.1.2
CVE-2014-3640 qemu: slirp: NULL pointer (bz #1144821, bz #1144818)
2014-09-26 10:26:35 -04:00
Cole Robinson
e84b901375 Fix crash on migration/snapshot (bz #1144490) 2014-09-21 12:42:19 -04:00