Commit Graph

527 Commits

Author SHA1 Message Date
Cole Robinson
aeebdca142 CVE-2015-7295: virtio-net possible remote DoS (bz #1264393)
drive-mirror: Fix coroutine reentrance (bz #1266936)
Fix udp socket 'localaddr' (bz #1268708)
2015-10-08 13:39:40 -04:00
Cole Robinson
94d6f121d6 Fix emulation of various instructions, required by libm in F22 ppc64 guests
Re-add patches accidentally dropped in last build
2015-09-22 09:16:29 -04:00
Cole Robinson
a3fa63d2ce Fix typo causing qemu-img to link against entire world (bz #1260996)
CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225)
CVE-2015-6855: ide: divide by zero issue (bz #1261793)
CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263284)
CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() (bz #1263287)
Make block copy more stable (bz #1264416)
Fix hang at start of live merge for large images (bz #1262901)
2015-09-21 18:19:06 -04:00
Richard W.M. Jones
2273d40a00 Fix emulation of various instructions, required by libm in F22 ppc64 guests. 2015-09-20 10:24:27 +01:00
Daniel P. Berrange
ba1746053e Fix typo causing qemu-img to link against entire world (bz #1260996) 2015-09-08 12:43:15 +01:00
Cole Robinson
ab42d9f7d6 CVE-2015-5255: heap memory corruption in vnc_refresh_server_surface (bz #1255899) 2015-08-31 19:59:32 -04:00
Cole Robinson
7fbffc1697 Rebased to version 2.3.1 2015-08-11 18:42:10 -04:00
Cole Robinson
cce96bf59a Fix crash in qemu_spice_create_display (bz #1163047)
Fix qemu-img map crash for unaligned image (bz #1229394)
CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536)
CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728)
CVE-2015-5158: scsi stack buffer overflow (bz #1246025)
CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz #1247141)
CVE-2015-5166: BlockBackend object use after free issue (bz #1249758)
CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160)
CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz #1249755)
2015-08-11 15:24:18 -04:00
Richard W.M. Jones
8f61459adc Fix: qemu-img: error while compressing sector <NNN>: Input/output error (bz #1214855) 2015-07-20 12:10:44 +01:00
Cole Robinson
d902376d84 CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894) 2015-06-05 19:37:46 -04:00
Cole Robinson
15d91eb086 CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152) 2015-05-13 18:34:08 -04:00
poma
343c57952d Fix ksm.service (bz 1218814) 2015-05-06 12:52:09 -04:00
Dan Horák
5059f25c8e - Require libseccomp only when built with it 2015-05-05 17:03:52 +02:00
Cole Robinson
41aca9586f Rebased to version 2.3.0 GA
Another attempt at fixing default /dev/kvm permissions (bz 950436)
2015-04-27 13:33:41 -04:00
Cole Robinson
b26fb5a551 qemu: Drop kvm.modules
Looked into this because recent packaging changes broke kvm.modules
installation, see https://bugzilla.redhat.com/show_bug.cgi?id=1212328

But nowadays this isn't even required I don't think. According to
comments here:

https://bugzilla.redhat.com/show_bug.cgi?id=963198

The reason for shipping it is missing devname:kvm for ppc and s390 kvm
modules. But those have been in upstream kernel.git since late 2013,
so it should be safe to drop entirely.
2015-04-16 09:11:00 -04:00
Cole Robinson
9b9ad7bb74 Rebased to version 2.3.0-rc3 2015-04-14 14:51:42 -04:00
Cole Robinson
c61e67e86b Rebased to version 2.3.0-rc2
Don't install ksm services as executable (bz #1192720)
Skip hanging tests on s390 (bz #1206057)
CVE-2015-1779 vnc: insufficient resource limiting in VNC websockets decoder
(bz #1205051, bz #1199572)
2015-04-03 10:21:46 -04:00
Cole Robinson
c2770435bf Big specfile cleanup
- Drop all the crazy kvmonly and separate_kvm bits
- Drop outdates conditionals
- Drop old style things like defattr and RPM_BUILD_ROOT
- Readability improvements
2015-03-27 17:08:26 -04:00
Cole Robinson
355b03ef5c Rebased to version 2.3.0-rc1 2015-03-25 08:48:20 -04:00
Cole Robinson
6a451ba509 Remove unused patches 2015-03-22 12:17:06 -04:00
Cole Robinson
8055ee2da9 Rebase to qemu-2.3.0-rc0 2015-03-22 11:06:24 -04:00
Richard W.M. Jones
5a454effcf Revert "- Enable seccomp on ARM (thanks: Peter Robinson)."
This reverts commit 76a74e853f.

The upstream (qemu) configure script hard-codes x86 & x86-64,
so you cannot enable seccomp on arm yet.
2015-02-17 15:07:06 +00:00
Richard W.M. Jones
76a74e853f - Enable seccomp on ARM (thanks: Peter Robinson). 2015-02-17 13:37:05 +00:00
Richard W.M. Jones
6c3741c276 - Add -fPIC flag to build to avoid
'relocation R_X86_64_PC32 against undefined symbol' errors.
- Add a hopefully temporary hack so that -fPIC is used to build
  NSS files in libcacard.
2015-02-17 13:35:59 +00:00
Richard W.M. Jones
391fb81c16 Add UEFI support for aarch64. 2015-02-04 15:54:41 +00:00
Daniel P. Berrange
f287dc5662 Re-enable SPICE after previous build fixes circular dep 2015-02-03 14:05:24 +00:00
Daniel P. Berrange
fc57f44566 Stop libcacard linking against the entire world 2015-02-03 11:36:06 +00:00
Daniel P. Berrange
cad2bcb6a1 Temporarily disable SPICE to break circular build-dep on libcacard 2015-02-03 10:57:50 +00:00
Daniel P. Berrange
0716c2e68a Rebuild for changed xen soname 2015-02-03 09:25:11 +00:00
Daniel P. Berrange
10fa62ffc3 Set pkgversion when running configure 2015-01-28 13:25:27 +00:00
Cole Robinson
c88cc7e403 Rebased to version 2.2.0 2014-12-09 16:25:38 -05:00
Cole Robinson
bd7b20725b Add sources 2014-11-30 17:45:14 -05:00
Cole Robinson
1be48f0df6 Update to qemu-2.2.0-rc3 2014-11-30 17:19:56 -05:00
Cole Robinson
259393612c Update to qemu-2.2.0-rc1 2014-11-15 20:39:24 -05:00
Cole Robinson
725f84b743 CVE-2014-7815 vnc: insufficient bits_per_pixel from the client sanitization (bz #1157647, bz #1157641)
CVE-2014-3689 vmware_vga: insufficient parameter validation in rectangle functions (bz #1153038, bz #1153035)
2014-10-29 15:58:32 -04:00
Daniel P. Berrange
145f8dccfa Fix dep on numactl-devel to be build time not install time
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-10-24 16:38:01 +01:00
Cole Robinson
fbbbab2c57 Fix PPC virtio regression (bz #1144490) 2014-10-06 12:32:22 -04:00
Dan Horák
215b584050 fix typo 2014-09-30 16:48:14 +02:00
Dan Horák
3a39bf78f1 add ppc64le to KVM arches 2014-09-30 16:46:25 +02:00
Cole Robinson
6c2b2d8a11 Fix date in changelog 2014-09-26 12:51:48 -04:00
Richard W.M. Jones
6ce0be8333 Add Requires seabios >= 1.7.5, otherwise Windows virtio booting does not work. 2014-09-26 16:56:20 +01:00
Cole Robinson
46f3a5c276 Rebased to version 2.1.2
CVE-2014-3640 qemu: slirp: NULL pointer (bz #1144821, bz #1144818)
2014-09-26 10:26:35 -04:00
Cole Robinson
e84b901375 Fix crash on migration/snapshot (bz #1144490) 2014-09-21 12:42:19 -04:00
Ruben Kerkhof
2f5a0ef6e6 qemu: Fix building without usbredir
The comparison checks if have_usbredir is defined, which it always is.
Check if it's defined and set to 1 instead.
2014-09-15 10:51:00 +01:00
Cole Robinson
723d95470d Rebased to version 2.1.1
CVE-2014-5388: out of bounds memory access (bz #1132962, bz #1132956)
CVE-2014-3615 crash when guest sets high resolution (bz #1139121, bz #1139115)
2014-09-11 15:58:04 -04:00
Richard W.M. Jones
87bbaebdd6 Remember to update Release field this time. 2014-09-03 11:28:38 +01:00
Richard W.M. Jones
f2a088a4af Add upstream patches to:
* Fix crash in curl driver.
  * Add curl timeout option.
  * Add curl cookie option.

- Add upstream commit hashes to patches.
2014-09-03 11:27:07 +01:00
Alexey Kardashevskiy
d92cc55200 ppc64: Enable HV and PR KVM
Unlike other platforms, PPC64 supports 2 types of KVM:
1. PR KVM emulated in user space - works on every PPC64 platform, even on
old POWERMAC; does not require hypervisor-enabled host CPU (POWER5+ and
newer); does not require OPAL;

2. HV KVM - this requires hypervisor-enabled CPU and OPAL - i.e. recent
POWER7/8 CPUs running as a "powernv" platform only.

So PPC64 KVM is split into 3 kernel modules - kvm_pr, kvm_hv and kvm,
the latter contains bits of code common for both types of KVM.

Recent QEMU supports a "kvm-type" machine option and can instantiate
the requested type of KVM.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2014-08-27 10:57:47 +01:00
Richard W.M. Jones
e144c654aa Forgot to update Release field ... 2014-08-20 22:35:42 +01:00
Richard W.M. Jones
4ced99fb02 Add patch for aarch64 which uncompresses -kernel parameter (in arm.next). 2014-08-20 22:28:16 +01:00