SHA256
1
0
forked from pool/qemu

Accepting request 398983 from home:bfrogers:branches:Virtualization

Update to v2.6.0, including enabling a few more recent features. Also include a number of recent security fixes.

OBS-URL: https://build.opensuse.org/request/show/398983
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=294
This commit is contained in:
Bruce Rogers 2016-05-31 21:05:30 +00:00 committed by Git OBS Bridge
parent 758e7e2f1f
commit 1b4a71c4b8
61 changed files with 879 additions and 79 deletions

View File

@ -1,4 +1,4 @@
From 0cc25b3cd019821123bb03e031787b885694c563 Mon Sep 17 00:00:00 2001
From d1591b68524b12fa4c9cb7d2fd6fcdf021137ede Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Mon, 21 Nov 2011 23:50:36 +0100
Subject: [PATCH] XXX dont dump core on sigabort

View File

@ -1,4 +1,4 @@
From b70c1de50710a307563b51b92996b5d0ce2687cc Mon Sep 17 00:00:00 2001
From 44e9a6c05ea73441354e54b0029cdf0e835ed735 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Thu, 1 Dec 2011 19:00:01 +0100
Subject: [PATCH] XXX work around SA_RESTART race with boehm-gc (ARM only)

View File

@ -1,4 +1,4 @@
From 1b2df489a2809e1e8bef5f8cf846373c95934aa1 Mon Sep 17 00:00:00 2001
From 2d978c9adfe0bb7dadbb21e9f606f33b9f70bf1c Mon Sep 17 00:00:00 2001
From: Ulrich Hecht <uli@suse.de>
Date: Tue, 14 Apr 2009 16:18:44 +0200
Subject: [PATCH] qemu-0.9.0.cvs-binfmt

View File

@ -1,4 +1,4 @@
From 86f0e5770aa18b28d0f43f514dc3f4c563b73ce2 Mon Sep 17 00:00:00 2001
From 68b848ab76ac2d150b4ed899d46dabac85b248a2 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 14 Apr 2009 16:20:50 +0200
Subject: [PATCH] qemu-cvs-alsa_bitfield

View File

@ -1,4 +1,4 @@
From e8f69a4b03d1892bcc63fe686857e66da9bbe5eb Mon Sep 17 00:00:00 2001
From 12ea4c0a49f8fd0b3b594f80fa78bf943b7d3c20 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 14 Apr 2009 16:23:27 +0200
Subject: [PATCH] qemu-cvs-alsa_ioctl

View File

@ -1,4 +1,4 @@
From 8cce17b453f1c48d6cb476bda4c775c859b8be12 Mon Sep 17 00:00:00 2001
From f66983c05b20792b6bf5690bc46a4a60618b0425 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 14 Apr 2009 16:24:15 +0200
Subject: [PATCH] qemu-cvs-alsa_mmap

View File

@ -1,4 +1,4 @@
From 6a9bb134ff9465b1c85f52aef40a3be5d41230d0 Mon Sep 17 00:00:00 2001
From cda1328ad68fbb163f786e4ad5dd818c3a54bc4e Mon Sep 17 00:00:00 2001
From: Ulrich Hecht <uli@suse.de>
Date: Tue, 14 Apr 2009 16:25:41 +0200
Subject: [PATCH] qemu-cvs-gettimeofday

View File

@ -1,4 +1,4 @@
From f947d45896b9eed4bc54837653d3920a5a46e5e6 Mon Sep 17 00:00:00 2001
From 02d53ba7f7e370b1b67f6adc9b5497b4a262503a Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 14 Apr 2009 16:26:33 +0200
Subject: [PATCH] qemu-cvs-ioctl_debug

View File

@ -1,4 +1,4 @@
From 52fb54142b48ac628585b64abaff7317a6d87cff Mon Sep 17 00:00:00 2001
From 720dcded9e7c7ebce002e562644bf0b8896f5869 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 14 Apr 2009 16:27:36 +0200
Subject: [PATCH] qemu-cvs-ioctl_nodirection

View File

@ -1,4 +1,4 @@
From 6d9dd264d6ac4687fafb7555fcffa1c83d9485e5 Mon Sep 17 00:00:00 2001
From 592fcd424bad943c37f895f98e873fff69763709 Mon Sep 17 00:00:00 2001
From: Ulrich Hecht <uli@suse.de>
Date: Tue, 14 Apr 2009 16:37:42 +0200
Subject: [PATCH] block/vmdk: Support creation of SCSI VMDK images in qemu-img
@ -82,10 +82,10 @@ index 10d8759..7c0b99c 100644
#define BLOCK_OPT_BACKING_FMT "backing_fmt"
#define BLOCK_OPT_CLUSTER_SIZE "cluster_size"
diff --git a/qemu-img.c b/qemu-img.c
index 1697762..72c2863 100644
index 46f2a6d..01e6f4a 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2034,6 +2034,13 @@ static int img_convert(int argc, char **argv)
@@ -2027,6 +2027,13 @@ static int img_convert(int argc, char **argv)
}
}

View File

@ -1,4 +1,4 @@
From 3017006a56470c5e4cc273b3189fc6e12557d5a5 Mon Sep 17 00:00:00 2001
From d115d3eff851640ed1b6caf43836504fed2bc67f Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Fri, 30 Sep 2011 19:40:36 +0200
Subject: [PATCH] linux-user: add binfmt wrapper for argv[0] handling

View File

@ -1,4 +1,4 @@
From c362d4d7e4337bd4a1fcf1f5c6143e09e9bbdb61 Mon Sep 17 00:00:00 2001
From 2c7559dd752daedcfef00a88923a3df6a913dfd8 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Fri, 6 Jan 2012 01:05:55 +0100
Subject: [PATCH] PPC: KVM: Disable mmu notifier check

View File

@ -1,4 +1,4 @@
From 0c366b537171e56990a88570ab9fa3ccfab85f82 Mon Sep 17 00:00:00 2001
From d308696040ad59d4418b398512bd6ca1a072a215 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Fri, 13 Jan 2012 17:05:41 +0100
Subject: [PATCH] linux-user: fix segfault deadlock

View File

@ -1,4 +1,4 @@
From 9ad6846ed12aff64816568b2b906caf64186be0c Mon Sep 17 00:00:00 2001
From 88f40fc3cbb0608938135e66f84a054e4c71f3e4 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Thu, 2 Feb 2012 18:02:33 +0100
Subject: [PATCH] linux-user: binfmt: support host binaries

View File

@ -1,4 +1,4 @@
From 47c09c52eeba52e67e2e60b8e2a920f182de8144 Mon Sep 17 00:00:00 2001
From 338fec615a0deb8c3fced6a0f50fa8df40f136b3 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 12 Jun 2012 04:41:10 +0200
Subject: [PATCH] linux-user: Ignore broken loop ioctl

View File

@ -1,4 +1,4 @@
From 7b4e229d286e5c4081a78d55bbab068a17fddcbf Mon Sep 17 00:00:00 2001
From f70582028f2a2da536e05f059cb82a6dcdcce2cb Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Thu, 5 Jul 2012 17:31:39 +0200
Subject: [PATCH] linux-user: lock tcg

View File

@ -1,4 +1,4 @@
From 52a87acece5dc608eb05cfe35368e6dcb63ed21c Mon Sep 17 00:00:00 2001
From 63f9ad9031029a99e2207ce13af0c3888bdc3c77 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 10 Jul 2012 20:40:55 +0200
Subject: [PATCH] linux-user: Run multi-threaded code on a single core

View File

@ -1,4 +1,4 @@
From 59fee72689eddc2ada6307ed855828bb762b4a8c Mon Sep 17 00:00:00 2001
From 8de35823c9f03e06ce40870e6cd04ce1c0a44be2 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Wed, 11 Jul 2012 16:47:42 +0200
Subject: [PATCH] linux-user: lock tb flushing too

View File

@ -1,4 +1,4 @@
From ce9b4d41b0828783ce84fe814e5fd863cfb351ba Mon Sep 17 00:00:00 2001
From e5ecc65e4ae5d85fd0645eacfed60757cef04c1a Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Mon, 23 Jul 2012 10:24:14 +0200
Subject: [PATCH] linux-user: Fake /proc/cpuinfo

View File

@ -1,4 +1,4 @@
From 66b365a0e2355febe34cf84d95251405aec6f708 Mon Sep 17 00:00:00 2001
From f2bf40c52ebd8618da52c0ab89e38737170d34ec Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Mon, 20 Aug 2012 00:02:52 +0200
Subject: [PATCH] linux-user: implement FS_IOC_GETFLAGS ioctl

View File

@ -1,4 +1,4 @@
From 59e184c9df705e8abc72a57e89f14ebc58544768 Mon Sep 17 00:00:00 2001
From 7e407d22128dac3b6dae0393a2173e6ee4878abd Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Mon, 20 Aug 2012 00:07:13 +0200
Subject: [PATCH] linux-user: implement FS_IOC_SETFLAGS ioctl

View File

@ -1,4 +1,4 @@
From 75832d69b3684fa6222a500c9b8676629d4e1e25 Mon Sep 17 00:00:00 2001
From 416732418f358a876ee8406eb12925e198155e49 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 21 Aug 2012 14:20:40 +0200
Subject: [PATCH] linux-user: XXX disable fiemap

View File

@ -1,4 +1,4 @@
From c25692dda0ab777bc1634dfbb42eae412d1fdd50 Mon Sep 17 00:00:00 2001
From 76603c63b15b71597d8d232d9c8f590598939cb2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
Date: Wed, 29 Aug 2012 18:42:56 +0200
Subject: [PATCH] slirp: -nooutgoing
@ -33,7 +33,7 @@ index 6106520..32b25a5 100644
"-singlestep always run in singlestep mode\n", QEMU_ARCH_ALL)
STEXI
diff --git a/slirp/socket.c b/slirp/socket.c
index bd97b2d..6cbd829 100644
index a10eff1..fec954e 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -608,6 +608,8 @@ sorecvfrom(struct socket *so)
@ -57,9 +57,9 @@ index bd97b2d..6cbd829 100644
+
/* Don't care what port we get */
ret = sendto(so->s, m->m_data, m->m_len, 0,
(struct sockaddr *)&addr, sizeof(addr));
(struct sockaddr *)&addr, sockaddr_size(&addr));
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 32ff452..9a3850d 100644
index 6b9fef2..e712e21 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -391,6 +391,8 @@ tcp_sockclosed(struct tcpcb *tp)
@ -96,7 +96,7 @@ index 32ff452..9a3850d 100644
socket_set_fast_reuse(s);
opt = 1;
diff --git a/vl.c b/vl.c
index 9df534f..3c36fe9 100644
index 5fd22cb..18c88ff 100644
--- a/vl.c
+++ b/vl.c
@@ -162,6 +162,7 @@ int smp_threads = 1;

View File

@ -1,4 +1,4 @@
From 586df5db147b17cc8d70eff145745912a56ed7b1 Mon Sep 17 00:00:00 2001
From 1e6837a4cf1e2c757a9ee61f99ffd90dc97e3067 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
Date: Wed, 29 Aug 2012 20:06:01 +0200
Subject: [PATCH] vnc: password-file= and incoming-connections=

View File

@ -1,4 +1,4 @@
From df3c67d7a83d9f2bc4914425c7000a08c27e686f Mon Sep 17 00:00:00 2001
From 4910a63b38b4b6cd811d59ccf239423f8f6998fc Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Wed, 10 Oct 2012 10:21:20 +0200
Subject: [PATCH] linux-user: add more blk ioctls

View File

@ -1,4 +1,4 @@
From 34a8db65f986af5c3744a5b030492fbe34b37b4d Mon Sep 17 00:00:00 2001
From 4a2a102bf012ec39a75498e79d18d7e1cb703bd3 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Tue, 9 Oct 2012 09:06:49 +0200
Subject: [PATCH] linux-user: use target_ulong

View File

@ -1,4 +1,4 @@
From c2257cd730ae7cc445118cee261600318aa0f148 Mon Sep 17 00:00:00 2001
From e457395b8a52702b4866234bbe641d6044d725e6 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Wed, 5 Aug 2009 09:49:37 +0200
Subject: [PATCH] block: Add support for DictZip enabled gzip files

View File

@ -1,4 +1,4 @@
From e7f37824f310f22f81d3aa8e0643583309ea8ea7 Mon Sep 17 00:00:00 2001
From 5e55ea4fdd7fcb2dad3ea1c59889390fe94e38bc Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Wed, 5 Aug 2009 17:28:38 +0200
Subject: [PATCH] block: Add tar container format

View File

@ -1,4 +1,4 @@
From 9635817a5b678f8e77e02eb9ca693a77433e3045 Mon Sep 17 00:00:00 2001
From e25606c433e170cb966f2ec6a0e88c9160684d54 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Wed, 12 Dec 2012 19:11:30 +0100
Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch

View File

@ -1,4 +1,4 @@
From a42dd03acbea98cbf11f841a78ddf7830fd6d783 Mon Sep 17 00:00:00 2001
From 543e99f83c5c7aff0675f430f0b7ff6e9e43472d Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Mon, 6 Jun 2011 06:53:52 +0200
Subject: [PATCH] console: add question-mark escape operator

View File

@ -1,4 +1,4 @@
From feca29c048619c102c385e2150a67c62d78435eb Mon Sep 17 00:00:00 2001
From 7cf495aa2aff024d97b20b87fa87fc17cbbbf5ff Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Thu, 1 Apr 2010 17:36:23 +0200
Subject: [PATCH] Make char muxer more robust wrt small FIFOs

View File

@ -1,4 +1,4 @@
From 6d422ead57671b98efbee2da0b3a606de976b8f5 Mon Sep 17 00:00:00 2001
From 5ac9c6a5e5acfc0ce7b61783533ce3a866d85ec3 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Thu, 13 Dec 2012 14:29:22 +0100
Subject: [PATCH] linux-user: lseek: explicitly cast non-set offsets to signed

View File

@ -1,4 +1,4 @@
From 09a9fc2bd1066ed9b5ddbeb4f975461bd93a7b57 Mon Sep 17 00:00:00 2001
From 0ae16f3d2670b4bd86595f6b9f2b5bd7b6faa438 Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Thu, 16 May 2013 12:39:10 +0200
Subject: [PATCH] virtfs-proxy-helper: Provide __u64 for broken

View File

@ -1,4 +1,4 @@
From 5676fd4e9e421b4400124629916d8e761c62d00d Mon Sep 17 00:00:00 2001
From 96642b20aa9624ffa934c24c22da03b184ee2c9f Mon Sep 17 00:00:00 2001
From: Dinar Valeev <k0da@opensuse.org>
Date: Wed, 2 Oct 2013 17:56:03 +0200
Subject: [PATCH] configure: Enable PIE for ppc and ppc64 hosts
@ -14,7 +14,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index ab54f3c..f8b8391 100755
index c37fc5f..94035eb 100755
--- a/configure
+++ b/configure
@@ -1537,7 +1537,7 @@ fi

View File

@ -1,4 +1,4 @@
From 79c0f63ce2a8ebfb9a32fd05845ec439756c6a86 Mon Sep 17 00:00:00 2001
From 9aff904100fd11df814e8498cf9dd3d8c7810562 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
Date: Thu, 17 Apr 2014 18:39:10 +0200
Subject: [PATCH] qtest: Increase socket timeout

View File

@ -1,4 +1,4 @@
From 8afc9f3a0bac1b63c6cf1da4e1abb680bd3127e6 Mon Sep 17 00:00:00 2001
From b70818ca8b9ca9ea88460c97b59c8e73e0c96bc8 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Wed, 14 Jan 2015 01:32:11 +0100
Subject: [PATCH] AIO: Reduce number of threads for 32bit hosts

View File

@ -1,4 +1,4 @@
From de7e0973fc8fe7f097999135fcb65b0a830a1eff Mon Sep 17 00:00:00 2001
From b44837ddb7fe9d43d70dc4260e4e9561d68ebc04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
Date: Tue, 14 Apr 2015 18:42:06 +0200
Subject: [PATCH] configure: Enable libseccomp for ppc
@ -14,7 +14,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 3 insertions(+)
diff --git a/configure b/configure
index f8b8391..593e865 100755
index 94035eb..4efabe3 100755
--- a/configure
+++ b/configure
@@ -1879,6 +1879,9 @@ if test "$seccomp" != "no" ; then

View File

@ -1,4 +1,4 @@
From cce7d2ee8a4d6dd434b7a28a9edd59ff504b53ae Mon Sep 17 00:00:00 2001
From ab4667c328ab637aabd54364658e8d047297eb54 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Mon, 15 Jun 2015 17:36:32 +0200
Subject: [PATCH] dictzip: Fix on big endian systems

View File

@ -1,4 +1,4 @@
From 328eda4d196550c8dab103cd9ff7a45888834111 Mon Sep 17 00:00:00 2001
From 33fcb26d3770b6ff5019d796595675a3275bfe46 Mon Sep 17 00:00:00 2001
From: Olaf Hering <olaf@aepfle.de>
Date: Thu, 24 Mar 2016 14:32:39 +0100
Subject: [PATCH] block: split large discard requests from block frontend

View File

@ -1,4 +1,4 @@
From 903848e6ee598edb5303a8ad8bea38aee0eb5883 Mon Sep 17 00:00:00 2001
From 529b4b3328e96f55ae0a44d1293616f426077a0b Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Wed, 9 Mar 2016 15:18:11 -0700
Subject: [PATCH] xen_disk: Add suse specific flush disable handling and map to

View File

@ -1,4 +1,4 @@
From 7e1f77646a047c0c160274c2c6bf5440ea1856d2 Mon Sep 17 00:00:00 2001
From 260d6920548a51e773c2bdca0a2770a3083404a2 Mon Sep 17 00:00:00 2001
From: Olaf Hering <olaf@aepfle.de>
Date: Fri, 1 Apr 2016 12:27:16 +0200
Subject: [PATCH] build: link with libatomic on powerpc-linux
@ -14,7 +14,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
1 file changed, 27 insertions(+)
diff --git a/configure b/configure
index 593e865..478631e 100755
index 4efabe3..b455035 100755
--- a/configure
+++ b/configure
@@ -4032,6 +4032,33 @@ if test "$usb_redir" != "no" ; then

View File

@ -0,0 +1,33 @@
From 53260b0f3e1426185786f5fe45f99ca1ded84062 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 7 Apr 2016 04:27:00 -0600
Subject: [PATCH] net: mipsnet: check packet length against buffer
When receiving packets over MIPSnet network device, it uses
receive buffer of size 1514 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.
Reported by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
[BR: BSC#975136 CVE-2016-4002]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/net/mipsnet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
index 740cd98..cf8b823 100644
--- a/hw/net/mipsnet.c
+++ b/hw/net/mipsnet.c
@@ -83,6 +83,9 @@ static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t si
if (!mipsnet_can_receive(nc))
return 0;
+ if (size >= sizeof(s->rx_buffer)) {
+ return 0;
+ }
s->busy = 1;
/* Just accept everything. */

View File

@ -0,0 +1,35 @@
From 4c2fce28b205a0912f1224bdb8dbba2a0d7bf593 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 7 Apr 2016 12:50:08 +0530
Subject: [PATCH] i386: kvmvapic: initialise imm32 variable
When processing Task Priorty Register(TPR) access, it could leak
automatic stack variable 'imm32' in patch_instruction().
Initialise the variable to avoid it.
Reported by: Donghai Zdh <donghai.zdh@alibaba-inc.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1460013608-16670-1-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 691a02e2ce0c413236a78dee6f2651c937b09fb0)
[BR: BSC#975700 CVE-2016-4020]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/i386/kvmvapic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index c69f374..ff1e31a 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
CPUX86State *env = &cpu->env;
VAPICHandlers *handlers;
uint8_t opcode[2];
- uint32_t imm32;
+ uint32_t imm32 = 0;
target_ulong current_pc = 0;
target_ulong current_cs_base = 0;
int current_flags = 0;

View File

@ -0,0 +1,42 @@
From 4a36592c8982234afc9591adb50684c2daed0fbd Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 19 May 2016 16:09:30 +0530
Subject: [PATCH] esp: check command buffer length before write(CVE-2016-4439)
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer. While
writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check
was missing to validate input length. Add check to avoid OOB write
access.
Fixes CVE-2016-4439.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1463654371-11169-2-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c98c6c105f66f05aa0b7c1d2a4a3f716450907ef)
[BR: CVE-2016-4439 BSC#980711]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/esp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 8961be2..01497e6 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -448,7 +448,11 @@ void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
break;
case ESP_FIFO:
if (s->do_cmd) {
- s->cmdbuf[s->cmdlen++] = val & 0xff;
+ if (s->cmdlen < TI_BUFSZ) {
+ s->cmdbuf[s->cmdlen++] = val & 0xff;
+ } else {
+ trace_esp_error_fifo_overrun();
+ }
} else if (s->ti_size == TI_BUFSZ - 1) {
trace_esp_error_fifo_overrun();
} else {

View File

@ -0,0 +1,76 @@
From 648083b0e53202c883906a5d57d420a9c6411c89 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 19 May 2016 16:09:31 +0530
Subject: [PATCH] esp: check dma length before reading scsi
command(CVE-2016-4441)
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer.
Routine get_cmd() uses DMA to read scsi commands into this buffer.
Add check to validate DMA length against buffer size to avoid any
overrun.
Fixes CVE-2016-4441.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1463654371-11169-3-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 6c1fef6b59563cc415f21e03f81539ed4b33ad90)
[BR: CVE-2016-4441 BSC#980723]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/esp.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 01497e6..591c817 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -82,7 +82,7 @@ void esp_request_cancelled(SCSIRequest *req)
}
}
-static uint32_t get_cmd(ESPState *s, uint8_t *buf)
+static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
{
uint32_t dmalen;
int target;
@@ -92,6 +92,9 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
dmalen = s->rregs[ESP_TCLO];
dmalen |= s->rregs[ESP_TCMID] << 8;
dmalen |= s->rregs[ESP_TCHI] << 16;
+ if (dmalen > buflen) {
+ return 0;
+ }
s->dma_memory_read(s->dma_opaque, buf, dmalen);
} else {
dmalen = s->ti_size;
@@ -166,7 +169,7 @@ static void handle_satn(ESPState *s)
s->dma_cb = handle_satn;
return;
}
- len = get_cmd(s, buf);
+ len = get_cmd(s, buf, sizeof(buf));
if (len)
do_cmd(s, buf);
}
@@ -180,7 +183,7 @@ static void handle_s_without_atn(ESPState *s)
s->dma_cb = handle_s_without_atn;
return;
}
- len = get_cmd(s, buf);
+ len = get_cmd(s, buf, sizeof(buf));
if (len) {
do_busid_cmd(s, buf, 0);
}
@@ -192,7 +195,7 @@ static void handle_satn_stop(ESPState *s)
s->dma_cb = handle_satn_stop;
return;
}
- s->cmdlen = get_cmd(s, s->cmdbuf);
+ s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf));
if (s->cmdlen) {
trace_esp_handle_satn_stop(s->cmdlen);
s->do_cmd = 1;

View File

@ -0,0 +1,96 @@
From 2f492d1dceb93302ae10a97ea799e344e52e1a89 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 23 May 2016 04:49:00 -0600
Subject: [PATCH] scsi: pvscsi: check command descriptor ring buffer size
Vmware Paravirtual SCSI emulation uses command descriptors to
process SCSI commands. These descriptors come with their ring
buffers. A guest could set the ring buffer size to an arbitrary
value leading to OOB access issue. Add check to avoid it.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
[BR: CVE-2016-4952 BSC#981266]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/vmw_pvscsi.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index e690b4e..e1d6d06 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -153,7 +153,7 @@ pvscsi_log2(uint32_t input)
return log;
}
-static void
+static int
pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
{
int i;
@@ -161,6 +161,10 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
uint32_t req_ring_size, cmp_ring_size;
m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
+ if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
+ || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
+ return -1;
+ }
req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
txr_len_log2 = pvscsi_log2(req_ring_size - 1);
@@ -192,15 +196,20 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
/* Flush ring state page changes */
smp_wmb();
+
+ return 0;
}
-static void
+static int
pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
{
int i;
uint32_t len_log2;
uint32_t ring_size;
+ if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+ return -1;
+ }
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
len_log2 = pvscsi_log2(ring_size - 1);
@@ -220,6 +229,8 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
/* Flush ring state page changes */
smp_wmb();
+
+ return 0;
}
static void
@@ -770,7 +781,10 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
pvscsi_dbg_dump_tx_rings_config(rc);
- pvscsi_ring_init_data(&s->rings, rc);
+ if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+ }
+
s->rings_info_valid = TRUE;
return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
}
@@ -850,7 +864,9 @@ pvscsi_on_cmd_setup_msg_ring(PVSCSIState *s)
}
if (s->rings_info_valid) {
- pvscsi_ring_init_msg(&s->rings, rc);
+ if (pvscsi_ring_init_msg(&s->rings, rc) < 0) {
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
+ }
s->msg_ring_info_valid = TRUE;
}
return sizeof(PVSCSICmdDescSetupMsgRing) / sizeof(uint32_t);

View File

@ -0,0 +1,45 @@
From 62f461d944c764953299772d72892daca092fe3f Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 24 May 2016 02:10:00 -0600
Subject: [PATCH] scsi: mptsas: infinite loop while fetching requests
The LSI SAS1068 Host Bus Adapter emulator in Qemu, periodically
looks for requests and fetches them. A loop doing that in
mptsas_fetch_requests() could run infinitely if 's->state' was
not operational. Move check to avoid such a loop.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
[BR: CVE-2016-4964 BSC#981399]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/mptsas.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
index 499c146..be88e16 100644
--- a/hw/scsi/mptsas.c
+++ b/hw/scsi/mptsas.c
@@ -754,11 +754,6 @@ static void mptsas_fetch_request(MPTSASState *s)
hwaddr addr;
int size;
- if (s->state != MPI_IOC_STATE_OPERATIONAL) {
- mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE);
- return;
- }
-
/* Read the message header from the guest first. */
addr = s->host_mfa_high_addr | MPTSAS_FIFO_GET(s, request_post);
pci_dma_read(pci, addr, req, sizeof(hdr));
@@ -789,6 +784,10 @@ static void mptsas_fetch_requests(void *opaque)
{
MPTSASState *s = opaque;
+ if (s->state != MPI_IOC_STATE_OPERATIONAL) {
+ mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE);
+ return;
+ }
while (!MPTSAS_FIFO_EMPTY(s, request_post)) {
mptsas_fetch_request(s);
}

View File

@ -0,0 +1,235 @@
From b360e87d80afa47ab5e1aaa2d58aac0a83047277 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 17 May 2016 10:54:54 +0200
Subject: [PATCH] vga: add sr_vbe register set
Commit "fd3c136 vga: make sure vga register setup for vbe stays intact
(CVE-2016-3712)." causes a regression. The win7 installer is unhappy
because it can't freely modify vga registers any more while in vbe mode.
This patch introduces a new sr_vbe register set. The vbe_update_vgaregs
will fill sr_vbe[] instead of sr[]. Normal vga register reads and
writes go to sr[]. Any sr register read access happens through a new
sr() helper function which will read from sr_vbe[] with vbe active and
from sr[] otherwise.
This way we can allow guests update sr[] registers as they want, without
allowing them disrupt vbe video modes that way.
Cc: qemu-stable@nongnu.org
Reported-by: Thomas Lamprecht <thomas@lamprecht.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1463475294-14119-1-git-send-email-kraxel@redhat.com
(cherry picked from commit 94ef4f337fb614f18b765a8e0e878a4c23cdedcd)
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/display/vga.c | 50 ++++++++++++++++++++++++++++----------------------
hw/display/vga_int.h | 1 +
2 files changed, 29 insertions(+), 22 deletions(-)
diff --git a/hw/display/vga.c b/hw/display/vga.c
index 4a55ec6..9ebc54f 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -149,6 +149,11 @@ static inline bool vbe_enabled(VGACommonState *s)
return s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED;
}
+static inline uint8_t sr(VGACommonState *s, int idx)
+{
+ return vbe_enabled(s) ? s->sr_vbe[idx] : s->sr[idx];
+}
+
static void vga_update_memory_access(VGACommonState *s)
{
hwaddr base, offset, size;
@@ -163,8 +168,8 @@ static void vga_update_memory_access(VGACommonState *s)
s->has_chain4_alias = false;
s->plane_updated = 0xf;
}
- if ((s->sr[VGA_SEQ_PLANE_WRITE] & VGA_SR02_ALL_PLANES) ==
- VGA_SR02_ALL_PLANES && s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
+ if ((sr(s, VGA_SEQ_PLANE_WRITE) & VGA_SR02_ALL_PLANES) ==
+ VGA_SR02_ALL_PLANES && sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) {
offset = 0;
switch ((s->gr[VGA_GFX_MISC] >> 2) & 3) {
case 0:
@@ -234,7 +239,7 @@ static void vga_precise_update_retrace_info(VGACommonState *s)
((s->cr[VGA_CRTC_OVERFLOW] >> 6) & 2)) << 8);
vretr_end_line = s->cr[VGA_CRTC_V_SYNC_END] & 0xf;
- clocking_mode = (s->sr[VGA_SEQ_CLOCK_MODE] >> 3) & 1;
+ clocking_mode = (sr(s, VGA_SEQ_CLOCK_MODE) >> 3) & 1;
clock_sel = (s->msr >> 2) & 3;
dots = (s->msr & 1) ? 8 : 9;
@@ -486,7 +491,6 @@ void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
printf("vga: write SR%x = 0x%02x\n", s->sr_index, val);
#endif
s->sr[s->sr_index] = val & sr_mask[s->sr_index];
- vbe_update_vgaregs(s);
if (s->sr_index == VGA_SEQ_CLOCK_MODE) {
s->update_retrace_info(s);
}
@@ -680,13 +684,13 @@ static void vbe_update_vgaregs(VGACommonState *s)
if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
shift_control = 0;
- s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
+ s->sr_vbe[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
} else {
shift_control = 2;
/* set chain 4 mode */
- s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
+ s->sr_vbe[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
/* activate all planes */
- s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
+ s->sr_vbe[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
}
s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) |
(shift_control << 5);
@@ -836,7 +840,7 @@ uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr)
break;
}
- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
+ if (sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) {
/* chain 4 mode : simplest access */
assert(addr < s->vram_size);
ret = s->vram_ptr[addr];
@@ -904,11 +908,11 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
break;
}
- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
+ if (sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) {
/* chain 4 mode : simplest access */
plane = addr & 3;
mask = (1 << plane);
- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
+ if (sr(s, VGA_SEQ_PLANE_WRITE) & mask) {
assert(addr < s->vram_size);
s->vram_ptr[addr] = val;
#ifdef DEBUG_VGA_MEM
@@ -921,7 +925,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
/* odd/even mode (aka text mode mapping) */
plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
mask = (1 << plane);
- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
+ if (sr(s, VGA_SEQ_PLANE_WRITE) & mask) {
addr = ((addr & ~1) << 1) | plane;
if (addr >= s->vram_size) {
return;
@@ -996,7 +1000,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
do_write:
/* mask data according to sr[2] */
- mask = s->sr[VGA_SEQ_PLANE_WRITE];
+ mask = sr(s, VGA_SEQ_PLANE_WRITE);
s->plane_updated |= mask; /* only used to detect font change */
write_mask = mask16[mask];
if (addr * sizeof(uint32_t) >= s->vram_size) {
@@ -1152,10 +1156,10 @@ static void vga_get_text_resolution(VGACommonState *s, int *pwidth, int *pheight
/* total width & height */
cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
cwidth = 8;
- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
+ if (!(sr(s, VGA_SEQ_CLOCK_MODE) & VGA_SR01_CHAR_CLK_8DOTS)) {
cwidth = 9;
}
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 0x08) {
cwidth = 16; /* NOTE: no 18 pixel wide */
}
width = (s->cr[VGA_CRTC_H_DISP] + 1);
@@ -1197,7 +1201,7 @@ static void vga_draw_text(VGACommonState *s, int full_update)
int64_t now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL);
/* compute font data address (in plane 2) */
- v = s->sr[VGA_SEQ_CHARACTER_MAP];
+ v = sr(s, VGA_SEQ_CHARACTER_MAP);
offset = (((v >> 4) & 1) | ((v << 1) & 6)) * 8192 * 4 + 2;
if (offset != s->font_offsets[0]) {
s->font_offsets[0] = offset;
@@ -1506,11 +1510,11 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
}
if (shift_control == 0) {
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
disp_width <<= 1;
}
} else if (shift_control == 1) {
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
disp_width <<= 1;
}
}
@@ -1574,7 +1578,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
if (shift_control == 0) {
full_update |= update_palette16(s);
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
v = VGA_DRAW_LINE4D2;
} else {
v = VGA_DRAW_LINE4;
@@ -1582,7 +1586,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
bits = 4;
} else if (shift_control == 1) {
full_update |= update_palette16(s);
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
v = VGA_DRAW_LINE2D2;
} else {
v = VGA_DRAW_LINE2;
@@ -1629,7 +1633,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
#if 0
printf("w=%d h=%d v=%d line_offset=%d cr[0x09]=0x%02x cr[0x17]=0x%02x linecmp=%d sr[0x01]=0x%02x\n",
width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE],
- s->line_compare, s->sr[VGA_SEQ_CLOCK_MODE]);
+ s->line_compare, sr(s, VGA_SEQ_CLOCK_MODE));
#endif
addr1 = (s->start_addr * 4);
bwidth = (width * bits + 7) / 8;
@@ -1781,6 +1785,7 @@ void vga_common_reset(VGACommonState *s)
{
s->sr_index = 0;
memset(s->sr, '\0', sizeof(s->sr));
+ memset(s->sr_vbe, '\0', sizeof(s->sr_vbe));
s->gr_index = 0;
memset(s->gr, '\0', sizeof(s->gr));
s->ar_index = 0;
@@ -1883,10 +1888,10 @@ static void vga_update_text(void *opaque, console_ch_t *chardata)
/* total width & height */
cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
cw = 8;
- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
+ if (!(sr(s, VGA_SEQ_CLOCK_MODE) & VGA_SR01_CHAR_CLK_8DOTS)) {
cw = 9;
}
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 0x08) {
cw = 16; /* NOTE: no 18 pixel wide */
}
width = (s->cr[VGA_CRTC_H_DISP] + 1);
@@ -2053,6 +2058,7 @@ static int vga_common_post_load(void *opaque, int version_id)
/* force refresh */
s->graphic_mode = -1;
+ vbe_update_vgaregs(s);
return 0;
}
diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h
index bdb43a5..3ce5544 100644
--- a/hw/display/vga_int.h
+++ b/hw/display/vga_int.h
@@ -98,6 +98,7 @@ typedef struct VGACommonState {
MemoryRegion chain4_alias;
uint8_t sr_index;
uint8_t sr[256];
+ uint8_t sr_vbe[256];
uint8_t gr_index;
uint8_t gr[256];
uint8_t ar_index;

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1fd2d10ef0e1775017827bd5d34c59c604a340263c9347c86ec70215d2bc36d8
size 25790061

Binary file not shown.

3
qemu-2.6.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c9ac4a651b273233d21b8bec32e30507cb9cce7900841febc330956a1a8434ec
size 25755267

BIN
qemu-2.6.0.tar.bz2.sig Normal file

Binary file not shown.

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Thu May 26 16:23:33 UTC 2016 - brogers@suse.com
- Address various security/stability issues
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136)
0042-net-mipsnet-check-packet-length-aga.patch
* Fix possible host data leakage to guest from TPR access
CVE-2016-4020 (bsc#975700)
0043-i386-kvmvapic-initialise-imm32-vari.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711)
0044-esp-check-command-buffer-length-bef.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723)
0045-esp-check-dma-length-before-reading.patch
* Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266)
0046-scsi-pvscsi-check-command-descripto.patch
* Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399)
0047-scsi-mptsas-infinite-loop-while-fet.patch
* Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160)
0048-vga-add-sr_vbe-register-set.patch
-------------------------------------------------------------------
Wed May 25 21:42:12 UTC 2016 - brogers@suse.com
- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6
-------------------------------------------------------------------
Thu Apr 28 15:21:54 UTC 2016 - afaerber@suse.de

View File

@ -21,9 +21,9 @@ Url: http://www.qemu.org/
Summary: Universal CPU emulator
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: System/Emulators/PC
Version: 2.5.93
Version: 2.6.0
Release: 0
Source: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch
Patch0002: 0002-XXX-work-around-SA_RESTART-race-wit.patch
@ -66,6 +66,13 @@ Patch0038: 0038-dictzip-Fix-on-big-endian-systems.patch
Patch0039: 0039-block-split-large-discard-requests-.patch
Patch0040: 0040-xen_disk-Add-suse-specific-flush-di.patch
Patch0041: 0041-build-link-with-libatomic-on-powerp.patch
Patch0042: 0042-net-mipsnet-check-packet-length-aga.patch
Patch0043: 0043-i386-kvmvapic-initialise-imm32-vari.patch
Patch0044: 0044-esp-check-command-buffer-length-bef.patch
Patch0045: 0045-esp-check-dma-length-before-reading.patch
Patch0046: 0046-scsi-pvscsi-check-command-descripto.patch
Patch0047: 0047-scsi-mptsas-infinite-loop-while-fet.patch
Patch0048: 0048-vga-add-sr_vbe-register-set.patch
# Please do not add patches manually here, run update_git.sh.
# this is to make lint happy
Source300: qemu-rpmlintrc
@ -118,7 +125,7 @@ emulations. This can be used together with the OBS build script to
run cross-architecture builds.
%prep
%setup -q -n qemu-2.6.0-rc3
%setup -q -n qemu-2.6.0
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
@ -160,6 +167,13 @@ run cross-architecture builds.
%patch0039 -p1
%patch0040 -p1
%patch0041 -p1
%patch0042 -p1
%patch0043 -p1
%patch0044 -p1
%patch0045 -p1
%patch0046 -p1
%patch0047 -p1
%patch0048 -p1
%build
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \

View File

@ -23,7 +23,7 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: System/Emulators/PC
QEMU_VERSION
Release: 0
Source: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
PATCH_FILES
# Please do not add patches manually here, run update_git.sh.
@ -78,7 +78,7 @@ emulations. This can be used together with the OBS build script to
run cross-architecture builds.
%prep
%setup -q -n qemu-2.6.0-rc3
%setup -q -n qemu-2.6.0
PATCH_EXEC
%build

View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Thu May 26 16:23:33 UTC 2016 - brogers@suse.com
- Address various security/stability issues
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136)
0042-net-mipsnet-check-packet-length-aga.patch
* Fix possible host data leakage to guest from TPR access
CVE-2016-4020 (bsc#975700)
0043-i386-kvmvapic-initialise-imm32-vari.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711)
0044-esp-check-command-buffer-length-bef.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723)
0045-esp-check-dma-length-before-reading.patch
* Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266)
0046-scsi-pvscsi-check-command-descripto.patch
* Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399)
0047-scsi-mptsas-infinite-loop-while-fet.patch
* Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160)
0048-vga-add-sr_vbe-register-set.patch
-------------------------------------------------------------------
Wed May 25 21:42:12 UTC 2016 - brogers@suse.com
- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6
- Enable SDL2, virglrenderer (for use with virtio-gpu), xfsctl, and
tracing using default log backend
- Build efi pxe roms on x86_64
-------------------------------------------------------------------
Thu Apr 28 16:37:10 UTC 2016 - afaerber@suse.de

View File

@ -51,10 +51,10 @@ Url: http://www.qemu.org/
Summary: Universal CPU emulator
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: System/Emulators/PC
Version: 2.5.93
Version: 2.6.0
Release: 0
Source: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2
Source99: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2.sig
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
Source99: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2.sig
Source1: 80-kvm.rules
Source2: qemu-ifup
Source3: kvm_stat
@ -107,6 +107,13 @@ Patch0038: 0038-dictzip-Fix-on-big-endian-systems.patch
Patch0039: 0039-block-split-large-discard-requests-.patch
Patch0040: 0040-xen_disk-Add-suse-specific-flush-di.patch
Patch0041: 0041-build-link-with-libatomic-on-powerp.patch
Patch0042: 0042-net-mipsnet-check-packet-length-aga.patch
Patch0043: 0043-i386-kvmvapic-initialise-imm32-vari.patch
Patch0044: 0044-esp-check-command-buffer-length-bef.patch
Patch0045: 0045-esp-check-dma-length-before-reading.patch
Patch0046: 0046-scsi-pvscsi-check-command-descripto.patch
Patch0047: 0047-scsi-mptsas-infinite-loop-while-fet.patch
Patch0048: 0048-vga-add-sr_vbe-register-set.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -122,7 +129,13 @@ Source302: bridge.conf
Source400: update_git.sh
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: SDL-devel
%if 0%{?suse_version} >= 1320
BuildRequires: SDL2-devel
%endif
BuildRequires: alsa-devel
%if 0%{?build_x86_fw_from_source}
BuildRequires: binutils-devel
%endif
BuildRequires: bluez-devel
%if 0%{?suse_version} >= 1130
BuildRequires: brlapi-devel
@ -151,10 +164,15 @@ BuildRequires: libbz2-devel
BuildRequires: libcacard-devel
BuildRequires: libcap-devel
BuildRequires: libcap-ng-devel
BuildRequires: libdrm-devel
%if 0%{?suse_version} >= 1320
BuildRequires: libepoxy-devel
%endif
%if 0%{?suse_version} >= 1310
# 12.3 and earlier don't ship a compatible libfdt; use the bundled one there
BuildRequires: libfdt1-devel
%endif
BuildRequires: libgbm-devel
BuildRequires: libgcrypt-devel
BuildRequires: libgnutls-devel
%if 0%{?suse_version} >= 1315
@ -200,6 +218,9 @@ BuildRequires: makeinfo
%endif
BuildRequires: mozilla-nss-devel
BuildRequires: ncurses-devel
%if 0%{?build_x86_fw_from_source}
BuildRequires: ovmf-tools
%endif
BuildRequires: pkgconfig
BuildRequires: pwdutils
BuildRequires: python
@ -212,7 +233,7 @@ BuildRequires: systemd
%define with_systemd 1
%endif
%if %{kvm_available}
BuildRequires: udev
BuildRequires: pkgconfig(udev)
%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01
%define _udevrulesdir /usr/lib/udev/rules.d
%else
@ -222,6 +243,10 @@ BuildRequires: udev
%if 0%{?sles_version} != 11
BuildRequires: usbredir-devel
%endif
%if 0%{?suse_version} >= 1320
BuildRequires: virglrenderer >= 0.4.1
BuildRequires: virglrenderer-devel >= 0.4.1
%endif
%if 0%{?suse_version} >= 1210
%if 0%{?suse_version} >= 1220
BuildRequires: vte-devel
@ -232,6 +257,7 @@ BuildRequires: vte2-devel
%ifarch x86_64
BuildRequires: xen-devel
%endif
BuildRequires: xfsprogs-devel
%if %{build_x86_fw_from_source}
BuildRequires: xz-devel
%endif
@ -255,6 +281,9 @@ BuildRequires: qemu-x86 = %version
Requires: /usr/sbin/groupadd
Requires: pwdutils
Requires: timezone
%if %{kvm_available}
Requires(post): udev
%endif
Recommends: qemu-block-curl
Recommends: qemu-tools
Recommends: qemu-x86
@ -289,11 +318,15 @@ Suggests: qemu-lang
Recommends: qemu-ksm = %{version}
%endif
%ifarch x86_64
%define x86_64_only_b_f_f {efi-e1000.rom efi-eepro100.rom \
efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom}
%endif
%define built_firmware_files {bios.bin bios-256k.bin \
sgabios.bin vgabios.bin vgabios-cirrus.bin \
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin vgabios-qxl.bin \
optionrom/linuxboot.bin optionrom/multiboot.bin optionrom/kvmvapic.bin \
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom}
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
%description
QEMU is an extremely well-performing CPU emulator that allows you to
@ -528,6 +561,7 @@ This sub-package contains various tools, including a bridge helper.
Summary: Universal CPU emulator -- Guest agent
Group: System/Emulators/PC
Provides: qemu:%_bindir/qemu-ga
Requires(post): udev
%if 0%{?with_systemd}
%{?systemd_requires}
%endif
@ -616,7 +650,7 @@ This package provides a service file for starting and stopping KSM.
%endif # !qemu-testsuite
%prep
%setup -q -n qemu-2.6.0-rc3
%setup -q -n qemu-2.6.0
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
@ -658,6 +692,13 @@ This package provides a service file for starting and stopping KSM.
%patch0039 -p1
%patch0040 -p1
%patch0041 -p1
%patch0042 -p1
%patch0043 -p1
%patch0044 -p1
%patch0045 -p1
%patch0046 -p1
%patch0047 -p1
%patch0048 -p1
%if %{build_x86_fw_from_source}
pushd roms/seabios
@ -766,7 +807,11 @@ rm -f pc-bios/slof.bin
--disable-rdma \
%endif
--enable-sdl \
%if 0%{?suse_version} >= 1320
--with-sdlabi=2.0 \
%else
--with-sdlabi=1.2 \
%endif
%if 0%{?suse_version} > 1320
--enable-seccomp \
%else
@ -788,7 +833,6 @@ rm -f pc-bios/slof.bin
--disable-spice \
%endif
--enable-tpm \
--enable-trace-backends=nop \
%if 0%{?sles_version} != 11
--enable-usb-redir \
%else
@ -798,6 +842,9 @@ rm -f pc-bios/slof.bin
--enable-vde \
--enable-vhdx \
--enable-vhost-net \
%if 0%{?suse_version} >= 1320
--enable-virglrenderer \
%endif
--enable-virtfs \
--enable-vnc \
--enable-vnc-jpeg \
@ -813,6 +860,7 @@ rm -f pc-bios/slof.bin
%else
--disable-xen \
%endif
--enable-xfsctl \
%if "%{name}" != "qemu-testsuite"
@ -823,6 +871,9 @@ make %{?_smp_mflags} V=1
make %{?_smp_mflags} -C roms bios
make %{?_smp_mflags} -C roms seavgabios
make %{?_smp_mflags} -C roms pxerom
%ifarch x86_64
make %{?_smp_mflags} -C roms efirom
%endif
make -C roms sgabios
%endif
%if %{build_slof_from_source}

View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Thu May 26 16:23:33 UTC 2016 - brogers@suse.com
- Address various security/stability issues
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136)
0042-net-mipsnet-check-packet-length-aga.patch
* Fix possible host data leakage to guest from TPR access
CVE-2016-4020 (bsc#975700)
0043-i386-kvmvapic-initialise-imm32-vari.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711)
0044-esp-check-command-buffer-length-bef.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723)
0045-esp-check-dma-length-before-reading.patch
* Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266)
0046-scsi-pvscsi-check-command-descripto.patch
* Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399)
0047-scsi-mptsas-infinite-loop-while-fet.patch
* Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160)
0048-vga-add-sr_vbe-register-set.patch
-------------------------------------------------------------------
Wed May 25 21:42:12 UTC 2016 - brogers@suse.com
- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6
- Enable SDL2, virglrenderer (for use with virtio-gpu), xfsctl, and
tracing using default log backend
- Build efi pxe roms on x86_64
-------------------------------------------------------------------
Thu Apr 28 16:37:10 UTC 2016 - afaerber@suse.de

View File

@ -51,10 +51,10 @@ Url: http://www.qemu.org/
Summary: Universal CPU emulator
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: System/Emulators/PC
Version: 2.5.93
Version: 2.6.0
Release: 0
Source: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2
Source99: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2.sig
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
Source99: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2.sig
Source1: 80-kvm.rules
Source2: qemu-ifup
Source3: kvm_stat
@ -107,6 +107,13 @@ Patch0038: 0038-dictzip-Fix-on-big-endian-systems.patch
Patch0039: 0039-block-split-large-discard-requests-.patch
Patch0040: 0040-xen_disk-Add-suse-specific-flush-di.patch
Patch0041: 0041-build-link-with-libatomic-on-powerp.patch
Patch0042: 0042-net-mipsnet-check-packet-length-aga.patch
Patch0043: 0043-i386-kvmvapic-initialise-imm32-vari.patch
Patch0044: 0044-esp-check-command-buffer-length-bef.patch
Patch0045: 0045-esp-check-dma-length-before-reading.patch
Patch0046: 0046-scsi-pvscsi-check-command-descripto.patch
Patch0047: 0047-scsi-mptsas-infinite-loop-while-fet.patch
Patch0048: 0048-vga-add-sr_vbe-register-set.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -122,7 +129,13 @@ Source302: bridge.conf
Source400: update_git.sh
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: SDL-devel
%if 0%{?suse_version} >= 1320
BuildRequires: SDL2-devel
%endif
BuildRequires: alsa-devel
%if 0%{?build_x86_fw_from_source}
BuildRequires: binutils-devel
%endif
BuildRequires: bluez-devel
%if 0%{?suse_version} >= 1130
BuildRequires: brlapi-devel
@ -151,10 +164,15 @@ BuildRequires: libbz2-devel
BuildRequires: libcacard-devel
BuildRequires: libcap-devel
BuildRequires: libcap-ng-devel
BuildRequires: libdrm-devel
%if 0%{?suse_version} >= 1320
BuildRequires: libepoxy-devel
%endif
%if 0%{?suse_version} >= 1310
# 12.3 and earlier don't ship a compatible libfdt; use the bundled one there
BuildRequires: libfdt1-devel
%endif
BuildRequires: libgbm-devel
BuildRequires: libgcrypt-devel
BuildRequires: libgnutls-devel
%if 0%{?suse_version} >= 1315
@ -200,6 +218,9 @@ BuildRequires: makeinfo
%endif
BuildRequires: mozilla-nss-devel
BuildRequires: ncurses-devel
%if 0%{?build_x86_fw_from_source}
BuildRequires: ovmf-tools
%endif
BuildRequires: pkgconfig
BuildRequires: pwdutils
BuildRequires: python
@ -212,7 +233,7 @@ BuildRequires: systemd
%define with_systemd 1
%endif
%if %{kvm_available}
BuildRequires: udev
BuildRequires: pkgconfig(udev)
%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01
%define _udevrulesdir /usr/lib/udev/rules.d
%else
@ -222,6 +243,10 @@ BuildRequires: udev
%if 0%{?sles_version} != 11
BuildRequires: usbredir-devel
%endif
%if 0%{?suse_version} >= 1320
BuildRequires: virglrenderer >= 0.4.1
BuildRequires: virglrenderer-devel >= 0.4.1
%endif
%if 0%{?suse_version} >= 1210
%if 0%{?suse_version} >= 1220
BuildRequires: vte-devel
@ -232,6 +257,7 @@ BuildRequires: vte2-devel
%ifarch x86_64
BuildRequires: xen-devel
%endif
BuildRequires: xfsprogs-devel
%if %{build_x86_fw_from_source}
BuildRequires: xz-devel
%endif
@ -255,6 +281,9 @@ BuildRequires: qemu-x86 = %version
Requires: /usr/sbin/groupadd
Requires: pwdutils
Requires: timezone
%if %{kvm_available}
Requires(post): udev
%endif
Recommends: qemu-block-curl
Recommends: qemu-tools
Recommends: qemu-x86
@ -289,11 +318,15 @@ Suggests: qemu-lang
Recommends: qemu-ksm = %{version}
%endif
%ifarch x86_64
%define x86_64_only_b_f_f {efi-e1000.rom efi-eepro100.rom \
efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom}
%endif
%define built_firmware_files {bios.bin bios-256k.bin \
sgabios.bin vgabios.bin vgabios-cirrus.bin \
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin vgabios-qxl.bin \
optionrom/linuxboot.bin optionrom/multiboot.bin optionrom/kvmvapic.bin \
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom}
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
%description
QEMU is an extremely well-performing CPU emulator that allows you to
@ -528,6 +561,7 @@ This sub-package contains various tools, including a bridge helper.
Summary: Universal CPU emulator -- Guest agent
Group: System/Emulators/PC
Provides: qemu:%_bindir/qemu-ga
Requires(post): udev
%if 0%{?with_systemd}
%{?systemd_requires}
%endif
@ -616,7 +650,7 @@ This package provides a service file for starting and stopping KSM.
%endif # !qemu-testsuite
%prep
%setup -q -n qemu-2.6.0-rc3
%setup -q -n qemu-2.6.0
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
@ -658,6 +692,13 @@ This package provides a service file for starting and stopping KSM.
%patch0039 -p1
%patch0040 -p1
%patch0041 -p1
%patch0042 -p1
%patch0043 -p1
%patch0044 -p1
%patch0045 -p1
%patch0046 -p1
%patch0047 -p1
%patch0048 -p1
%if %{build_x86_fw_from_source}
pushd roms/seabios
@ -766,7 +807,11 @@ rm -f pc-bios/slof.bin
--disable-rdma \
%endif
--enable-sdl \
%if 0%{?suse_version} >= 1320
--with-sdlabi=2.0 \
%else
--with-sdlabi=1.2 \
%endif
%if 0%{?suse_version} > 1320
--enable-seccomp \
%else
@ -788,7 +833,6 @@ rm -f pc-bios/slof.bin
--disable-spice \
%endif
--enable-tpm \
--enable-trace-backends=nop \
%if 0%{?sles_version} != 11
--enable-usb-redir \
%else
@ -798,6 +842,9 @@ rm -f pc-bios/slof.bin
--enable-vde \
--enable-vhdx \
--enable-vhost-net \
%if 0%{?suse_version} >= 1320
--enable-virglrenderer \
%endif
--enable-virtfs \
--enable-vnc \
--enable-vnc-jpeg \
@ -813,6 +860,7 @@ rm -f pc-bios/slof.bin
%else
--disable-xen \
%endif
--enable-xfsctl \
%if "%{name}" != "qemu-testsuite"
@ -823,6 +871,9 @@ make %{?_smp_mflags} V=1
make %{?_smp_mflags} -C roms bios
make %{?_smp_mflags} -C roms seavgabios
make %{?_smp_mflags} -C roms pxerom
%ifarch x86_64
make %{?_smp_mflags} -C roms efirom
%endif
make -C roms sgabios
%endif
%if %{build_slof_from_source}

View File

@ -53,8 +53,8 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: System/Emulators/PC
QEMU_VERSION
Release: 0
Source: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2
Source99: http://wiki.qemu.org/download/qemu-2.6.0-rc3.tar.bz2.sig
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
Source99: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2.sig
Source1: 80-kvm.rules
Source2: qemu-ifup
Source3: kvm_stat
@ -82,7 +82,13 @@ Source302: bridge.conf
Source400: update_git.sh
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: SDL-devel
%if 0%{?suse_version} >= 1320
BuildRequires: SDL2-devel
%endif
BuildRequires: alsa-devel
%if 0%{?build_x86_fw_from_source}
BuildRequires: binutils-devel
%endif
BuildRequires: bluez-devel
%if 0%{?suse_version} >= 1130
BuildRequires: brlapi-devel
@ -111,10 +117,15 @@ BuildRequires: libbz2-devel
BuildRequires: libcacard-devel
BuildRequires: libcap-devel
BuildRequires: libcap-ng-devel
BuildRequires: libdrm-devel
%if 0%{?suse_version} >= 1320
BuildRequires: libepoxy-devel
%endif
%if 0%{?suse_version} >= 1310
# 12.3 and earlier don't ship a compatible libfdt; use the bundled one there
BuildRequires: libfdt1-devel
%endif
BuildRequires: libgbm-devel
BuildRequires: libgcrypt-devel
BuildRequires: libgnutls-devel
%if 0%{?suse_version} >= 1315
@ -160,6 +171,9 @@ BuildRequires: makeinfo
%endif
BuildRequires: mozilla-nss-devel
BuildRequires: ncurses-devel
%if 0%{?build_x86_fw_from_source}
BuildRequires: ovmf-tools
%endif
BuildRequires: pkgconfig
BuildRequires: pwdutils
BuildRequires: python
@ -172,7 +186,7 @@ BuildRequires: systemd
%define with_systemd 1
%endif
%if %{kvm_available}
BuildRequires: udev
BuildRequires: pkgconfig(udev)
%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01
%define _udevrulesdir /usr/lib/udev/rules.d
%else
@ -182,6 +196,10 @@ BuildRequires: udev
%if 0%{?sles_version} != 11
BuildRequires: usbredir-devel
%endif
%if 0%{?suse_version} >= 1320
BuildRequires: virglrenderer >= 0.4.1
BuildRequires: virglrenderer-devel >= 0.4.1
%endif
%if 0%{?suse_version} >= 1210
%if 0%{?suse_version} >= 1220
BuildRequires: vte-devel
@ -192,6 +210,7 @@ BuildRequires: vte2-devel
%ifarch x86_64
BuildRequires: xen-devel
%endif
BuildRequires: xfsprogs-devel
%if %{build_x86_fw_from_source}
BuildRequires: xz-devel
%endif
@ -215,6 +234,9 @@ BuildRequires: qemu-x86 = %version
Requires: /usr/sbin/groupadd
Requires: pwdutils
Requires: timezone
%if %{kvm_available}
Requires(post): udev
%endif
Recommends: qemu-block-curl
Recommends: qemu-tools
Recommends: qemu-x86
@ -249,11 +271,15 @@ Suggests: qemu-lang
Recommends: qemu-ksm = %{version}
%endif
%ifarch x86_64
%define x86_64_only_b_f_f {efi-e1000.rom efi-eepro100.rom \
efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom}
%endif
%define built_firmware_files {bios.bin bios-256k.bin \
sgabios.bin vgabios.bin vgabios-cirrus.bin \
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin vgabios-qxl.bin \
optionrom/linuxboot.bin optionrom/multiboot.bin optionrom/kvmvapic.bin \
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom}
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
%description
QEMU is an extremely well-performing CPU emulator that allows you to
@ -488,6 +514,7 @@ This sub-package contains various tools, including a bridge helper.
Summary: Universal CPU emulator -- Guest agent
Group: System/Emulators/PC
Provides: qemu:%_bindir/qemu-ga
Requires(post): udev
%if 0%{?with_systemd}
%{?systemd_requires}
%endif
@ -576,7 +603,7 @@ This package provides a service file for starting and stopping KSM.
%endif # !qemu-testsuite
%prep
%setup -q -n qemu-2.6.0-rc3
%setup -q -n qemu-2.6.0
PATCH_EXEC
%if %{build_x86_fw_from_source}
@ -686,7 +713,11 @@ rm -f pc-bios/slof.bin
--disable-rdma \
%endif
--enable-sdl \
%if 0%{?suse_version} >= 1320
--with-sdlabi=2.0 \
%else
--with-sdlabi=1.2 \
%endif
%if 0%{?suse_version} > 1320
--enable-seccomp \
%else
@ -708,7 +739,6 @@ rm -f pc-bios/slof.bin
--disable-spice \
%endif
--enable-tpm \
--enable-trace-backends=nop \
%if 0%{?sles_version} != 11
--enable-usb-redir \
%else
@ -718,6 +748,9 @@ rm -f pc-bios/slof.bin
--enable-vde \
--enable-vhdx \
--enable-vhost-net \
%if 0%{?suse_version} >= 1320
--enable-virglrenderer \
%endif
--enable-virtfs \
--enable-vnc \
--enable-vnc-jpeg \
@ -733,6 +766,8 @@ rm -f pc-bios/slof.bin
%else
--disable-xen \
%endif
--enable-xfsctl \
%if "%{name}" != "qemu-testsuite"
@ -743,6 +778,9 @@ make %{?_smp_mflags} V=1
make %{?_smp_mflags} -C roms bios
make %{?_smp_mflags} -C roms seavgabios
make %{?_smp_mflags} -C roms pxerom
%ifarch x86_64
make %{?_smp_mflags} -C roms efirom
%endif
make -C roms sgabios
%endif
%if %{build_slof_from_source}

View File

@ -14,7 +14,7 @@ set -e
GIT_TREE=git://github.com/openSUSE/qemu.git
GIT_LOCAL_TREE=~/git/qemu-opensuse
GIT_BRANCH=opensuse-2.6
GIT_UPSTREAM_TAG=v2.6.0-rc3
GIT_UPSTREAM_TAG=v2.6.0
GIT_DIR=/dev/shm/qemu-factory-git-dir
CMP_DIR=/dev/shm/qemu-factory-cmp-dir