Accepting request 419833 from home:bfrogers:branches:Virtualization
Update to v2.6.1 stable release. OBS-URL: https://build.opensuse.org/request/show/419833 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=311
This commit is contained in:
parent
431f30630a
commit
90b1a2f6cf
@ -1,4 +1,4 @@
|
|||||||
From d1591b68524b12fa4c9cb7d2fd6fcdf021137ede Mon Sep 17 00:00:00 2001
|
From 652983299b4b18cdf26414b0ba468c5dd166adc7 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Mon, 21 Nov 2011 23:50:36 +0100
|
Date: Mon, 21 Nov 2011 23:50:36 +0100
|
||||||
Subject: [PATCH] XXX dont dump core on sigabort
|
Subject: [PATCH] XXX dont dump core on sigabort
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 25da05b51950cf639c26ca5f1e47fcfdfb588ab2 Mon Sep 17 00:00:00 2001
|
From 611fe6b38bf118be59326f35fd3a066250328311 Mon Sep 17 00:00:00 2001
|
||||||
From: Ulrich Hecht <uli@suse.de>
|
From: Ulrich Hecht <uli@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:18:44 +0200
|
Date: Tue, 14 Apr 2009 16:18:44 +0200
|
||||||
Subject: [PATCH] qemu-0.9.0.cvs-binfmt
|
Subject: [PATCH] qemu-0.9.0.cvs-binfmt
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 307dc6c6bde4ec04b9efd6f27db0295e349bf573 Mon Sep 17 00:00:00 2001
|
From 6171d82516b151c7d2bac6484c801c45d8de796e Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:20:50 +0200
|
Date: Tue, 14 Apr 2009 16:20:50 +0200
|
||||||
Subject: [PATCH] qemu-cvs-alsa_bitfield
|
Subject: [PATCH] qemu-cvs-alsa_bitfield
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 42ec5aa5b6abb395b894311702cec8c09ec44263 Mon Sep 17 00:00:00 2001
|
From b89afe9048994b21e361d9eebe96825d80d1ef56 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:23:27 +0200
|
Date: Tue, 14 Apr 2009 16:23:27 +0200
|
||||||
Subject: [PATCH] qemu-cvs-alsa_ioctl
|
Subject: [PATCH] qemu-cvs-alsa_ioctl
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From d899ab90ddfcf5c6efe45f9008cd2c498d368ac9 Mon Sep 17 00:00:00 2001
|
From 9c9cfb248223f4da2ea2333164ea7e6a6091c03a Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:24:15 +0200
|
Date: Tue, 14 Apr 2009 16:24:15 +0200
|
||||||
Subject: [PATCH] qemu-cvs-alsa_mmap
|
Subject: [PATCH] qemu-cvs-alsa_mmap
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From eaa8f697ccd1320f9ce432588beef2d341bc5a18 Mon Sep 17 00:00:00 2001
|
From 2dc4a9d135ce472a59da891af09ba9529c57b61b Mon Sep 17 00:00:00 2001
|
||||||
From: Ulrich Hecht <uli@suse.de>
|
From: Ulrich Hecht <uli@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:25:41 +0200
|
Date: Tue, 14 Apr 2009 16:25:41 +0200
|
||||||
Subject: [PATCH] qemu-cvs-gettimeofday
|
Subject: [PATCH] qemu-cvs-gettimeofday
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 5fabc9a72b03eca20cda87e0bb35a92aaa3d4dbf Mon Sep 17 00:00:00 2001
|
From d2a4cedd351ff7e09843bb5cbb76038af2303df7 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:26:33 +0200
|
Date: Tue, 14 Apr 2009 16:26:33 +0200
|
||||||
Subject: [PATCH] qemu-cvs-ioctl_debug
|
Subject: [PATCH] qemu-cvs-ioctl_debug
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 31a5e0ab101e1549d534a63fb5e9e94007e812f8 Mon Sep 17 00:00:00 2001
|
From 43f2593e07e0de12dddf72c3205e6a0fb851dc2d Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:27:36 +0200
|
Date: Tue, 14 Apr 2009 16:27:36 +0200
|
||||||
Subject: [PATCH] qemu-cvs-ioctl_nodirection
|
Subject: [PATCH] qemu-cvs-ioctl_nodirection
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 7164cadf6a1f23d2b931f34c78d3707207306cfb Mon Sep 17 00:00:00 2001
|
From d367bff9f8b514a0beacac3d21426d787dcef77f Mon Sep 17 00:00:00 2001
|
||||||
From: Ulrich Hecht <uli@suse.de>
|
From: Ulrich Hecht <uli@suse.de>
|
||||||
Date: Tue, 14 Apr 2009 16:37:42 +0200
|
Date: Tue, 14 Apr 2009 16:37:42 +0200
|
||||||
Subject: [PATCH] block/vmdk: Support creation of SCSI VMDK images in qemu-img
|
Subject: [PATCH] block/vmdk: Support creation of SCSI VMDK images in qemu-img
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From a7697f0442c3cb97a5ab4ee60ffe721de6dc791e Mon Sep 17 00:00:00 2001
|
From 4234d2b99790fd33e82bee633f48d773e0c7c43e Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Fri, 30 Sep 2011 19:40:36 +0200
|
Date: Fri, 30 Sep 2011 19:40:36 +0200
|
||||||
Subject: [PATCH] linux-user: add binfmt wrapper for argv[0] handling
|
Subject: [PATCH] linux-user: add binfmt wrapper for argv[0] handling
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From c1602f324287481df7aef85c417e143fa47bcea4 Mon Sep 17 00:00:00 2001
|
From 312bb9ff5f1448e2aebcccc4f124cf8f7fa1e0a0 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Fri, 6 Jan 2012 01:05:55 +0100
|
Date: Fri, 6 Jan 2012 01:05:55 +0100
|
||||||
Subject: [PATCH] PPC: KVM: Disable mmu notifier check
|
Subject: [PATCH] PPC: KVM: Disable mmu notifier check
|
||||||
@ -13,7 +13,7 @@ KVM guests work there, even if possibly racy in some odd circumstances.
|
|||||||
1 file changed, 2 insertions(+)
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
diff --git a/exec.c b/exec.c
|
diff --git a/exec.c b/exec.c
|
||||||
index c4f9036..52232dc 100644
|
index fc75266..a50e148 100644
|
||||||
--- a/exec.c
|
--- a/exec.c
|
||||||
+++ b/exec.c
|
+++ b/exec.c
|
||||||
@@ -1242,11 +1242,13 @@ static void *file_ram_alloc(RAMBlock *block,
|
@@ -1242,11 +1242,13 @@ static void *file_ram_alloc(RAMBlock *block,
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 6b4338150763e8241cec19846a48a132d60fe75f Mon Sep 17 00:00:00 2001
|
From 48e23620ccc1efef237996fcc102215619a5ba7d Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Fri, 13 Jan 2012 17:05:41 +0100
|
Date: Fri, 13 Jan 2012 17:05:41 +0100
|
||||||
Subject: [PATCH] linux-user: fix segfault deadlock
|
Subject: [PATCH] linux-user: fix segfault deadlock
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 02e298aafcb7bb11036cabec82da958f7d860ac8 Mon Sep 17 00:00:00 2001
|
From 7ada3e29b37a639129e36a7ed2f2f07a0efc3334 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Thu, 2 Feb 2012 18:02:33 +0100
|
Date: Thu, 2 Feb 2012 18:02:33 +0100
|
||||||
Subject: [PATCH] linux-user: binfmt: support host binaries
|
Subject: [PATCH] linux-user: binfmt: support host binaries
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 64acfd49e9721a17c610cc54a92efe8ec3170698 Mon Sep 17 00:00:00 2001
|
From f3041527d08d4547ca88843c3be991569bca5152 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 12 Jun 2012 04:41:10 +0200
|
Date: Tue, 12 Jun 2012 04:41:10 +0200
|
||||||
Subject: [PATCH] linux-user: Ignore broken loop ioctl
|
Subject: [PATCH] linux-user: Ignore broken loop ioctl
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From f34632424427a2387a9275133c3cb4a8ad4f9d31 Mon Sep 17 00:00:00 2001
|
From 3c784b6969e0379542cf4661847effa17eacd27f Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Thu, 5 Jul 2012 17:31:39 +0200
|
Date: Thu, 5 Jul 2012 17:31:39 +0200
|
||||||
Subject: [PATCH] linux-user: lock tcg
|
Subject: [PATCH] linux-user: lock tcg
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From a2f095e01371ff9d00524fb4c0e7d3bd941227da Mon Sep 17 00:00:00 2001
|
From 0922a98683629c491b15b282d35cba46c225549f Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 10 Jul 2012 20:40:55 +0200
|
Date: Tue, 10 Jul 2012 20:40:55 +0200
|
||||||
Subject: [PATCH] linux-user: Run multi-threaded code on a single core
|
Subject: [PATCH] linux-user: Run multi-threaded code on a single core
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 80465393b0e7a888125378567cc69a6cc190b8ff Mon Sep 17 00:00:00 2001
|
From 598cc6f427821cbaf6b6a8eeadf90176ecf9b9d5 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Wed, 11 Jul 2012 16:47:42 +0200
|
Date: Wed, 11 Jul 2012 16:47:42 +0200
|
||||||
Subject: [PATCH] linux-user: lock tb flushing too
|
Subject: [PATCH] linux-user: lock tb flushing too
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From cac0ebd114044343f3d0e6a1ae0b455949db0a5d Mon Sep 17 00:00:00 2001
|
From 39ce1e900aba8b93e2296b3d4c613fd7af58f347 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Mon, 23 Jul 2012 10:24:14 +0200
|
Date: Mon, 23 Jul 2012 10:24:14 +0200
|
||||||
Subject: [PATCH] linux-user: Fake /proc/cpuinfo
|
Subject: [PATCH] linux-user: Fake /proc/cpuinfo
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From a61e366827ca2b159b515e760742bc6dee26169f Mon Sep 17 00:00:00 2001
|
From 2783b7f3c20040aaa53b59a9a716364f04562126 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Mon, 20 Aug 2012 00:02:52 +0200
|
Date: Mon, 20 Aug 2012 00:02:52 +0200
|
||||||
Subject: [PATCH] linux-user: implement FS_IOC_GETFLAGS ioctl
|
Subject: [PATCH] linux-user: implement FS_IOC_GETFLAGS ioctl
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 39e6dbd24f5a872c5c37b0c1ddd31fe00b74c3ca Mon Sep 17 00:00:00 2001
|
From fe937a73ac633b34380ac53c9057a0664c3b77cc Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Mon, 20 Aug 2012 00:07:13 +0200
|
Date: Mon, 20 Aug 2012 00:07:13 +0200
|
||||||
Subject: [PATCH] linux-user: implement FS_IOC_SETFLAGS ioctl
|
Subject: [PATCH] linux-user: implement FS_IOC_SETFLAGS ioctl
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From fb0a1cd7b3e0ab5908607da0b704f749a3f9cd36 Mon Sep 17 00:00:00 2001
|
From 11b56fbe40bf880945a0563044b58b03d9d0baa7 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 21 Aug 2012 14:20:40 +0200
|
Date: Tue, 21 Aug 2012 14:20:40 +0200
|
||||||
Subject: [PATCH] linux-user: XXX disable fiemap
|
Subject: [PATCH] linux-user: XXX disable fiemap
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From d839baef69733ff67df56abd52bf01b13c2adc80 Mon Sep 17 00:00:00 2001
|
From bd75d0195aef3af7392ce38952e018936da303ff Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||||
Date: Wed, 29 Aug 2012 18:42:56 +0200
|
Date: Wed, 29 Aug 2012 18:42:56 +0200
|
||||||
Subject: [PATCH] slirp: -nooutgoing
|
Subject: [PATCH] slirp: -nooutgoing
|
||||||
@ -33,7 +33,7 @@ index 6106520..32b25a5 100644
|
|||||||
"-singlestep always run in singlestep mode\n", QEMU_ARCH_ALL)
|
"-singlestep always run in singlestep mode\n", QEMU_ARCH_ALL)
|
||||||
STEXI
|
STEXI
|
||||||
diff --git a/slirp/socket.c b/slirp/socket.c
|
diff --git a/slirp/socket.c b/slirp/socket.c
|
||||||
index a10eff1..fec954e 100644
|
index b336586..8e5bdc3 100644
|
||||||
--- a/slirp/socket.c
|
--- a/slirp/socket.c
|
||||||
+++ b/slirp/socket.c
|
+++ b/slirp/socket.c
|
||||||
@@ -608,6 +608,8 @@ sorecvfrom(struct socket *so)
|
@@ -608,6 +608,8 @@ sorecvfrom(struct socket *so)
|
||||||
@ -96,7 +96,7 @@ index 6b9fef2..e712e21 100644
|
|||||||
socket_set_fast_reuse(s);
|
socket_set_fast_reuse(s);
|
||||||
opt = 1;
|
opt = 1;
|
||||||
diff --git a/vl.c b/vl.c
|
diff --git a/vl.c b/vl.c
|
||||||
index 5fd22cb..18c88ff 100644
|
index 5db5dc2..c082789 100644
|
||||||
--- a/vl.c
|
--- a/vl.c
|
||||||
+++ b/vl.c
|
+++ b/vl.c
|
||||||
@@ -162,6 +162,7 @@ int smp_threads = 1;
|
@@ -162,6 +162,7 @@ int smp_threads = 1;
|
||||||
@ -107,7 +107,7 @@ index 5fd22cb..18c88ff 100644
|
|||||||
static int no_reboot;
|
static int no_reboot;
|
||||||
int no_shutdown = 0;
|
int no_shutdown = 0;
|
||||||
int cursor_hide = 1;
|
int cursor_hide = 1;
|
||||||
@@ -3382,6 +3383,14 @@ int main(int argc, char **argv, char **envp)
|
@@ -3386,6 +3387,14 @@ int main(int argc, char **argv, char **envp)
|
||||||
case QEMU_OPTION_singlestep:
|
case QEMU_OPTION_singlestep:
|
||||||
singlestep = 1;
|
singlestep = 1;
|
||||||
break;
|
break;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From c15dcea01fb9d84e583abe7d558d7a31a937ddc3 Mon Sep 17 00:00:00 2001
|
From aa0933c1b541cc1b7efae51d7a0cc3978e127c86 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||||
Date: Wed, 29 Aug 2012 20:06:01 +0200
|
Date: Wed, 29 Aug 2012 20:06:01 +0200
|
||||||
Subject: [PATCH] vnc: password-file= and incoming-connections=
|
Subject: [PATCH] vnc: password-file= and incoming-connections=
|
||||||
@ -9,7 +9,7 @@ TBD (from SUSE Studio team)
|
|||||||
1 file changed, 55 insertions(+)
|
1 file changed, 55 insertions(+)
|
||||||
|
|
||||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||||
index d2ebf1f..ab65db9 100644
|
index 3e89dad..e7946ba 100644
|
||||||
--- a/ui/vnc.c
|
--- a/ui/vnc.c
|
||||||
+++ b/ui/vnc.c
|
+++ b/ui/vnc.c
|
||||||
@@ -58,6 +58,8 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
|
@@ -58,6 +58,8 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 5ab7c0967d239f3cab043461952f9d0b9015a617 Mon Sep 17 00:00:00 2001
|
From 32cee35bd3c2f98dc645350021de3d9e23be731d Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Wed, 10 Oct 2012 10:21:20 +0200
|
Date: Wed, 10 Oct 2012 10:21:20 +0200
|
||||||
Subject: [PATCH] linux-user: add more blk ioctls
|
Subject: [PATCH] linux-user: add more blk ioctls
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 616807e473c21cdf231eed07b87ec287cfdfb528 Mon Sep 17 00:00:00 2001
|
From 232612b32aa306574282a98dafdef5772c99ea24 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Tue, 9 Oct 2012 09:06:49 +0200
|
Date: Tue, 9 Oct 2012 09:06:49 +0200
|
||||||
Subject: [PATCH] linux-user: use target_ulong
|
Subject: [PATCH] linux-user: use target_ulong
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 04eba9254338949db56a01bed42bc3ef187a1f04 Mon Sep 17 00:00:00 2001
|
From 171c8acfae279756c43f0265e1cfc7d984ab5464 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Wed, 5 Aug 2009 09:49:37 +0200
|
Date: Wed, 5 Aug 2009 09:49:37 +0200
|
||||||
Subject: [PATCH] block: Add support for DictZip enabled gzip files
|
Subject: [PATCH] block: Add support for DictZip enabled gzip files
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 0c107d353084a3a15c1281c7e1385ee5ccd5da5f Mon Sep 17 00:00:00 2001
|
From e05a6cfd83e972bf46ca8e8ce7a00d83c882e2d8 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Wed, 5 Aug 2009 17:28:38 +0200
|
Date: Wed, 5 Aug 2009 17:28:38 +0200
|
||||||
Subject: [PATCH] block: Add tar container format
|
Subject: [PATCH] block: Add tar container format
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 5c25d47e2378efdbd72c49827252741b46ebacff Mon Sep 17 00:00:00 2001
|
From e04e97093af3fc593a7db57be40e7334f9776330 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Wed, 12 Dec 2012 19:11:30 +0100
|
Date: Wed, 12 Dec 2012 19:11:30 +0100
|
||||||
Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch
|
Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From ea20aa50570a68fd2ccda17adfea0f32c71694dc Mon Sep 17 00:00:00 2001
|
From 36f007f4de748aff064604637383a23cbebe813e Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Mon, 6 Jun 2011 06:53:52 +0200
|
Date: Mon, 6 Jun 2011 06:53:52 +0200
|
||||||
Subject: [PATCH] console: add question-mark escape operator
|
Subject: [PATCH] console: add question-mark escape operator
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 5b001dfb49c85d9934f0ac09bd24a7aecac55956 Mon Sep 17 00:00:00 2001
|
From f745251506bedd96fb153b838dbf8a399eb8e275 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Thu, 1 Apr 2010 17:36:23 +0200
|
Date: Thu, 1 Apr 2010 17:36:23 +0200
|
||||||
Subject: [PATCH] Make char muxer more robust wrt small FIFOs
|
Subject: [PATCH] Make char muxer more robust wrt small FIFOs
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 1e5020a27bf52c24abb9272f9ba605959e8771e8 Mon Sep 17 00:00:00 2001
|
From e7c736a9bfa10f1acb5e6b02c73fd8662d5c6a6c Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Thu, 13 Dec 2012 14:29:22 +0100
|
Date: Thu, 13 Dec 2012 14:29:22 +0100
|
||||||
Subject: [PATCH] linux-user: lseek: explicitly cast non-set offsets to signed
|
Subject: [PATCH] linux-user: lseek: explicitly cast non-set offsets to signed
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 01aa7df9b3b82e8d16b3dda2e092dff89c15fa82 Mon Sep 17 00:00:00 2001
|
From 96ff92eb1a6402f0b90e4394990eda7f5e457d13 Mon Sep 17 00:00:00 2001
|
||||||
From: Bruce Rogers <brogers@suse.com>
|
From: Bruce Rogers <brogers@suse.com>
|
||||||
Date: Thu, 16 May 2013 12:39:10 +0200
|
Date: Thu, 16 May 2013 12:39:10 +0200
|
||||||
Subject: [PATCH] virtfs-proxy-helper: Provide __u64 for broken
|
Subject: [PATCH] virtfs-proxy-helper: Provide __u64 for broken
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 71bb8109caee6f4192237b2fad7db748ac50760d Mon Sep 17 00:00:00 2001
|
From 2181064a8a8f7a22285ae767affb23dc684d7d10 Mon Sep 17 00:00:00 2001
|
||||||
From: Dinar Valeev <k0da@opensuse.org>
|
From: Dinar Valeev <k0da@opensuse.org>
|
||||||
Date: Wed, 2 Oct 2013 17:56:03 +0200
|
Date: Wed, 2 Oct 2013 17:56:03 +0200
|
||||||
Subject: [PATCH] configure: Enable PIE for ppc and ppc64 hosts
|
Subject: [PATCH] configure: Enable PIE for ppc and ppc64 hosts
|
||||||
@ -14,7 +14,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
diff --git a/configure b/configure
|
||||||
index c37fc5f..94035eb 100755
|
index 60e3c0d..65232af 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -1537,7 +1537,7 @@ fi
|
@@ -1537,7 +1537,7 @@ fi
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 287306233f77a3774df2d5c9ed7f301ebc21f89c Mon Sep 17 00:00:00 2001
|
From bc88332e8bf07bf413f32131cd20f4e2ba9aeb6a Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||||
Date: Thu, 17 Apr 2014 18:39:10 +0200
|
Date: Thu, 17 Apr 2014 18:39:10 +0200
|
||||||
Subject: [PATCH] qtest: Increase socket timeout
|
Subject: [PATCH] qtest: Increase socket timeout
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 7f1e160917ebff1a756d08c9b07b88452a68387f Mon Sep 17 00:00:00 2001
|
From e69780e5f390f491fae554f1a0b0649c9187869e Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Wed, 14 Jan 2015 01:32:11 +0100
|
Date: Wed, 14 Jan 2015 01:32:11 +0100
|
||||||
Subject: [PATCH] AIO: Reduce number of threads for 32bit hosts
|
Subject: [PATCH] AIO: Reduce number of threads for 32bit hosts
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 88508c66e9403bb708a1ef186e66f5d45801cdd8 Mon Sep 17 00:00:00 2001
|
From 6bfa8a2b720bb6cc36a933870a2a1c0a239b3e9d Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||||
Date: Tue, 14 Apr 2015 18:42:06 +0200
|
Date: Tue, 14 Apr 2015 18:42:06 +0200
|
||||||
Subject: [PATCH] configure: Enable libseccomp for ppc
|
Subject: [PATCH] configure: Enable libseccomp for ppc
|
||||||
@ -14,7 +14,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|||||||
1 file changed, 3 insertions(+)
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
diff --git a/configure b/configure
|
||||||
index 94035eb..4efabe3 100755
|
index 65232af..bf74354 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -1879,6 +1879,9 @@ if test "$seccomp" != "no" ; then
|
@@ -1879,6 +1879,9 @@ if test "$seccomp" != "no" ; then
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 3fafdf24acf45df69523e266a38f3c0ca220e9a9 Mon Sep 17 00:00:00 2001
|
From bd33e933cbde5f822a0db069e7d368d0cb406249 Mon Sep 17 00:00:00 2001
|
||||||
From: Alexander Graf <agraf@suse.de>
|
From: Alexander Graf <agraf@suse.de>
|
||||||
Date: Mon, 15 Jun 2015 17:36:32 +0200
|
Date: Mon, 15 Jun 2015 17:36:32 +0200
|
||||||
Subject: [PATCH] dictzip: Fix on big endian systems
|
Subject: [PATCH] dictzip: Fix on big endian systems
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From adc543748b20def826281f9e6fda52f026dc099d Mon Sep 17 00:00:00 2001
|
From 2cee6af27f7e7579c8690edfda4159a66406d2cd Mon Sep 17 00:00:00 2001
|
||||||
From: Olaf Hering <olaf@aepfle.de>
|
From: Olaf Hering <olaf@aepfle.de>
|
||||||
Date: Thu, 24 Mar 2016 14:32:39 +0100
|
Date: Thu, 24 Mar 2016 14:32:39 +0100
|
||||||
Subject: [PATCH] block: split large discard requests from block frontend
|
Subject: [PATCH] block: split large discard requests from block frontend
|
||||||
@ -15,7 +15,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|||||||
1 file changed, 21 insertions(+), 1 deletion(-)
|
1 file changed, 21 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/block/io.c b/block/io.c
|
diff --git a/block/io.c b/block/io.c
|
||||||
index a7dbf85..560fa4c 100644
|
index d02e0d5..511bc75 100644
|
||||||
--- a/block/io.c
|
--- a/block/io.c
|
||||||
+++ b/block/io.c
|
+++ b/block/io.c
|
||||||
@@ -2487,7 +2487,7 @@ static void coroutine_fn bdrv_discard_co_entry(void *opaque)
|
@@ -2487,7 +2487,7 @@ static void coroutine_fn bdrv_discard_co_entry(void *opaque)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 43fdf04d426f4738aec0d349662a780906268590 Mon Sep 17 00:00:00 2001
|
From 2d38805131dee693fd9bd931239793514e36d3e0 Mon Sep 17 00:00:00 2001
|
||||||
From: Bruce Rogers <brogers@suse.com>
|
From: Bruce Rogers <brogers@suse.com>
|
||||||
Date: Wed, 9 Mar 2016 15:18:11 -0700
|
Date: Wed, 9 Mar 2016 15:18:11 -0700
|
||||||
Subject: [PATCH] xen_disk: Add suse specific flush disable handling and map to
|
Subject: [PATCH] xen_disk: Add suse specific flush disable handling and map to
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 936efd7b1f317b574dbedf08e69e4206f16ac39f Mon Sep 17 00:00:00 2001
|
From f210e8f540cb261c11bffa4ed8e9918ad1731a9b Mon Sep 17 00:00:00 2001
|
||||||
From: Olaf Hering <olaf@aepfle.de>
|
From: Olaf Hering <olaf@aepfle.de>
|
||||||
Date: Fri, 1 Apr 2016 12:27:16 +0200
|
Date: Fri, 1 Apr 2016 12:27:16 +0200
|
||||||
Subject: [PATCH] build: link with libatomic on powerpc-linux
|
Subject: [PATCH] build: link with libatomic on powerpc-linux
|
||||||
@ -14,10 +14,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|||||||
1 file changed, 27 insertions(+)
|
1 file changed, 27 insertions(+)
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
diff --git a/configure b/configure
|
||||||
index 4efabe3..b455035 100755
|
index bf74354..8892b36 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -4032,6 +4032,33 @@ if test "$usb_redir" != "no" ; then
|
@@ -4033,6 +4033,33 @@ if test "$usb_redir" != "no" ; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
From a4cae4158cc271ed4d55bc2e237030022f8edc16 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Thu, 7 Apr 2016 04:27:00 -0600
|
|
||||||
Subject: [PATCH] net: mipsnet: check packet length against buffer
|
|
||||||
|
|
||||||
When receiving packets over MIPSnet network device, it uses
|
|
||||||
receive buffer of size 1514 bytes. In case the controller
|
|
||||||
accepts large(MTU) packets, it could lead to memory corruption.
|
|
||||||
Add check to avoid it.
|
|
||||||
|
|
||||||
Reported by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
|
|
||||||
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
[BR: BSC#975136 CVE-2016-4002]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/net/mipsnet.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
|
|
||||||
index 740cd98..cf8b823 100644
|
|
||||||
--- a/hw/net/mipsnet.c
|
|
||||||
+++ b/hw/net/mipsnet.c
|
|
||||||
@@ -83,6 +83,9 @@ static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t si
|
|
||||||
if (!mipsnet_can_receive(nc))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+ if (size >= sizeof(s->rx_buffer)) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
s->busy = 1;
|
|
||||||
|
|
||||||
/* Just accept everything. */
|
|
@ -1,4 +1,4 @@
|
|||||||
From d7476f32d84a256e683d20db0cdd0d3676fa2a62 Mon Sep 17 00:00:00 2001
|
From 24b0afe9e7869a5a398cb5d04f6e7c5efbac65da Mon Sep 17 00:00:00 2001
|
||||||
From: Juergen Gross <jgross@suse.com>
|
From: Juergen Gross <jgross@suse.com>
|
||||||
Date: Thu, 12 May 2016 16:13:39 +0200
|
Date: Thu, 12 May 2016 16:13:39 +0200
|
||||||
Subject: [PATCH] xen: introduce dummy system device
|
Subject: [PATCH] xen: introduce dummy system device
|
@ -1,35 +0,0 @@
|
|||||||
From 481b43bcc3e920bbe48801a7ad2489260747e8b9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Thu, 7 Apr 2016 12:50:08 +0530
|
|
||||||
Subject: [PATCH] i386: kvmvapic: initialise imm32 variable
|
|
||||||
|
|
||||||
When processing Task Priorty Register(TPR) access, it could leak
|
|
||||||
automatic stack variable 'imm32' in patch_instruction().
|
|
||||||
Initialise the variable to avoid it.
|
|
||||||
|
|
||||||
Reported by: Donghai Zdh <donghai.zdh@alibaba-inc.com>
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1460013608-16670-1-git-send-email-ppandit@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
|
|
||||||
(cherry picked from commit 691a02e2ce0c413236a78dee6f2651c937b09fb0)
|
|
||||||
[BR: BSC#975700 CVE-2016-4020]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/i386/kvmvapic.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
|
|
||||||
index c69f374..ff1e31a 100644
|
|
||||||
--- a/hw/i386/kvmvapic.c
|
|
||||||
+++ b/hw/i386/kvmvapic.c
|
|
||||||
@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
|
|
||||||
CPUX86State *env = &cpu->env;
|
|
||||||
VAPICHandlers *handlers;
|
|
||||||
uint8_t opcode[2];
|
|
||||||
- uint32_t imm32;
|
|
||||||
+ uint32_t imm32 = 0;
|
|
||||||
target_ulong current_pc = 0;
|
|
||||||
target_ulong current_cs_base = 0;
|
|
||||||
int current_flags = 0;
|
|
@ -1,4 +1,4 @@
|
|||||||
From 7647bc34d77f7e67a88e88a7f09c314a3a5c7da8 Mon Sep 17 00:00:00 2001
|
From 06bc1cf8722a7a5ad5cf7e0ad3adf9279516d77d Mon Sep 17 00:00:00 2001
|
||||||
From: Juergen Gross <jgross@suse.com>
|
From: Juergen Gross <jgross@suse.com>
|
||||||
Date: Thu, 12 May 2016 16:13:40 +0200
|
Date: Thu, 12 May 2016 16:13:40 +0200
|
||||||
Subject: [PATCH] xen: write information about supported backends
|
Subject: [PATCH] xen: write information about supported backends
|
@ -1,42 +0,0 @@
|
|||||||
From 26e782bead654b0415a46c9a019c54b56488519b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Thu, 19 May 2016 16:09:30 +0530
|
|
||||||
Subject: [PATCH] esp: check command buffer length before write(CVE-2016-4439)
|
|
||||||
|
|
||||||
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
|
|
||||||
FIFO buffer. It is used to handle command and data transfer. While
|
|
||||||
writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check
|
|
||||||
was missing to validate input length. Add check to avoid OOB write
|
|
||||||
access.
|
|
||||||
|
|
||||||
Fixes CVE-2016-4439.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1463654371-11169-2-git-send-email-ppandit@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit c98c6c105f66f05aa0b7c1d2a4a3f716450907ef)
|
|
||||||
[BR: CVE-2016-4439 BSC#980711]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/esp.c | 6 +++++-
|
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
||||||
index 8961be2..01497e6 100644
|
|
||||||
--- a/hw/scsi/esp.c
|
|
||||||
+++ b/hw/scsi/esp.c
|
|
||||||
@@ -448,7 +448,11 @@ void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
|
|
||||||
break;
|
|
||||||
case ESP_FIFO:
|
|
||||||
if (s->do_cmd) {
|
|
||||||
- s->cmdbuf[s->cmdlen++] = val & 0xff;
|
|
||||||
+ if (s->cmdlen < TI_BUFSZ) {
|
|
||||||
+ s->cmdbuf[s->cmdlen++] = val & 0xff;
|
|
||||||
+ } else {
|
|
||||||
+ trace_esp_error_fifo_overrun();
|
|
||||||
+ }
|
|
||||||
} else if (s->ti_size == TI_BUFSZ - 1) {
|
|
||||||
trace_esp_error_fifo_overrun();
|
|
||||||
} else {
|
|
@ -1,4 +1,4 @@
|
|||||||
From 9c573c905a6cc3b4dbf931c64e554a20683807b9 Mon Sep 17 00:00:00 2001
|
From 013c67849bbe9688491b85483bce6e8fc81fa90f Mon Sep 17 00:00:00 2001
|
||||||
From: Juergen Gross <jgross@suse.com>
|
From: Juergen Gross <jgross@suse.com>
|
||||||
Date: Thu, 12 May 2016 16:13:41 +0200
|
Date: Thu, 12 May 2016 16:13:41 +0200
|
||||||
Subject: [PATCH] xen: add pvUSB backend
|
Subject: [PATCH] xen: add pvUSB backend
|
||||||
@ -1151,7 +1151,7 @@ index 63364f7..6e18a46 100644
|
|||||||
void xen_init_display(int domid);
|
void xen_init_display(int domid);
|
||||||
|
|
||||||
diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h
|
diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h
|
||||||
index bd65e67..d010cee 100644
|
index 7b52e8f..5eabf37 100644
|
||||||
--- a/include/hw/xen/xen_common.h
|
--- a/include/hw/xen/xen_common.h
|
||||||
+++ b/include/hw/xen/xen_common.h
|
+++ b/include/hw/xen/xen_common.h
|
||||||
@@ -49,6 +49,8 @@ typedef xc_gnttab xengnttab_handle;
|
@@ -49,6 +49,8 @@ typedef xc_gnttab xengnttab_handle;
|
@ -1,76 +0,0 @@
|
|||||||
From ff65fa87b6d7d4e7dbda895181c9afc80b07c5e3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Thu, 19 May 2016 16:09:31 +0530
|
|
||||||
Subject: [PATCH] esp: check dma length before reading scsi
|
|
||||||
command(CVE-2016-4441)
|
|
||||||
|
|
||||||
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
|
|
||||||
FIFO buffer. It is used to handle command and data transfer.
|
|
||||||
Routine get_cmd() uses DMA to read scsi commands into this buffer.
|
|
||||||
Add check to validate DMA length against buffer size to avoid any
|
|
||||||
overrun.
|
|
||||||
|
|
||||||
Fixes CVE-2016-4441.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1463654371-11169-3-git-send-email-ppandit@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 6c1fef6b59563cc415f21e03f81539ed4b33ad90)
|
|
||||||
[BR: CVE-2016-4441 BSC#980723]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/esp.c | 11 +++++++----
|
|
||||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
||||||
index 01497e6..591c817 100644
|
|
||||||
--- a/hw/scsi/esp.c
|
|
||||||
+++ b/hw/scsi/esp.c
|
|
||||||
@@ -82,7 +82,7 @@ void esp_request_cancelled(SCSIRequest *req)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
-static uint32_t get_cmd(ESPState *s, uint8_t *buf)
|
|
||||||
+static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
|
|
||||||
{
|
|
||||||
uint32_t dmalen;
|
|
||||||
int target;
|
|
||||||
@@ -92,6 +92,9 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
|
|
||||||
dmalen = s->rregs[ESP_TCLO];
|
|
||||||
dmalen |= s->rregs[ESP_TCMID] << 8;
|
|
||||||
dmalen |= s->rregs[ESP_TCHI] << 16;
|
|
||||||
+ if (dmalen > buflen) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
s->dma_memory_read(s->dma_opaque, buf, dmalen);
|
|
||||||
} else {
|
|
||||||
dmalen = s->ti_size;
|
|
||||||
@@ -166,7 +169,7 @@ static void handle_satn(ESPState *s)
|
|
||||||
s->dma_cb = handle_satn;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
- len = get_cmd(s, buf);
|
|
||||||
+ len = get_cmd(s, buf, sizeof(buf));
|
|
||||||
if (len)
|
|
||||||
do_cmd(s, buf);
|
|
||||||
}
|
|
||||||
@@ -180,7 +183,7 @@ static void handle_s_without_atn(ESPState *s)
|
|
||||||
s->dma_cb = handle_s_without_atn;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
- len = get_cmd(s, buf);
|
|
||||||
+ len = get_cmd(s, buf, sizeof(buf));
|
|
||||||
if (len) {
|
|
||||||
do_busid_cmd(s, buf, 0);
|
|
||||||
}
|
|
||||||
@@ -192,7 +195,7 @@ static void handle_satn_stop(ESPState *s)
|
|
||||||
s->dma_cb = handle_satn_stop;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
- s->cmdlen = get_cmd(s, s->cmdbuf);
|
|
||||||
+ s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf));
|
|
||||||
if (s->cmdlen) {
|
|
||||||
trace_esp_handle_satn_stop(s->cmdlen);
|
|
||||||
s->do_cmd = 1;
|
|
@ -1,4 +1,4 @@
|
|||||||
From ee2225e5f531d965aed352bf99ba339969216144 Mon Sep 17 00:00:00 2001
|
From 87e73bcc23fedcaa89776810dfcf4c6ef8ad39b1 Mon Sep 17 00:00:00 2001
|
||||||
From: Juergen Gross <jgross@suse.com>
|
From: Juergen Gross <jgross@suse.com>
|
||||||
Date: Mon, 13 Jun 2016 11:12:21 +0200
|
Date: Mon, 13 Jun 2016 11:12:21 +0200
|
||||||
Subject: [PATCH] xen: move xen_sysdev to xen_backend.c
|
Subject: [PATCH] xen: move xen_sysdev to xen_backend.c
|
@ -1,96 +0,0 @@
|
|||||||
From 8c2fc88049f351c67bd82c6f61c54111eb088e69 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Mon, 23 May 2016 04:49:00 -0600
|
|
||||||
Subject: [PATCH] scsi: pvscsi: check command descriptor ring buffer size
|
|
||||||
|
|
||||||
Vmware Paravirtual SCSI emulation uses command descriptors to
|
|
||||||
process SCSI commands. These descriptors come with their ring
|
|
||||||
buffers. A guest could set the ring buffer size to an arbitrary
|
|
||||||
value leading to OOB access issue. Add check to avoid it.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
[BR: CVE-2016-4952 BSC#981266]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/vmw_pvscsi.c | 24 ++++++++++++++++++++----
|
|
||||||
1 file changed, 20 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
|
||||||
index e690b4e..e1d6d06 100644
|
|
||||||
--- a/hw/scsi/vmw_pvscsi.c
|
|
||||||
+++ b/hw/scsi/vmw_pvscsi.c
|
|
||||||
@@ -153,7 +153,7 @@ pvscsi_log2(uint32_t input)
|
|
||||||
return log;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void
|
|
||||||
+static int
|
|
||||||
pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
@@ -161,6 +161,10 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
|
||||||
uint32_t req_ring_size, cmp_ring_size;
|
|
||||||
m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
|
|
||||||
|
|
||||||
+ if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
|
|
||||||
+ || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
|
|
||||||
cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
|
|
||||||
txr_len_log2 = pvscsi_log2(req_ring_size - 1);
|
|
||||||
@@ -192,15 +196,20 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
|
||||||
|
|
||||||
/* Flush ring state page changes */
|
|
||||||
smp_wmb();
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void
|
|
||||||
+static int
|
|
||||||
pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
uint32_t len_log2;
|
|
||||||
uint32_t ring_size;
|
|
||||||
|
|
||||||
+ if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
|
|
||||||
len_log2 = pvscsi_log2(ring_size - 1);
|
|
||||||
|
|
||||||
@@ -220,6 +229,8 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
|
|
||||||
|
|
||||||
/* Flush ring state page changes */
|
|
||||||
smp_wmb();
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
@@ -770,7 +781,10 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
|
|
||||||
trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
|
|
||||||
|
|
||||||
pvscsi_dbg_dump_tx_rings_config(rc);
|
|
||||||
- pvscsi_ring_init_data(&s->rings, rc);
|
|
||||||
+ if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
|
|
||||||
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
s->rings_info_valid = TRUE;
|
|
||||||
return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
|
|
||||||
}
|
|
||||||
@@ -850,7 +864,9 @@ pvscsi_on_cmd_setup_msg_ring(PVSCSIState *s)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (s->rings_info_valid) {
|
|
||||||
- pvscsi_ring_init_msg(&s->rings, rc);
|
|
||||||
+ if (pvscsi_ring_init_msg(&s->rings, rc) < 0) {
|
|
||||||
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
|
|
||||||
+ }
|
|
||||||
s->msg_ring_info_valid = TRUE;
|
|
||||||
}
|
|
||||||
return sizeof(PVSCSICmdDescSetupMsgRing) / sizeof(uint32_t);
|
|
@ -1,4 +1,4 @@
|
|||||||
From 6a788961dd16f558d78ab7313f0b297409f37af7 Mon Sep 17 00:00:00 2001
|
From a77aa218a1ae490d8b4594a77492353c4ebf235f Mon Sep 17 00:00:00 2001
|
||||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
Date: Wed, 1 Jun 2016 08:22:30 +0200
|
Date: Wed, 1 Jun 2016 08:22:30 +0200
|
||||||
Subject: [PATCH] vnc: add configurable keyboard delay
|
Subject: [PATCH] vnc: add configurable keyboard delay
|
||||||
@ -42,7 +42,7 @@ index 32b25a5..3bcd98f 100644
|
|||||||
ETEXI
|
ETEXI
|
||||||
|
|
||||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||||
index ab65db9..1bee07f 100644
|
index e7946ba..f78c8c3 100644
|
||||||
--- a/ui/vnc.c
|
--- a/ui/vnc.c
|
||||||
+++ b/ui/vnc.c
|
+++ b/ui/vnc.c
|
||||||
@@ -1639,6 +1639,7 @@ static void reset_keys(VncState *vs)
|
@@ -1639,6 +1639,7 @@ static void reset_keys(VncState *vs)
|
@ -1,4 +1,4 @@
|
|||||||
From 83775fe297c7cc8dae0d46c22accc2d7eb78c4a0 Mon Sep 17 00:00:00 2001
|
From c4fc507e8d321e3ad3df335b6c4ab84d8fd6bae7 Mon Sep 17 00:00:00 2001
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
From: Cole Robinson <crobinso@redhat.com>
|
||||||
Date: Fri, 6 May 2016 14:03:09 -0400
|
Date: Fri, 6 May 2016 14:03:09 -0400
|
||||||
Subject: [PATCH] configure: add echo_version helper
|
Subject: [PATCH] configure: add echo_version helper
|
||||||
@ -17,10 +17,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|||||||
1 file changed, 8 insertions(+), 10 deletions(-)
|
1 file changed, 8 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
diff --git a/configure b/configure
|
||||||
index b455035..767658e 100755
|
index 8892b36..51dc704 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -4748,6 +4748,12 @@ EOF
|
@@ -4749,6 +4749,12 @@ EOF
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -33,7 +33,7 @@ index b455035..767658e 100755
|
|||||||
# prepend pixman and ftd flags after all config tests are done
|
# prepend pixman and ftd flags after all config tests are done
|
||||||
QEMU_CFLAGS="$pixman_cflags $fdt_cflags $QEMU_CFLAGS"
|
QEMU_CFLAGS="$pixman_cflags $fdt_cflags $QEMU_CFLAGS"
|
||||||
libs_softmmu="$pixman_libs $libs_softmmu"
|
libs_softmmu="$pixman_libs $libs_softmmu"
|
||||||
@@ -4805,11 +4811,7 @@ echo "GNUTLS hash $gnutls_hash"
|
@@ -4806,11 +4812,7 @@ echo "GNUTLS hash $gnutls_hash"
|
||||||
echo "GNUTLS rnd $gnutls_rnd"
|
echo "GNUTLS rnd $gnutls_rnd"
|
||||||
echo "libgcrypt $gcrypt"
|
echo "libgcrypt $gcrypt"
|
||||||
echo "libgcrypt kdf $gcrypt_kdf"
|
echo "libgcrypt kdf $gcrypt_kdf"
|
||||||
@ -46,7 +46,7 @@ index b455035..767658e 100755
|
|||||||
echo "nettle kdf $nettle_kdf"
|
echo "nettle kdf $nettle_kdf"
|
||||||
echo "libtasn1 $tasn1"
|
echo "libtasn1 $tasn1"
|
||||||
echo "VTE support $vte"
|
echo "VTE support $vte"
|
||||||
@@ -4861,11 +4863,7 @@ echo "Trace backends $trace_backends"
|
@@ -4862,11 +4864,7 @@ echo "Trace backends $trace_backends"
|
||||||
if have_backend "simple"; then
|
if have_backend "simple"; then
|
||||||
echo "Trace output file $trace_file-<pid>"
|
echo "Trace output file $trace_file-<pid>"
|
||||||
fi
|
fi
|
@ -1,45 +0,0 @@
|
|||||||
From 9e91782f3582e12f5c41e64f70e5c53f0e7b9f2a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Tue, 24 May 2016 02:10:00 -0600
|
|
||||||
Subject: [PATCH] scsi: mptsas: infinite loop while fetching requests
|
|
||||||
|
|
||||||
The LSI SAS1068 Host Bus Adapter emulator in Qemu, periodically
|
|
||||||
looks for requests and fetches them. A loop doing that in
|
|
||||||
mptsas_fetch_requests() could run infinitely if 's->state' was
|
|
||||||
not operational. Move check to avoid such a loop.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
[BR: CVE-2016-4964 BSC#981399]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/mptsas.c | 9 ++++-----
|
|
||||||
1 file changed, 4 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
|
|
||||||
index 499c146..be88e16 100644
|
|
||||||
--- a/hw/scsi/mptsas.c
|
|
||||||
+++ b/hw/scsi/mptsas.c
|
|
||||||
@@ -754,11 +754,6 @@ static void mptsas_fetch_request(MPTSASState *s)
|
|
||||||
hwaddr addr;
|
|
||||||
int size;
|
|
||||||
|
|
||||||
- if (s->state != MPI_IOC_STATE_OPERATIONAL) {
|
|
||||||
- mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE);
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
/* Read the message header from the guest first. */
|
|
||||||
addr = s->host_mfa_high_addr | MPTSAS_FIFO_GET(s, request_post);
|
|
||||||
pci_dma_read(pci, addr, req, sizeof(hdr));
|
|
||||||
@@ -789,6 +784,10 @@ static void mptsas_fetch_requests(void *opaque)
|
|
||||||
{
|
|
||||||
MPTSASState *s = opaque;
|
|
||||||
|
|
||||||
+ if (s->state != MPI_IOC_STATE_OPERATIONAL) {
|
|
||||||
+ mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
while (!MPTSAS_FIFO_EMPTY(s, request_post)) {
|
|
||||||
mptsas_fetch_request(s);
|
|
||||||
}
|
|
@ -1,4 +1,4 @@
|
|||||||
From b673055ec7e4eda0454aacc2d042bd53405f85e6 Mon Sep 17 00:00:00 2001
|
From eeb106a711b51266bf05f3895e01575357414ec6 Mon Sep 17 00:00:00 2001
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
From: Cole Robinson <crobinso@redhat.com>
|
||||||
Date: Fri, 6 May 2016 14:03:12 -0400
|
Date: Fri, 6 May 2016 14:03:12 -0400
|
||||||
Subject: [PATCH] configure: support vte-2.91
|
Subject: [PATCH] configure: support vte-2.91
|
||||||
@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|||||||
1 file changed, 11 insertions(+), 6 deletions(-)
|
1 file changed, 11 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
diff --git a/configure b/configure
|
||||||
index 767658e..f32cff5 100755
|
index 51dc704..8f1948c 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -2395,20 +2395,25 @@ fi
|
@@ -2396,20 +2396,25 @@ fi
|
||||||
|
|
||||||
if test "$vte" != "no"; then
|
if test "$vte" != "no"; then
|
||||||
if test "$gtkabi" = "3.0"; then
|
if test "$gtkabi" = "3.0"; then
|
||||||
@ -52,7 +52,7 @@ index 767658e..f32cff5 100755
|
|||||||
else
|
else
|
||||||
feature_not_found "vte" "Install libvte devel"
|
feature_not_found "vte" "Install libvte devel"
|
||||||
fi
|
fi
|
||||||
@@ -4806,6 +4811,7 @@ echo "pixman $pixman"
|
@@ -4807,6 +4812,7 @@ echo "pixman $pixman"
|
||||||
echo "SDL support $sdl"
|
echo "SDL support $sdl"
|
||||||
echo "GTK support $gtk"
|
echo "GTK support $gtk"
|
||||||
echo "GTK GL support $gtk_gl"
|
echo "GTK GL support $gtk_gl"
|
||||||
@ -60,7 +60,7 @@ index 767658e..f32cff5 100755
|
|||||||
echo "GNUTLS support $gnutls"
|
echo "GNUTLS support $gnutls"
|
||||||
echo "GNUTLS hash $gnutls_hash"
|
echo "GNUTLS hash $gnutls_hash"
|
||||||
echo "GNUTLS rnd $gnutls_rnd"
|
echo "GNUTLS rnd $gnutls_rnd"
|
||||||
@@ -4814,7 +4820,6 @@ echo "libgcrypt kdf $gcrypt_kdf"
|
@@ -4815,7 +4821,6 @@ echo "libgcrypt kdf $gcrypt_kdf"
|
||||||
echo "nettle $nettle `echo_version $nettle $nettle_version`"
|
echo "nettle $nettle `echo_version $nettle $nettle_version`"
|
||||||
echo "nettle kdf $nettle_kdf"
|
echo "nettle kdf $nettle_kdf"
|
||||||
echo "libtasn1 $tasn1"
|
echo "libtasn1 $tasn1"
|
@ -1,235 +0,0 @@
|
|||||||
From d8d0d22b88ceaf7f9ce8e01eb2842b8daf2aa34e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Date: Tue, 17 May 2016 10:54:54 +0200
|
|
||||||
Subject: [PATCH] vga: add sr_vbe register set
|
|
||||||
|
|
||||||
Commit "fd3c136 vga: make sure vga register setup for vbe stays intact
|
|
||||||
(CVE-2016-3712)." causes a regression. The win7 installer is unhappy
|
|
||||||
because it can't freely modify vga registers any more while in vbe mode.
|
|
||||||
|
|
||||||
This patch introduces a new sr_vbe register set. The vbe_update_vgaregs
|
|
||||||
will fill sr_vbe[] instead of sr[]. Normal vga register reads and
|
|
||||||
writes go to sr[]. Any sr register read access happens through a new
|
|
||||||
sr() helper function which will read from sr_vbe[] with vbe active and
|
|
||||||
from sr[] otherwise.
|
|
||||||
|
|
||||||
This way we can allow guests update sr[] registers as they want, without
|
|
||||||
allowing them disrupt vbe video modes that way.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Reported-by: Thomas Lamprecht <thomas@lamprecht.org>
|
|
||||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Message-id: 1463475294-14119-1-git-send-email-kraxel@redhat.com
|
|
||||||
(cherry picked from commit 94ef4f337fb614f18b765a8e0e878a4c23cdedcd)
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/display/vga.c | 50 ++++++++++++++++++++++++++++----------------------
|
|
||||||
hw/display/vga_int.h | 1 +
|
|
||||||
2 files changed, 29 insertions(+), 22 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/display/vga.c b/hw/display/vga.c
|
|
||||||
index 4a55ec6..9ebc54f 100644
|
|
||||||
--- a/hw/display/vga.c
|
|
||||||
+++ b/hw/display/vga.c
|
|
||||||
@@ -149,6 +149,11 @@ static inline bool vbe_enabled(VGACommonState *s)
|
|
||||||
return s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static inline uint8_t sr(VGACommonState *s, int idx)
|
|
||||||
+{
|
|
||||||
+ return vbe_enabled(s) ? s->sr_vbe[idx] : s->sr[idx];
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void vga_update_memory_access(VGACommonState *s)
|
|
||||||
{
|
|
||||||
hwaddr base, offset, size;
|
|
||||||
@@ -163,8 +168,8 @@ static void vga_update_memory_access(VGACommonState *s)
|
|
||||||
s->has_chain4_alias = false;
|
|
||||||
s->plane_updated = 0xf;
|
|
||||||
}
|
|
||||||
- if ((s->sr[VGA_SEQ_PLANE_WRITE] & VGA_SR02_ALL_PLANES) ==
|
|
||||||
- VGA_SR02_ALL_PLANES && s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
|
|
||||||
+ if ((sr(s, VGA_SEQ_PLANE_WRITE) & VGA_SR02_ALL_PLANES) ==
|
|
||||||
+ VGA_SR02_ALL_PLANES && sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) {
|
|
||||||
offset = 0;
|
|
||||||
switch ((s->gr[VGA_GFX_MISC] >> 2) & 3) {
|
|
||||||
case 0:
|
|
||||||
@@ -234,7 +239,7 @@ static void vga_precise_update_retrace_info(VGACommonState *s)
|
|
||||||
((s->cr[VGA_CRTC_OVERFLOW] >> 6) & 2)) << 8);
|
|
||||||
vretr_end_line = s->cr[VGA_CRTC_V_SYNC_END] & 0xf;
|
|
||||||
|
|
||||||
- clocking_mode = (s->sr[VGA_SEQ_CLOCK_MODE] >> 3) & 1;
|
|
||||||
+ clocking_mode = (sr(s, VGA_SEQ_CLOCK_MODE) >> 3) & 1;
|
|
||||||
clock_sel = (s->msr >> 2) & 3;
|
|
||||||
dots = (s->msr & 1) ? 8 : 9;
|
|
||||||
|
|
||||||
@@ -486,7 +491,6 @@ void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
|
|
||||||
printf("vga: write SR%x = 0x%02x\n", s->sr_index, val);
|
|
||||||
#endif
|
|
||||||
s->sr[s->sr_index] = val & sr_mask[s->sr_index];
|
|
||||||
- vbe_update_vgaregs(s);
|
|
||||||
if (s->sr_index == VGA_SEQ_CLOCK_MODE) {
|
|
||||||
s->update_retrace_info(s);
|
|
||||||
}
|
|
||||||
@@ -680,13 +684,13 @@ static void vbe_update_vgaregs(VGACommonState *s)
|
|
||||||
|
|
||||||
if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
|
|
||||||
shift_control = 0;
|
|
||||||
- s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
|
|
||||||
+ s->sr_vbe[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
|
|
||||||
} else {
|
|
||||||
shift_control = 2;
|
|
||||||
/* set chain 4 mode */
|
|
||||||
- s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
|
|
||||||
+ s->sr_vbe[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
|
|
||||||
/* activate all planes */
|
|
||||||
- s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
|
|
||||||
+ s->sr_vbe[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
|
|
||||||
}
|
|
||||||
s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) |
|
|
||||||
(shift_control << 5);
|
|
||||||
@@ -836,7 +840,7 @@ uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
|
|
||||||
+ if (sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) {
|
|
||||||
/* chain 4 mode : simplest access */
|
|
||||||
assert(addr < s->vram_size);
|
|
||||||
ret = s->vram_ptr[addr];
|
|
||||||
@@ -904,11 +908,11 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
|
|
||||||
+ if (sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) {
|
|
||||||
/* chain 4 mode : simplest access */
|
|
||||||
plane = addr & 3;
|
|
||||||
mask = (1 << plane);
|
|
||||||
- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
|
|
||||||
+ if (sr(s, VGA_SEQ_PLANE_WRITE) & mask) {
|
|
||||||
assert(addr < s->vram_size);
|
|
||||||
s->vram_ptr[addr] = val;
|
|
||||||
#ifdef DEBUG_VGA_MEM
|
|
||||||
@@ -921,7 +925,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
|
|
||||||
/* odd/even mode (aka text mode mapping) */
|
|
||||||
plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
|
|
||||||
mask = (1 << plane);
|
|
||||||
- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
|
|
||||||
+ if (sr(s, VGA_SEQ_PLANE_WRITE) & mask) {
|
|
||||||
addr = ((addr & ~1) << 1) | plane;
|
|
||||||
if (addr >= s->vram_size) {
|
|
||||||
return;
|
|
||||||
@@ -996,7 +1000,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
|
|
||||||
|
|
||||||
do_write:
|
|
||||||
/* mask data according to sr[2] */
|
|
||||||
- mask = s->sr[VGA_SEQ_PLANE_WRITE];
|
|
||||||
+ mask = sr(s, VGA_SEQ_PLANE_WRITE);
|
|
||||||
s->plane_updated |= mask; /* only used to detect font change */
|
|
||||||
write_mask = mask16[mask];
|
|
||||||
if (addr * sizeof(uint32_t) >= s->vram_size) {
|
|
||||||
@@ -1152,10 +1156,10 @@ static void vga_get_text_resolution(VGACommonState *s, int *pwidth, int *pheight
|
|
||||||
/* total width & height */
|
|
||||||
cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
|
|
||||||
cwidth = 8;
|
|
||||||
- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
|
|
||||||
+ if (!(sr(s, VGA_SEQ_CLOCK_MODE) & VGA_SR01_CHAR_CLK_8DOTS)) {
|
|
||||||
cwidth = 9;
|
|
||||||
}
|
|
||||||
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
|
|
||||||
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 0x08) {
|
|
||||||
cwidth = 16; /* NOTE: no 18 pixel wide */
|
|
||||||
}
|
|
||||||
width = (s->cr[VGA_CRTC_H_DISP] + 1);
|
|
||||||
@@ -1197,7 +1201,7 @@ static void vga_draw_text(VGACommonState *s, int full_update)
|
|
||||||
int64_t now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL);
|
|
||||||
|
|
||||||
/* compute font data address (in plane 2) */
|
|
||||||
- v = s->sr[VGA_SEQ_CHARACTER_MAP];
|
|
||||||
+ v = sr(s, VGA_SEQ_CHARACTER_MAP);
|
|
||||||
offset = (((v >> 4) & 1) | ((v << 1) & 6)) * 8192 * 4 + 2;
|
|
||||||
if (offset != s->font_offsets[0]) {
|
|
||||||
s->font_offsets[0] = offset;
|
|
||||||
@@ -1506,11 +1510,11 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (shift_control == 0) {
|
|
||||||
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
|
|
||||||
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
|
|
||||||
disp_width <<= 1;
|
|
||||||
}
|
|
||||||
} else if (shift_control == 1) {
|
|
||||||
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
|
|
||||||
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
|
|
||||||
disp_width <<= 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1574,7 +1578,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
|
|
||||||
|
|
||||||
if (shift_control == 0) {
|
|
||||||
full_update |= update_palette16(s);
|
|
||||||
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
|
|
||||||
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
|
|
||||||
v = VGA_DRAW_LINE4D2;
|
|
||||||
} else {
|
|
||||||
v = VGA_DRAW_LINE4;
|
|
||||||
@@ -1582,7 +1586,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
|
|
||||||
bits = 4;
|
|
||||||
} else if (shift_control == 1) {
|
|
||||||
full_update |= update_palette16(s);
|
|
||||||
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
|
|
||||||
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) {
|
|
||||||
v = VGA_DRAW_LINE2D2;
|
|
||||||
} else {
|
|
||||||
v = VGA_DRAW_LINE2;
|
|
||||||
@@ -1629,7 +1633,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
|
|
||||||
#if 0
|
|
||||||
printf("w=%d h=%d v=%d line_offset=%d cr[0x09]=0x%02x cr[0x17]=0x%02x linecmp=%d sr[0x01]=0x%02x\n",
|
|
||||||
width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE],
|
|
||||||
- s->line_compare, s->sr[VGA_SEQ_CLOCK_MODE]);
|
|
||||||
+ s->line_compare, sr(s, VGA_SEQ_CLOCK_MODE));
|
|
||||||
#endif
|
|
||||||
addr1 = (s->start_addr * 4);
|
|
||||||
bwidth = (width * bits + 7) / 8;
|
|
||||||
@@ -1781,6 +1785,7 @@ void vga_common_reset(VGACommonState *s)
|
|
||||||
{
|
|
||||||
s->sr_index = 0;
|
|
||||||
memset(s->sr, '\0', sizeof(s->sr));
|
|
||||||
+ memset(s->sr_vbe, '\0', sizeof(s->sr_vbe));
|
|
||||||
s->gr_index = 0;
|
|
||||||
memset(s->gr, '\0', sizeof(s->gr));
|
|
||||||
s->ar_index = 0;
|
|
||||||
@@ -1883,10 +1888,10 @@ static void vga_update_text(void *opaque, console_ch_t *chardata)
|
|
||||||
/* total width & height */
|
|
||||||
cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
|
|
||||||
cw = 8;
|
|
||||||
- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
|
|
||||||
+ if (!(sr(s, VGA_SEQ_CLOCK_MODE) & VGA_SR01_CHAR_CLK_8DOTS)) {
|
|
||||||
cw = 9;
|
|
||||||
}
|
|
||||||
- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
|
|
||||||
+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 0x08) {
|
|
||||||
cw = 16; /* NOTE: no 18 pixel wide */
|
|
||||||
}
|
|
||||||
width = (s->cr[VGA_CRTC_H_DISP] + 1);
|
|
||||||
@@ -2053,6 +2058,7 @@ static int vga_common_post_load(void *opaque, int version_id)
|
|
||||||
|
|
||||||
/* force refresh */
|
|
||||||
s->graphic_mode = -1;
|
|
||||||
+ vbe_update_vgaregs(s);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h
|
|
||||||
index bdb43a5..3ce5544 100644
|
|
||||||
--- a/hw/display/vga_int.h
|
|
||||||
+++ b/hw/display/vga_int.h
|
|
||||||
@@ -98,6 +98,7 @@ typedef struct VGACommonState {
|
|
||||||
MemoryRegion chain4_alias;
|
|
||||||
uint8_t sr_index;
|
|
||||||
uint8_t sr[256];
|
|
||||||
+ uint8_t sr_vbe[256];
|
|
||||||
uint8_t gr_index;
|
|
||||||
uint8_t gr[256];
|
|
||||||
uint8_t ar_index;
|
|
@ -1,4 +1,4 @@
|
|||||||
From ced63da3c840792292a6ee8201c3f7789b80b7eb Mon Sep 17 00:00:00 2001
|
From 8b1a852589b2693dd384680d761e617a34ba2f9e Mon Sep 17 00:00:00 2001
|
||||||
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||||
Date: Mon, 4 Jul 2016 13:06:36 +0100
|
Date: Mon, 4 Jul 2016 13:06:36 +0100
|
||||||
Subject: [PATCH] hw/arm/virt: mark the PCIe host controller as DMA coherent in
|
Subject: [PATCH] hw/arm/virt: mark the PCIe host controller as DMA coherent in
|
||||||
@ -25,7 +25,7 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
|
|||||||
1 file changed, 1 insertion(+)
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
|
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
|
||||||
index 56d35c7..9d015d5 100644
|
index a535285..30841de 100644
|
||||||
--- a/hw/arm/virt.c
|
--- a/hw/arm/virt.c
|
||||||
+++ b/hw/arm/virt.c
|
+++ b/hw/arm/virt.c
|
||||||
@@ -950,6 +950,7 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic,
|
@@ -950,6 +950,7 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic,
|
@ -1,34 +0,0 @@
|
|||||||
From f7901e3ec072d45629284c91300bf5ad21b36908 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Wed, 25 May 2016 16:01:29 +0530
|
|
||||||
Subject: [PATCH] scsi: megasas: use appropriate property buffer size
|
|
||||||
|
|
||||||
When setting MegaRAID SAS controller properties via MegaRAID
|
|
||||||
Firmware Interface(MFI) commands, a user supplied size parameter
|
|
||||||
is used to set property value. Use appropriate size value to avoid
|
|
||||||
OOB access issues.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1464172291-2856-2-git-send-email-ppandit@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 1b85898025c4cd95dce673d15e67e60e98e91731)
|
|
||||||
[BR:CVE-2016-5106 BSC#982018]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/megasas.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
|
||||||
index a63a581..dcbd3e1 100644
|
|
||||||
--- a/hw/scsi/megasas.c
|
|
||||||
+++ b/hw/scsi/megasas.c
|
|
||||||
@@ -1446,7 +1446,7 @@ static int megasas_dcmd_set_properties(MegasasState *s, MegasasCmd *cmd)
|
|
||||||
dcmd_size);
|
|
||||||
return MFI_STAT_INVALID_PARAMETER;
|
|
||||||
}
|
|
||||||
- dma_buf_write((uint8_t *)&info, cmd->iov_size, &cmd->qsg);
|
|
||||||
+ dma_buf_write((uint8_t *)&info, dcmd_size, &cmd->qsg);
|
|
||||||
trace_megasas_dcmd_unsupported(cmd->index, cmd->iov_size);
|
|
||||||
return MFI_STAT_OK;
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
From e9910b20f94d3683d4d8895136583529cf7c313f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Wed, 25 May 2016 17:55:10 +0530
|
|
||||||
Subject: [PATCH] scsi: megasas: check 'read_queue_head' index value
|
|
||||||
|
|
||||||
While doing MegaRAID SAS controller command frame lookup, routine
|
|
||||||
'megasas_lookup_frame' uses 'read_queue_head' value as an index
|
|
||||||
into 'frames[MEGASAS_MAX_FRAMES=2048]' array. Limit its value
|
|
||||||
within array bounds to avoid any OOB access.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1464179110-18593-1-git-send-email-ppandit@redhat.com>
|
|
||||||
Reviewed-by: Alexander Graf <agraf@suse.de>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2)
|
|
||||||
[BR: CVE-2016-5107 BSC#982019]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/megasas.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
|
||||||
index dcbd3e1..96aee1c 100644
|
|
||||||
--- a/hw/scsi/megasas.c
|
|
||||||
+++ b/hw/scsi/megasas.c
|
|
||||||
@@ -650,7 +650,9 @@ static int megasas_init_firmware(MegasasState *s, MegasasCmd *cmd)
|
|
||||||
pa_hi = le32_to_cpu(initq->pi_addr_hi);
|
|
||||||
s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
|
|
||||||
s->reply_queue_head = ldl_le_pci_dma(pcid, s->producer_pa);
|
|
||||||
+ s->reply_queue_head %= MEGASAS_MAX_FRAMES;
|
|
||||||
s->reply_queue_tail = ldl_le_pci_dma(pcid, s->consumer_pa);
|
|
||||||
+ s->reply_queue_tail %= MEGASAS_MAX_FRAMES;
|
|
||||||
flags = le32_to_cpu(initq->flags);
|
|
||||||
if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
|
|
||||||
s->flags |= MEGASAS_MASK_USE_QUEUE64;
|
|
@ -1,4 +1,4 @@
|
|||||||
From 1caba48fc19de7cdceda7577ccf6970d4eb7ed75 Mon Sep 17 00:00:00 2001
|
From 6fc72ceb37357fb66b43b17a84b4b6fe128c5f4f Mon Sep 17 00:00:00 2001
|
||||||
From: Olaf Hering <ohering@suse.de>
|
From: Olaf Hering <ohering@suse.de>
|
||||||
Date: Tue, 21 Jun 2016 18:42:45 +0200
|
Date: Tue, 21 Jun 2016 18:42:45 +0200
|
||||||
Subject: [PATCH] xen: SUSE xenlinux unplug for emulated PCI
|
Subject: [PATCH] xen: SUSE xenlinux unplug for emulated PCI
|
@ -1,4 +1,4 @@
|
|||||||
From a4c62237f33857750850ef30066a5ae5d4d1194e Mon Sep 17 00:00:00 2001
|
From ef7fe72329d837ac78895a6b287bc6d7cb2a6889 Mon Sep 17 00:00:00 2001
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
Date: Mon, 20 Jun 2016 16:32:39 +0200
|
Date: Mon, 20 Jun 2016 16:32:39 +0200
|
||||||
Subject: [PATCH] scsi: esp: fix migration
|
Subject: [PATCH] scsi: esp: fix migration
|
||||||
@ -17,10 +17,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|||||||
2 files changed, 7 insertions(+), 3 deletions(-)
|
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
||||||
index 9e318fd..25c547c 100644
|
index baa0a2c..1f2f2d3 100644
|
||||||
--- a/hw/scsi/esp.c
|
--- a/hw/scsi/esp.c
|
||||||
+++ b/hw/scsi/esp.c
|
+++ b/hw/scsi/esp.c
|
||||||
@@ -577,7 +577,7 @@ static bool esp_mem_accepts(void *opaque, hwaddr addr,
|
@@ -574,7 +574,7 @@ static bool esp_mem_accepts(void *opaque, hwaddr addr,
|
||||||
|
|
||||||
const VMStateDescription vmstate_esp = {
|
const VMStateDescription vmstate_esp = {
|
||||||
.name ="esp",
|
.name ="esp",
|
||||||
@ -29,7 +29,7 @@ index 9e318fd..25c547c 100644
|
|||||||
.minimum_version_id = 3,
|
.minimum_version_id = 3,
|
||||||
.fields = (VMStateField[]) {
|
.fields = (VMStateField[]) {
|
||||||
VMSTATE_BUFFER(rregs, ESPState),
|
VMSTATE_BUFFER(rregs, ESPState),
|
||||||
@@ -588,7 +588,8 @@ const VMStateDescription vmstate_esp = {
|
@@ -585,7 +585,8 @@ const VMStateDescription vmstate_esp = {
|
||||||
VMSTATE_BUFFER(ti_buf, ESPState),
|
VMSTATE_BUFFER(ti_buf, ESPState),
|
||||||
VMSTATE_UINT32(status, ESPState),
|
VMSTATE_UINT32(status, ESPState),
|
||||||
VMSTATE_UINT32(dma, ESPState),
|
VMSTATE_UINT32(dma, ESPState),
|
@ -1,32 +0,0 @@
|
|||||||
From e7b653272e0242843f39b9b8d65694c29028fdf5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Tue, 7 Jun 2016 16:44:03 +0530
|
|
||||||
Subject: [PATCH] scsi: megasas: null terminate bios version buffer
|
|
||||||
|
|
||||||
While reading information via 'megasas_ctrl_get_info' routine,
|
|
||||||
a local bios version buffer isn't null terminated. Add the
|
|
||||||
terminating null byte to avoid any OOB access.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 844864fbae66935951529408831c2f22367a57b6)
|
|
||||||
[BR: CVE-2016-5337 BSC#983961]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/megasas.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
|
||||||
index 96aee1c..893448b 100644
|
|
||||||
--- a/hw/scsi/megasas.c
|
|
||||||
+++ b/hw/scsi/megasas.c
|
|
||||||
@@ -773,6 +773,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
|
|
||||||
|
|
||||||
ptr = memory_region_get_ram_ptr(&pci_dev->rom);
|
|
||||||
memcpy(biosver, ptr + 0x41, 31);
|
|
||||||
+ biosver[31] = 0;
|
|
||||||
memcpy(info.image_component[1].name, "BIOS", 4);
|
|
||||||
memcpy(info.image_component[1].version, biosver,
|
|
||||||
strlen((const char *)biosver));
|
|
@ -1,73 +0,0 @@
|
|||||||
From 74a7469799521413262d7571b7092f859ed32121 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Date: Mon, 30 May 2016 09:09:18 +0200
|
|
||||||
Subject: [PATCH] vmsvga: move fifo sanity checks to vmsvga_fifo_length
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Sanity checks are applied when the fifo is enabled by the guest
|
|
||||||
(SVGA_REG_CONFIG_DONE write). Which doesn't help much if the guest
|
|
||||||
changes the fifo registers afterwards. Move the checks to
|
|
||||||
vmsvga_fifo_length so they are done each time qemu is about to read
|
|
||||||
from the fifo.
|
|
||||||
|
|
||||||
Fixes: CVE-2016-4454
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Cc: P J P <ppandit@redhat.com>
|
|
||||||
Reported-by: 李强 <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Message-id: 1464592161-18348-2-git-send-email-kraxel@redhat.com
|
|
||||||
(cherry picked from commit 521360267876d3b6518b328051a2e56bca55bef8)
|
|
||||||
[BR: CVE-2016-4454 BSC#982222]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/display/vmware_vga.c | 28 +++++++++++++++-------------
|
|
||||||
1 file changed, 15 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
|
||||||
index 0c63fa8..63a7c05 100644
|
|
||||||
--- a/hw/display/vmware_vga.c
|
|
||||||
+++ b/hw/display/vmware_vga.c
|
|
||||||
@@ -555,6 +555,21 @@ static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
|
|
||||||
if (!s->config || !s->enable) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /* Check range and alignment. */
|
|
||||||
+ if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ if (CMD(max) > SVGA_FIFO_SIZE) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ if (CMD(max) < CMD(min) + 10 * 1024) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
num = CMD(next_cmd) - CMD(stop);
|
|
||||||
if (num < 0) {
|
|
||||||
num += CMD(max) - CMD(min);
|
|
||||||
@@ -1005,19 +1020,6 @@ static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
|
|
||||||
case SVGA_REG_CONFIG_DONE:
|
|
||||||
if (value) {
|
|
||||||
s->fifo = (uint32_t *) s->fifo_ptr;
|
|
||||||
- /* Check range and alignment. */
|
|
||||||
- if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
- if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
- if (CMD(max) > SVGA_FIFO_SIZE) {
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
- if (CMD(max) < CMD(min) + 10 * 1024) {
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
vga_dirty_log_stop(&s->vga);
|
|
||||||
}
|
|
||||||
s->config = !!value;
|
|
@ -1,4 +1,4 @@
|
|||||||
From 0d4ea8a7847a76415ed0d0db0392be5b7d1b71a6 Mon Sep 17 00:00:00 2001
|
From 57e6b7c9e33686c070e6b5bce203e1a4a01b821d Mon Sep 17 00:00:00 2001
|
||||||
From: Juergen Gross <jgross@suse.com>
|
From: Juergen Gross <jgross@suse.com>
|
||||||
Date: Fri, 29 Jul 2016 12:51:53 +0200
|
Date: Fri, 29 Jul 2016 12:51:53 +0200
|
||||||
Subject: [PATCH] xen: when removing a backend don't remove many of them
|
Subject: [PATCH] xen: when removing a backend don't remove many of them
|
@ -1,45 +0,0 @@
|
|||||||
From 51a212ea5bb9d958e0fd59d9e975685a8b9e62d0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Date: Mon, 30 May 2016 09:09:21 +0200
|
|
||||||
Subject: [PATCH] vmsvga: don't process more than 1024 fifo commands at once
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
vmsvga_fifo_run is called in regular intervals (on each display update)
|
|
||||||
and will resume where it left off. So we can simply exit the loop,
|
|
||||||
without having to worry about how processing will continue.
|
|
||||||
|
|
||||||
Fixes: CVE-2016-4453
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Cc: P J P <ppandit@redhat.com>
|
|
||||||
Reported-by: 李强 <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Message-id: 1464592161-18348-5-git-send-email-kraxel@redhat.com
|
|
||||||
(cherry picked from commit 4e68a0ee17dad7b8d870df0081d4ab2e079016c2)
|
|
||||||
[BR: CVE-2016-4453 BSC#982223]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/display/vmware_vga.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
|
||||||
index 63a7c05..3bd4c52 100644
|
|
||||||
--- a/hw/display/vmware_vga.c
|
|
||||||
+++ b/hw/display/vmware_vga.c
|
|
||||||
@@ -596,13 +596,13 @@ static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
|
|
||||||
static void vmsvga_fifo_run(struct vmsvga_state_s *s)
|
|
||||||
{
|
|
||||||
uint32_t cmd, colour;
|
|
||||||
- int args, len;
|
|
||||||
+ int args, len, maxloop = 1024;
|
|
||||||
int x, y, dx, dy, width, height;
|
|
||||||
struct vmsvga_cursor_definition_s cursor;
|
|
||||||
uint32_t cmd_start;
|
|
||||||
|
|
||||||
len = vmsvga_fifo_length(s);
|
|
||||||
- while (len > 0) {
|
|
||||||
+ while (len > 0 && --maxloop > 0) {
|
|
||||||
/* May need to go back to the start of the command if incomplete */
|
|
||||||
cmd_start = s->cmd->stop;
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From afb94bcc5bbb8b58f8c96821caaab268f96cabdb Mon Sep 17 00:00:00 2001
|
From 559d8ccdb0a5e92b6a0a42f2850caa7a8c57ae76 Mon Sep 17 00:00:00 2001
|
||||||
From: Juergen Gross <jgross@suse.com>
|
From: Juergen Gross <jgross@suse.com>
|
||||||
Date: Wed, 27 Jul 2016 08:17:41 +0200
|
Date: Wed, 27 Jul 2016 08:17:41 +0200
|
||||||
Subject: [PATCH] xen: drain submit queue in xen-usb before removing device
|
Subject: [PATCH] xen: drain submit queue in xen-usb before removing device
|
@ -1,37 +0,0 @@
|
|||||||
From 75e2bbd9eb1645c7acb1929ca700913a6e2f54d6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Lieven <pl@kamp.de>
|
|
||||||
Date: Tue, 24 May 2016 10:59:28 +0200
|
|
||||||
Subject: [PATCH] block/iscsi: avoid potential overflow of acb->task->cdb
|
|
||||||
|
|
||||||
at least in the path via virtio-blk the maximum size is not
|
|
||||||
restricted.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Peter Lieven <pl@kamp.de>
|
|
||||||
Message-Id: <1464080368-29584-1-git-send-email-pl@kamp.de>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit a6b3167fa0e825aebb5a7cd8b437b6d41584a196)
|
|
||||||
[BR: CVE-2016-5126 BSC#982285]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
block/iscsi.c | 7 +++++++
|
|
||||||
1 file changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/block/iscsi.c b/block/iscsi.c
|
|
||||||
index 302baf8..172e6cf 100644
|
|
||||||
--- a/block/iscsi.c
|
|
||||||
+++ b/block/iscsi.c
|
|
||||||
@@ -837,6 +837,13 @@ static BlockAIOCB *iscsi_aio_ioctl(BlockDriverState *bs,
|
|
||||||
return &acb->common;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (acb->ioh->cmd_len > SCSI_CDB_MAX_SIZE) {
|
|
||||||
+ error_report("iSCSI: ioctl error CDB exceeds max size (%d > %d)",
|
|
||||||
+ acb->ioh->cmd_len, SCSI_CDB_MAX_SIZE);
|
|
||||||
+ qemu_aio_unref(acb);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
acb->task = malloc(sizeof(struct scsi_task));
|
|
||||||
if (acb->task == NULL) {
|
|
||||||
error_report("iSCSI: Failed to allocate task for scsi command. %s",
|
|
@ -1,4 +1,4 @@
|
|||||||
From 197d526012602fbac75392a86e991539e4400bf0 Mon Sep 17 00:00:00 2001
|
From c9f5c5004b9fb97398c8dc0003303493904c986c Mon Sep 17 00:00:00 2001
|
||||||
From: "Denis V. Lunev" <den@openvz.org>
|
From: "Denis V. Lunev" <den@openvz.org>
|
||||||
Date: Thu, 2 Jun 2016 18:58:15 +0300
|
Date: Thu, 2 Jun 2016 18:58:15 +0300
|
||||||
Subject: [PATCH] qcow2: avoid extra flushes in qcow2
|
Subject: [PATCH] qcow2: avoid extra flushes in qcow2
|
@ -1,4 +1,4 @@
|
|||||||
From 4bbd77b07de2f0df2e8a0dba9c4ca51299ee2518 Mon Sep 17 00:00:00 2001
|
From 66d8c1e91cb8b11fad0ddc68c7398c5ff202525e Mon Sep 17 00:00:00 2001
|
||||||
From: Bruce Rogers <brogers@suse.com>
|
From: Bruce Rogers <brogers@suse.com>
|
||||||
Date: Tue, 2 Aug 2016 11:36:02 -0600
|
Date: Tue, 2 Aug 2016 11:36:02 -0600
|
||||||
Subject: [PATCH] qemu-bridge-helper: reduce security profile
|
Subject: [PATCH] qemu-bridge-helper: reduce security profile
|
@ -1,71 +0,0 @@
|
|||||||
From 40b9ce117b5a3aced6e1b88ea0e2619170b202f6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Mon, 6 Jun 2016 22:04:43 +0530
|
|
||||||
Subject: [PATCH] scsi: esp: check TI buffer index before read/write
|
|
||||||
|
|
||||||
The 53C9X Fast SCSI Controller(FSC) comes with internal 16-byte
|
|
||||||
FIFO buffers. One is used to handle commands and other is for
|
|
||||||
information transfer. Three control variables 'ti_rptr',
|
|
||||||
'ti_wptr' and 'ti_size' are used to control r/w access to the
|
|
||||||
information transfer buffer ti_buf[TI_BUFSZ=16]. In that,
|
|
||||||
|
|
||||||
'ti_rptr' is used as read index, where read occurs.
|
|
||||||
'ti_wptr' is a write index, where write would occur.
|
|
||||||
'ti_size' indicates total bytes to be read from the buffer.
|
|
||||||
|
|
||||||
While reading/writing to this buffer, index could exceed its
|
|
||||||
size. Add check to avoid OOB r/w access.
|
|
||||||
|
|
||||||
Reported-by: Huawei PSIRT <psirt@huawei.com>
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1465230883-22303-1-git-send-email-ppandit@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit ff589551c8e8e9e95e211b9d8daafb4ed39f1aec)
|
|
||||||
[BR: CVE-2016-5338 BSC#983982]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/esp.c | 20 +++++++++-----------
|
|
||||||
1 file changed, 9 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
||||||
index 591c817..3adb685 100644
|
|
||||||
--- a/hw/scsi/esp.c
|
|
||||||
+++ b/hw/scsi/esp.c
|
|
||||||
@@ -400,19 +400,17 @@ uint64_t esp_reg_read(ESPState *s, uint32_t saddr)
|
|
||||||
trace_esp_mem_readb(saddr, s->rregs[saddr]);
|
|
||||||
switch (saddr) {
|
|
||||||
case ESP_FIFO:
|
|
||||||
- if (s->ti_size > 0) {
|
|
||||||
+ if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
|
|
||||||
+ /* Data out. */
|
|
||||||
+ qemu_log_mask(LOG_UNIMP, "esp: PIO data read not implemented\n");
|
|
||||||
+ s->rregs[ESP_FIFO] = 0;
|
|
||||||
+ esp_raise_irq(s);
|
|
||||||
+ } else if (s->ti_rptr < s->ti_wptr) {
|
|
||||||
s->ti_size--;
|
|
||||||
- if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
|
|
||||||
- /* Data out. */
|
|
||||||
- qemu_log_mask(LOG_UNIMP,
|
|
||||||
- "esp: PIO data read not implemented\n");
|
|
||||||
- s->rregs[ESP_FIFO] = 0;
|
|
||||||
- } else {
|
|
||||||
- s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
|
|
||||||
- }
|
|
||||||
+ s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
|
|
||||||
esp_raise_irq(s);
|
|
||||||
}
|
|
||||||
- if (s->ti_size == 0) {
|
|
||||||
+ if (s->ti_rptr == s->ti_wptr) {
|
|
||||||
s->ti_rptr = 0;
|
|
||||||
s->ti_wptr = 0;
|
|
||||||
}
|
|
||||||
@@ -456,7 +454,7 @@ void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
|
|
||||||
} else {
|
|
||||||
trace_esp_error_fifo_overrun();
|
|
||||||
}
|
|
||||||
- } else if (s->ti_size == TI_BUFSZ - 1) {
|
|
||||||
+ } else if (s->ti_wptr == TI_BUFSZ - 1) {
|
|
||||||
trace_esp_error_fifo_overrun();
|
|
||||||
} else {
|
|
||||||
s->ti_size++;
|
|
@ -1,4 +1,4 @@
|
|||||||
From ddbfdd2c5396aa810a789f5cb681879f78cb693f Mon Sep 17 00:00:00 2001
|
From fceaaa771845a1fa7379539e77390b833dc9de3b Mon Sep 17 00:00:00 2001
|
||||||
From: Juergen Gross <jgross@suse.com>
|
From: Juergen Gross <jgross@suse.com>
|
||||||
Date: Tue, 2 Aug 2016 08:32:32 +0200
|
Date: Tue, 2 Aug 2016 08:32:32 +0200
|
||||||
Subject: [PATCH] xen: use a common function for pv and hvm guest backend
|
Subject: [PATCH] xen: use a common function for pv and hvm guest backend
|
@ -1,34 +0,0 @@
|
|||||||
From 702d446c9378b6d8415599780cf9f8bfb4c7cb9a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Wed, 25 May 2016 17:41:44 +0530
|
|
||||||
Subject: [PATCH] scsi: megasas: initialise local configuration data buffer
|
|
||||||
|
|
||||||
When reading MegaRAID SAS controller configuration via MegaRAID
|
|
||||||
Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read
|
|
||||||
uses an uninitialised local data buffer. Initialise this buffer
|
|
||||||
to avoid stack information leakage.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1464178304-12831-1-git-send-email-ppandit@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit d37af740730dbbb93960cd318e040372d04d6dcf)
|
|
||||||
[BR: CVE-2016-5105 982017]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/megasas.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
|
||||||
index 893448b..a9ffc32 100644
|
|
||||||
--- a/hw/scsi/megasas.c
|
|
||||||
+++ b/hw/scsi/megasas.c
|
|
||||||
@@ -1296,7 +1296,7 @@ static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd)
|
|
||||||
|
|
||||||
static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
|
|
||||||
{
|
|
||||||
- uint8_t data[4096];
|
|
||||||
+ uint8_t data[4096] = { 0 };
|
|
||||||
struct mfi_config_data *info;
|
|
||||||
int num_pd_disks = 0, array_offset, ld_offset;
|
|
||||||
BusChild *kid;
|
|
@ -1,36 +0,0 @@
|
|||||||
From 440a840f30f2439aece31ae59a5ee91675a78bb1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Tue, 31 May 2016 23:23:27 +0530
|
|
||||||
Subject: [PATCH] scsi: esp: check buffer length before reading scsi command
|
|
||||||
|
|
||||||
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
|
|
||||||
FIFO buffer. It is used to handle command and data transfer.
|
|
||||||
Routine get_cmd() in non-DMA mode, uses 'ti_size' to read scsi
|
|
||||||
command into a buffer. Add check to validate command length against
|
|
||||||
buffer size to avoid any overrun.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Message-Id: <1464717207-7549-1-git-send-email-ppandit@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a)
|
|
||||||
[BR: CVE-2016-5238 BSC#982959]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/esp.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
||||||
index 3adb685..4b94bbc 100644
|
|
||||||
--- a/hw/scsi/esp.c
|
|
||||||
+++ b/hw/scsi/esp.c
|
|
||||||
@@ -98,6 +98,9 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
|
|
||||||
s->dma_memory_read(s->dma_opaque, buf, dmalen);
|
|
||||||
} else {
|
|
||||||
dmalen = s->ti_size;
|
|
||||||
+ if (dmalen > TI_BUFSZ) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
memcpy(buf, s->ti_buf, dmalen);
|
|
||||||
buf[0] = buf[2] >> 5;
|
|
||||||
}
|
|
@ -1,29 +0,0 @@
|
|||||||
From 9b2c1b6e771f01757b93cc92625ef48903786291 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Date: Tue, 14 Jun 2016 15:10:24 +0200
|
|
||||||
Subject: [PATCH] scsi: esp: respect FIFO invariant after message phase
|
|
||||||
|
|
||||||
The FIFO contains two bytes; hence the write ptr should be two bytes ahead
|
|
||||||
of the read pointer.
|
|
||||||
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit d020aa504cec8f525b55ba2ef982c09dc847c72e)
|
|
||||||
[BR: CVE-2016-5238 BSC#982959]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/esp.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
||||||
index 4b94bbc..3f08598 100644
|
|
||||||
--- a/hw/scsi/esp.c
|
|
||||||
+++ b/hw/scsi/esp.c
|
|
||||||
@@ -222,7 +222,7 @@ static void write_response(ESPState *s)
|
|
||||||
} else {
|
|
||||||
s->ti_size = 2;
|
|
||||||
s->ti_rptr = 0;
|
|
||||||
- s->ti_wptr = 0;
|
|
||||||
+ s->ti_wptr = 2;
|
|
||||||
s->rregs[ESP_RFLAGS] = 2;
|
|
||||||
}
|
|
||||||
esp_raise_irq(s);
|
|
@ -1,52 +0,0 @@
|
|||||||
From f4fe76597dccb9017be71983c4204f21877fc69f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lin Ma <lma@suse.com>
|
|
||||||
Date: Thu, 16 Jun 2016 01:05:27 +0800
|
|
||||||
Subject: [PATCH] pci-assign: Move "Invalid ROM" error message to
|
|
||||||
pci-assign-load-rom.c
|
|
||||||
|
|
||||||
In function pci_assign_dev_load_option_rom, For those pci devices don't
|
|
||||||
have 'rom' file under sysfs or if loading ROM from external file, The
|
|
||||||
function returns NULL, and won't set the passed 'size' variable.
|
|
||||||
|
|
||||||
In these 2 cases, qemu still reports "Invalid ROM" error message, Users
|
|
||||||
may be confused by it.
|
|
||||||
|
|
||||||
Signed-off-by: Lin Ma <lma@suse.com>
|
|
||||||
Message-Id: <1466010327-22368-1-git-send-email-lma@suse.com>
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit be968c721ee9df49708691ab58f0e66b394dea82)
|
|
||||||
[BR: BSC#982927]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/i386/kvm/pci-assign.c | 4 ----
|
|
||||||
hw/i386/pci-assign-load-rom.c | 3 +++
|
|
||||||
2 files changed, 3 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
|
|
||||||
index bf425a2..8abce52 100644
|
|
||||||
--- a/hw/i386/kvm/pci-assign.c
|
|
||||||
+++ b/hw/i386/kvm/pci-assign.c
|
|
||||||
@@ -1891,8 +1891,4 @@ static void assigned_dev_load_option_rom(AssignedDevice *dev)
|
|
||||||
pci_assign_dev_load_option_rom(&dev->dev, OBJECT(dev), &size,
|
|
||||||
dev->host.domain, dev->host.bus,
|
|
||||||
dev->host.slot, dev->host.function);
|
|
||||||
-
|
|
||||||
- if (!size) {
|
|
||||||
- error_report("pci-assign: Invalid ROM.");
|
|
||||||
- }
|
|
||||||
}
|
|
||||||
diff --git a/hw/i386/pci-assign-load-rom.c b/hw/i386/pci-assign-load-rom.c
|
|
||||||
index 4bbb08c..0d8e4b2 100644
|
|
||||||
--- a/hw/i386/pci-assign-load-rom.c
|
|
||||||
+++ b/hw/i386/pci-assign-load-rom.c
|
|
||||||
@@ -40,6 +40,9 @@ void *pci_assign_dev_load_option_rom(PCIDevice *dev, struct Object *owner,
|
|
||||||
domain, bus, slot, function);
|
|
||||||
|
|
||||||
if (stat(rom_file, &st)) {
|
|
||||||
+ if (errno != ENOENT) {
|
|
||||||
+ error_report("pci-assign: Invalid ROM.");
|
|
||||||
+ }
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From a4b6bbf1139ebc70375c48afe99fccdd9dcaa501 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Bruce Rogers <brogers@suse.com>
|
|
||||||
Date: Tue, 26 Jul 2016 16:42:45 -0600
|
|
||||||
Subject: [PATCH] Xen PCI passthrough: fix passthrough failure when no
|
|
||||||
interrupt pin
|
|
||||||
|
|
||||||
Commit 5a11d0f7 mistakenly converted a log message into an error
|
|
||||||
condition when no pin interrupt is found for the pci device being
|
|
||||||
passed through. Revert that part of the commit.
|
|
||||||
|
|
||||||
[BR: BSC#981925, BSC#989250]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/xen/xen_pt.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
|
|
||||||
index f593b04..b6d71bb 100644
|
|
||||||
--- a/hw/xen/xen_pt.c
|
|
||||||
+++ b/hw/xen/xen_pt.c
|
|
||||||
@@ -842,7 +842,7 @@ static void xen_pt_realize(PCIDevice *d, Error **errp)
|
|
||||||
goto err_out;
|
|
||||||
}
|
|
||||||
if (!scratch) {
|
|
||||||
- error_setg(errp, "no pin interrupt");
|
|
||||||
+ XEN_PT_LOG(d, "no pin interrupt\n");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
@ -1,73 +0,0 @@
|
|||||||
From 20a82db8677dfb40288953ba296c372b66146f4d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Thu, 16 Jun 2016 00:22:35 +0200
|
|
||||||
Subject: [PATCH] scsi: esp: make cmdbuf big enough for maximum CDB size
|
|
||||||
|
|
||||||
While doing DMA read into ESP command buffer 's->cmdbuf', it could
|
|
||||||
write past the 's->cmdbuf' area, if it was transferring more than 16
|
|
||||||
bytes. Increase the command buffer size to 32, which is maximum when
|
|
||||||
's->do_cmd' is set, and add a check on 'len' to avoid OOB access.
|
|
||||||
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 926cde5f3e4d2504ed161ed0cb771ac7cad6fd11)
|
|
||||||
[BR: CVE-2016-6351 BSC#990835]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/scsi/esp.c | 6 ++++--
|
|
||||||
include/hw/scsi/esp.h | 3 ++-
|
|
||||||
2 files changed, 6 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
||||||
index 3f08598..9e318fd 100644
|
|
||||||
--- a/hw/scsi/esp.c
|
|
||||||
+++ b/hw/scsi/esp.c
|
|
||||||
@@ -249,6 +249,8 @@ static void esp_do_dma(ESPState *s)
|
|
||||||
len = s->dma_left;
|
|
||||||
if (s->do_cmd) {
|
|
||||||
trace_esp_do_dma(s->cmdlen, len);
|
|
||||||
+ assert (s->cmdlen <= sizeof(s->cmdbuf) &&
|
|
||||||
+ len <= sizeof(s->cmdbuf) - s->cmdlen);
|
|
||||||
s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
|
|
||||||
s->ti_size = 0;
|
|
||||||
s->cmdlen = 0;
|
|
||||||
@@ -348,7 +350,7 @@ static void handle_ti(ESPState *s)
|
|
||||||
s->dma_counter = dmalen;
|
|
||||||
|
|
||||||
if (s->do_cmd)
|
|
||||||
- minlen = (dmalen < 32) ? dmalen : 32;
|
|
||||||
+ minlen = (dmalen < ESP_CMDBUF_SZ) ? dmalen : ESP_CMDBUF_SZ;
|
|
||||||
else if (s->ti_size < 0)
|
|
||||||
minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
|
|
||||||
else
|
|
||||||
@@ -452,7 +454,7 @@ void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
|
|
||||||
break;
|
|
||||||
case ESP_FIFO:
|
|
||||||
if (s->do_cmd) {
|
|
||||||
- if (s->cmdlen < TI_BUFSZ) {
|
|
||||||
+ if (s->cmdlen < ESP_CMDBUF_SZ) {
|
|
||||||
s->cmdbuf[s->cmdlen++] = val & 0xff;
|
|
||||||
} else {
|
|
||||||
trace_esp_error_fifo_overrun();
|
|
||||||
diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h
|
|
||||||
index 6c79527..d2c4886 100644
|
|
||||||
--- a/include/hw/scsi/esp.h
|
|
||||||
+++ b/include/hw/scsi/esp.h
|
|
||||||
@@ -14,6 +14,7 @@ void esp_init(hwaddr espaddr, int it_shift,
|
|
||||||
|
|
||||||
#define ESP_REGS 16
|
|
||||||
#define TI_BUFSZ 16
|
|
||||||
+#define ESP_CMDBUF_SZ 32
|
|
||||||
|
|
||||||
typedef struct ESPState ESPState;
|
|
||||||
|
|
||||||
@@ -31,7 +32,7 @@ struct ESPState {
|
|
||||||
SCSIBus bus;
|
|
||||||
SCSIDevice *current_dev;
|
|
||||||
SCSIRequest *current_req;
|
|
||||||
- uint8_t cmdbuf[TI_BUFSZ];
|
|
||||||
+ uint8_t cmdbuf[ESP_CMDBUF_SZ];
|
|
||||||
uint32_t cmdlen;
|
|
||||||
uint32_t do_cmd;
|
|
||||||
|
|
@ -1,65 +0,0 @@
|
|||||||
From d9c626e4ede58130f64f24f4f9ca1140e4102a70 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Hajnoczi <stefanha@redhat.com>
|
|
||||||
Date: Tue, 19 Jul 2016 13:07:13 +0100
|
|
||||||
Subject: [PATCH] virtio: error out if guest exceeds virtqueue size
|
|
||||||
|
|
||||||
A broken or malicious guest can submit more requests than the virtqueue
|
|
||||||
size permits, causing unbounded memory allocation in QEMU.
|
|
||||||
|
|
||||||
The guest can submit requests without bothering to wait for completion
|
|
||||||
and is therefore not bound by virtqueue size. This requires reusing
|
|
||||||
vring descriptors in more than one request, which is not allowed by the
|
|
||||||
VIRTIO 1.0 specification.
|
|
||||||
|
|
||||||
In "3.2.1 Supplying Buffers to The Device", the VIRTIO 1.0 specification
|
|
||||||
says:
|
|
||||||
|
|
||||||
1. The driver places the buffer into free descriptor(s) in the
|
|
||||||
descriptor table, chaining as necessary
|
|
||||||
|
|
||||||
and
|
|
||||||
|
|
||||||
Note that the above code does not take precautions against the
|
|
||||||
available ring buffer wrapping around: this is not possible since the
|
|
||||||
ring buffer is the same size as the descriptor table, so step (1) will
|
|
||||||
prevent such a condition.
|
|
||||||
|
|
||||||
This implies that placing more buffers into the virtqueue than the
|
|
||||||
descriptor table size is not allowed.
|
|
||||||
|
|
||||||
QEMU is missing the check to prevent this case. Processing a request
|
|
||||||
allocates a VirtQueueElement leading to unbounded memory allocation
|
|
||||||
controlled by the guest.
|
|
||||||
|
|
||||||
Exit with an error if the guest provides more requests than the
|
|
||||||
virtqueue size permits. This bounds memory allocation and makes the
|
|
||||||
buggy guest visible to the user.
|
|
||||||
|
|
||||||
This patch fixes CVE-2016-5403 and was reported by Zhenhao Hong from 360
|
|
||||||
Marvel Team, China.
|
|
||||||
|
|
||||||
Reported-by: Zhenhao Hong <hongzhenhao@360.cn>
|
|
||||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
||||||
(cherry picked from commit afd9096eb1882f23929f5b5c177898ed231bac66)
|
|
||||||
[BR: CVE-2016-5403 BSC#991080]
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
---
|
|
||||||
hw/virtio/virtio.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
|
||||||
index 30ede3d..e5ead0d 100644
|
|
||||||
--- a/hw/virtio/virtio.c
|
|
||||||
+++ b/hw/virtio/virtio.c
|
|
||||||
@@ -561,6 +561,11 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
|
|
||||||
|
|
||||||
max = vq->vring.num;
|
|
||||||
|
|
||||||
+ if (vq->inuse >= vq->vring.num) {
|
|
||||||
+ error_report("Virtqueue size exceeded");
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
|
|
||||||
if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
|
|
||||||
vring_set_avail_event(vq, vq->last_avail_idx);
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:c9ac4a651b273233d21b8bec32e30507cb9cce7900841febc330956a1a8434ec
|
|
||||||
size 25755267
|
|
Binary file not shown.
3
qemu-2.6.1.tar.bz2
Normal file
3
qemu-2.6.1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:4942fd1b6ee31f2f55ffc2201dd7397e6b9c55a2ef332e6d660c730d268e08d1
|
||||||
|
size 25762855
|
BIN
qemu-2.6.1.tar.bz2.sig
Normal file
BIN
qemu-2.6.1.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,3 +1,62 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 17 20:25:13 UTC 2016 - brogers@suse.com
|
||||||
|
|
||||||
|
- Update to v2.6.1 a stable, bug-fix-only release (fate#316228)
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||||
|
* Patches dropped (upstreamed):
|
||||||
|
0041-net-mipsnet-check-packet-length-aga.patch
|
||||||
|
0042-i386-kvmvapic-initialise-imm32-vari.patch
|
||||||
|
0043-esp-check-command-buffer-length-bef.patch
|
||||||
|
0044-esp-check-dma-length-before-reading.patch
|
||||||
|
0045-scsi-pvscsi-check-command-descripto.patch
|
||||||
|
0046-scsi-mptsas-infinite-loop-while-fet.patch
|
||||||
|
0047-vga-add-sr_vbe-register-set.patch
|
||||||
|
0048-scsi-megasas-use-appropriate-proper.patch
|
||||||
|
0049-scsi-megasas-check-read_queue_head-.patch
|
||||||
|
0050-scsi-megasas-null-terminate-bios-ve.patch
|
||||||
|
0051-vmsvga-move-fifo-sanity-checks-to-v.patch
|
||||||
|
0052-vmsvga-don-t-process-more-than-1024.patch
|
||||||
|
0053-block-iscsi-avoid-potential-overflo.patch
|
||||||
|
0054-scsi-esp-check-TI-buffer-index-befo.patch
|
||||||
|
0060-scsi-megasas-initialise-local-confi.patch
|
||||||
|
0065-scsi-esp-check-buffer-length-before.patch
|
||||||
|
0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||||
|
0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||||
|
0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||||
|
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||||
|
0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||||
|
* Patches renamed:
|
||||||
|
0055-xen-introduce-dummy-system-device.patch
|
||||||
|
-> 0041-xen-introduce-dummy-system-device.patch
|
||||||
|
0056-xen-write-information-about-support.patch
|
||||||
|
-> 0042-xen-write-information-about-support.patch
|
||||||
|
0057-xen-add-pvUSB-backend.patch
|
||||||
|
-> 0043-xen-add-pvUSB-backend.patch
|
||||||
|
0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
|
-> 0044-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
|
0059-vnc-add-configurable-keyboard-delay.patch
|
||||||
|
-> 0045-vnc-add-configurable-keyboard-delay.patch
|
||||||
|
0061-configure-add-echo_version-helper.patch
|
||||||
|
-> 0046-configure-add-echo_version-helper.patch
|
||||||
|
0062-configure-support-vte-2.91.patch
|
||||||
|
-> 0047-configure-support-vte-2.91.patch
|
||||||
|
0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
|
-> 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
|
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
|
-> 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
|
0070-scsi-esp-fix-migration.patch
|
||||||
|
-> 0050-scsi-esp-fix-migration.patch
|
||||||
|
0072-xen-when-removing-a-backend-don-t-r.patch
|
||||||
|
-> 0051-xen-when-removing-a-backend-don-t-r.patch
|
||||||
|
0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
|
-> 0052-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
|
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
|
-> 0053-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
|
0075-qemu-bridge-helper-reduce-security-.patch
|
||||||
|
-> 0054-qemu-bridge-helper-reduce-security-.patch
|
||||||
|
0076-xen-use-a-common-function-for-pv-an.patch
|
||||||
|
-> 0055-xen-use-a-common-function-for-pv-an.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Aug 3 17:09:11 UTC 2016 - brogers@suse.com
|
Wed Aug 3 17:09:11 UTC 2016 - brogers@suse.com
|
||||||
|
|
||||||
|
@ -21,9 +21,9 @@ Url: http://www.qemu.org/
|
|||||||
Summary: Universal CPU emulator
|
Summary: Universal CPU emulator
|
||||||
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||||
Group: System/Emulators/PC
|
Group: System/Emulators/PC
|
||||||
Version: 2.6.0
|
Version: 2.6.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
|
Source: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2
|
||||||
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
|
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
|
||||||
Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch
|
Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch
|
||||||
Patch0002: 0002-qemu-0.9.0.cvs-binfmt.patch
|
Patch0002: 0002-qemu-0.9.0.cvs-binfmt.patch
|
||||||
@ -65,42 +65,21 @@ Patch0037: 0037-dictzip-Fix-on-big-endian-systems.patch
|
|||||||
Patch0038: 0038-block-split-large-discard-requests-.patch
|
Patch0038: 0038-block-split-large-discard-requests-.patch
|
||||||
Patch0039: 0039-xen_disk-Add-suse-specific-flush-di.patch
|
Patch0039: 0039-xen_disk-Add-suse-specific-flush-di.patch
|
||||||
Patch0040: 0040-build-link-with-libatomic-on-powerp.patch
|
Patch0040: 0040-build-link-with-libatomic-on-powerp.patch
|
||||||
Patch0041: 0041-net-mipsnet-check-packet-length-aga.patch
|
Patch0041: 0041-xen-introduce-dummy-system-device.patch
|
||||||
Patch0042: 0042-i386-kvmvapic-initialise-imm32-vari.patch
|
Patch0042: 0042-xen-write-information-about-support.patch
|
||||||
Patch0043: 0043-esp-check-command-buffer-length-bef.patch
|
Patch0043: 0043-xen-add-pvUSB-backend.patch
|
||||||
Patch0044: 0044-esp-check-dma-length-before-reading.patch
|
Patch0044: 0044-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
Patch0045: 0045-scsi-pvscsi-check-command-descripto.patch
|
Patch0045: 0045-vnc-add-configurable-keyboard-delay.patch
|
||||||
Patch0046: 0046-scsi-mptsas-infinite-loop-while-fet.patch
|
Patch0046: 0046-configure-add-echo_version-helper.patch
|
||||||
Patch0047: 0047-vga-add-sr_vbe-register-set.patch
|
Patch0047: 0047-configure-support-vte-2.91.patch
|
||||||
Patch0048: 0048-scsi-megasas-use-appropriate-proper.patch
|
Patch0048: 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
Patch0049: 0049-scsi-megasas-check-read_queue_head-.patch
|
Patch0049: 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
Patch0050: 0050-scsi-megasas-null-terminate-bios-ve.patch
|
Patch0050: 0050-scsi-esp-fix-migration.patch
|
||||||
Patch0051: 0051-vmsvga-move-fifo-sanity-checks-to-v.patch
|
Patch0051: 0051-xen-when-removing-a-backend-don-t-r.patch
|
||||||
Patch0052: 0052-vmsvga-don-t-process-more-than-1024.patch
|
Patch0052: 0052-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
Patch0053: 0053-block-iscsi-avoid-potential-overflo.patch
|
Patch0053: 0053-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
Patch0054: 0054-scsi-esp-check-TI-buffer-index-befo.patch
|
Patch0054: 0054-qemu-bridge-helper-reduce-security-.patch
|
||||||
Patch0055: 0055-xen-introduce-dummy-system-device.patch
|
Patch0055: 0055-xen-use-a-common-function-for-pv-an.patch
|
||||||
Patch0056: 0056-xen-write-information-about-support.patch
|
|
||||||
Patch0057: 0057-xen-add-pvUSB-backend.patch
|
|
||||||
Patch0058: 0058-xen-move-xen_sysdev-to-xen_backend..patch
|
|
||||||
Patch0059: 0059-vnc-add-configurable-keyboard-delay.patch
|
|
||||||
Patch0060: 0060-scsi-megasas-initialise-local-confi.patch
|
|
||||||
Patch0061: 0061-configure-add-echo_version-helper.patch
|
|
||||||
Patch0062: 0062-configure-support-vte-2.91.patch
|
|
||||||
Patch0063: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
|
||||||
Patch0064: 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
|
||||||
Patch0065: 0065-scsi-esp-check-buffer-length-before.patch
|
|
||||||
Patch0066: 0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
|
||||||
Patch0067: 0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
|
||||||
Patch0068: 0068-Xen-PCI-passthrough-fix-passthrough.patch
|
|
||||||
Patch0069: 0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
|
||||||
Patch0070: 0070-scsi-esp-fix-migration.patch
|
|
||||||
Patch0071: 0071-virtio-error-out-if-guest-exceeds-v.patch
|
|
||||||
Patch0072: 0072-xen-when-removing-a-backend-don-t-r.patch
|
|
||||||
Patch0073: 0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
|
||||||
Patch0074: 0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
|
||||||
Patch0075: 0075-qemu-bridge-helper-reduce-security-.patch
|
|
||||||
Patch0076: 0076-xen-use-a-common-function-for-pv-an.patch
|
|
||||||
# Please do not add patches manually here, run update_git.sh.
|
# Please do not add patches manually here, run update_git.sh.
|
||||||
# this is to make lint happy
|
# this is to make lint happy
|
||||||
Source300: qemu-rpmlintrc
|
Source300: qemu-rpmlintrc
|
||||||
@ -153,7 +132,7 @@ emulations. This can be used together with the OBS build script to
|
|||||||
run cross-architecture builds.
|
run cross-architecture builds.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n qemu-2.6.0
|
%setup -q -n qemu-2.6.1
|
||||||
%patch0001 -p1
|
%patch0001 -p1
|
||||||
%patch0002 -p1
|
%patch0002 -p1
|
||||||
%patch0003 -p1
|
%patch0003 -p1
|
||||||
@ -209,27 +188,6 @@ run cross-architecture builds.
|
|||||||
%patch0053 -p1
|
%patch0053 -p1
|
||||||
%patch0054 -p1
|
%patch0054 -p1
|
||||||
%patch0055 -p1
|
%patch0055 -p1
|
||||||
%patch0056 -p1
|
|
||||||
%patch0057 -p1
|
|
||||||
%patch0058 -p1
|
|
||||||
%patch0059 -p1
|
|
||||||
%patch0060 -p1
|
|
||||||
%patch0061 -p1
|
|
||||||
%patch0062 -p1
|
|
||||||
%patch0063 -p1
|
|
||||||
%patch0064 -p1
|
|
||||||
%patch0065 -p1
|
|
||||||
%patch0066 -p1
|
|
||||||
%patch0067 -p1
|
|
||||||
%patch0068 -p1
|
|
||||||
%patch0069 -p1
|
|
||||||
%patch0070 -p1
|
|
||||||
%patch0071 -p1
|
|
||||||
%patch0072 -p1
|
|
||||||
%patch0073 -p1
|
|
||||||
%patch0074 -p1
|
|
||||||
%patch0075 -p1
|
|
||||||
%patch0076 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
|
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
|
||||||
|
@ -23,7 +23,7 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
|||||||
Group: System/Emulators/PC
|
Group: System/Emulators/PC
|
||||||
QEMU_VERSION
|
QEMU_VERSION
|
||||||
Release: 0
|
Release: 0
|
||||||
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
|
Source: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2
|
||||||
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
|
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
|
||||||
PATCH_FILES
|
PATCH_FILES
|
||||||
# Please do not add patches manually here, run update_git.sh.
|
# Please do not add patches manually here, run update_git.sh.
|
||||||
@ -78,7 +78,7 @@ emulations. This can be used together with the OBS build script to
|
|||||||
run cross-architecture builds.
|
run cross-architecture builds.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n qemu-2.6.0
|
%setup -q -n qemu-2.6.1
|
||||||
PATCH_EXEC
|
PATCH_EXEC
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
@ -1,3 +1,62 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 17 20:25:13 UTC 2016 - brogers@suse.com
|
||||||
|
|
||||||
|
- Update to v2.6.1 a stable, bug-fix-only release (fate#316228)
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||||
|
* Patches dropped (upstreamed):
|
||||||
|
0041-net-mipsnet-check-packet-length-aga.patch
|
||||||
|
0042-i386-kvmvapic-initialise-imm32-vari.patch
|
||||||
|
0043-esp-check-command-buffer-length-bef.patch
|
||||||
|
0044-esp-check-dma-length-before-reading.patch
|
||||||
|
0045-scsi-pvscsi-check-command-descripto.patch
|
||||||
|
0046-scsi-mptsas-infinite-loop-while-fet.patch
|
||||||
|
0047-vga-add-sr_vbe-register-set.patch
|
||||||
|
0048-scsi-megasas-use-appropriate-proper.patch
|
||||||
|
0049-scsi-megasas-check-read_queue_head-.patch
|
||||||
|
0050-scsi-megasas-null-terminate-bios-ve.patch
|
||||||
|
0051-vmsvga-move-fifo-sanity-checks-to-v.patch
|
||||||
|
0052-vmsvga-don-t-process-more-than-1024.patch
|
||||||
|
0053-block-iscsi-avoid-potential-overflo.patch
|
||||||
|
0054-scsi-esp-check-TI-buffer-index-befo.patch
|
||||||
|
0060-scsi-megasas-initialise-local-confi.patch
|
||||||
|
0065-scsi-esp-check-buffer-length-before.patch
|
||||||
|
0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||||
|
0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||||
|
0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||||
|
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||||
|
0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||||
|
* Patches renamed:
|
||||||
|
0055-xen-introduce-dummy-system-device.patch
|
||||||
|
-> 0041-xen-introduce-dummy-system-device.patch
|
||||||
|
0056-xen-write-information-about-support.patch
|
||||||
|
-> 0042-xen-write-information-about-support.patch
|
||||||
|
0057-xen-add-pvUSB-backend.patch
|
||||||
|
-> 0043-xen-add-pvUSB-backend.patch
|
||||||
|
0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
|
-> 0044-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
|
0059-vnc-add-configurable-keyboard-delay.patch
|
||||||
|
-> 0045-vnc-add-configurable-keyboard-delay.patch
|
||||||
|
0061-configure-add-echo_version-helper.patch
|
||||||
|
-> 0046-configure-add-echo_version-helper.patch
|
||||||
|
0062-configure-support-vte-2.91.patch
|
||||||
|
-> 0047-configure-support-vte-2.91.patch
|
||||||
|
0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
|
-> 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
|
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
|
-> 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
|
0070-scsi-esp-fix-migration.patch
|
||||||
|
-> 0050-scsi-esp-fix-migration.patch
|
||||||
|
0072-xen-when-removing-a-backend-don-t-r.patch
|
||||||
|
-> 0051-xen-when-removing-a-backend-don-t-r.patch
|
||||||
|
0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
|
-> 0052-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
|
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
|
-> 0053-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
|
0075-qemu-bridge-helper-reduce-security-.patch
|
||||||
|
-> 0054-qemu-bridge-helper-reduce-security-.patch
|
||||||
|
0076-xen-use-a-common-function-for-pv-an.patch
|
||||||
|
-> 0055-xen-use-a-common-function-for-pv-an.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Aug 3 21:36:14 UTC 2016 - brogers@suse.com
|
Wed Aug 3 21:36:14 UTC 2016 - brogers@suse.com
|
||||||
|
|
||||||
|
@ -71,10 +71,10 @@ Url: http://www.qemu.org/
|
|||||||
Summary: Universal CPU emulator
|
Summary: Universal CPU emulator
|
||||||
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||||
Group: System/Emulators/PC
|
Group: System/Emulators/PC
|
||||||
Version: 2.6.0
|
Version: 2.6.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
|
Source: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2
|
||||||
Source99: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2.sig
|
Source99: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2.sig
|
||||||
Source1: 80-kvm.rules
|
Source1: 80-kvm.rules
|
||||||
Source2: qemu-ifup
|
Source2: qemu-ifup
|
||||||
Source3: kvm_stat
|
Source3: kvm_stat
|
||||||
@ -127,42 +127,21 @@ Patch0037: 0037-dictzip-Fix-on-big-endian-systems.patch
|
|||||||
Patch0038: 0038-block-split-large-discard-requests-.patch
|
Patch0038: 0038-block-split-large-discard-requests-.patch
|
||||||
Patch0039: 0039-xen_disk-Add-suse-specific-flush-di.patch
|
Patch0039: 0039-xen_disk-Add-suse-specific-flush-di.patch
|
||||||
Patch0040: 0040-build-link-with-libatomic-on-powerp.patch
|
Patch0040: 0040-build-link-with-libatomic-on-powerp.patch
|
||||||
Patch0041: 0041-net-mipsnet-check-packet-length-aga.patch
|
Patch0041: 0041-xen-introduce-dummy-system-device.patch
|
||||||
Patch0042: 0042-i386-kvmvapic-initialise-imm32-vari.patch
|
Patch0042: 0042-xen-write-information-about-support.patch
|
||||||
Patch0043: 0043-esp-check-command-buffer-length-bef.patch
|
Patch0043: 0043-xen-add-pvUSB-backend.patch
|
||||||
Patch0044: 0044-esp-check-dma-length-before-reading.patch
|
Patch0044: 0044-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
Patch0045: 0045-scsi-pvscsi-check-command-descripto.patch
|
Patch0045: 0045-vnc-add-configurable-keyboard-delay.patch
|
||||||
Patch0046: 0046-scsi-mptsas-infinite-loop-while-fet.patch
|
Patch0046: 0046-configure-add-echo_version-helper.patch
|
||||||
Patch0047: 0047-vga-add-sr_vbe-register-set.patch
|
Patch0047: 0047-configure-support-vte-2.91.patch
|
||||||
Patch0048: 0048-scsi-megasas-use-appropriate-proper.patch
|
Patch0048: 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
Patch0049: 0049-scsi-megasas-check-read_queue_head-.patch
|
Patch0049: 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
Patch0050: 0050-scsi-megasas-null-terminate-bios-ve.patch
|
Patch0050: 0050-scsi-esp-fix-migration.patch
|
||||||
Patch0051: 0051-vmsvga-move-fifo-sanity-checks-to-v.patch
|
Patch0051: 0051-xen-when-removing-a-backend-don-t-r.patch
|
||||||
Patch0052: 0052-vmsvga-don-t-process-more-than-1024.patch
|
Patch0052: 0052-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
Patch0053: 0053-block-iscsi-avoid-potential-overflo.patch
|
Patch0053: 0053-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
Patch0054: 0054-scsi-esp-check-TI-buffer-index-befo.patch
|
Patch0054: 0054-qemu-bridge-helper-reduce-security-.patch
|
||||||
Patch0055: 0055-xen-introduce-dummy-system-device.patch
|
Patch0055: 0055-xen-use-a-common-function-for-pv-an.patch
|
||||||
Patch0056: 0056-xen-write-information-about-support.patch
|
|
||||||
Patch0057: 0057-xen-add-pvUSB-backend.patch
|
|
||||||
Patch0058: 0058-xen-move-xen_sysdev-to-xen_backend..patch
|
|
||||||
Patch0059: 0059-vnc-add-configurable-keyboard-delay.patch
|
|
||||||
Patch0060: 0060-scsi-megasas-initialise-local-confi.patch
|
|
||||||
Patch0061: 0061-configure-add-echo_version-helper.patch
|
|
||||||
Patch0062: 0062-configure-support-vte-2.91.patch
|
|
||||||
Patch0063: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
|
||||||
Patch0064: 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
|
||||||
Patch0065: 0065-scsi-esp-check-buffer-length-before.patch
|
|
||||||
Patch0066: 0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
|
||||||
Patch0067: 0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
|
||||||
Patch0068: 0068-Xen-PCI-passthrough-fix-passthrough.patch
|
|
||||||
Patch0069: 0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
|
||||||
Patch0070: 0070-scsi-esp-fix-migration.patch
|
|
||||||
Patch0071: 0071-virtio-error-out-if-guest-exceeds-v.patch
|
|
||||||
Patch0072: 0072-xen-when-removing-a-backend-don-t-r.patch
|
|
||||||
Patch0073: 0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
|
||||||
Patch0074: 0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
|
||||||
Patch0075: 0075-qemu-bridge-helper-reduce-security-.patch
|
|
||||||
Patch0076: 0076-xen-use-a-common-function-for-pv-an.patch
|
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
|
|
||||||
@ -742,7 +721,7 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%endif # !qemu-testsuite
|
%endif # !qemu-testsuite
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n qemu-2.6.0
|
%setup -q -n qemu-2.6.1
|
||||||
%patch0001 -p1
|
%patch0001 -p1
|
||||||
%patch0002 -p1
|
%patch0002 -p1
|
||||||
%patch0003 -p1
|
%patch0003 -p1
|
||||||
@ -798,27 +777,6 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%patch0053 -p1
|
%patch0053 -p1
|
||||||
%patch0054 -p1
|
%patch0054 -p1
|
||||||
%patch0055 -p1
|
%patch0055 -p1
|
||||||
%patch0056 -p1
|
|
||||||
%patch0057 -p1
|
|
||||||
%patch0058 -p1
|
|
||||||
%patch0059 -p1
|
|
||||||
%patch0060 -p1
|
|
||||||
%patch0061 -p1
|
|
||||||
%patch0062 -p1
|
|
||||||
%patch0063 -p1
|
|
||||||
%patch0064 -p1
|
|
||||||
%patch0065 -p1
|
|
||||||
%patch0066 -p1
|
|
||||||
%patch0067 -p1
|
|
||||||
%patch0068 -p1
|
|
||||||
%patch0069 -p1
|
|
||||||
%patch0070 -p1
|
|
||||||
%patch0071 -p1
|
|
||||||
%patch0072 -p1
|
|
||||||
%patch0073 -p1
|
|
||||||
%patch0074 -p1
|
|
||||||
%patch0075 -p1
|
|
||||||
%patch0076 -p1
|
|
||||||
|
|
||||||
%if %{build_x86_fw_from_source}
|
%if %{build_x86_fw_from_source}
|
||||||
pushd roms/seabios
|
pushd roms/seabios
|
||||||
|
59
qemu.changes
59
qemu.changes
@ -1,3 +1,62 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 17 20:25:13 UTC 2016 - brogers@suse.com
|
||||||
|
|
||||||
|
- Update to v2.6.1 a stable, bug-fix-only release (fate#316228)
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||||
|
* Patches dropped (upstreamed):
|
||||||
|
0041-net-mipsnet-check-packet-length-aga.patch
|
||||||
|
0042-i386-kvmvapic-initialise-imm32-vari.patch
|
||||||
|
0043-esp-check-command-buffer-length-bef.patch
|
||||||
|
0044-esp-check-dma-length-before-reading.patch
|
||||||
|
0045-scsi-pvscsi-check-command-descripto.patch
|
||||||
|
0046-scsi-mptsas-infinite-loop-while-fet.patch
|
||||||
|
0047-vga-add-sr_vbe-register-set.patch
|
||||||
|
0048-scsi-megasas-use-appropriate-proper.patch
|
||||||
|
0049-scsi-megasas-check-read_queue_head-.patch
|
||||||
|
0050-scsi-megasas-null-terminate-bios-ve.patch
|
||||||
|
0051-vmsvga-move-fifo-sanity-checks-to-v.patch
|
||||||
|
0052-vmsvga-don-t-process-more-than-1024.patch
|
||||||
|
0053-block-iscsi-avoid-potential-overflo.patch
|
||||||
|
0054-scsi-esp-check-TI-buffer-index-befo.patch
|
||||||
|
0060-scsi-megasas-initialise-local-confi.patch
|
||||||
|
0065-scsi-esp-check-buffer-length-before.patch
|
||||||
|
0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||||
|
0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||||
|
0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||||
|
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||||
|
0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||||
|
* Patches renamed:
|
||||||
|
0055-xen-introduce-dummy-system-device.patch
|
||||||
|
-> 0041-xen-introduce-dummy-system-device.patch
|
||||||
|
0056-xen-write-information-about-support.patch
|
||||||
|
-> 0042-xen-write-information-about-support.patch
|
||||||
|
0057-xen-add-pvUSB-backend.patch
|
||||||
|
-> 0043-xen-add-pvUSB-backend.patch
|
||||||
|
0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
|
-> 0044-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
|
0059-vnc-add-configurable-keyboard-delay.patch
|
||||||
|
-> 0045-vnc-add-configurable-keyboard-delay.patch
|
||||||
|
0061-configure-add-echo_version-helper.patch
|
||||||
|
-> 0046-configure-add-echo_version-helper.patch
|
||||||
|
0062-configure-support-vte-2.91.patch
|
||||||
|
-> 0047-configure-support-vte-2.91.patch
|
||||||
|
0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
|
-> 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
|
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
|
-> 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
|
0070-scsi-esp-fix-migration.patch
|
||||||
|
-> 0050-scsi-esp-fix-migration.patch
|
||||||
|
0072-xen-when-removing-a-backend-don-t-r.patch
|
||||||
|
-> 0051-xen-when-removing-a-backend-don-t-r.patch
|
||||||
|
0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
|
-> 0052-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
|
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
|
-> 0053-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
|
0075-qemu-bridge-helper-reduce-security-.patch
|
||||||
|
-> 0054-qemu-bridge-helper-reduce-security-.patch
|
||||||
|
0076-xen-use-a-common-function-for-pv-an.patch
|
||||||
|
-> 0055-xen-use-a-common-function-for-pv-an.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Aug 3 21:36:14 UTC 2016 - brogers@suse.com
|
Wed Aug 3 21:36:14 UTC 2016 - brogers@suse.com
|
||||||
|
|
||||||
|
80
qemu.spec
80
qemu.spec
@ -71,10 +71,10 @@ Url: http://www.qemu.org/
|
|||||||
Summary: Universal CPU emulator
|
Summary: Universal CPU emulator
|
||||||
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||||
Group: System/Emulators/PC
|
Group: System/Emulators/PC
|
||||||
Version: 2.6.0
|
Version: 2.6.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
|
Source: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2
|
||||||
Source99: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2.sig
|
Source99: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2.sig
|
||||||
Source1: 80-kvm.rules
|
Source1: 80-kvm.rules
|
||||||
Source2: qemu-ifup
|
Source2: qemu-ifup
|
||||||
Source3: kvm_stat
|
Source3: kvm_stat
|
||||||
@ -127,42 +127,21 @@ Patch0037: 0037-dictzip-Fix-on-big-endian-systems.patch
|
|||||||
Patch0038: 0038-block-split-large-discard-requests-.patch
|
Patch0038: 0038-block-split-large-discard-requests-.patch
|
||||||
Patch0039: 0039-xen_disk-Add-suse-specific-flush-di.patch
|
Patch0039: 0039-xen_disk-Add-suse-specific-flush-di.patch
|
||||||
Patch0040: 0040-build-link-with-libatomic-on-powerp.patch
|
Patch0040: 0040-build-link-with-libatomic-on-powerp.patch
|
||||||
Patch0041: 0041-net-mipsnet-check-packet-length-aga.patch
|
Patch0041: 0041-xen-introduce-dummy-system-device.patch
|
||||||
Patch0042: 0042-i386-kvmvapic-initialise-imm32-vari.patch
|
Patch0042: 0042-xen-write-information-about-support.patch
|
||||||
Patch0043: 0043-esp-check-command-buffer-length-bef.patch
|
Patch0043: 0043-xen-add-pvUSB-backend.patch
|
||||||
Patch0044: 0044-esp-check-dma-length-before-reading.patch
|
Patch0044: 0044-xen-move-xen_sysdev-to-xen_backend..patch
|
||||||
Patch0045: 0045-scsi-pvscsi-check-command-descripto.patch
|
Patch0045: 0045-vnc-add-configurable-keyboard-delay.patch
|
||||||
Patch0046: 0046-scsi-mptsas-infinite-loop-while-fet.patch
|
Patch0046: 0046-configure-add-echo_version-helper.patch
|
||||||
Patch0047: 0047-vga-add-sr_vbe-register-set.patch
|
Patch0047: 0047-configure-support-vte-2.91.patch
|
||||||
Patch0048: 0048-scsi-megasas-use-appropriate-proper.patch
|
Patch0048: 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||||
Patch0049: 0049-scsi-megasas-check-read_queue_head-.patch
|
Patch0049: 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||||
Patch0050: 0050-scsi-megasas-null-terminate-bios-ve.patch
|
Patch0050: 0050-scsi-esp-fix-migration.patch
|
||||||
Patch0051: 0051-vmsvga-move-fifo-sanity-checks-to-v.patch
|
Patch0051: 0051-xen-when-removing-a-backend-don-t-r.patch
|
||||||
Patch0052: 0052-vmsvga-don-t-process-more-than-1024.patch
|
Patch0052: 0052-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||||
Patch0053: 0053-block-iscsi-avoid-potential-overflo.patch
|
Patch0053: 0053-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||||
Patch0054: 0054-scsi-esp-check-TI-buffer-index-befo.patch
|
Patch0054: 0054-qemu-bridge-helper-reduce-security-.patch
|
||||||
Patch0055: 0055-xen-introduce-dummy-system-device.patch
|
Patch0055: 0055-xen-use-a-common-function-for-pv-an.patch
|
||||||
Patch0056: 0056-xen-write-information-about-support.patch
|
|
||||||
Patch0057: 0057-xen-add-pvUSB-backend.patch
|
|
||||||
Patch0058: 0058-xen-move-xen_sysdev-to-xen_backend..patch
|
|
||||||
Patch0059: 0059-vnc-add-configurable-keyboard-delay.patch
|
|
||||||
Patch0060: 0060-scsi-megasas-initialise-local-confi.patch
|
|
||||||
Patch0061: 0061-configure-add-echo_version-helper.patch
|
|
||||||
Patch0062: 0062-configure-support-vte-2.91.patch
|
|
||||||
Patch0063: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
|
||||||
Patch0064: 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
|
||||||
Patch0065: 0065-scsi-esp-check-buffer-length-before.patch
|
|
||||||
Patch0066: 0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
|
||||||
Patch0067: 0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
|
||||||
Patch0068: 0068-Xen-PCI-passthrough-fix-passthrough.patch
|
|
||||||
Patch0069: 0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
|
||||||
Patch0070: 0070-scsi-esp-fix-migration.patch
|
|
||||||
Patch0071: 0071-virtio-error-out-if-guest-exceeds-v.patch
|
|
||||||
Patch0072: 0072-xen-when-removing-a-backend-don-t-r.patch
|
|
||||||
Patch0073: 0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
|
||||||
Patch0074: 0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
|
||||||
Patch0075: 0075-qemu-bridge-helper-reduce-security-.patch
|
|
||||||
Patch0076: 0076-xen-use-a-common-function-for-pv-an.patch
|
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
|
|
||||||
@ -742,7 +721,7 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%endif # !qemu-testsuite
|
%endif # !qemu-testsuite
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n qemu-2.6.0
|
%setup -q -n qemu-2.6.1
|
||||||
%patch0001 -p1
|
%patch0001 -p1
|
||||||
%patch0002 -p1
|
%patch0002 -p1
|
||||||
%patch0003 -p1
|
%patch0003 -p1
|
||||||
@ -798,27 +777,6 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%patch0053 -p1
|
%patch0053 -p1
|
||||||
%patch0054 -p1
|
%patch0054 -p1
|
||||||
%patch0055 -p1
|
%patch0055 -p1
|
||||||
%patch0056 -p1
|
|
||||||
%patch0057 -p1
|
|
||||||
%patch0058 -p1
|
|
||||||
%patch0059 -p1
|
|
||||||
%patch0060 -p1
|
|
||||||
%patch0061 -p1
|
|
||||||
%patch0062 -p1
|
|
||||||
%patch0063 -p1
|
|
||||||
%patch0064 -p1
|
|
||||||
%patch0065 -p1
|
|
||||||
%patch0066 -p1
|
|
||||||
%patch0067 -p1
|
|
||||||
%patch0068 -p1
|
|
||||||
%patch0069 -p1
|
|
||||||
%patch0070 -p1
|
|
||||||
%patch0071 -p1
|
|
||||||
%patch0072 -p1
|
|
||||||
%patch0073 -p1
|
|
||||||
%patch0074 -p1
|
|
||||||
%patch0075 -p1
|
|
||||||
%patch0076 -p1
|
|
||||||
|
|
||||||
%if %{build_x86_fw_from_source}
|
%if %{build_x86_fw_from_source}
|
||||||
pushd roms/seabios
|
pushd roms/seabios
|
||||||
|
@ -73,8 +73,8 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
|||||||
Group: System/Emulators/PC
|
Group: System/Emulators/PC
|
||||||
QEMU_VERSION
|
QEMU_VERSION
|
||||||
Release: 0
|
Release: 0
|
||||||
Source: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2
|
Source: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2
|
||||||
Source99: http://wiki.qemu.org/download/qemu-2.6.0.tar.bz2.sig
|
Source99: http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2.sig
|
||||||
Source1: 80-kvm.rules
|
Source1: 80-kvm.rules
|
||||||
Source2: qemu-ifup
|
Source2: qemu-ifup
|
||||||
Source3: kvm_stat
|
Source3: kvm_stat
|
||||||
@ -667,7 +667,7 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%endif # !qemu-testsuite
|
%endif # !qemu-testsuite
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n qemu-2.6.0
|
%setup -q -n qemu-2.6.1
|
||||||
PATCH_EXEC
|
PATCH_EXEC
|
||||||
|
|
||||||
%if %{build_x86_fw_from_source}
|
%if %{build_x86_fw_from_source}
|
||||||
|
@ -14,7 +14,7 @@ set -e
|
|||||||
GIT_TREE=git://github.com/openSUSE/qemu.git
|
GIT_TREE=git://github.com/openSUSE/qemu.git
|
||||||
GIT_LOCAL_TREE=~/git/qemu-opensuse
|
GIT_LOCAL_TREE=~/git/qemu-opensuse
|
||||||
GIT_BRANCH=opensuse-2.6
|
GIT_BRANCH=opensuse-2.6
|
||||||
GIT_UPSTREAM_TAG=v2.6.0
|
GIT_UPSTREAM_TAG=v2.6.1
|
||||||
GIT_DIR=/dev/shm/qemu-factory-git-dir
|
GIT_DIR=/dev/shm/qemu-factory-git-dir
|
||||||
CMP_DIR=/dev/shm/qemu-factory-cmp-dir
|
CMP_DIR=/dev/shm/qemu-factory-cmp-dir
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user