- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a
module to what was accepted upstream (bsc#1181103)
* Patches dropped:
hw-s390x-modularize-virtio-gpu-ccw.patch
* Patches added:
s390x-add-have_virtio_ccw.patch
s390x-modularize-virtio-gpu-ccw.patch
s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch
- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144,
CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282)
hw-sd-sd-Actually-perform-the-erase-oper.patch
hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch
hw-sd-sdhci-Correctly-set-the-controller.patch
hw-sd-sdhci-Don-t-transfer-any-data-when.patch
hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch
hw-sd-sdhci-Limit-block-size-only-when-S.patch
hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch
hw-sd-sd-Move-the-sd_block_-read-write-a.patch
hw-sd-sd-Skip-write-protect-groups-check.patch
- Fix potential privilege escalation in virtiofsd tool
(CVE-2021-20263, bsc#1183373)
tools-virtiofsd-Replace-the-word-whiteli.patch
viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch
virtiofsd-extract-lo_do_open-from-lo_ope.patch
virtiofsd-optionally-return-inode-pointe.patch
virtiofsd-prevent-opening-of-special-fil.patch
virtiofs-drop-remapped-security.capabili.patch
virtiofsd-Save-error-code-early-at-the-f.patch
- Fix OOB access (stack overflow) in rtl8139 NIC emulation
(CVE-2021-3416, bsc#1182968)
net-introduce-qemu_receive_packet.patch
rtl8139-switch-to-use-qemu_receive_packe.patch
- Fix OOB access (stack overflow) in other NIC emulations
(CVE-2021-3416)
cadence_gem-switch-to-use-qemu_receive_p.patch
dp8393x-switch-to-use-qemu_receive_packe.patch
e1000-switch-to-use-qemu_receive_packet-.patch
lan9118-switch-to-use-qemu_receive_packe.patch
msf2-mac-switch-to-use-qemu_receive_pack.patch
pcnet-switch-to-use-qemu_receive_packet-.patch
sungem-switch-to-use-qemu_receive_packet.patch
tx_pkt-switch-to-use-qemu_receive_packet.patch
- Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)
memory-clamp-cached-translation-in-case-.patch
- Include upstream patches designated as stable material and
reviewed for applicability to include here
hw-arm-virt-Disable-pl011-clock-migratio.patch
xen-block-Fix-removal-of-backend-instanc.patch
- Fix package scripts to not use hard coded paths for temporary
working directories and log files (bsc#1182425)
OBS-URL: https://build.opensuse.org/request/show/882222
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=632
- Update to v5.2.0: See http://wiki.qemu.org/ChangeLog/5.2
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
the deprecated.html file installed with the qemu package
Some noteworthy changes:
* Dropped system emulators: qemu-system-lm32, qemu-system-unicore32
* Dropped linux user emulator: qemu-ppc64abi32
* Added linux user emulator: qemu-extensaeb
* Unicore32 and lm32 guest support dropped
* New sub-packages (most due to ongoing modularization of QEMU):
qemu-audio-spice, qemu-hw-chardev-spice, qemu-hw-display-virtio-vga,
qemu-hw-display-virtio-gpu, qemu-hw-display-virtio-gpu-pci,
qemu-ui-spice-core, qemu-ui-opengl, qemu-ivshmem-tools
* x86: A new KVM feature which improves the handling of asynchronous page
faults is available with -cpu ...,kvm-async-pf-int (requires Linux 5.8)
* s390: More instructions emulated under TCG
* PowerPC: nvdimm= machine option now functions correctly; misc improvements
* ARM: new boards: mps2-an386 (Cortex-M4 based) and mps2-an500
(Cortex-M7 based), raspi3ap (the Pi 3 model A+), raspi0 (the Pi Zero)
and raspi1ap (the Pi A+)
* RISC-V: OpenSBI v0.8 included by default; Generic OpenSBI platform used
when no -bios argument is supplied; Support for NUMA sockets on Virt
and Spike Machines; Support for migrating machines; misc improvements
* Misc NVMe improvements
* The 'vhost-user-blk' export type has been added, allowing
qemu-storage-daemon to act as a vhost-user-blk device backend
* The SMBIOS OEM strings can now come from a file
* 9pfs - misc performance related improvements
* virtiofs - misc improvements
* migration: The default migration bandwidth has been increased to 1Gbps
(users are still encouraged to tune it to their own hardware); The new
'calc-dirty-rate' and 'query-dirty-rate' QMP commands can help determine
the likelihood of precopy migration success; TLS+multifd now supported
for higher bandwidth encrypted migration; misc minor features added
* Misc minor block features added
* Misc doc improvements
* qemu-microvm subpackage change: the bios-microvm.bin is now SeaBIOS based,
and the qboot based on is now qboot.rom
* elf2dmp is no longer part of qemu-tools (it was never intended to be
a packaged binary)
* Some subpackages which were 'Requires' are now 'Recommends', allowing for
a smaller qemu packaging footprint if needed
* Patches dropped (included in release tarball, unless otherwise noted):
docs-fix-trace-docs-build-with-sphinx-3..patch (fixed differently)
hw-hyperv-vmbus-Fix-32bit-compilation.patch
linux-user-properly-test-for-infinite-ti.patch
Switch-order-of-libraries-for-mpath-supp.patch (fixed differently)
Conditionalize-ui-bitmap-installation-be.patch (fixed differently)
hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch (no longer using gcc9)
hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch (no longer using gcc9)
roms-Makefile-enable-cross-compile-for-b.patch (fixed with different patch)
libvhost-user-handle-endianness-as-manda.patch
virtio-add-vhost-user-fs-ccw-device.patch
Fix-s-directive-argument-is-null-error.patch
build-Workaround-compilation-error-with-.patch
build-Be-explicit-about-fcommon-compiler.patch
intel-Avoid-spurious-compiler-warning-on.patch
golan-Add-explicit-type-casts-for-nodnic.patch
Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
ensure-headers-included-are-compatible-w.patch
Enable-cross-compile-prefix-for-C-compil.patch (fixed differently)
hw-net-net_tx_pkt-fix-assertion-failure-.patch
hw-net-xgmac-Fix-buffer-overflow-in-xgma.patch
s390x-protvirt-allow-to-IPL-secure-guest.patch
usb-fix-setup_len-init-CVE-2020-14364.patch
* Patches added:
meson-install-ivshmem-client-and-ivshmem.patch
Revert-roms-efirom-tests-uefi-test-tools.patch
Makefile-Don-t-check-pc-bios-as-pre-requ.patch
roms-Makefile-add-cross-file-to-qboot-me.patch
qboot-add-cross.ini-file-to-handle-aarch.patch
usb-Help-compiler-out-to-avoid-a-warning.patch
- In spec file, where reasonable, switch BuildRequires: XXX-devel
to be pkgconfig(XXX') instead
- No longer disable link time optimization for qemu for x86. It looks like
either the build service, qemu code changes and/or the switch to meson
have resolved issues previously seen there. We still see problems for
other architectures however.
- For the record, the following issues reported for SUSE SLE15-SP2
are either fixed in this current package, or are otherwise no longer
an issue: bsc#1172384 bsc#1174386 bsc#1174641 bsc#1174863 bsc#1175370
bsc#1175441 bsc#1176494 CVE-2020-13361 CVE-2020-14364 CVE-2020-15863
CVE-2020-16092 CVE-2020-24352
and the following feature requests are satisfied by this package:
jsc#SLE-13689 jsc#SEL-13780 jsc#SLE-13840
- To be more accurate, and to align with other qemu packaging
practices, rename the qemu-s390 package to qemu-s390x. The old
name (in the rpm namespace) is provided with a "Provides"
directive, and an "Obsoletes" done against that name for prior
qemu versions, as is standard practice (boo#1177764 jsc#SLE-17060)
- Take this opportunity to remove some ancient Split-Provides
mechanisms which can't conceivably be needed any more:
qemu-block-curl provided: qemu:%_libdir/%name/block-curl.so
qemu-guest-agent provided: qemu:%_bindir/qemu-ga
qemu-tools provided: qemu:%_libexecdir/qemu-bridge-helper
- Disable linux-user 'ls' test on 32 bit arm. It's failing with
"Allocating guest commpage: Cannot allocate memory" error, which
we should hunt down, but for now we don't want it to prevent the
package from being built
OBS-URL: https://build.opensuse.org/request/show/854151
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=597
- Updating to Sphinx v3.1.2 in Factory is exposing an issue in
qemu doc sources. Fix it
docs-fix-trace-docs-build-with-sphinx-3..patch
- Fix DoS possibility in ati-vga emulation (CVE-2020-13800
bsc#1172495)
ati-vga-check-mm_index-before-recursive-.patch
- Fix DoS possibility in Network Block Device (nbd) support
infrastructure (CVE-2020-10761 bsc#1172710)
nbd-server-Avoid-long-error-message-asse.patch
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS
8708EM2 emulation (CVE-2020-13659 bsc#1172386)
exec-set-map-length-to-zero-when-returni.patch
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation
(CVE-2020-13362 bsc#1172383)
megasas-use-unsigned-type-for-reply_queu.patch
- Fix legacy IGD passthrough
hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch
- The latest gcc10 available in Factory has the fix for the
issue this patch was created to avoid, so drop it
build-Work-around-gcc10-bug-by-not-using.patch
- Switch to upstream versions of some patches we carry
add-enum-cast-to-avoid-gcc10-warning.patch
-> golan-Add-explicit-type-casts-for-nodnic.patch
Be-explicit-about-fcommon-compiler-direc.patch
-> build-Be-explicit-about-fcommon-compiler.patch
Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
-> build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
Fix-s-directive-argument-is-null-error.patch
-> build-Fix-s-directive-argument-is-null-e.patch
Workaround-compilation-error-with-gcc-9..patch
-> build-Workaround-compilation-error-with-.patch
work-around-gcc10-problem-with-zero-leng.patch
-> intel-Avoid-spurious-compiler-warning-on.patch
- Fix vgabios issue for cirrus graphics emulation, which
effectively downgraded it to standard VGA behavior
vga-fix-cirrus-bios.patch
- Fix OOB access possibility in ES1370 audio device emulation
(CVE-2020-13361 bsc#1172384)
es1370-check-total-frame-count-against-c.patch
OBS-URL: https://build.opensuse.org/request/show/822154
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=553
Update to v4.1.0. Also includes other major packaging changes as follows:
There is a new package maintenance workflow - see README.PACKAGING for details.
The sibling packages qemu-linux-user and qemu-testsuite are now created with the Build Service's MultiBuild feature. This also necessitates combining the qemu-linux-user changelog content back into qemu's. Luckily the delta there is quite small. Note that the qemu spec file is now that much busier, but added section markers should help reduce the confusion. Also qemu is being enabled for RISCV host compatibility, so some changes are related to that as well.
OBS-URL: https://build.opensuse.org/request/show/730437
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=487
