- In an effort to "Close the Leap Gap", remove use of is_opensuse
from the spec file, so that the same packages built for SLE can
be reused for Leap. Some sub-packages will not be included for
SLE which are included for Leap. They wil be provided in Package
Hub for SLE users as unsupported packages.
- Add infrastructure to do package splits when split-off package
isn't required and doesn't (otherwise) include any previously
installed files. This version of qemu has split out non-essential
functionality into loadable modules, as noted in Aug 20, 2020 log
entry, which describes the emergency Split-Provides. That approach
will be superseded by this planned approach, and those dummy doc
files will be removed in time
Here is the new mapping:
subpackage continuity file provided (files are dummies)
========== ============================================
qemu-chardev-baum /usr/share/qemu/forsplits/00
qemu-hw-display-qxl /usr/share/qemu/forsplits/01
qemu-hw-usb-redirect /usr/share/qemu/forsplits/02
qemu-hw-usb-smartcard /usr/share/qemu/forsplits/03
- Fix path of qemu-pr-helper. It was a mistake to move it from
%_bindir to _libexecdir. In more recent qemu code it's been moved
back, so undo this mistake by providing it at the same location
as it has been all along
OBS-URL: https://build.opensuse.org/request/show/833587
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=570
- Fix OOB access while processing USB packets (CVE-2020-14364
bsc#1175441)
usb-fix-setup_len-init-CVE-2020-14364.patch
- Re-sync openSUSE and SUSE SLE qemu packages. This changes file
is the openSUSE one with this entry providing the intervening
SLE CVE, JIRA, and bugzilla references, which are still addressed
in this package, and not yet called out in this changes file.
* CVE-2020-1983 CVE-2020-10761 CVE-2020-13361 CVE-2020-13362
CVE-2020-13659 CVE-2020-13800
* bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384
bsc#1172386 bsc#1172495 bsc#1172710
* Patches dropped (SLE) (included in current release tarball):
exec-set-map-length-to-zero-when-returni.patch
i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch
megasas-use-unsigned-type-for-reply_queu.patch
OBS-URL: https://build.opensuse.org/request/show/829656
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=566
- Fix OOB access while processing USB packets (CVE-2020-14364
bsc#1175441)
(somehow our script processing the patches stripped the first
character "u" - will address later)
sb-fix-setup_len-init-CVE-2020-14364.patch
- Re-sync openSUSE and SUSE SLE qemu packages. This changes file
is the openSUSE one with this entry providing the intervening
SLE CVE, JIRA, and bugzilla references, which are still addressed
in this package, and not yet called out in this changes file.
* CVE-2020-1983 CVE-2020-10761 CVE-2020-13361 CVE-2020-13362
CVE-2020-13659 CVE-2020-13800
* bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384
bsc#1172386 bsc#1172495 bsc#1172710
* Patches dropped (SLE) (included in current release tarball):
exec-set-map-length-to-zero-when-returni.patch
i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch
megasas-use-unsigned-type-for-reply_queu.patch
OBS-URL: https://build.opensuse.org/request/show/829654
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=565
- Fix compilation errors seen with pre-release gcc 11
atomic.h-change-method-for-removing-C-qu.patch
help-compiler-out-by-initializing-array.patch
s390x-Fix-stringop-truncation-issue-repo.patch
(also tweak needed to previous submission)
(also minor tweak to update_git.sh, which is needed to correctly handle the state of git repo sitting on actual release commit.
OBS-URL: https://build.opensuse.org/request/show/827680
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=560
- Updating to Sphinx v3.1.2 in Factory is exposing an issue in
qemu doc sources. Fix it
docs-fix-trace-docs-build-with-sphinx-3..patch
- Fix DoS possibility in ati-vga emulation (CVE-2020-13800
bsc#1172495)
ati-vga-check-mm_index-before-recursive-.patch
- Fix DoS possibility in Network Block Device (nbd) support
infrastructure (CVE-2020-10761 bsc#1172710)
nbd-server-Avoid-long-error-message-asse.patch
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS
8708EM2 emulation (CVE-2020-13659 bsc#1172386)
exec-set-map-length-to-zero-when-returni.patch
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation
(CVE-2020-13362 bsc#1172383)
megasas-use-unsigned-type-for-reply_queu.patch
- Fix legacy IGD passthrough
hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch
- The latest gcc10 available in Factory has the fix for the
issue this patch was created to avoid, so drop it
build-Work-around-gcc10-bug-by-not-using.patch
- Switch to upstream versions of some patches we carry
add-enum-cast-to-avoid-gcc10-warning.patch
-> golan-Add-explicit-type-casts-for-nodnic.patch
Be-explicit-about-fcommon-compiler-direc.patch
-> build-Be-explicit-about-fcommon-compiler.patch
Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
-> build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
Fix-s-directive-argument-is-null-error.patch
-> build-Fix-s-directive-argument-is-null-e.patch
Workaround-compilation-error-with-gcc-9..patch
-> build-Workaround-compilation-error-with-.patch
work-around-gcc10-problem-with-zero-leng.patch
-> intel-Avoid-spurious-compiler-warning-on.patch
- Fix vgabios issue for cirrus graphics emulation, which
effectively downgraded it to standard VGA behavior
vga-fix-cirrus-bios.patch
- Fix OOB access possibility in ES1370 audio device emulation
(CVE-2020-13361 bsc#1172384)
es1370-check-total-frame-count-against-c.patch
OBS-URL: https://build.opensuse.org/request/show/822154
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=553
- Fix DoS in virtiofsd, where a FUSE client could exhaust the
number of available open files on the host (CVE-2020-10717
bsc#1171110)
virtiofsd-add-rlimit-nofile-NUM-option.patch
virtiofsd-stay-below-fs.file-max-sysctl-.patch
- Add more fixes for gcc10 compatibility: Use NO_WERROR=1 when
building ipxe sources, at least until we get gcc10 compatibility
figured out. Also add patch for explicitly using -fcommon
(boo#1171140)
Be-explicit-about-fcommon-compiler-direc.patch
and fix for tighter enum compatibility checking (boo#1171139)
add-enum-cast-to-avoid-gcc10-warning.patch
and a work around for what seems to be a compiler regression
(boo#1171123)
work-around-gcc10-problem-with-zero-leng.patch
OBS-URL: https://build.opensuse.org/request/show/800526
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=549
- Include upstream patches targeted for the next stable release
(bug fixes only)
spapr-Fix-failure-path-for-attempting-to.patch
target-i386-do-not-set-unsupported-VMX-s.patch
target-xtensa-fix-pasto-in-pfwait.r-opco.patch
tcg-i386-Fix-INDEX_op_dup2_vec.patch
tcg-mips-mips-sync-encode-error.patch
vhost-user-gpu-Release-memory-returned-b.patch
vpc-Don-t-round-up-already-aligned-BAT-s.patch
xen-block-Fix-double-qlist-remove-and-re.patch
- Fix bug causing weak encryption in PAuth for ARM
(CVE-2020-10702 bsc#1168681)
target-arm-Fix-PAuth-sbox-functions.patch
- Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713
net-tulip-check-frame-size-and-r-w-data-.patch
- Note that previously included patch addresses CVE-2020-1711
and bsc#1166240
iscsi-Cap-block-count-from-GET-LBA-STATU.patch
- Include performance improvement (and related?) patch
aio-wait-delegate-polling-of-main-AioCon.patch
async-use-explicit-memory-barriers.patch
- Rework previous patch at Olaf H.'s direction
hw-i386-disable-smbus-migration-for-xenf.patch
- Eliminate is_opensuse usage in producing seabios version string
what we are doing here is just replacing the upstream string
with one indicating that the openSUSE build service built it,
and so just leave it as "-rebuilt.opensuse.org"
- Alter algorithm used to produce "unique" symbol for coordinating
qemu with the optional modules it may load. This is a reasonable
relaxation for broader compatibility
configure-remove-pkgversion-from-CONFIG_.patch
- Tweak supported.*.txt for latest deprecations, and other fixes
- Tweak update_git.sh, config.sh
- One more fix is needed for: s390x Protected Virtualization support
- start and control guest in secure mode (bsc#1167075 jsc#SLE-7407)
s390x-s390-virtio-ccw-Fix-build-on-syste.patch
OBS-URL: https://build.opensuse.org/request/show/795118
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=542
- Include upstream patches targeted for the next stable release
(bug fixes only)
audio-oss-fix-buffer-pos-calculation.patch
blkdebug-Allow-taking-unsharing-permissi.patch
block-Add-bdrv_qapi_perm_to_blk_perm.patch
block-backup-top-fix-failure-path.patch
block-block-copy-fix-progress-calculatio.patch
block-fix-crash-on-zero-length-unaligned.patch
block-fix-memleaks-in-bdrv_refresh_filen.patch
block-Fix-VM-size-field-width-in-snapsho.patch
block-nbd-extract-the-common-cleanup-cod.patch
block-nbd-fix-memory-leak-in-nbd_open.patch
block-qcow2-threads-fix-qcow2_decompress.patch
hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch
hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch
iotests-add-test-for-backup-top-failure-.patch
iotests-Fix-nonportable-use-of-od-endian.patch
job-refactor-progress-to-separate-object.patch
target-arm-Correct-definition-of-PMCRDP.patch
target-arm-fix-TCG-leak-for-fcvt-half-do.patch
tpm-ppi-page-align-PPI-RAM.patch
vhost-user-blk-delete-virtioqueues-in-un.patch
virtio-add-ability-to-delete-vq-through-.patch
virtio-crypto-do-delete-ctrl_vq-in-virti.patch
virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch
- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since
for a qemu package upgrade from SLE12-SP5, support for SDL is
dropped
OBS-URL: https://build.opensuse.org/request/show/784401
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=534
- Add Cooperlake vcpu model (jira-SLE-10195)
i386-Add-MSR-feature-bit-for-MDS-NO.patch
i386-Add-macro-for-stibp.patch
i386-Add-new-CPU-model-Cooperlake.patch
target-i386-Add-new-bit-definitions-of-M.patch
target-i386-Add-missed-features-to-Coope.patch
- Add HMAT support (jira-SLE-10228) (the test case for this series
isn't included because we aren't set up to handle binary patches)
numa-Extend-CLI-to-provide-initiator-inf.patch
numa-Extend-CLI-to-provide-memory-latenc.patch
numa-Extend-CLI-to-provide-memory-side-c.patch
hmat-acpi-Build-Memory-Proximity-Domain-.patch
hmat-acpi-Build-System-Locality-Latency-.patch
hmat-acpi-Build-Memory-Side-Cache-Inform.patch
tests-numa-Add-case-for-QMP-build-HMAT.patch
OBS-URL: https://build.opensuse.org/request/show/762501
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=520
- Expose pschange-mc-no "feature", indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207
bsc#1155812)
target-i386-add-PSCHANGE_NO-bit-for-the-.patch
- Expose taa-no "feature", indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
target-i386-Export-TAA_NO-bit-to-guests.patch
Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
OBS-URL: https://build.opensuse.org/request/show/749743
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=512
Update to v4.1.0. Also includes other major packaging changes as follows:
There is a new package maintenance workflow - see README.PACKAGING for details.
The sibling packages qemu-linux-user and qemu-testsuite are now created with the Build Service's MultiBuild feature. This also necessitates combining the qemu-linux-user changelog content back into qemu's. Luckily the delta there is quite small. Note that the qemu spec file is now that much busier, but added section markers should help reduce the confusion. Also qemu is being enabled for RISCV host compatibility, so some changes are related to that as well.
OBS-URL: https://build.opensuse.org/request/show/730437
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=487
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
* Patches renamed:
0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
-> 0036-sockets-avoid-string-truncation-war.patch
0039-linux-user-uname-Fix-GCC-9-build-wa.patch
-> 0039-linux-user-avoid-string-truncation-.patch
- Correct logic of which ipxe patches get included based on
suse_version. We were wrongly excluding a gcc9 related patch for
example
- Switch to now upstreamed version of some patches
* Patches renamed:
0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
-> 0036-sockets-avoid-string-truncation-war.patch
0039-linux-user-uname-Fix-GCC-9-build-wa.patch
-> 0039-linux-user-avoid-string-truncation-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories
in support of the firmware descriptor feature now in use as of
libvirt v5.2
- Correct logic of which ipxe patches get included based on
suse_version. We were wrongly excluding a gcc9 related patch for
example
- Switch to now upstreamed version of some patches
* Patches renamed:
0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
-> 0036-sockets-avoid-string-truncation-war.patch
0039-linux-user-uname-Fix-GCC-9-build-wa.patch
-> 0039-linux-user-avoid-string-truncation-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories
in support of the firmware descriptor feature now in use as of
libvirt v5.2
OBS-URL: https://build.opensuse.org/request/show/702352
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=468
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
* Patches added:
0061-slirp-check-sscanf-result-when-emul.patch
0062-ppc-add-host-serial-and-host-model-.patch
0063-i2c-ddc-fix-oob-read.patch
- Remove an unneeded BuildRequires which impacts bsc#1119414 fix
Also add a corresponding Recommends for qemu-tools as part of
this packaging adjustment (bsc#1130484)
- Fix information leak in slirp (CVE-2019-9824 bsc#1129622)
0061-slirp-check-sscanf-result-when-emul.patch
- Add method to specify whether or not to expose certain ppc64 host
information, which can be considered a security issue
(CVE-2019-8934 bsc#1126455)
0062-ppc-add-host-serial-and-host-model-.patch
- Fix OOB memory access and information leak in virtual monitor
interface (CVE-2019-03812 bsc#1125721)
0063-i2c-ddc-fix-oob-read.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Remove an unneeded BuildRequires which impacts bsc#1119414 fix
Also add a corresponding Recommends for qemu-tools as part of
this packaging adjustment (bsc#1130484)
- Fix information leak in slirp (CVE-2019-9824 bsc#1129622)
0061-slirp-check-sscanf-result-when-emul.patch
- Add method to specify whether or not to expose certain ppc64 host
information, which can be considered a security issue
(CVE-2019-8934 bsc#1126455)
0062-ppc-add-host-serial-and-host-model-.patch
- Fix OOB memory access and information leak in virtual monitor
interface (CVE-2019-03812 bsc#1125721)
0063-i2c-ddc-fix-oob-read.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
OBS-URL: https://build.opensuse.org/request/show/688939
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=460
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
* Patches added:
0058-Revert-target-i386-kvm-add-VMX-migr.patch
0059-memory-Fix-the-memory-region-type-a.patch
0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Revert upstream patch which declares x86 vmx feature a migration
blocker. Given the proliferation of using vm's with host features
passed through and the general knowledge that nested
virtualization has many usage caveats, but still gets put in use
in restricted scenarios, this patch did more harm than good, I
feel. So despite this relaxation, please consider yourself warned
that nested virtualization is not yet a supportable feature.
(bsc#1121604)
0058-Revert-target-i386-kvm-add-VMX-migr.patch
- Fix SEV VM device assignment (bsc#1123205)
0059-memory-Fix-the-memory-region-type-a.patch
0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Revert upstream patch which declares x86 vmx feature a migration
blocker. Given the proliferation of using vm's with host features
passed through and the general knowledge that nested
virtualization has many usage caveats, but still gets put in use
in restricted scenarios, this patch did more harm than good, I
feel. So despite this relaxation, please consider yourself warned
that nested virtualization is not yet a supportable feature.
(bsc#1121604)
0058-Revert-target-i386-kvm-add-VMX-migr.patch
- Fix SEV VM device assignment (bsc#1123205)
0059-memory-Fix-the-memory-region-type-a.patch
0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
OBS-URL: https://build.opensuse.org/request/show/676606
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=455
- Modify update_git.sh script:
pass --zero-commit to format-patch
This removes needless noise in the buildservice when the same set
of patches is imported/exported at different times by different users.
pass --no-signature to format-patch
Remove sed call which used to remove the signature, use mv instead
This SR does no include the noise of the all-zero hashes.
OBS-URL: https://build.opensuse.org/request/show/662675
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=442
- building against xen-devel requires the XC_* compat macros to be
set because this version of QEMU will be built against many
versions of Xen. configure will decide on the appropriate function
names it knows about today. To actually call these functions,
future versions of Xen may require XC_* to be set.
Furthermore, fix a bug in QEMU: xen_common.h undefines the XC_*
macros unconditionally.
OBS-URL: https://build.opensuse.org/request/show/657506
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=435