packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
393 Commits 1 Branch 0 Tags
Commit Graph

393 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jiabo Feng
3d643587ea QEMU update to version 4.1.0-87: 
- nbd/server: CVE-2024-7409: Avoid use-after-free when closing server

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-09-18 15:45:18 +08:00
openeuler-ci-bot
9f9c5c8924
!983 QEMU update to version to 4.1.0-86 
From: @JiaboFeng 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2024-08-13 09:29:53 +00:00
Jiabo Feng
c4360a84fc QEMU update to version 4.1.0-86: 
- nbd/server: CVE-2024-7409: Close stray clients at server-stop
- main-loop.h: introduce qemu_in_main_thread()
- aio-wait.h: introduce AIO_WAIT_WHILE_UNLOCKED
- nbd/server: CVE-2024-7409: Drop non-negotiating clients
- nbd/server: CVE-2024-7409: Cap default max-connections to 100
- nbd: Add max-connections to nbd-server-start
- nbd/server: Plumb in new args to nbd_client_add()
- nbd: Minor style and typo fixes

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-08-13 17:05:35 +08:00
openeuler-ci-bot
fe82f9e345
!974 QEMU update to version 4.1.0-85: 
From: @JiaboFeng 
Reviewed-by: @imxcc 
Signed-off-by: @imxcc
 2024-07-12 01:23:05 +00:00
Jiabo Feng
d0b1ef237c QEMU update to version 4.1.0-85: 
- block: Parse filenames only when explicitly requested (CVE-2024-4467)
- block: introduce bdrv_open_file_child() helper
- qcow2: Don't open data_file with BDRV_O_NO_IO (CVE-2024-4467)
- qcow2: Do not reopen data_file in invalidate_cache

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-07-11 14:41:35 +08:00
openeuler-ci-bot
baecb25326
!963 QEMU update to version 4.1.0-84: 
From: @JiaboFeng 
Reviewed-by: @imxcc 
Signed-off-by: @imxcc
 2024-06-15 02:18:57 +00:00
Jiabo Feng
1fe98a3a7b QEMU update to version 4.1.0-84: 
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fix CVE-2023-5088)
- hw/ide: reset: cancel async DMA operation before resetting state (Fix CVE-2023-5088)

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-06-15 09:54:38 +08:00
openeuler-ci-bot
a57bcbf4ee
!933 QEMU update to version 4.1.0-83 
From: @JiaboFeng 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2024-04-24 01:21:50 +00:00
Jiabo Feng
9df0eb3b5b QEMU update to version 4.1.0-83 
- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs(CVE-2024-3446)
- hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs(CVE-2024-3446)
- hw/display/virtio-gpu: Protect from DMA re-entrancy bugs(CVE-2024-3446)
- hw/virtio: Introduce virtio_bh_new_guarded() helper
- hw: replace most qemu_bh_new calls with qemu_bh_new_guarded
- checkpatch: add qemu_bh_new/aio_bh_new checks
- async: avoid use-after-free on re-entrancy guard
- async: Add an optional reentrancy guard to the BH API
- util/async: add a human-readable name to BHs for debugging
- hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
- Include sysemu/sysemu.h a lot less

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-04-23 22:03:19 +08:00
openeuler-ci-bot
459efe6220
!886 QEMU update to version 4.1.0-82 
From: @JiaboFeng 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2024-03-09 08:46:28 +00:00
Jiabo Feng
f25d5b2eaa QEMU update to version 4.1.0-82 
- hw/scsi/lsi53c895a: add missing decrement of reentrancy counter
- hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
- net: Update MemReentrancyGuard for NIC
- net: Provide MemReentrancyGuard * to qemu_new_nic()
- memory: prevent dma-reentracy issues
- softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
- Fixed the early version of CVE-2022-4144 patch is not fully adapted

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-03-09 16:13:39 +08:00
openeuler-ci-bot
0f8812948c
!850 [sync] PR-849: QEMU update to version 4.1.0-81 
From: @openeuler-sync-bot 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2023-11-30 14:18:21 +00:00
Jiabo Feng
8512b0ec13 QEMU update to version 4.1.0-81 
- hw/pvrdma: Protect against buggy or malicious guest driver

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
(cherry picked from commit 19a0ed56bf4220186e128c111567754cfe72c56d)
 2023-11-29 18:43:35 +08:00
openeuler-ci-bot
8fdf9772e7
!827 QEMU update to version 4.1.0-80 
From: @JiaboFeng 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2023-09-12 01:10:13 +00:00
Jiabo Feng
e4214041dc QEMU update to version 4.1.0-80 
- accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025)
  - pci: assert configuration access is within bounds
  - io: remove io watch if TLS channel is closed during handshake

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2023-09-11 19:54:51 +08:00
openeuler-ci-bot
7d61f425f5
!808 QEMU update to version 4.1.0-79 
From: @JiaboFeng 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2023-08-21 01:27:01 +00:00
Jiabo Feng
1ece911d20 QEMU update to version 4.1.0-79 
- virtio-crypto: verify src&dst buffer length for sym request

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2023-08-16 09:32:34 +08:00
openeuler-ci-bot
86ec50d591
!794 QEMU update to version 4.1.0-78 
From: @JiaboFeng 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2023-07-28 03:25:32 +00:00
Jiabo Feng
0e9f137616 QEMU update to version 4.1.0-78 
- qga/win32: Use rundll for VSS installation
- qga/win32: Remove change action from MSI installer
- 9pfs: prevent opening special files (CVE-2023-2861)

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2023-07-28 10:19:04 +08:00
openeuler-ci-bot
af9e18fe2d
!763 hw/pvrdma: Protect against buggy or malicious guest driver (CVE-2022-1050) 
From: @aven6 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2023-05-18 09:02:24 +00:00
liuxiangdong
d8da2eaa57 hw/pvrdma: Protect against buggy or malicious guest driver (CVE-2022-1050) 
Fix CVE-2022-1050

Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
 2023-05-12 19:09:03 +08:00
openeuler-ci-bot
85af3a887e
!692 fix CVE-2022-4144 
From: @yezengruan 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2022-12-05 13:13:52 +00:00
yezengruan
cb6a9a42d3 fix CVE-2022-4144 
Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-12-05 20:03:27 +08:00
openeuler-ci-bot
4a62ecf36f
!658 hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) 
From: @yezengruan 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2022-10-08 02:08:30 +00:00
yezengruan
3154027d5b hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) 2022-09-30 19:10:07 +08:00
openeuler-ci-bot
c6514f25c1
!645 hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394) 
From: @yezengruan 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2022-09-08 01:33:04 +00:00
yezengruan
dd421f155f hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394) 
Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-09-07 17:21:55 +08:00
openeuler-ci-bot
800d793fa7
!639 fix CVE-2022-0216 (openeuler !333) 
From: @bobychen 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2022-09-01 09:43:17 +00:00
bobychen
1ff82de83b fix CVE-2022-0216 (openeuler !333) 
hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)

Signed-off-by: yezengruan <yezengruan@huawei.com>
Signed-off-by: bobychen <boby.chen@huawei.com>
 2022-08-30 19:33:20 +08:00
openeuler-ci-bot
bc80f9b7a3
!624 Provides qemu-kvm for upgrade 
From: @yezengruan 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2022-08-25 09:12:08 +00:00
yezengruan
9fadbb45fe Provides qemu-kvm for upgrade 2022-08-25 14:47:40 +08:00
openeuler-ci-bot
83cf98218b
!609 Fix CVE-2022-35414 
From: @yezengruan 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2022-07-20 06:08:53 +00:00
yezengruan
e5f762ef4e fix CVE-2022-35414 
softmmu: Always initialize xlat in address_space_translate_for_iotlb (CVE-2022-35414)
 2022-07-20 10:16:48 +08:00
openeuler-ci-bot
49549fdca2
!586 fix CVE-2021-3507 (openeuler !308) 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-06-06 02:11:40 +00:00
yezengruan
3319e4bf53 fix CVE-2021-3507 (openeuler !308) 
hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-06-02 10:52:18 +08:00
openeuler-ci-bot
051651f20a
!578 fix CVE-2021-20257/CVE-2020-13253 and fix gcc 10.3.1 compile error (openeuler !302!305) 
From: @sundongx 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2022-05-30 03:27:17 +00:00
Sun Dongxu
63c3424617 fix CVE-2021-20257/CVE-2020-13253 and fix gcc 10.3.1 compile error 
openeuler !302!305

e1000-fail-early-for-evil-descriptor.patch
e1000-fix-tx-re-entrancy-problem.patch
hw-sd-sdcard-Restrict-Class-6-commands-to-SCSD-cards.patch
hw-sd-sdcard-Simplify-realize-a-bit.patch
hw-sd-sdcard-Do-not-allow-invalid-SD-card-sizes.patch
hw-sd-sdcard-Update-coding-style-to-make-checkpatch..patch
hw-sd-sdcard-Do-not-switch-to-ReceivingData-if-addre.patch
scsi-qemu-pr-helper-Fix-out-of-bounds-access-to-trnp.patch
curses-Fixes-curses-compiling-errors.patch
net-dump.c-Suppress-spurious-compiler-warning.patch
tests-Replace-deprecated-ASN1-code.patch
 2022-05-30 10:24:24 +08:00
openeuler-ci-bot
bedb54d47e
!569 fix CVE-2021-3750 and Check that colo-compare is active (openeuler !290!297) 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-05-23 12:37:31 +00:00
yezengruan
3fc6a966db fix CVE-2021-3750 and Check that colo-compare is active (openeuler !290!297) 
hw/intc/arm_gicv3_dist: Rename 64-bit accessors with 'q' suffix
hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleans
hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (CVE-2021-3750)
net/colo-compare.c: Check that colo-compare is active
 2022-05-21 14:27:53 +08:00
openeuler-ci-bot
f5bccf82f2
!560 fix CVE-2021-20196/CVE-2021-4207/CVE-2021-4206 (openeuler !286) 
From: @bobychen 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2022-05-16 10:22:26 +00:00
bobychen
40b9b28df1 fix CVE-2021-20196/CVE-2021-4207/CVE-2021-4206 (openeuler !286) 
hw/block/fdc: Extract blk_create_empty_drive()
hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
tests/fdc-test: Add a regression test for CVE-2021-20196
display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207)
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)

Signed-off-by: yezengruan <yezengruan@huawei.com>
Signed-off-by: bobychen <boby.chen@huawei.com>
 2022-05-16 10:06:22 +08:00
openeuler-ci-bot
2d64eecbca
!541 fix CVE-2022-26354 and CVE-2022-26353 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-04-16 01:18:09 +00:00
yezengruan
188d1bd76f fix CVE-2022-26354 and CVE-2022-26353 
vhost-vsock: detach the virqueue element in case of error (CVE-2022-26354)
virtio-net: fix map leaking on error during receive (CVE-2022-26353)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-04-15 17:00:22 +08:00
openeuler-ci-bot
389df97ed4
!530 fix CVE-2021-3930/CVE-2021-3582/CVE-2021-3607/CVE-2021-3608(!268!275) 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-04-07 08:58:02 +00:00
yezengruan
bc7b2dfda0 fix CVE-2021-3582/CVE-2021-3607/CVE-2021-3608 
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
pvrdma: Ensure correct input on ring init (CVE-2021-3607)
pvrdma: Fix the ring init error flow (CVE-2021-3608)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-04-06 14:48:42 +08:00
Jinhao Gao
4abcbecf94 spec: Update release version with !268 
Signed-off-by: Jinhao Gao <gaojinhao@huawei.com>
 2022-04-06 14:48:29 +08:00
Jinhao Gao
675ed3bcfd hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands 
This avoids an off-by-one read of 'mode_sense_valid' buffer in
hw/scsi/scsi-disk.c:mode_sense_page().

Fixes: CVE-2021-3930
Cc: qemu-stable@nongnu.org
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: a8f4bbe2900 ("scsi-disk: store valid mode pages in a table")
Fixes: #546
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: AlexChen <alex.chen@huawei.com>
Signed-off-by: yezengruan <yezengruan@huawei.com>
Signed-off-by: Jinhao Gao <gaojinhao@huawei.com>
 2022-04-06 14:48:16 +08:00
openeuler-ci-bot
59cb41c78f !408 add Phytium's CPU models: FT-2000+ and Tengyun-S2500. 
Merge pull request !408 from imxcc/openEuler-20.03-LTS-SP3
 2021-12-21 12:20:55 +00:00
imxcc
69103ffb29 add Phytium's CPU models: FT-2000+ and Tengyun-S2500 
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-12-21 17:44:54 +08:00
openeuler-ci-bot
beadee95f6 !405 [sync] PR-400: Automatically generate code patches with openeuler !214 
Merge pull request !405 from openeuler-sync-bot/sync-pr400-openEuler-20.03-LTS-Next-to-openEuler-20.03-LTS-SP3
 2021-12-20 12:19:21 +00:00