-
Tue Apr 16 2019 Mark Kanda <mark.kanda@oracle.com> - 12:2.9.0-21.el7
- x86: Add mds feature (Karl Heubaum)
- e1000: Never increment the RX undersize count register (Chris Kenna)
- i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29643540]
- i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29643540]
- kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support (Bandan Das) [Orabug: 29643540]
- x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29643540]
- x86: Data structure changes to support MSR based features (Robert Hoo) [Orabug: 29643540]
- kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl (Robert Hoo) [Orabug: 29643540]
- i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR (Robert Hoo) [Orabug: 29643540]
- i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29643540]
- update Linux headers to 4.16-rc5 (Paolo Bonzini) [Orabug: 29643540]
- linux-headers: update (Cornelia Huck) [Orabug: 29643540]
- linux-headers: update to 4.15-rc1 (Eric Auger) [Orabug: 29643540]
- linux-headers: sync against v4.14-rc1 (Alexey Perevalov) [Orabug: 29643540]
- linux header sync against v4.13-rc1 (Christian Borntraeger) [Orabug: 29643540]
- linux-headers: update to 4.13-rc0 (Christian Borntraeger) [Orabug: 29643540]
- parfait: --disable-avx2 no longer needed by rpmbuild (Liam Merwick) [Orabug: 28733157]
- parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 28733157]
- parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 28733157]
- parfait: provide option to upload results (Liam Merwick) [Orabug: 28733157]
- parfait: disable misaligned-access check (Liam Merwick) [Orabug: 28733157]
- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28733157]
- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28733157]
- device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29546331] {CVE-2018-20815}
- slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29501785] {CVE-2019-9824}
- i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29377317] {CVE-2019-3812}
-
Thu Feb 07 2019 Mark Kanda <mark.kanda@oracle.com> - 12:2.9.0-20.el7
- Change tls-priority to NORMAL (Mark Kanda)
- slirp: check data length while emulating ident function (Prasad J Pandit) [Orabug: 29260313] {CVE-2019-6778}
- Document CVEs associated with nonexistent code as fixed (Mark Kanda) [Orabug: 29228241] {CVE-2018-16867} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216}
- usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29055379] {CVE-2018-16872}
- i386: Add "stibp" flag name (Eduardo Habkost) [Orabug: 29114820]
-
Mon Dec 03 2018 Mark Kanda <mark.kanda@oracle.com> - 12:2.9.0-19.el7
- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 28205376]
- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626490]
- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873208] {CVE-2018-18849}
- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971701] {CVE-2018-19489}
- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28949917] {CVE-2018-19364}
- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885514] {CVE-2018-16847}
- x86/cpu: Enable CLDEMOTE(Demote Cache Line) cpu feature (Jingqi Liu) [Orabug: 28985301]
- i386: Define AMD's no SSB mitigation needed. (Konrad Rzeszutek Wilk) [Orabug: 28951578]
- i386: define the AMD 'amd-ssbd' CPUID feature bit (Konrad Rzeszutek Wilk) [Orabug: 28951578]
- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 28897545]
- hw/i386: Fix IVHD entry length for AMD IOMMU (Jan Kiszka) [Orabug: 28891184]
- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891188]
- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886306]
- i386: Add Intel Processor Trace feature support (Chao Peng) [Orabug: 28886306]
- i386: Add PKU on Skylake-Server CPU model (Tao Xu)
-
Mon Oct 29 2018 Mark Kanda <mark.kanda@oracle.com> - 12:2.9.0-18.el7
- i386: Clean up cache CPUID code (Eduardo Habkost) [Orabug: 28855262]
- i386: Add support for CPUID_8000_001E for AMD (Babu Moger) [Orabug: 28855262]
- i386: Initialize cache information for EPYC family processors (Babu Moger) [Orabug: 28855262]
- i386: Add cache information in X86CPUDefinition (Babu Moger) [Orabug: 28855262]
- i386: Populate AMD Processor Cache Information for cpuid 0x8000001D (Babu Moger) [Orabug: 28855262]
- i386: Add new property to control cache info (Babu Moger) [Orabug: 28855262]
- i386: Helpers to encode cache information consistently (Eduardo Habkost) [Orabug: 28855262]
- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 28833460]
- virtio_net: Add support for "Data Path Switching" during Live Migration. (Venu Busireddy) [Orabug: 28732905]
-
Tue Oct 09 2018 Karl Heubaum <karl.heubaum@oracle.com> - 12:2.9.0-17.el7
- i386: Remove generic SMT thread check (Babu Moger) [Orabug: 28676425]
- pc: Fix typo on PC_COMPAT_2_12 (Eduardo Habkost) [Orabug: 28676425]
- i386: Enable TOPOEXT feature on AMD EPYC CPU (Babu Moger) [Orabug: 28676425]
- net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28762625] {CVE-2018-17963}
- pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28762617] {CVE-2018-17962}
- rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28762613] {CVE-2018-17958}
- ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28733338] {CVE-2018-10839}
- seccomp: set the seccomp filter to all threads (Marc-André Lureau) [Orabug: 28576303] {CVE-2018-15746}
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Venu Busireddy) [Orabug: 28497003]
- virtio-net: use 64-bit values for feature flags (Jason Baron) [Orabug: 28497003]
- qga: check bytes count read by guest-file-read (Prasad J Pandit) [Orabug: 28312939] {CVE-2018-12617}
- CVE-2017-2630: Qemu: nbd: oob stack write in client routine drop_sync (Mark Kanda) [Orabug: 28424694] {CVE-2017-2630}
- CVE-2017-2633: Qemu: VNC: memory corruption due to unchecked resolution limit (Mark Kanda) [Orabug: 28424697] {CVE-2017-2633}
- CVE-2017-7471: Qemu: 9p: virtfs allows guest to change filesystem attributes (Mark Kanda) [Orabug: 28407849] {CVE-2017-7471}
- slirp: correct size computation while concatenating mbuf (Prasad J Pandit) [Orabug: 28263244] {CVE-2018-11806}
-
Thu May 31 2018 Mark Kanda <mark.kanda@oracle.com> - 12:2.9.0-11.1.el7
- i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639) (Konrad Rzeszutek Wilk) [Orabug: 28110449] {CVE-2018-3639}
- i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639) (Konrad Rzeszutek Wilk) [Orabug: 28110449] {CVE-2018-3639}
- i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639) (Daniel P. Berrangé) [Orabug: 28110449] {CVE-2018-3639}
-
Thu Mar 29 2018 Mark Kanda <mark.kanda@oracle.com> - 12:2.9.0-10.el7
- BUILDINFO: commit=ac5b439adae91b38d839320e7de2cdca060e9cc1
- block: Fix NULL dereference on empty drive error (Kevin Wolf)
- Revert "IDE: Do not flush empty CDROM drives" (Stefan Hajnoczi)
- block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf)
- block: add BlockBackend->in_flight counter (Stefan Hajnoczi)
- block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi)
- aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi)
- qemu: 9pfs: use g_malloc0 to allocate space for xattr (Prasad J Pandit) {CVE-2017-15038}
- qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda)
- vga: fix region calculation (Gerd Hoffmann) {CVE-2018-7858}
- qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum)
- i386: Add support for SPEC_CTRL MSR (Paolo Bonzini) {CVE-2017-5715}
- intel-iommu: Extend address width to 48 bits (Prasad Singamsetty)
- intel-iommu: Redefine macros to enable supporting 48 bit address width (Prasad Singamsetty)
- vga: check the validation of memory addr when draw text (linzhecheng) {CVE-2018-5683} {CVE-2018-5683}
- osdep: Fix ROUND_UP(64-bit, 32-bit) (Eric Blake) {CVE-2017-18043}
- qemu.spec: Enable 9p virtual filesystem. (Karl Heubaum)
- i386: Add EPYC-IBPB CPU model (Eduardo Habkost) {CVE-2017-5715}
- i386: Add new -IBRS versions of Intel CPU models (Eduardo Habkost) {CVE-2017-5715} {CVE-2017-5715}
- i386: Add FEAT_8000_0008_EBX CPUID feature word (Eduardo Habkost) {CVE-2017-5715}
- i386: Add spec-ctrl CPUID bit (Eduardo Habkost) {CVE-2017-5715}
- target/i386: add clflushopt to "Skylake-Server" cpu model (Haozhong Zhang)
- x86/cpu: Enable new SSE/AVX/AVX512 cpu features (Yang Zhong)
- target-i386: adds PV_TLB_FLUSH CPUID feature bit (Wanpeng Li)
- target-i386/cpu: Add new EPYC CPU model (Brijesh Singh)
- i386: add Skylake-Server cpu model (Boqun Feng (Intel))
- ui: mix misleading comments & return types of VNC I/O helper methods (Daniel P. Berrange)
- ui: add trace events related to VNC client throttling (Daniel P. Berrange)
- ui: place a hard cap on VNC server output buffer size (Daniel P. Berrange) {CVE-2017-15124} {CVE-2017-15124}
-
Fri Oct 06 2017 Karl Heubaum <karl.heubaum@oracle.com> - 12:2.9.0-4.el7
- BUILDINFO: commit=d37985d34c05a57385563402bc8d85e81557904d
- multiboot: Use header names when displaying fields (Jack Schwartz)
- multiboot: Remove unused variables from multiboot.c (Jack Schwartz)
- multiboot: bss_end_addr can be zero (Jack Schwartz)
- multiboot: validate multiboot header address values (Prasad J Pandit) {CVE-2017-14167}
- numa: Allow setting NUMA distance for different NUMA nodes (He Chen)
- Tool to get guest registers via one tool (Mark Kanda)
- hw/vfio: improve error message when cannot init vfio event notifiers (Jim Quigley)
- IDE: test flush on empty CDROM (Kevin Wolf)
- IDE: Do not flush empty CDROM drives (Stefan Hajnoczi) {CVE-2017-12809}
- vga: stop passing pointers to vga_draw_line* functions (Gerd Hoffmann) {CVE-2017-13672}
- vga: fix display update region calculation (split screen) (Gerd Hoffmann) {CVE-2017-13673}
- vga: fix display update region calculation (Gerd Hoffmann)
- vmsvga: fix vmsvga_update_display (Gerd Hoffmann)
- g364fb: make display updates thread safe (Gerd Hoffmann)
- exynos: make display updates thread safe (Gerd Hoffmann)
- framebuffer: make display updates thread safe (Gerd Hoffmann)
- vga: make display updates thread safe. (Gerd Hoffmann)
- memory: add support getting and using a dirty bitmap copy. (Gerd Hoffmann)
- vga: add vga_scanline_invalidated helper (Gerd Hoffmann)
- bitmap: add bitmap_copy_and_clear_atomic (Gerd Hoffmann)
- virtio-scsi: Unset hotplug handler when unrealize (Mark Kanda)
- slirp: fix clearing ifq_so from pending packets (Jack Schwartz) {CVE-2017-13711}
- coroutine-lock: do not touch coroutine after another one has been entered (Mark Kanda)
- 9pfs: local: forbid client access to metadata (CVE-2017-7493) (Greg Kurz) {CVE-2017-7493}
- audio: release capture buffers (Gerd Hoffmann) {CVE-2017-8309}
- input: limit kbd queue depth (Gerd Hoffmann) {CVE-2017-8379}
- qemu.spec: Enable GlusterFS support (Karl Heubaum)
- sockets: Handle race condition between binds to the same port (Knut Omang)
- sockets: factor out create_fast_reuse_socket (Knut Omang)
- tests: Add test-listen - a stress test for QEMU socket listen (Knut Omang)
-
Thu Aug 03 2017 Karl Heubaum <karl.heubaum@oracle.com> - 12:2.9.0-2.el7
- BUILDINFO: commit=d96598e4ceae6bdc2fba62529a27cf493631d22f
- qemu.spec: Initial qemu.spec
-
Tue Apr 25 2017 Cole Robinson <crobinso@redhat.com> - 2:2.9.0-1
- Rebase to qemu-2.9.0 GA