-
Wed Mar 31 2021 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-6.el8
- i386/pc: Keep PCI 64-bit hole within usable IOVA space (Joao Martins)
- pc/cmos: Adjust CMOS above 4G memory size according to 1Tb boundary (Joao Martins)
- i386/pc: Round up the hotpluggable memory within valid IOVA ranges (Joao Martins)
- i386/pc: Account IOVA reserved ranges above 4G boundary (Joao Martins)
-
Thu Mar 11 2021 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-5.el8
- hostmem: fix default "prealloc-threads" count (Mark Kanda)
- hostmem: introduce "prealloc-threads" property (Igor Mammedov)
- qom: introduce object_register_sugar_prop (Paolo Bonzini)
- migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan)
- multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng)
- migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng)
- migration/tls: add trace points for multifd-tls (Chuan Zheng)
- migration/tls: add support for multifd tls-handshake (Chuan Zheng)
- migration/tls: extract cleanup function for common-use (Chuan Zheng)
- migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan)
- migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng)
- migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng)
- migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng)
- migration/tls: save hostname into MigrationState (Chuan Zheng)
- tests/qtest: add a test case for pvpanic-pci (Mihai Carabas)
- pvpanic : update pvpanic spec document (Mihai Carabas)
- hw/misc/pvpanic: add PCI interface support (Mihai Carabas)
- hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas)
- qemu-img: Add --target-is-zero to convert (David Edmondson)
- 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181}
- ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443}
- Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808}
- block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947}
- net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617}
- nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408]
- hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408]
- memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408]
-
Thu Jan 14 2021 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-4.el8
- Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25723}
- hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916}
- i386: Add 2nd Generation AMD EPYC processors (Babu Moger) [Orabug: 32217570]
- libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130}
- Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624}
- pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853]
- ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616}
- Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658]
- Add qemu_regdump sosreport plugin support for '-mon' QMP sockets (Mark Kanda)
- migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng)
- migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng)
- migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng)
- migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng)
- migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng)
- migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng)
- migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng)
- migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng)
- migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng)
- migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng)
- migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng)
- migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng)
- migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng)
- migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng)
- ram_addr: Split RAMBlock definition (Juan Quintela)
-
Tue Sep 29 2020 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-3.el8
- qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789]
- qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763]
- hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
- hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
- hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
- hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
- usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364}
- Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415}
-
Mon Aug 31 2020 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-2.el8
- hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863}
- hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092}
- migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256]
- virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255]
- pvpanic: introduce crashloaded for pvpanic (zhenwei pi) [Orabug: 31677154]
-
Wed Jul 22 2020 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-1.el8
- hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daudé) [Orabug: 31414336] {CVE-2020-13253}
- hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daudé) [Orabug: 31414336]
- hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daudé) [Orabug: 31414336] {CVE-2020-13253}
- hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daudé) [Orabug: 31414336]
- hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daudé) [Orabug: 31414336]
- libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756}
- Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608}
- Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824}
- qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035]
- qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035]
- qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035]
- vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035]
- parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035]
- virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035]
- qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035]
- qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035]
- bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035]
- kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035]
- 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035]
- exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659}
- megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362}
- memory: Revert "memory: accept mismatching sizes in memory_region_access_valid" (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791}
-
Wed Jul 22 2020 Karl Heubaum <karl.heubaum@oracle.com> - 4.1.1-3.el8
- buildrpm/spec files: Don't package elf2dmp (Karl Heubaum) [Orabug: 31657424]
- qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424]
- qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424]
-
Wed Jun 10 2020 Karl Heubaum <karl.heubaum@oracle.com> - 4.1.1-2.el8
- Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765}
- kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399]
- kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399]
- target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710]
- target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710]
- ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800}
- es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361}
- ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869}
- libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983}
- Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034}
- libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608}
- target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041]
- qemu-img: Add --target-is-zero to convert (David Edmondson)
- vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382}
- iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711}
- qemu.spec: Remove "BuildRequires: kernel" (Karl Heubaum) [Orabug: 31124047]