| Age | Commit message (Collapse) | Author |
|---|
|
affects qemu < 2.7.0
Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus
emulation support is vulnerable to an OOB r/w access issue. It could
occur while processing SCSI commands 'PVSCSI_CMD_SETUP_RINGS' or
'PVSCSI_CMD_SETUP_MSG_RING'.
A privileged user inside guest could use this flaw to crash the Qemu
process resulting in DoS.
References:
----------
http://www.openwall.com/lists/oss-security/2016/05/23/1
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
affects qemu < 2.7.0
Quick Emulator(Qemu) built with the ESP/NCR53C9x controller emulation
support is vulnerable to an OOB write access issue. The controller uses
16-byte FIFO buffer for command and data transfer. The OOB write occurs
while writing to this command buffer in routine get_cmd().
A privileged user inside guest could use this flaw to crash the Qemu
process resulting in DoS.
References:
----------
http://www.openwall.com/lists/oss-security/2016/05/19/4
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4441
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
affects qemu < 2.7.0-rc0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects Qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
qemu-native was optionally depending on libxext-native if the DISTRO_FEATURES
included x11. This dependency was required back when we didn't build
libsdl-native and causes an undesirable relationship between DISTRO_FEATURES and
qemu-native.
As the dependency isn't required anymore, remove it.
(From OE-Core rev: f58f364b1ae97805abc5f9eb7b300617f59826b2)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By default qemu builds a complete list of directories within the user
emulation sysroot (-L option). The OE sysroot directory is large and
this is confusing, for example it indexes all pkgdata. In particular this
confuses strace of qemu binaries with tons of irrelevant paths.
This patch stops the code indexing up front and instead only indexes
things if/as/when it needs to. This drastically reduces the files it
reads and reduces memory usage and cleans up strace.
It would also avoid the infinite directory traversal bug in [YOCTO #6996]
although the code could still be vulnerable if it parsed those specific
paths.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
- cpus.c-qemu_mutex_lock_iothread-fix-race-condition-a.patch removed,
included upstream;
- smc91c111_fix*.patch patches removed, included upstream;
- trace-remove-malloc-tracing.patch patch removed, included upstream;
- some configure options disappeared or changed name, updated.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Allocation tracing has been removed from GLib 2.46 and trying to use
it results in an ugly warning: Backport patch to not use it in Qemu.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This release is just security fixes:
- CVE-2015-5225
- CVE-2015-6815
- CVE-2015-5278
- CVE-2015-5279
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
- remove mips64 and mips64el from softmmuonly list
to enable user mode, they have been supported
since 2012.
- keep the softmmuonly list and for loop although
there is only one for now in case more supported
arches added.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Qemu has an automatic dependency on valgrind which cannot be disabled, which
causes non-deterministic builds and build failures. As Valgrind wasn't enabled
previously make this deterministic by forcibly disabling it.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We enabled qemu-native debug builds for debug [YOCTO #8143] now
is fixed and we don't need it for release.
This reverts commit 1fa9a0cc6e4c80a5a2bf40331390ae9da71686c2.
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
BROKEN support was removed from bitbake back in 2013. These lines just
increase parsing time, remove them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove redundant lines in smc91c111_fix.patch which caused command patch
of lower version fails to work.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The smc91c111.c driver appears to have several issues. The can_receive()
function can return that the driver is ready when rx_fifo has not been
freed yet. There is also no sanity check of rx_fifo() in _receive() which
can lead to corruption of the rx_fifo array.
release_packet() can also call qemu_flush_queued_packets() before rx_fifo
has been cleaned up, resulting in cases where packets are submitted
for which there is not yet any space.
This patch therefore:
* fixes the logic in can_receive()
* adds logic to receive() as a sanity check
* moves the flush() calls to the correct places where data is ready
to be received
Its currently undergoing discussion upstream about exactly which pieces
are the correct fix but for now, this stops the segfaults OE is seeing
which has to be an improvement.
[YOCTO #8234]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When QEMU starts the RCU thread executes qemu_mutex_lock_thread
causing error "qemu:qemu_cpu_kick_thread: No such process" and exits.
For detail explanation see upstream patch.
[YOCTO #8143]
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We recently enable backtrace print rev[1] for address
qemu_cpu_kick_thread() issue but without debug information
isn't useful.
[YOCTO #8143]
[1] 73a876e4ff04ebbbcd3bde62efe02146ab601e25
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
All CVE patches removed, included in release.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We are expecting some random failures in QEMU runs one of this is
related to qemu_cpu_kick_thread that ends on exit(1) on qemu.
To improve debug information add patch that prints the backtrace and
the status of qemu cpu.
[YOCTO #8143]
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bugfixes, bring it closer to 2.4.0 final release.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add sub-package ptest which runs all unit tests cases for qemu.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bugfixes, bring it closer to 2.4.0 final release.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed:
qemu-2.3.99+2.4.0-rc2: qemu rdepends on nettle, but it isn't a build dependency? [build-deps]
qemu-2.3.99+2.4.0-rc2: qemu rdepends on gnutls, but it isn't a build dependency? [build-deps]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove it since we have 2.4.0, the git version is 1.3 can't be built by
deafult:
ERROR: Fetcher failure: Unable to find revision 04024dea2674861fcf13582a77b58130c67fccd8 in branch master even from upstream
We can fix it, but seems that no one uses it any more.
And move patches from "files" dir to "qemu" dir.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Various bugfixes.
Ongoing upgrade en route to final 2.4.0.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Get rid of direct use of gnutls APIs in quorum
blockdrv in favour of using the crypto APIs.
- Convert VNC websockets to use crypto APIs.
- quorum and vnc-ws packageconfig options no
longer exist, removed.
- All previous CVE are now included.
- larger_default_ram_size.patch patch removed,
no longer necessary.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This recipe doesn't unpack any source, so set S to ${WORKDIR}.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The sed command was used for editting to code added by
linker-flags.patch, but the patch had been gone in 2013, and verified
that there is no -lX11 in Makefile.target, so remove the
sed command.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2015-3209.
http://git.qemu.org/?p=qemu.git;a=commit;h=9f7c594
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and
CVE-2015-4106. These patches are from debian, but they are originally
from:
http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Native qemu is used to to create VMDK and VDI images.
VDI images need support for UUID, otherwise the resulting
image will not boot.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch to fix qemuc CVE issue CVE-2015-3456.
Refs:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456
http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Qemu-Arm-versatilepb-Add-memory-size-checking.patch
brought up to date;
37ed3bf1ee07bb1a26adca0df8718f601f231c0b.patch removed,
integrated upstream;
glx enable config option changed to opengl enable,
update accordingly.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without this patch, x86_64 images would show invalid EDSCA key errors
with sshd from openssh (but not dropbear) during init.
This would cause problems with operation with some distros where EDSCA
keys were mandatory. The issue was present in qemu 2.2.1 and not in
2.3.0-rc0, bisected to this commit which was then backported. This fixes
intermittent failures on the autobuilder. Issue is not present when
using KVM (consistent with a fault in TCG).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Add build and runtime dependencies for PACKAGECONFIG[xen]
* Add xen as a default PACKAGECONFIG option when it is part of
DISTRO_FEATURES
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
And bump PR to avoid:
Makefile:16: *** This is an out of tree build but your source tree
(/path/to/qemu-2.2.0) seems to have been used for an in-tree build. You
can fix this by running "make distclean && rm -rf *-linux-user
*-softmmu" in your source tree. Stop.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Upgrade qemu from version 2.1.2 to 2.2.0.
Update Qemu-Arm-versatilepb-Add-memory-size-checking.patch for new
version qemu.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Adrian Dudau
Armin Kuster
Ross Burton
Richard Purdie
Cristian Iorga
Jussi Kukkonen
Jackie Huang
Aníbal Limón
Kai Kang
Josep Puigdemont
Robert Yang
Juro Bystricky
Nathan Rossi