Package: qemu / 1:2.1+dfsg-11
Metadata
| Package | Version | Patches format |
|---|---|---|
| qemu | 1:2.1+dfsg-11 | 3.0 (quilt) |
Patch series
view the series file| Patch | File delta | Description |
|---|---|---|
| v2.1.2.diff | (download) |
VERSION |
2 1 + 1 - 0 ! |
upstream 2.1.2 patch |
| 02_kfreebsd.patch | (download) |
configure |
12 12 + 0 - 0 ! |
--- |
| use fixed data path.patch | (download) |
os-posix.c |
2 2 + 0 - 0 ! |
use fixed data dir instead of determining it at runtime |
| use data path.patch | (download) |
vl.c |
15 11 + 4 - 0 ! |
use data path to search data files, not just a single directory |
| mjt set oem in rsdt like slic.diff | (download) |
hw/acpi/core.c |
5 5 + 0 - 0 ! |
copy oem acpi parameters from slic table to rsdt
When building RSDT table, pick OEM ID fields from uer-supplied SLIC
table instead of using hard-coded QEMU defaults. This way, say,
OEM version of Windows7 can be run inside qemu using the same OEM
activation as on bare metal, by pointing at system firmware:
-acpitable file=/sys/firmware/acpi/tables/SLIC
Windows7 requires that OEM ID in RSDT matches those in SLIC to
consider SLIC to be valid.
This is somewhat hackish approach, but it works fairy well in
practice.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
| imx_timer_TIMER_MAX_clash.diff | (download) |
hw/timer/imx_epit.c |
16 8 + 8 - 0 ! |
[patch] hw/timer/imx_*: fix itimer_max clash with system symbol |
| 9p readdir.patch | (download) |
hw/9pfs/virtio-9p-local.c |
6 5 + 1 - 0 ! |
don't return type from host in readdir on local 9p filesystem |
| 9p use little endian format for xattr values.patch | (download) |
hw/9pfs/virtio-9p-local.c |
44 20 + 24 - 0 ! |
hw/9pfs: use little-endian format for xattr values Bug-Debian: http://bugs.debian.org/755740 With security_model=mapped-xattr, we encode the uid,gid and other file attributes as extended attributes of the file. We save them under user.virtfs.* namespace. Use little-endian encoding for on-disk values. This enables us to export the same directory from both little-endian and big-endian hosts. NOTE: This will break big-endian host that have virtFS exports using security model mapped-xattr. They will have to use external tools to convert the xattr to little-endian format. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> |
| qemu options add missing drive discard option to cmdline help.diff | (download) |
qemu-options.hx |
2 1 + 1 - 0 ! |
qemu-options: add missing -drive discard option to cmdline help |
| CVE 2014 3689 vmware vga/1 CVE 2014 3689 turn off hw accel.patch | (download) |
hw/display/vmware_vga.c |
2 2 + 0 - 0 ! |
vmware-vga: cve-2014-3689: turn off hw accel Quick & easy stopgap for CVE-2014-3689: We just compile out the hardware acceleration functions which lack sanity checks. Thankfully we have capability bits for them (SVGA_CAP_RECT_COPY and SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory. Subsequent patches will add the missing checks and re-enable the hardware acceleration emulation. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| CVE 2014 3689 vmware vga/2 add vmsvga_verify_rect.patch | (download) |
hw/display/vmware_vga.c |
53 52 + 1 - 0 ! |
vmware-vga: add vmsvga_verify_rect Add verification function for rectangles, returning true if verification passes and false otherwise. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| CVE 2014 3689 vmware vga/3 use vmsvga_verify_rect in vmsvga_update_rect.patch | (download) |
hw/display/vmware_vga.c |
32 4 + 28 - 0 ! |
vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change in behavior: We don't try to automatically fixup rectangles any more. In case we find invalid update requests we'll do a full-screen update instead. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| CVE 2014 3689 vmware vga/4 use vmsvga_verify_rect in vmsvga_copy_rect.patch | (download) |
hw/display/vmware_vga.c |
20 14 + 6 - 0 ! |
vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| CVE 2014 3689 vmware vga/5 use vmsvga_verify_rect in vmsvga_fill_rect.patch | (download) |
hw/display/vmware_vga.c |
17 10 + 7 - 0 ! |
vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| vnc sanitize bits_per_pixel from the client CVE 2014 7815.patch | (download) |
ui/vnc.c |
10 10 + 0 - 0 ! |
[patch] vnc: sanitize bits_per_pixel from the client bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by: Petr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| net slirp specify logbase for smbd.patch | (download) |
net/slirp.c |
4 2 + 2 - 0 ! |
net/slirp: specify logbase for smbd Bug-Debian: http://bugs.debian.org/747636 It looks like smbd always logs to /var/log/samba/log.$progname |
| slirp smbd modify set several parameters in generated smb conf.patch | (download) |
net/slirp.c |
9 8 + 1 - 0 ! |
slirp/smbd: modify/set several parameters in generated smbd.conf Bug-Debian: http://bugs.debian.org/747636 The file sharing module should not handle printers, so disable it. The options 'load printers' and 'printing' have been available since the beginning (May 1996, commit 0e8fd3398771da2f016d72830179507f3edda51b). Option 'disable spoolss' is available since Samba 2.0.4, commit de5f42c9d9172592779fa2504d44544e3b6b1c0d). Next, "socket address" was reported as deprecated, use a combination of "interfaces" and "bind interfaces only" instead (available since October 1997, commit 79f4fb52c1ed56fd843f81b4eb0cdd2991d4d0f4). Override cache directory to avoid writing to a global directory. Option available since Samba 3.4.0, Jan 2009, commit 19a05bf2f485023b11b41dfae3f6459847d55ef7. Set "usershare max shared=0" to prevent a global directory from being used. Option available since Samba 3.0.23, February 2006, commit 5831715049f2d460ce42299963a5defdc160891b. The last option was introduced with Samba 3.4.0, but previously "state directory" was already added which exists in Samba 3.4.0. As unknown parameters are ignored (while printing a warning), it should be safe to add another option. Signed-off-by: Peter Wu <peter@lekensteyn.nl> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> |
| block raw posix Fix disk corruption in try_fiemap.patch | (download) |
block/raw-posix.c |
2 1 + 1 - 0 ! |
block/raw-posix: fix disk corruption in try_fiemap MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using fiemap without FIEMAP_FLAG_SYNC is a known corrupter. Add the FIEMAP_FLAG_SYNC flag to the FS_IOC_FIEMAP ioctl. This has the downside of significantly reducing performance. Reported-By: Michael Steffens <michael_steffens@posteo.de> Signed-off-by: Tony Breeds <tony@bakeyournoodle.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Max Reitz <mreitz@redhat.com> Cc: Pdraig Brady <pbrady@redhat.com> Cc: Eric Blake <eblake@redhat.com> |
| block raw posix use seek_hole ahead of fiemap.patch | (download) |
block/raw-posix.c |
4 2 + 2 - 0 ! |
block/raw-posix: use seek_hole ahead of fiemap MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit try_fiemap() uses FIEMAP_FLAG_SYNC which has a significant performance impact. Prefer seek_hole() over fiemap() to avoid this impact where possible. seek_hole is more widely used and, arguably, has potential to be optimised in the kernel. Reported-By: Michael Steffens <michael_steffens@posteo.de> Signed-off-by: Tony Breeds <tony@bakeyournoodle.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Max Reitz <mreitz@redhat.com> Cc: Pdraig Brady <pbrady@redhat.com> Cc: Eric Blake <eblake@redhat.com> |
| tcg mips fix store softmmu slow path.patch | (download) |
tcg/mips/tcg-target.c |
2 1 + 1 - 0 ! |
tcg/mips: fix store softmmu slow path Bug-Debian: http://bugs.debian.org/769470 Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a regression at the same time by always calling tcg_out_tlb_load with is_load=1. This makes impossible to run any significant code under qemu-system-mips*. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-stable@nongnu.org |
| migration fix parameter validation on ram load.patch | (download) |
arch_init.c |
5 3 + 2 - 0 ! |
migration: fix parameter validation on ram load |
| usb host fix usb_host_speed_compat tyops.patch | (download) |
hw/usb/host-libusb.c |
6 3 + 3 - 0 ! |
usb-host: fix usb_host_speed_compat tyops Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| xen_disk fix unmapping of persistent grants.patch | (download) |
hw/block/xen_disk.c |
72 66 + 6 - 0 ! |
xen_disk: fix unmapping of persistent grants MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug-Debian: http://bugs.debian.org/770468 This patch fixes two issues with persistent grants and the disk PV backend (Qdisk): - Keep track of memory regions where persistent grants have been mapped since we need to unmap them as a whole. It is not possible to unmap a single grant if it has been batch-mapped. A new check has also been added to make sure persistent grants are only used if the whole mapped region can be persistently mapped in the batch_maps case. - Unmap persistent grants before switching to the closed state, so the frontend can also free them. Signed-off-by: Roger Pau Monn <roger.pau@citrix.com> Reported-by: George Dunlap <george.dunlap@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: George Dunlap <george.dunlap@eu.citrix.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> |
| qdev monitor fix segmentation fault on qdev_device_h.patch | (download) |
qdev-monitor.c |
2 1 + 1 - 0 ! |
qdev-monitor: fix segmentation fault on qdev_device_help()
Bug-Debian: http://bugs.debian.org/770880
Normally, qmp_device_list_properties() may return NULL when
a device haven't special properties excpet Object and DeviceState
properties, such as virtio-balloon-device.
We just need check local_err instead of prop_list.
Example:
Segmentation fault (core dumped)
The backtrace as below:
Program received signal SIGSEGV, Segmentation fault.
0x00005555559af1a8 in error_get_pretty (err=0x0) at util/error.c:152
152 return err->msg;
(gdb) bt
func=0x55555574a6ca <device_help_func>, opaque=0x0, abort_on_failure=0) at util/qemu-option.c:1072
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
|
| cirrus fix blit region check CVE 2014 8106.patch | (download) |
hw/display/cirrus_vga.c |
61 44 + 17 - 0 ! |
cirrus: fix blit region check Bug-Debian: http://bugs.debian.org/772025 Issues: * Doesn't check pitches correctly in case it is negative. * Doesn't check width at all. Turn macro into functions while being at it, also factor out the check for one region which we then can simply call twice for src + dst. This is CVE-2014-8106. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
| cirrus don t overflow CirrusVGAState cirrus_bltbuf CVE 2014 8106.patch | (download) |
hw/display/cirrus_vga.c |
4 4 + 0 - 0 ! |
cirrus: don't overflow cirrusvgastate->cirrus_bltbuf Bug-Debian: http://bugs.debian.org/772025 This is CVE-2014-8106. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |