-
Thu Feb 06 2020 Karl Heubaum <karl.heubaum@oracle.com> - 15:3.1.0-6.el7
- qemu.spec: Remove "BuildRequires: kernel" (Karl Heubaum) [Orabug: 30858754]
- target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 30652327]
- iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 30807256] {CVE-2020-1711}
- scsi: lsi: exit infinite loop while executing script (CVE-2019-12068) (Paolo Bonzini) [Orabug: 30351703] {CVE-2019-12068}
- lsi: use enum type for s->waiting (Sven Schnelle) {CVE-2019-12068}
- json: Fix % handling when not interpolating (Christophe Fergeau) [Orabug: 30640103]
- qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 30640103]
- Fix heap overflow in ip_reass on big packet input (Samuel Thibault) [Orabug: 30229916] {CVE-2019-14378}
- Make poll_control_msr default 1 (Mark Kanda)
- Remove redundant check for host support of halt polling (Mark Kanda) [Orabug: 30240121]
- Enable '-Werror' compiler flag (Mark Kanda) [Orabug: 30213025]
- qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30729551]
-
Thu Jun 27 2019 Mark Kanda <mark.kanda@oracle.com> - 15:3.1.0-5.el7
- Only enable the halt poll control MSR if it is supported by the host (Mark
Kanda) [Orabug: 29946722]
-
Wed Jun 19 2019 Mark Kanda <mark.kanda@oracle.com> - 15:3.1.0-4.el7
- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 29933278]
- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-9524}
- pvrdma: release device resources in case of an error (Prasad J Pandit) [Orabug: 29056678] {CVE-2018-20123}
- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] {CVE-2019-12155}
- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. Berrangé) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 29796676]
- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano Garzarella) [Orabug: 29796676]
- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 29796676]
- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]
- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: move common functions in a new header (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano Garzarella) [Orabug: 29796676]
- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) [Orabug: 29796676]
- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) [Orabug: 29796676]
- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 29796676]
- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]
- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam Merwick) [Orabug: 29796676]
-
Mon May 06 2019 Mark Kanda <mark.kanda@oracle.com> - 15:3.1.0-3.el7
- x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as
fixed (Mark Kanda) [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130} {CVE-2019-11091}
-
Wed May 01 2019 Mark Kanda <mark.kanda@oracle.com> - 15:3.1.0-2.el7
- x86: Add mds feature (Karl Heubaum)
- e1000: Never increment the RX undersize count register (Chris Kenna)
- qemu.spec: audioflags set but never passed to configure script (Liam Merwick) [Orabug: 29715562]
- parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 29715548]
- parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 29715548]
- parfait: provide option to upload results (Liam Merwick) [Orabug: 29715548]
- parfait: disable misaligned-access check (Liam Merwick) [Orabug: 29715548]
- Document CVE-2019-8934 and CVE-2019-5008 as fixed (Mark Kanda) [Orabug: 29715605] {CVE-2019-5008} {CVE-2019-8934}
- device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29715527] {CVE-2018-20815}
- slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29715525] {CVE-2019-9824}
- i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29715520] {CVE-2019-3812}
- scsi-generic: avoid possible out-of-bounds access to r->buf (Paolo Bonzini) [Orabug: 29259700] {CVE-2019-6501}
- slirp: check data length while emulating ident function (Prasad J Pandit) [Orabug: 29715755] {CVE-2019-6778}
-
Wed Jan 16 2019 Mark Kanda <mark.kanda@oracle.com> - 15:3.1.0-1.el7
- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized
- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29216696]
- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29216701]
- virtio_net: Add support for "Data Path Switching" during Live Migration. (Venu Busireddy) [Orabug: 29216704]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 29216714]
- i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29216681]
- i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29216681]
- usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29216656] {CVE-2018-16872}
- pvrdma: add uar_read routine (Prasad J Pandit) [Orabug: 29216658] {CVE-2018-20191}
- pvrdma: release ring object in case of an error (Prasad J Pandit) [Orabug: 29216659] {CVE-2018-20126}
- pvrdma: check number of pages when creating rings (Prasad J Pandit) [Orabug: 29216666] {CVE-2018-20125}
- pvrdma: check return value from pvrdma_idx_ring_has_ routines (Prasad J Pandit) [Orabug: 29216672] {CVE-2018-20216}
- rdma: remove unused VENDOR_ERR_NO_SGE macro (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}
- rdma: check num_sge does not exceed MAX_SGE (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}
- i386: Add "stibp" flag name (Eduardo Habkost)
- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 29216688]
- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 29216688]
- Document various CVEs as fixed (Mark Kanda) [Orabug: 29212424] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}
- qemu.spec: Initial qemu.spec (Mark Kanda)
- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda)
- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda)
- qmp-regdump: Initial qmp-regdump (Mark Kanda)
- bridge.conf: Initial bridge.conf (Mark Kanda)
- kvm.conf: Initial kvm.conf (Mark Kanda)
- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda)