Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-03-07 13:22:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-03-02 14:21:07.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-03-07 13:22:58.000000000 +0100
@@ -1,0 +2,54 @@
+Fri Mar 4 16:11:02 MST 2016 - carnold@suse.com
+
+- bsc#969377 - xen does not build with GCC 6
+ ipxe-use-rpm-opt-flags.patch
+ gcc6-warnings-as-errors.patch
+
+-------------------------------------------------------------------
+Thu Mar 3 10:27:55 MST 2016 - carnold@suse.com
+
+- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite
+ loop in ne2000_receive
+ CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
+- Drop xsa154-fix.patch
+
+-------------------------------------------------------------------
+Wed Mar 2 16:53:51 UTC 2016 - jfehlig@suse.com
+
+- Use system qemu instead of building/installing yet another qemu
+ FATE#320638
+- Dropped files
+ qemu-xen-dir-remote.tar.bz2
+ CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
+ CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
+ CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
+ CVE-2015-4037-qemuu-smb-config-dir-name.patch
+ CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
+ CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
+ CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
+ CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
+ CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
+ CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
+ CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
+ CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
+ CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
+ CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
+ CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
+ CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
+ CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
+ CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
+ CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
+ CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
+ qemu-xen-enable-spice-support.patch
+ qemu-xen-upstream-qdisk-cache-unsafe.patch
+ tigervnc-long-press.patch
+ xsa162-qemuu.patch
+
+-------------------------------------------------------------------
+Mon Feb 29 09:40:43 MST 2016 - carnold@suse.com
+
+- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer
+ dereference in vapic_write()
+ CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch
+
+-------------------------------------------------------------------
@@ -22,0 +77 @@
+ CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
@@ -70 +124,0 @@
- xsa154-fix.patch
@@ -86,0 +141,3 @@
+- bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref
+ in sosendto()
+ CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
@@ -115,0 +173,3 @@
+- bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun
+ on incoming migration
+ CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch
@@ -453 +512,0 @@
- CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
@@ -456 +514,0 @@
- CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
Old:
----
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch
CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch
CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
qemu-xen-dir-remote.tar.bz2
qemu-xen-enable-spice-support.patch
qemu-xen-upstream-qdisk-cache-unsafe.patch
tigervnc-long-press.patch
xsa154-fix.patch
xsa162-qemuu.patch
New:
----
CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch
CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
gcc6-warnings-as-errors.patch
ipxe-use-rpm-opt-flags.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xen.spec ++++++
--- /var/tmp/diff_new_pack.o9CL6m/_old 2016-03-07 13:23:19.000000000 +0100
+++ /var/tmp/diff_new_pack.o9CL6m/_new 2016-03-07 13:23:19.000000000 +0100
@@ -170,7 +170,6 @@
Source0: xen-4.6.1-testing-src.tar.bz2
Source1: stubdom.tar.bz2
Source2: qemu-xen-traditional-dir-remote.tar.bz2
-Source3: qemu-xen-dir-remote.tar.bz2
Source4: seabios-dir-remote.tar.bz2
Source5: ipxe.tar.bz2
Source6: mini-os.tar.bz2
@@ -206,15 +205,13 @@
Patch2: 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
Patch3: 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
Patch4: 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch
-Patch15401: xsa154.patch
-Patch15402: xsa154-fix.patch
+Patch154: xsa154.patch
Patch15501: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
Patch15502: xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
Patch15503: xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
-Patch162: xsa162-qemuu.patch
Patch164: xsa164.patch
Patch170: xsa170.patch
-# Upstream qemu
+# Upstream qemu-traditional patches
Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch
Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch
Patch252: 0002-net-increase-tap-buffer-size.patch
@@ -224,53 +221,25 @@
Patch256: 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch
Patch257: 0007-e1000-verify-we-have-buffers-upfront.patch
Patch258: 0008-e1000-check-buffer-availability.patch
-Patch259: CVE-2015-4037-qemuu-smb-config-dir-name.patch
-Patch260: CVE-2015-4037-qemut-smb-config-dir-name.patch
-Patch262: CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
-Patch263: CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
-Patch264: CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
-Patch265: CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
-Patch266: CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
-Patch267: CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
-Patch268: CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
-Patch269: CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
-Patch270: CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
-Patch271: CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
-Patch272: CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
-Patch273: CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
-Patch274: CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
-Patch275: CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
-Patch276: CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
-Patch277: CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
-Patch278: CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
-Patch279: CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
-Patch280: CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
-Patch281: CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
-Patch282: CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
-Patch283: CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
-Patch284: CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
-Patch285: CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
-Patch286: CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
-Patch287: CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch
-Patch288: CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
-Patch289: CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
-Patch290: CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch
-Patch291: CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
-Patch292: CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch
-Patch293: CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch
-Patch294: CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
-# Our platform specific patches
-Patch321: xen-destdir.patch
-Patch322: vif-bridge-no-iptables.patch
-Patch323: vif-bridge-tap-fix.patch
-Patch324: xl-conf-default-bridge.patch
-# Needs to go upstream
-Patch330: suspend_evtchn_lock.patch
-Patch331: xenpaging.doc.patch
-Patch332: xen-c99-fix.patch
-Patch333: stubdom-have-iovec.patch
-Patch334: hotplug-Linux-block-performance-fix.patch
-# Qemu traditional
+Patch259: CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
+Patch260: CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch
+Patch261: CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
+Patch262: CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
+Patch263: CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
+Patch264: CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
+Patch265: CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
+Patch266: CVE-2015-4037-qemut-smb-config-dir-name.patch
+Patch267: CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
+Patch268: CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
+Patch269: CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
+Patch270: CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
+Patch271: CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
+Patch272: CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
+Patch273: CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
+Patch274: CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
+Patch275: CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
+Patch276: CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
+# qemu-traditional patches that are not upstream
Patch350: blktap.patch
Patch351: cdrom-removable.patch
Patch353: xen-qemu-iscsi-fix.patch
@@ -296,9 +265,17 @@
Patch381: ioemu-disable-scsi.patch
Patch382: ioemu-disable-emulated-ide-if-pv.patch
Patch383: xenpaging.qemu.flush-cache.patch
-Patch385: xen_pvonhvm.xen_emul_unplug.patch
-Patch387: libxl.pvscsi.patch
-Patch388: blktap2-no-uninit.patch
+# Our platform specific patches
+Patch400: xen-destdir.patch
+Patch401: vif-bridge-no-iptables.patch
+Patch402: vif-bridge-tap-fix.patch
+Patch403: xl-conf-default-bridge.patch
+# Needs to go upstream
+Patch420: suspend_evtchn_lock.patch
+Patch421: xenpaging.doc.patch
+Patch422: xen-c99-fix.patch
+Patch423: stubdom-have-iovec.patch
+Patch424: hotplug-Linux-block-performance-fix.patch
# Other bug fixes or features
Patch451: xenconsole-no-multiple-connections.patch
Patch452: hibernate.patch
@@ -306,24 +283,26 @@
Patch454: ipxe-enable-nics.patch
Patch455: pygrub-netware-xnloader.patch
Patch456: pygrub-boot-legacy-sles.patch
-Patch460: set-mtu-from-bridge-for-tap-interface.patch
-Patch466: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch
-Patch467: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
-Patch470: qemu-xen-upstream-qdisk-cache-unsafe.patch
-Patch471: qemu-xen-enable-spice-support.patch
-Patch472: tigervnc-long-press.patch
-Patch473: xendomains-libvirtd-conflict.patch
-Patch474: CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch
-Patch475: xen.libxl.dmmd.patch
+Patch457: set-mtu-from-bridge-for-tap-interface.patch
+Patch458: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch
+Patch459: xendomains-libvirtd-conflict.patch
+Patch460: CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch
+Patch461: libxl.pvscsi.patch
+Patch462: xen.libxl.dmmd.patch
+Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
+Patch464: blktap2-no-uninit.patch
# Hypervisor and PV driver Patches
Patch501: x86-ioapic-ack-default.patch
Patch502: x86-cpufreq-report.patch
-Patch520: supported_module.patch
-Patch521: magic_ioport_compat.patch
+Patch520: xen_pvonhvm.xen_emul_unplug.patch
+Patch521: supported_module.patch
+Patch522: magic_ioport_compat.patch
Patch601: xen.build-compare.doc_html.patch
Patch602: xen.build-compare.seabios.patch
Patch603: xen.build-compare.man.patch
Patch604: ipxe-no-error-logical-not-parentheses.patch
+Patch605: ipxe-use-rpm-opt-flags.patch
+Patch606: gcc6-warnings-as-errors.patch
# Build patches
Patch99996: xen.stubdom.newlib.patch
Patch99998: tmp_build.patch
@@ -410,10 +389,14 @@
Summary: Xen Virtualization: Control tools for domain 0
Group: System/Kernel
Requires: bridge-utils
-%if %suse_version >= 1315
%ifarch x86_64
+%if %suse_version >= 1315
Requires: grub2-x86_64-xen
%endif
+Requires: qemu-x86
+%endif
+%ifarch %arm aarch64
+Requires: qemu-arm
%endif
Requires: multipath-tools
Requires: python
@@ -528,18 +511,16 @@
%endif
%prep
-%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 57
+%setup -q -n %xen_build_dir -a 1 -a 2 -a 4 -a 5 -a 6 -a 57
# Upstream patches
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%patch15401 -p1
-%patch15402 -p1
+%patch154 -p1
%patch15501 -p1
%patch15502 -p1
%patch15503 -p1
-%patch162 -p1
%patch164 -p1
%patch170 -p1
# Upstream qemu patches
@@ -554,6 +535,7 @@
%patch258 -p1
%patch259 -p1
%patch260 -p1
+%patch261 -p1
%patch262 -p1
%patch263 -p1
%patch264 -p1
@@ -569,35 +551,6 @@
%patch274 -p1
%patch275 -p1
%patch276 -p1
-%patch277 -p1
-%patch278 -p1
-%patch279 -p1
-%patch280 -p1
-%patch281 -p1
-%patch282 -p1
-%patch283 -p1
-%patch284 -p1
-%patch285 -p1
-%patch286 -p1
-%patch287 -p1
-%patch288 -p1
-%patch289 -p1
-%patch290 -p1
-%patch291 -p1
-%patch292 -p1
-%patch293 -p1
-%patch294 -p1
-# Our platform specific patches
-%patch321 -p1
-%patch322 -p1
-%patch323 -p1
-%patch324 -p1
-# Needs to go upstream
-%patch330 -p1
-%patch331 -p1
-%patch332 -p1
-%patch333 -p1
-%patch334 -p1
# Qemu traditional
%patch350 -p1
%patch351 -p1
@@ -624,9 +577,17 @@
%patch381 -p1
%patch382 -p1
%patch383 -p1
-%patch385 -p1
-%patch387 -p1
-%patch388 -p1
+# Our platform specific patches
+%patch400 -p1
+%patch401 -p1
+%patch402 -p1
+%patch403 -p1
+# Needs to go upstream
+%patch420 -p1
+%patch421 -p1
+%patch422 -p1
+%patch423 -p1
+%patch424 -p1
# Other bug fixes or features
%patch451 -p1
%patch452 -p1
@@ -634,24 +595,26 @@
%patch454 -p1
%patch455 -p1
%patch456 -p1
+%patch457 -p1
+%patch458 -p1
+%patch459 -p1
%patch460 -p1
-%patch466 -p1
-%patch467 -p1
-%patch470 -p1
-%patch471 -p1
-%patch472 -p1
-%patch473 -p1
-%patch474 -p1
-%patch475 -p1
+%patch461 -p1
+%patch462 -p1
+%patch463 -p1
+%patch464 -p1
# Hypervisor and PV driver Patches
%patch501 -p1
%patch502 -p1
%patch520 -p1
%patch521 -p1
+%patch522 -p1
%patch601 -p1
%patch602 -p1
%patch603 -p1
%patch604 -p1
+%patch605 -p1
+%patch606 -p1
# Build patches
%patch99996 -p1
%patch99998 -p1
@@ -689,7 +652,6 @@
export GIT=$(type -P false)
export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS"
export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS"
-export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS"
export SMBIOS_DATE="$SMBIOS_DATE"
export RELDATE="$RELDATE"
export SEABIOS_DATE="$SEABIOS_DATE"
@@ -714,11 +676,6 @@
then
: no changes?
fi
-%ifarch x86_64
-%if 0%{?suse_version} > 1230
-export QEMU_XEN_ENABLE_SPICE="--enable-spice --enable-usb-redir"
-%endif
-%endif
configure_flags=
%if %{?with_stubdom}0
configure_flags=--enable-stubdom
@@ -756,6 +713,7 @@
%else
--disable-systemd \
%endif
+ --with-system-qemu=%{_bindir}/qemu-system-%{_arch} \
${configure_flags}
make -C tools/include/xen-foreign %{?_smp_mflags}
make %{?_smp_mflags}
@@ -850,6 +808,20 @@
done
%endif
+# On x86_64, qemu-xen was installed as /usr/lib/xen/bin/qemu-system-i386
+# and advertised as the <emulator> in libvirt capabilities. Tool such as
+# virt-install include <emulator> in domXML they produce, so we need to
+# preserve the path. For x86_64, create a simple wrapper that invokes
+# /usr/bin/qemu-system-x86_64
+%ifarch x86_64
+cat > $RPM_BUILD_ROOT/usr/lib/xen/bin/qemu-system-i386 << 'EOF'
+#!/bin/sh
+
+exec %{_bindir}/qemu-system-x86_64 "$@"
+EOF
+chmod 0755 $RPM_BUILD_ROOT/usr/lib/xen/bin/qemu-system-i386
+%endif
+
# Stubdom
%if %{?with_dom0_support}0
# Docs
@@ -978,7 +950,6 @@
rm -rf $RPM_BUILD_ROOT%{with_systemd_modules_load}
rm -rf $RPM_BUILD_ROOT/usr/sbin
rm -rf $RPM_BUILD_ROOT/etc/xen
-rm -rf $RPM_BUILD_ROOT/%{_datadir}/qemu-xen
rm -rf $RPM_BUILD_ROOT/var
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/bash_completion.d/xl.sh
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/xen*
@@ -1114,7 +1085,6 @@
%endif
%dir /etc/modprobe.d
/etc/bash_completion.d/xl.sh
-%{_datadir}/qemu-xen
%if %{?with_qemu_traditional}0
%dir %{_datadir}/xen
%dir %{_datadir}/xen/qemu
++++++ CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch ++++++
References: bsc#964452 CVE-2013-4534
Subject: openpic: avoid buffer overrun on incoming migration
From: Michael Roth mdroth@linux.vnet.ibm.com Mon Apr 28 16:08:17 2014 +0300
Date: Mon May 5 22:15:03 2014 +0200:
Git: 73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e
CVE-2013-4534
opp->nb_cpus is read from the wire and used to determine how many
IRQDest elements to read into opp->dst[]. If the value exceeds the
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
data from the wire.
Fix this by failing migration if the value read from the wire exceeds
MAX_CPU.
Signed-off-by: Michael Roth
From MMC (sbc contains similar wordings too) The Power Conditions field requests the block device to be placed in the power condition defined in Table 558. If this field has a value other than 0h then the Start and LoEj bits shall be ignored.
Signed-off-by: Ronnie Sahlberg
From aa851d30acfbb9580098ac1dc82885530cb8b3c1 Mon Sep 17 00:00:00 2001 From: Kevin Wolf
Date: Wed, 3 Jun 2015 14:17:46 +0200 Subject: [PATCH 2/3] ide/atapi: Fix START STOP UNIT command completion
The command must be completed on all code paths. START STOP UNIT with
pwrcnd set should succeed without doing anything.
Signed-off-by: Kevin Wolf
From d1b07becc481e09225cfe905ec357807ae07f095 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann
Date: Tue, 16 Feb 2016 15:15:04 +0100 Subject: [PATCH] ohci timer fix
Signed-off-by: Gerd Hoffmann
--- hw/usb/hcd-ohci.c | 31 +++++-------------------------- 1 file changed, 5 insertions(+), 26 deletions(-) Index: xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c =================================================================== --- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c +++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c @@ -1139,16 +1139,6 @@ static void ohci_frame_boundary(void *op */ static int ohci_bus_start(OHCIState *ohci) { - ohci->eof_timer = qemu_new_timer(vm_clock, - ohci_frame_boundary, - ohci); - - if (ohci->eof_timer == NULL) { - fprintf(stderr, "usb-ohci: %s: qemu_new_timer failed\n", ohci->name); - /* TODO: Signal unrecoverable error */ - return 0; - } - dprintf("usb-ohci: %s: USB Operational\n", ohci->name); ohci_sof(ohci); @@ -1159,9 +1149,7 @@ static int ohci_bus_start(OHCIState *ohc /* Stop sending SOF tokens on the bus */ static void ohci_bus_stop(OHCIState *ohci) { - if (ohci->eof_timer) - qemu_del_timer(ohci->eof_timer); - ohci->eof_timer = NULL; + qemu_del_timer(ohci->eof_timer); } /* Sets a flag in a port status register but only set it if the port is @@ -1654,6 +1642,9 @@ static void usb_ohci_init(OHCIState *ohc ohci->async_td = 0; qemu_register_reset(ohci_reset, ohci); ohci_reset(ohci); + + ohci->eof_timer = qemu_new_timer(vm_clock, + ohci_frame_boundary, ohci); } typedef struct { ++++++ CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch ++++++ References: bsc#969351 CVE-2016-2841 From: Prasad J Pandit Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process network packets. Registers PSTART & PSTOP define ring buffer size & location. Setting these registers to invalid values could lead to infinite loop or OOB r/w access issues. Add check to avoid it. Reported-by: Yang Hongke Signed-off-by: Prasad J Pandit --- hw/net/ne2000.c | 4 ++++ 1 file changed, 4 insertions(+) Update per review: -> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg05522.html Index: xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c =================================================================== --- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c +++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c @@ -202,6 +202,10 @@ static int ne2000_buffer_full(NE2000Stat { int avail, index, boundary; + if (s->stop <= s->start) { + return 1; + } + index = s->curpag << 8; boundary = s->boundary << 8; if (index < boundary) ++++++ gcc6-warnings-as-errors.patch ++++++ References: bsc#969377 - xen does not build with GCC 6 --- xen-4.6.1-testing/xen/arch/x86/cpu/mcheck/non-fatal.c.orig 2016-03-04 15:59:08.000000000 -0700 +++ xen-4.6.1-testing/xen/arch/x86/cpu/mcheck/non-fatal.c 2016-03-04 16:00:25.000000000 -0700 @@ -94,8 +94,8 @@ static int __init init_nonfatal_mce_chec if (mce_disabled || !mce_available(c)) return -ENODEV; - if ( __get_cpu_var(poll_bankmask) == NULL ) - return -EINVAL; + if ( __get_cpu_var(poll_bankmask) == NULL ) + return -EINVAL; /* * Check for non-fatal errors every MCE_RATE s --- xen-4.6.1-testing/extras/mini-os-remote/lib/sys.c.orig 2016-03-04 15:27:26.000000000 -0700 +++ xen-4.6.1-testing/extras/mini-os-remote/lib/sys.c 2016-03-04 15:30:32.000000000 -0700 @@ -634,6 +634,7 @@ int closedir(DIR *dir) /* We assume that only the main thread calls select(). */ +#if defined(LIBC_VERBOSE) || defined(LIBC_DEBUG) static const char file_types[] = { [FTYPE_NONE] = 'N', [FTYPE_CONSOLE] = 'C', @@ -646,6 +647,7 @@ static const char file_types[] = { [FTYPE_KBD] = 'K', [FTYPE_FB] = 'G', }; +#endif #ifdef LIBC_DEBUG static void dump_set(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, struct timeval *timeout) { ++++++ ioemu-vnc-resize.patch ++++++ --- /var/tmp/diff_new_pack.o9CL6m/_old 2016-03-07 13:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.o9CL6m/_new 2016-03-07 13:23:20.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/vnc.c +++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/vnc.c -@@ -1771,6 +1771,25 @@ static int protocol_client_msg(VncState +@@ -1761,6 +1761,25 @@ static int protocol_client_msg(VncState } set_encodings(vs, (int32_t *)(data + 4), limit); ++++++ ipxe-use-rpm-opt-flags.patch ++++++ References: bsc#969377 - xen does not build with GCC 6 Index: xen-4.6.1-testing/tools/firmware/etherboot/patches/ipxe-use-rpm-opt-flags.patch =================================================================== --- /dev/null +++ xen-4.6.1-testing/tools/firmware/etherboot/patches/ipxe-use-rpm-opt-flags.patch @@ -0,0 +1,11 @@ +--- ipxe/src/Makefile.orig 2016-03-04 15:48:15.000000000 -0700 ++++ ipxe/src/Makefile 2016-03-04 15:48:40.000000000 -0700 +@@ -4,7 +4,7 @@ + # + + CLEANUP := +-CFLAGS := ++CFLAGS := $(RPM_OPT_FLAGS) -Wno-error=array-bounds + ASFLAGS := + LDFLAGS := + MAKEDEPS := Makefile Index: xen-4.6.1-testing/tools/firmware/etherboot/patches/series =================================================================== --- xen-4.6.1-testing.orig/tools/firmware/etherboot/patches/series +++ xen-4.6.1-testing/tools/firmware/etherboot/patches/series @@ -5,3 +5,4 @@ build_fix_3.patch build-compare.patch build_fix_4.patch ipxe-no-error-logical-not-parentheses.patch +ipxe-use-rpm-opt-flags.patch ++++++ libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch ++++++ --- /var/tmp/diff_new_pack.o9CL6m/_old 2016-03-07 13:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.o9CL6m/_new 2016-03-07 13:23:20.000000000 +0100 @@ -7,11 +7,11 @@ tools/libxl/libxlu_disk_l.l | 1 + 5 files changed, 18 insertions(+), 1 deletion(-) -Index: xen-4.6.0-testing/tools/libxl/libxl.c +Index: xen-4.6.1-testing/tools/libxl/libxl.c =================================================================== ---- xen-4.6.0-testing.orig/tools/libxl/libxl.c -+++ xen-4.6.0-testing/tools/libxl/libxl.c -@@ -2829,6 +2829,8 @@ static void device_disk_add(libxl__egc * +--- xen-4.6.1-testing.orig/tools/libxl/libxl.c ++++ xen-4.6.1-testing/tools/libxl/libxl.c +@@ -2833,6 +2833,8 @@ static void device_disk_add(libxl__egc * flexarray_append_pair(back, "discard-enable", libxl_defbool_val(disk->discard_enable) ? "1" : "0"); @@ -20,10 +20,10 @@ flexarray_append(front, "backend-id"); flexarray_append(front, libxl__sprintf(gc, "%d", disk->backend_domid)); -Index: xen-4.6.0-testing/tools/libxl/libxl.h +Index: xen-4.6.1-testing/tools/libxl/libxl.h =================================================================== ---- xen-4.6.0-testing.orig/tools/libxl/libxl.h -+++ xen-4.6.0-testing/tools/libxl/libxl.h +--- xen-4.6.1-testing.orig/tools/libxl/libxl.h ++++ xen-4.6.1-testing/tools/libxl/libxl.h @@ -205,6 +205,18 @@ #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1 @@ -43,10 +43,10 @@ * libxl ABI compatibility * * The only guarantee which libxl makes regarding ABI compatibility -Index: xen-4.6.0-testing/tools/libxl/libxlu_disk.c +Index: xen-4.6.1-testing/tools/libxl/libxlu_disk.c =================================================================== ---- xen-4.6.0-testing.orig/tools/libxl/libxlu_disk.c -+++ xen-4.6.0-testing/tools/libxl/libxlu_disk.c +--- xen-4.6.1-testing.orig/tools/libxl/libxlu_disk.c ++++ xen-4.6.1-testing/tools/libxl/libxlu_disk.c @@ -79,6 +79,8 @@ int xlu_disk_parse(XLU_Config *cfg, if (!disk->pdev_path || !strcmp(disk->pdev_path, "")) disk->format = LIBXL_DISK_FORMAT_EMPTY; @@ -56,10 +56,10 @@ if (!disk->vdev) { xlu__disk_err(&dpc,0, "no vdev specified"); -Index: xen-4.6.0-testing/tools/libxl/libxlu_disk_i.h +Index: xen-4.6.1-testing/tools/libxl/libxlu_disk_i.h =================================================================== ---- xen-4.6.0-testing.orig/tools/libxl/libxlu_disk_i.h -+++ xen-4.6.0-testing/tools/libxl/libxlu_disk_i.h +--- xen-4.6.1-testing.orig/tools/libxl/libxlu_disk_i.h ++++ xen-4.6.1-testing/tools/libxl/libxlu_disk_i.h @@ -10,7 +10,7 @@ typedef struct { void *scanner; YY_BUFFER_STATE buf; @@ -69,10 +69,10 @@ const char *spec; } DiskParseContext; -Index: xen-4.6.0-testing/tools/libxl/libxlu_disk_l.l +Index: xen-4.6.1-testing/tools/libxl/libxlu_disk_l.l =================================================================== ---- xen-4.6.0-testing.orig/tools/libxl/libxlu_disk_l.l -+++ xen-4.6.0-testing/tools/libxl/libxlu_disk_l.l +--- xen-4.6.1-testing.orig/tools/libxl/libxlu_disk_l.l ++++ xen-4.6.1-testing/tools/libxl/libxlu_disk_l.l @@ -176,6 +176,7 @@ script=[^,]*,? { STRIP(','); SAVESTRING( direct-io-safe,? { DPC->disk->direct_io_safe = 1; } discard,? { libxl_defbool_set(&DPC->disk->discard_enable, true); } ++++++ qemu-dm-segfault.patch ++++++ --- /var/tmp/diff_new_pack.o9CL6m/_old 2016-03-07 13:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.o9CL6m/_new 2016-03-07 13:23:20.000000000 +0100 @@ -41,7 +41,7 @@ if (ret < 0) { ide_atapi_io_error(s, ret); -@@ -2368,7 +2371,7 @@ static void cdrom_change_cb(void *opaque +@@ -2375,7 +2378,7 @@ static void cdrom_change_cb(void *opaque IDEState *s = opaque; uint64_t nb_sectors; ++++++ qemu-security-etch1.patch ++++++ --- /var/tmp/diff_new_pack.o9CL6m/_old 2016-03-07 13:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.o9CL6m/_new 2016-03-07 13:23:20.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c +++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c -@@ -218,7 +218,7 @@ static int ne2000_can_receive(void *opaq +@@ -222,7 +222,7 @@ static int ne2000_can_receive(void *opaq NE2000State *s = opaque; if (s->cmd & E8390_STOP) ++++++ xen.libxl.dmmd.patch ++++++ --- /var/tmp/diff_new_pack.o9CL6m/_old 2016-03-07 13:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.o9CL6m/_new 2016-03-07 13:23:20.000000000 +0100 @@ -107,7 +107,7 @@ =================================================================== --- xen-4.6.1-testing.orig/tools/libxl/libxlu_disk_l.l +++ xen-4.6.1-testing/tools/libxl/libxlu_disk_l.l -@@ -210,6 +210,8 @@ target=.* { STRIP(','); SAVESTRING("targ +@@ -209,6 +209,8 @@ target=.* { STRIP(','); SAVESTRING("targ free(newscript); } ++++++ xsa154.patch ++++++ --- /var/tmp/diff_new_pack.o9CL6m/_old 2016-03-07 13:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.o9CL6m/_new 2016-03-07 13:23:20.000000000 +0100 @@ -236,7 +236,7 @@ /* Only needed the reference to confirm dom_io ownership. */ if ( mfn_valid(mfn) ) -@@ -836,24 +845,55 @@ get_page_from_l1e( +@@ -836,24 +845,57 @@ get_page_from_l1e( return -EINVAL; } @@ -251,9 +251,11 @@ + case 0: + break; + case 1: -+ if ( is_hardware_domain(l1e_owner) ) ++ if ( !is_hardware_domain(l1e_owner) ) ++ break; ++ /* fallthrough */ + case -1: -+ return 0; ++ return 0; + default: + ASSERT_UNREACHABLE(); + } @@ -308,7 +310,7 @@ } if ( unlikely( (real_pg_owner != pg_owner) && -@@ -1243,8 +1283,9 @@ static int alloc_l1_table(struct page_in +@@ -1243,8 +1285,9 @@ static int alloc_l1_table(struct page_in goto fail; case 0: break; @@ -320,7 +322,7 @@ break; } -@@ -1759,8 +1800,9 @@ static int mod_l1_entry(l1_pgentry_t *pl +@@ -1759,8 +1802,9 @@ static int mod_l1_entry(l1_pgentry_t *pl return -EINVAL; } @@ -332,7 +334,7 @@ { adjust_guest_l1e(nl1e, pt_dom); if ( UPDATE_ENTRY(l1, pl1e, ol1e, nl1e, gl1mfn, pt_vcpu, -@@ -1783,8 +1825,9 @@ static int mod_l1_entry(l1_pgentry_t *pl +@@ -1783,8 +1827,9 @@ static int mod_l1_entry(l1_pgentry_t *pl return rc; case 0: break; @@ -344,7 +346,7 @@ rc = 0; break; } -@@ -5000,6 +5043,7 @@ static int ptwr_emulated_update( +@@ -5000,6 +5045,7 @@ static int ptwr_emulated_update( l1_pgentry_t pte, ol1e, nl1e, *pl1e; struct vcpu *v = current; struct domain *d = v->domain; @@ -352,7 +354,7 @@ /* Only allow naturally-aligned stores within the original %cr2 page. */ if ( unlikely(((addr^ptwr_ctxt->cr2) & PAGE_MASK) || (addr & (bytes-1))) ) -@@ -5047,7 +5091,7 @@ static int ptwr_emulated_update( +@@ -5047,7 +5093,7 @@ static int ptwr_emulated_update( /* Check the new PTE. */ nl1e = l1e_from_intpte(val); @@ -361,7 +363,7 @@ { default: if ( is_pv_32bit_domain(d) && (bytes == 4) && (unaligned_addr & 4) && -@@ -5071,8 +5115,9 @@ static int ptwr_emulated_update( +@@ -5071,8 +5117,9 @@ static int ptwr_emulated_update( break; case 0: break;