block/vhdx-log.c | 2 +- hw/arm/boot.c | 5 ++++- hw/net/vmxnet3.c | 2 +- hw/nvme/ctrl.c | 3 +++ hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ include/qemu/osdep.h | 2 +- io/channel-tls.c | 3 +++ linux-user/fd-trans.c | 10 ++++++--- linux-user/fd-trans.h | 1 + linux-user/generic/target_resource.h | 4 ++-- linux-user/syscall.c | 21 ++++++++++++------ qga/commands.c | 5 ++--- qga/installer/qemu-ga.wxs | 1 + qga/vss-win32/install.cpp | 2 +- target/arm/cpu.h | 3 +++ target/s390x/arch_dump.c | 2 +- target/s390x/cpu.h | 1 + target/s390x/s390x-internal.h | 3 ++- target/s390x/tcg/insn-data.h.inc | 4 ++-- target/s390x/tcg/mem_helper.c | 1 + target/s390x/tcg/translate.c | 41 ++++++++++++++++++++++++++++-------- ui/gtk.c | 4 +++- util/fdmon-epoll.c | 25 ++++++++++++++++------ 23 files changed, 111 insertions(+), 40 deletions(-)
Despite 8.0 release is almost here, I'd love to make another 7.2.x
release, adding more fixes which has been collected so far.
The following new patches are queued for QEMU stable v7.2.2:
https://gitlab.com/mjt0k/qemu/-/commits/stable-7.2-staging/
Patch freeze is 2023-04-20, and the release is planned for 2023-04-22.
Please respond here or CC qemu-stable@nongnu.org on any additional patches
you think should (or shouldn't) be included in the release.
Thanks!
/mjt
----------------------------------------------------------------
Bernhard Beschow (1):
qemu/osdep: Switch position of "extern" and "G_NORETURN"
Cédric Le Goater (1):
target/s390x: Fix float_comp_to_cc() prototype
Fiona Ebner (1):
hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value
Ilya Leoshkevich (2):
target/s390x: Fix EXECUTE of relative long instructions
linux-user: Fix unaligned memory access in prlimit64 syscall
Klaus Jensen (1):
hw/nvme: fix memory leak in nvme_dsm
Konstantin Kostiuk (1):
qga/win32: Remove change action from MSI installer
Lukas Tschoke (1):
block/vhdx: fix dynamic VHDX BAT corruption
Marc-André Lureau (1):
ui: fix crash on serial reset, during init
Markus Armbruster (2):
qga: Drop dangling reference to QERR_QGA_LOGGING_DISABLED
hw/arm: do not free machine->fdt in arm_load_dtb()
Mathis Marion (2):
linux-user: fix sockaddr_in6 endianness
linux-user: fix timerfd read endianness conversion
Nina Schoetterl-Glausch (1):
target/s390x: Fix emulation of C(G)HRL
Peter Xu (1):
io: tls: Inherit QIO_CHANNEL_FEATURE_SHUTDOWN on server side
Pierrick Bouvier (1):
qga/vss-win32: fix warning for clang++-15
Richard Henderson (2):
target/s390x: Split out gen_ri2
target/arm: Handle m-profile in arm_is_secure
Stefan Hajnoczi (1):
aio-posix: fix race between epoll upgrade and aio_set_fd_handler()
Thomas Huth (1):
target/s390x/arch_dump: Fix memory corruption in s390x_write_elf64_notes()
Yuval Shaia (1):
hw/pvrdma: Protect against buggy or malicious guest driver
block/vhdx-log.c | 2 +-
hw/arm/boot.c | 5 ++++-
hw/net/vmxnet3.c | 2 +-
hw/nvme/ctrl.c | 3 +++
hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++
include/qemu/osdep.h | 2 +-
io/channel-tls.c | 3 +++
linux-user/fd-trans.c | 10 ++++++---
linux-user/fd-trans.h | 1 +
linux-user/generic/target_resource.h | 4 ++--
linux-user/syscall.c | 21 ++++++++++++------
qga/commands.c | 5 ++---
qga/installer/qemu-ga.wxs | 1 +
qga/vss-win32/install.cpp | 2 +-
target/arm/cpu.h | 3 +++
target/s390x/arch_dump.c | 2 +-
target/s390x/cpu.h | 1 +
target/s390x/s390x-internal.h | 3 ++-
target/s390x/tcg/insn-data.h.inc | 4 ++--
target/s390x/tcg/mem_helper.c | 1 +
target/s390x/tcg/translate.c | 41 ++++++++++++++++++++++++++++--------
ui/gtk.c | 4 +++-
util/fdmon-epoll.c | 25 ++++++++++++++++------
23 files changed, 111 insertions(+), 40 deletions(-)
Hi Michael, You cherry-picked one of my patch qga/win32: Remove change action from MSI installer but it is part of the CVE fix. Please cherry-pick one more patch. Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ Best Regards, Konstantin Kostiuk. On Thu, Apr 13, 2023 at 11:35 PM Michael Tokarev <mjt@tls.msk.ru> wrote: > Despite 8.0 release is almost here, I'd love to make another 7.2.x > release, adding more fixes which has been collected so far. > > The following new patches are queued for QEMU stable v7.2.2: > > https://gitlab.com/mjt0k/qemu/-/commits/stable-7.2-staging/ > > Patch freeze is 2023-04-20, and the release is planned for 2023-04-22. > > Please respond here or CC qemu-stable@nongnu.org on any additional patches > you think should (or shouldn't) be included in the release. > > Thanks! > > /mjt > > ---------------------------------------------------------------- > Bernhard Beschow (1): > qemu/osdep: Switch position of "extern" and "G_NORETURN" > > Cédric Le Goater (1): > target/s390x: Fix float_comp_to_cc() prototype > > Fiona Ebner (1): > hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value > > Ilya Leoshkevich (2): > target/s390x: Fix EXECUTE of relative long instructions > linux-user: Fix unaligned memory access in prlimit64 syscall > > Klaus Jensen (1): > hw/nvme: fix memory leak in nvme_dsm > > Konstantin Kostiuk (1): > qga/win32: Remove change action from MSI installer > > Lukas Tschoke (1): > block/vhdx: fix dynamic VHDX BAT corruption > > Marc-André Lureau (1): > ui: fix crash on serial reset, during init > > Markus Armbruster (2): > qga: Drop dangling reference to QERR_QGA_LOGGING_DISABLED > hw/arm: do not free machine->fdt in arm_load_dtb() > > Mathis Marion (2): > linux-user: fix sockaddr_in6 endianness > linux-user: fix timerfd read endianness conversion > > Nina Schoetterl-Glausch (1): > target/s390x: Fix emulation of C(G)HRL > > Peter Xu (1): > io: tls: Inherit QIO_CHANNEL_FEATURE_SHUTDOWN on server side > > Pierrick Bouvier (1): > qga/vss-win32: fix warning for clang++-15 > > Richard Henderson (2): > target/s390x: Split out gen_ri2 > target/arm: Handle m-profile in arm_is_secure > > Stefan Hajnoczi (1): > aio-posix: fix race between epoll upgrade and aio_set_fd_handler() > > Thomas Huth (1): > target/s390x/arch_dump: Fix memory corruption in > s390x_write_elf64_notes() > > Yuval Shaia (1): > hw/pvrdma: Protect against buggy or malicious guest driver > > block/vhdx-log.c | 2 +- > hw/arm/boot.c | 5 ++++- > hw/net/vmxnet3.c | 2 +- > hw/nvme/ctrl.c | 3 +++ > hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ > include/qemu/osdep.h | 2 +- > io/channel-tls.c | 3 +++ > linux-user/fd-trans.c | 10 ++++++--- > linux-user/fd-trans.h | 1 + > linux-user/generic/target_resource.h | 4 ++-- > linux-user/syscall.c | 21 ++++++++++++------ > qga/commands.c | 5 ++--- > qga/installer/qemu-ga.wxs | 1 + > qga/vss-win32/install.cpp | 2 +- > target/arm/cpu.h | 3 +++ > target/s390x/arch_dump.c | 2 +- > target/s390x/cpu.h | 1 + > target/s390x/s390x-internal.h | 3 ++- > target/s390x/tcg/insn-data.h.inc | 4 ++-- > target/s390x/tcg/mem_helper.c | 1 + > target/s390x/tcg/translate.c | 41 > ++++++++++++++++++++++++++++-------- > ui/gtk.c | 4 +++- > util/fdmon-epoll.c | 25 ++++++++++++++++------ > 23 files changed, 111 insertions(+), 40 deletions(-) > >
13.04.2023 23:50, Konstantin Kostiuk wrote: > Hi Michael, > > You cherry-picked one of my patch qga/win32: Remove change action from MSI installer > but it is part of the CVE fix. > > Please cherry-pick one more patch. > > Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ > <https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/> I planned to pick both but somehow ended up with just one. Thank you very much for this, picked up now! /mjt
Hi Michael, > 13.04.2023 23:50, Konstantin Kostiuk wrote: > > Hi Michael, > > > > You cherry-picked one of my patch qga/win32: Remove change action from MSI installer > > but it is part of the CVE fix. > > > > Please cherry-pick one more patch. > > > > Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ > > <https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/> > > I planned to pick both but somehow ended up with just one. > > Thank you very much for this, picked up now! I do not see the second part of the fix (commit 07ce178a "qga/win32: Use rundll for VSS installation") in stable-7.2. Has it somehow fallen through the cracks? Thanks, > /mjt > -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
02.08.2023 13:53, Mauro Matteo Cascella wrote: > Hi Michael, > >> 13.04.2023 23:50, Konstantin Kostiuk wrote: >>> Hi Michael, >>> >>> You cherry-picked one of my patch qga/win32: Remove change action from MSI installer >>> but it is part of the CVE fix. >>> >>> Please cherry-pick one more patch. >>> >>> Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ >>> <https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/> >> >> I planned to pick both but somehow ended up with just one. >> >> Thank you very much for this, picked up now! > > I do not see the second part of the fix (commit 07ce178a "qga/win32: > Use rundll for VSS installation") in stable-7.2. Has it somehow fallen > through the cracks? Apparently yes. Looking at it now, I've no idea how it happened. I remember this conversation and remember running git cherry-pick for the second half, but it's not there indeed. I wish I know what's the matter to avoid it in the future :( Picked it up now for the upcoming 7.2.5. Thank you for being persistent! /mjt
© 2016 - 2024 Red Hat, Inc.