block/vhdx-log.c | 2 +- hw/arm/boot.c | 5 ++++- hw/net/vmxnet3.c | 2 +- hw/nvme/ctrl.c | 3 +++ hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ include/qemu/osdep.h | 2 +- io/channel-tls.c | 3 +++ linux-user/fd-trans.c | 10 ++++++--- linux-user/fd-trans.h | 1 + linux-user/generic/target_resource.h | 4 ++-- linux-user/syscall.c | 21 ++++++++++++------ qga/commands.c | 5 ++--- qga/installer/qemu-ga.wxs | 1 + qga/vss-win32/install.cpp | 2 +- target/arm/cpu.h | 3 +++ target/s390x/arch_dump.c | 2 +- target/s390x/cpu.h | 1 + target/s390x/s390x-internal.h | 3 ++- target/s390x/tcg/insn-data.h.inc | 4 ++-- target/s390x/tcg/mem_helper.c | 1 + target/s390x/tcg/translate.c | 41 ++++++++++++++++++++++++++++-------- ui/gtk.c | 4 +++- util/fdmon-epoll.c | 25 ++++++++++++++++------ 23 files changed, 111 insertions(+), 40 deletions(-)
Despite 8.0 release is almost here, I'd love to make another 7.2.x release, adding more fixes which has been collected so far. The following new patches are queued for QEMU stable v7.2.2: https://gitlab.com/mjt0k/qemu/-/commits/stable-7.2-staging/ Patch freeze is 2023-04-20, and the release is planned for 2023-04-22. Please respond here or CC qemu-stable@nongnu.org on any additional patches you think should (or shouldn't) be included in the release. Thanks! /mjt ---------------------------------------------------------------- Bernhard Beschow (1): qemu/osdep: Switch position of "extern" and "G_NORETURN" Cédric Le Goater (1): target/s390x: Fix float_comp_to_cc() prototype Fiona Ebner (1): hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value Ilya Leoshkevich (2): target/s390x: Fix EXECUTE of relative long instructions linux-user: Fix unaligned memory access in prlimit64 syscall Klaus Jensen (1): hw/nvme: fix memory leak in nvme_dsm Konstantin Kostiuk (1): qga/win32: Remove change action from MSI installer Lukas Tschoke (1): block/vhdx: fix dynamic VHDX BAT corruption Marc-André Lureau (1): ui: fix crash on serial reset, during init Markus Armbruster (2): qga: Drop dangling reference to QERR_QGA_LOGGING_DISABLED hw/arm: do not free machine->fdt in arm_load_dtb() Mathis Marion (2): linux-user: fix sockaddr_in6 endianness linux-user: fix timerfd read endianness conversion Nina Schoetterl-Glausch (1): target/s390x: Fix emulation of C(G)HRL Peter Xu (1): io: tls: Inherit QIO_CHANNEL_FEATURE_SHUTDOWN on server side Pierrick Bouvier (1): qga/vss-win32: fix warning for clang++-15 Richard Henderson (2): target/s390x: Split out gen_ri2 target/arm: Handle m-profile in arm_is_secure Stefan Hajnoczi (1): aio-posix: fix race between epoll upgrade and aio_set_fd_handler() Thomas Huth (1): target/s390x/arch_dump: Fix memory corruption in s390x_write_elf64_notes() Yuval Shaia (1): hw/pvrdma: Protect against buggy or malicious guest driver block/vhdx-log.c | 2 +- hw/arm/boot.c | 5 ++++- hw/net/vmxnet3.c | 2 +- hw/nvme/ctrl.c | 3 +++ hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ include/qemu/osdep.h | 2 +- io/channel-tls.c | 3 +++ linux-user/fd-trans.c | 10 ++++++--- linux-user/fd-trans.h | 1 + linux-user/generic/target_resource.h | 4 ++-- linux-user/syscall.c | 21 ++++++++++++------ qga/commands.c | 5 ++--- qga/installer/qemu-ga.wxs | 1 + qga/vss-win32/install.cpp | 2 +- target/arm/cpu.h | 3 +++ target/s390x/arch_dump.c | 2 +- target/s390x/cpu.h | 1 + target/s390x/s390x-internal.h | 3 ++- target/s390x/tcg/insn-data.h.inc | 4 ++-- target/s390x/tcg/mem_helper.c | 1 + target/s390x/tcg/translate.c | 41 ++++++++++++++++++++++++++++-------- ui/gtk.c | 4 +++- util/fdmon-epoll.c | 25 ++++++++++++++++------ 23 files changed, 111 insertions(+), 40 deletions(-)
Hi Michael, You cherry-picked one of my patch qga/win32: Remove change action from MSI installer but it is part of the CVE fix. Please cherry-pick one more patch. Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ Best Regards, Konstantin Kostiuk. On Thu, Apr 13, 2023 at 11:35 PM Michael Tokarev <mjt@tls.msk.ru> wrote: > Despite 8.0 release is almost here, I'd love to make another 7.2.x > release, adding more fixes which has been collected so far. > > The following new patches are queued for QEMU stable v7.2.2: > > https://gitlab.com/mjt0k/qemu/-/commits/stable-7.2-staging/ > > Patch freeze is 2023-04-20, and the release is planned for 2023-04-22. > > Please respond here or CC qemu-stable@nongnu.org on any additional patches > you think should (or shouldn't) be included in the release. > > Thanks! > > /mjt > > ---------------------------------------------------------------- > Bernhard Beschow (1): > qemu/osdep: Switch position of "extern" and "G_NORETURN" > > Cédric Le Goater (1): > target/s390x: Fix float_comp_to_cc() prototype > > Fiona Ebner (1): > hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value > > Ilya Leoshkevich (2): > target/s390x: Fix EXECUTE of relative long instructions > linux-user: Fix unaligned memory access in prlimit64 syscall > > Klaus Jensen (1): > hw/nvme: fix memory leak in nvme_dsm > > Konstantin Kostiuk (1): > qga/win32: Remove change action from MSI installer > > Lukas Tschoke (1): > block/vhdx: fix dynamic VHDX BAT corruption > > Marc-André Lureau (1): > ui: fix crash on serial reset, during init > > Markus Armbruster (2): > qga: Drop dangling reference to QERR_QGA_LOGGING_DISABLED > hw/arm: do not free machine->fdt in arm_load_dtb() > > Mathis Marion (2): > linux-user: fix sockaddr_in6 endianness > linux-user: fix timerfd read endianness conversion > > Nina Schoetterl-Glausch (1): > target/s390x: Fix emulation of C(G)HRL > > Peter Xu (1): > io: tls: Inherit QIO_CHANNEL_FEATURE_SHUTDOWN on server side > > Pierrick Bouvier (1): > qga/vss-win32: fix warning for clang++-15 > > Richard Henderson (2): > target/s390x: Split out gen_ri2 > target/arm: Handle m-profile in arm_is_secure > > Stefan Hajnoczi (1): > aio-posix: fix race between epoll upgrade and aio_set_fd_handler() > > Thomas Huth (1): > target/s390x/arch_dump: Fix memory corruption in > s390x_write_elf64_notes() > > Yuval Shaia (1): > hw/pvrdma: Protect against buggy or malicious guest driver > > block/vhdx-log.c | 2 +- > hw/arm/boot.c | 5 ++++- > hw/net/vmxnet3.c | 2 +- > hw/nvme/ctrl.c | 3 +++ > hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ > include/qemu/osdep.h | 2 +- > io/channel-tls.c | 3 +++ > linux-user/fd-trans.c | 10 ++++++--- > linux-user/fd-trans.h | 1 + > linux-user/generic/target_resource.h | 4 ++-- > linux-user/syscall.c | 21 ++++++++++++------ > qga/commands.c | 5 ++--- > qga/installer/qemu-ga.wxs | 1 + > qga/vss-win32/install.cpp | 2 +- > target/arm/cpu.h | 3 +++ > target/s390x/arch_dump.c | 2 +- > target/s390x/cpu.h | 1 + > target/s390x/s390x-internal.h | 3 ++- > target/s390x/tcg/insn-data.h.inc | 4 ++-- > target/s390x/tcg/mem_helper.c | 1 + > target/s390x/tcg/translate.c | 41 > ++++++++++++++++++++++++++++-------- > ui/gtk.c | 4 +++- > util/fdmon-epoll.c | 25 ++++++++++++++++------ > 23 files changed, 111 insertions(+), 40 deletions(-) > >
13.04.2023 23:50, Konstantin Kostiuk wrote: > Hi Michael, > > You cherry-picked one of my patch qga/win32: Remove change action from MSI installer > but it is part of the CVE fix. > > Please cherry-pick one more patch. > > Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ > <https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/> I planned to pick both but somehow ended up with just one. Thank you very much for this, picked up now! /mjt
Hi Michael, > 13.04.2023 23:50, Konstantin Kostiuk wrote: > > Hi Michael, > > > > You cherry-picked one of my patch qga/win32: Remove change action from MSI installer > > but it is part of the CVE fix. > > > > Please cherry-pick one more patch. > > > > Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ > > <https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/> > > I planned to pick both but somehow ended up with just one. > > Thank you very much for this, picked up now! I do not see the second part of the fix (commit 07ce178a "qga/win32: Use rundll for VSS installation") in stable-7.2. Has it somehow fallen through the cracks? Thanks, > /mjt > -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
02.08.2023 13:53, Mauro Matteo Cascella wrote: > Hi Michael, > >> 13.04.2023 23:50, Konstantin Kostiuk wrote: >>> Hi Michael, >>> >>> You cherry-picked one of my patch qga/win32: Remove change action from MSI installer >>> but it is part of the CVE fix. >>> >>> Please cherry-pick one more patch. >>> >>> Original mail: https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/ >>> <https://patchew.org/QEMU/20230303192008.109549-1-kkostiuk@redhat.com/> >> >> I planned to pick both but somehow ended up with just one. >> >> Thank you very much for this, picked up now! > > I do not see the second part of the fix (commit 07ce178a "qga/win32: > Use rundll for VSS installation") in stable-7.2. Has it somehow fallen > through the cracks? Apparently yes. Looking at it now, I've no idea how it happened. I remember this conversation and remember running git cherry-pick for the second half, but it's not there indeed. I wish I know what's the matter to avoid it in the future :( Picked it up now for the upcoming 7.2.5. Thank you for being persistent! /mjt
© 2016 - 2024 Red Hat, Inc.