Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package qemu for openSUSE:Factory checked in
at 2022-03-11 21:39:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/qemu (Old)
and /work/SRC/openSUSE:Factory/.qemu.new.25692 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qemu"
Fri Mar 11 21:39:52 2022 rev:221 rq:960260 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/qemu/qemu.changes 2022-02-21
17:46:04.475584642 +0100
+++ /work/SRC/openSUSE:Factory/.qemu.new.25692/qemu.changes 2022-03-11
21:39:54.110011272 +0100
@@ -1,0 +2,49 @@
+Mon Mar 7 15:45:42 UTC 2022 - Dario Faggioli <dfaggi...@suse.com>
+
+- Build PPC firmwares from sources on non-PPC builds as well
+ (bsc#1193545)
+- Build RiscV firmwares on non-RiscV builds as well
+- While there, refactor (and simplify!) the firmware building
+ logic and code
+* Patches added:
+ Makefile-define-endianess-for-cross-buil.patch
+ Makefile-fix-build-with-binutils-2.38.patch
+
+-------------------------------------------------------------------
+Mon Mar 7 14:14:18 UTC 2022 - Dario Faggioli <dfaggi...@suse.com>
+
+- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
+ bus adapter (bsc#1180432, CVE-2020-35503)
+* Patches added:
+ hw-scsi-megasas-check-for-NULL-frame-in-.patch
+
+-------------------------------------------------------------------
+Fri Feb 18 18:39:54 UTC 2022 - Dario Faggioli <dfaggi...@suse.com>
+
+- Include vmxcap in the qemu-tools package (is being very useful
+ for debugging bsc#1193364)
+
+-------------------------------------------------------------------
+Fri Feb 18 18:26:26 UTC 2022 - Dario Faggioli <dfaggi...@suse.com>
+
+- The qemu package should require qemu-x86, qemu-arm, etc, as there's
+ no point installing it without _any_ of them. Additionally, right
+ now, the user does not get a working qemu, if recommended packages
+ are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087
+
+-------------------------------------------------------------------
+Wed Feb 18 15:31:48 UTC 2022 - Dario Faggioli <dfaggi...@suse.com>
+
+- Give clearer instructions on how to modify the package patches
+ from the output of update_git.sh (docs change only, no functional
+ change)
+
+-------------------------------------------------------------------
+Wed Feb 18 12:25:15 UTC 2022 - Dario Faggioli <dfaggi...@suse.com>
+
+- qemu,kvm: potential privilege escalation via virtiofsd
+ (bsc#1195161, CVE-2022-0358)
+* Patches added:
+ virtiofsd-Drop-membership-of-all-supplem.patch
+
+-------------------------------------------------------------------
New:
----
Makefile-define-endianess-for-cross-buil.patch
Makefile-fix-build-with-binutils-2.38.patch
hw-scsi-megasas-check-for-NULL-frame-in-.patch
virtiofsd-Drop-membership-of-all-supplem.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ qemu.spec ++++++
++++ 691 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/qemu/qemu.spec
++++ and /work/SRC/openSUSE:Factory/.qemu.new.25692/qemu.spec
++++++ Makefile-define-endianess-for-cross-buil.patch ++++++
From: Dario Faggioli <dfaggi...@suse.com>
Date: Wed, 16 Feb 2022 19:22:01 +0100
Subject: Makefile: define endianess for cross-building on aarch64
Git-commit: 0000000000000000000000000000000000000000
References: bsc#1193545
Include aarch64 in the endianess check, so we can cross-build from
there too.
Signed-of-by: Dario Faggioli <dfaggi...@suse.com>
---
Makefile.main | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roms/skiboot/Makefile.main b/roms/skiboot/Makefile.main
index c8a63e8b110f3c6bf115314da7bf..98790ec5c3b0f35272f032798353 100644
--- a/roms/skiboot/Makefile.main
+++ b/roms/skiboot/Makefile.main
@@ -50,7 +50,7 @@ endif
# Host tools and options
HOSTCC=gcc
-HOSTEND=$(shell uname -m | sed -e 's/^i.*86$$/LITTLE/' -e 's/^x86.*/LITTLE/'
-e 's/^ppc64le/LITTLE/' -e 's/^ppc.*/BIG/')
+HOSTEND=$(shell uname -m | sed -e 's/^i.*86$$/LITTLE/' -e 's/^x86.*/LITTLE/'
-e 's/^ppc64le/LITTLE/' -e 's/^aarch64/LITTLE/' -e 's/^ppc.*/BIG/')
HOSTCFLAGS:=-O1 $(CWARNS) -DHAVE_$(HOSTEND)_ENDIAN -MMD
HOSTCFLAGS += $(call try-cflag,$(HOSTCC),-std=gnu11)
HOSTCFLAGS += $(call try-cflag,$(HOSTCC),-m64)
++++++ Makefile-fix-build-with-binutils-2.38.patch ++++++
From: Aurelien Jarno <aurel...@aurel32.net>
Date: Fri, 28 Jan 2022 18:33:46 +0100
Subject: Makefile: fix build with binutils 2.38
Git-commit: 5d53b55aa77ffeefd4012445dfa6ad3535e1ff2c
>From version 2.38, binutils default to ISA spec version 20191213. This
means that the csr read/write (csrr*/csrw*) instructions and fence.i
instruction has separated from the `I` extension, become two standalone
extensions: Zicsr and Zifencei. As the kernel uses those instruction,
this causes the following build failure:
CC lib/sbi/sbi_tlb.o
<<BUILDDIR>>/lib/sbi/sbi_tlb.c: Assembler messages:
<<BUILDDIR>>/lib/sbi/sbi_tlb.c:190: Error: unrecognized opcode `fence.i'
make: *** [Makefile:431: <<BUILDDIR>>/build/lib/sbi/sbi_tlb.o] Error 1
The fix is to specify those extensions explicitly in -march. However as
older binutils version do not support this, we first need to detect
that.
Signed-off-by: Aurelien Jarno <aurel...@aurel32.net>
Reviewed-by: Bin Meng <bmeng...@gmail.com>
Tested-by: Alexandre Ghiti <alexandre.gh...@canonical.com>
Reviewed-by: Anup Patel <a...@brainfault.org>
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
Makefile | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/roms/opensbi/Makefile b/roms/opensbi/Makefile
index d6f097d30af78c0fba92eeeec523..a294f46fa8e16caec64d5a88c2a2 100644
--- a/roms/opensbi/Makefile
+++ b/roms/opensbi/Makefile
@@ -106,6 +106,9 @@ ifndef PLATFORM_RISCV_XLEN
endif
endif
+# Check whether the assembler and the compiler support the Zicsr and Zifencei
extensions
+CC_SUPPORT_ZICSR_ZIFENCEI := $(shell $(CC) $(CLANG_TARGET) $(RELAX_FLAG)
-nostdlib -march=rv$(OPENSBI_CC_XLEN)imafd_zicsr_zifencei -x c /dev/null -o
/dev/null 2>&1 | grep "zicsr\|zifencei" > /dev/null && echo n || echo y)
+
# Setup list of objects.mk files
ifdef PLATFORM
platform-object-mks=$(shell if [ -d $(platform_src_dir)/ ]; then find
$(platform_src_dir) -iname "objects.mk" | sort -r; fi)
@@ -157,7 +160,11 @@ ifndef PLATFORM_RISCV_ABI
endif
ifndef PLATFORM_RISCV_ISA
ifneq ($(PLATFORM_RISCV_TOOLCHAIN_DEFAULT), 1)
- PLATFORM_RISCV_ISA = rv$(PLATFORM_RISCV_XLEN)imafdc
+ ifeq ($(CC_SUPPORT_ZICSR_ZIFENCEI), y)
+ PLATFORM_RISCV_ISA = rv$(PLATFORM_RISCV_XLEN)imafdc_zicsr_zifencei
+ else
+ PLATFORM_RISCV_ISA = rv$(PLATFORM_RISCV_XLEN)imafdc
+ endif
else
PLATFORM_RISCV_ISA = $(OPENSBI_CC_ISA)
endif
++++++ bundles.tar.xz ++++++
Binary files old/44f28df24767cf9dca1ddc9b23157737c4cbb645.bundle and
new/44f28df24767cf9dca1ddc9b23157737c4cbb645.bundle differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/repo new/repo
--- old/repo 2021-12-16 17:53:29.000000000 +0100
+++ new/repo 2021-12-16 17:53:29.000000000 +0100
@@ -1 +1 @@
-https://github.com/openSUSE/qemu.git
+https://git.qemu.org/git/qemu.git
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/repo
new/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/repo
--- old/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/repo 2021-12-16
17:53:29.000000000 +0100
+++ new/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/repo 2021-12-16
17:53:29.000000000 +0100
@@ -1 +1 @@
-https://github.com/openSUSE/qemu-edk2-BrotliCompress-brotli.git
+https://github.com/google/brotli
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/roms/ipxe/repo new/roms/ipxe/repo
--- old/roms/ipxe/repo 2021-12-16 17:53:29.000000000 +0100
+++ new/roms/ipxe/repo 2021-12-16 17:53:29.000000000 +0100
@@ -1 +1 @@
-https://github.com/openSUSE/qemu-ipxe.git
+https://git.qemu.org/git/ipxe.git
Binary files old/roms/opensbi/234ed8e427f4d92903123199f6590d144e0d9351.bundle
and new/roms/opensbi/234ed8e427f4d92903123199f6590d144e0d9351.bundle differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/roms/opensbi/repo new/roms/opensbi/repo
--- old/roms/opensbi/repo 1970-01-01 01:00:00.000000000 +0100
+++ new/roms/opensbi/repo 2021-12-16 17:53:29.000000000 +0100
@@ -0,0 +1 @@
+https://git.qemu.org/git/opensbi.git
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/roms/qboot/repo new/roms/qboot/repo
--- old/roms/qboot/repo 2021-12-16 17:53:29.000000000 +0100
+++ new/roms/qboot/repo 2021-12-16 17:53:29.000000000 +0100
@@ -1 +1 @@
-https://github.com/openSUSE/qemu-qboot.git
+https://github.com/bonzini/qboot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/roms/seabios/repo new/roms/seabios/repo
--- old/roms/seabios/repo 2021-12-16 17:53:29.000000000 +0100
+++ new/roms/seabios/repo 2021-12-16 17:53:29.000000000 +0100
@@ -1 +1 @@
-https://github.com/openSUSE/qemu-seabios.git
+https://git.qemu.org/git/seabios.git/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/roms/sgabios/repo new/roms/sgabios/repo
--- old/roms/sgabios/repo 2021-12-16 17:53:29.000000000 +0100
+++ new/roms/sgabios/repo 2021-12-16 17:53:29.000000000 +0100
@@ -1 +1 @@
-https://github.com/openSUSE/qemu-sgabios.git
+https://git.qemu.org/git/sgabios.git
Binary files old/roms/skiboot/820d43c0a7751e75a8830561f35535dfffd522bd.bundle
and new/roms/skiboot/820d43c0a7751e75a8830561f35535dfffd522bd.bundle differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/roms/skiboot/repo new/roms/skiboot/repo
--- old/roms/skiboot/repo 1970-01-01 01:00:00.000000000 +0100
+++ new/roms/skiboot/repo 2021-12-16 17:53:29.000000000 +0100
@@ -0,0 +1 @@
+https://gitlab.com/qemu-project/skiboot.git
++++++ hw-scsi-megasas-check-for-NULL-frame-in-.patch ++++++
From: Mauro Matteo Cascella <mcasc...@redhat.com>
Date: Mon, 7 Mar 2022 16:22:01 +0100
Subject: hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()
Git-commit: 00000000000000000000000000000000000000000000
References: bsc#1180432, CVE-2020-35503
Ensure that 'cmd->frame' is not NULL before accessing the 'header' field.
This check prevents a potential NULL pointer dereference issue.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
Signed-off-by: Mauro Matteo Cascella <mcasc...@redhat.com>
Reported-by: Cheolwoo Myung <cwmy...@snu.ac.kr>
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/scsi/megasas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 4ff51221d4cd0952d9394b8f66b1..07b2b08bf2866907acf0a2b4450c 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -1891,7 +1891,7 @@ static void megasas_command_cancelled(SCSIRequest *req)
{
MegasasCmd *cmd = req->hba_private;
- if (!cmd) {
+ if (!cmd || !cmd->frame) {
return;
}
cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED;
++++++ qemu.spec.in ++++++
++++ 626 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/qemu/qemu.spec.in
++++ and /work/SRC/openSUSE:Factory/.qemu.new.25692/qemu.spec.in
++++++ update_git.sh ++++++
--- /var/tmp/diff_new_pack.MA8rKU/_old 2022-03-11 21:39:57.014013338 +0100
+++ /var/tmp/diff_new_pack.MA8rKU/_new 2022-03-11 21:39:57.018013341 +0100
@@ -1049,8 +1049,10 @@
bundle2local &> ~/pkg2git.log
echo "SUCCESS"
echo "To modify package patches, use the frombundle branch as the
basis for updating"
- echo "the $GIT_BRANCH branch with the new patch queue."
- echo "Then export the changes back to the package using
update_git.sh git2pkg"
+ echo "the $GIT_BRANCH branch with the new patch queue, e.g., like
this:"
+ echo " git checkout -f --recurse-submodules -B $GIT_BRANCH
frombundle"
+ echo "Then make your changes and, when done, export them back to
the package with:"
+ echo " bash ./update_git.sh git2pkg"
;;
refresh )
echo "Updating the spec file and patches from the spec file
template and the bundle"
++++++ virtiofsd-Drop-membership-of-all-supplem.patch ++++++
From: Vivek Goyal <vgo...@redhat.com>
Date: Tue, 25 Jan 2022 13:51:14 -0500
Subject: virtiofsd: Drop membership of all supplementary groups
(CVE-2022-0358)
Git-commit: 449e8171f96a6a944d1f3b7d3627ae059eae21ca
References: bsc#1195161
At the start, drop membership of all supplementary groups. This is
not required.
If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some operations which are not
normally allowed.
For example, if root in guest creates a dir as follows.
$ mkdir -m 03777 test_dir
This sets SGID on dir as well as allows unprivileged users to write into
this dir.
And now as unprivileged user open file as follows.
$ su test
$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755);
This will create SGID set executable in test_dir/.
And that's a problem because now an unpriviliged user can execute it,
get egid=0 and get access to resources owned by "root" group. This is
privilege escalation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
Fixes: CVE-2022-0358
Reported-by: JIETAO XIAO <shawtao1...@gmail.com>
Suggested-by: Miklos Szeredi <mszer...@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
Message-Id: <yfbgoris38ebq...@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
dgilbert: Fixed missing {}'s style nit
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 64b5b4fbb18670075eedd1f3d158..b3d0674f6d2f267664d1c4558856 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -54,6 +54,7 @@
#include <sys/wait.h>
#include <sys/xattr.h>
#include <syslog.h>
+#include <grp.h>
#include "qemu/cutils.h"
#include "passthrough_helpers.h"
@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent,
const char *name)
#define OURSYS_setresuid SYS_setresuid
#endif
+static void drop_supplementary_groups(void)
+{
+ int ret;
+
+ ret = getgroups(0, NULL);
+ if (ret == -1) {
+ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n",
+ errno, strerror(errno));
+ exit(1);
+ }
+
+ if (!ret) {
+ return;
+ }
+
+ /* Drop all supplementary groups. We should not need it */
+ ret = setgroups(0, NULL);
+ if (ret == -1) {
+ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n",
+ errno, strerror(errno));
+ exit(1);
+ }
+}
+
/*
* Change to uid/gid of caller so that file is created with
* ownership of caller.
@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[])
qemu_init_exec_dir(argv[0]);
+ drop_supplementary_groups();
+
pthread_mutex_init(&lo.mutex, NULL);
lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal);
lo.root.fd = -1;
