Commit Graph

377 Commits

Author SHA1 Message Date
Oguz Bektas
95fd47ecb9 patch for possible DOS in qemu network packet processing
fixes an assertion failure in qemu network packet processing, which can
lead to DOS'ing the qemu process on the host. this affects 'e1000e' and
'vmxnet3' network devices.

patch is cherry-picked from the commit mentioned in the oss-security email.

more info on oss-security [0]

[0]: https://www.openwall.com/lists/oss-security/2020/08/10/1

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2020-08-11 11:08:39 +02:00
Thomas Lamprecht
41424ed9c8 bump version to 5.0.0-11
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-14 12:45:24 +02:00
Stefan Reiter
f257cc05f4 Fix dirty-bitmap PBS backup with multiple drives
"PVE backup: rename incremental to use-dirty-bitmap" merged two
variables (use_dirty_bitmap and incremental) into one, but they served
two different purposes. Rename the original use_dirty_bitmap to
"expect_only_dirty" so the new one doesn't conflict, and rework "PVE:
use proxmox_backup_check_incremental" around that semantic.

In practice, this had the effect that only one disk at a time would
have a bitmap added, as after the first "use_dirty_bitmap" would be set
to one and the rest would behave as if the QMP parameter of the same
name was unset.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2020-07-14 10:46:48 +02:00
Wolfgang Bumiller
9886892f10 bump version to 5.0.0-10
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-07-10 13:33:44 +02:00
Wolfgang Bumiller
6d46b2ff4c fix backup qmp parameters to pass along encryption info
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-07-10 13:31:52 +02:00
Thomas Lamprecht
2e4f5f2a90 bump version to 5.0.0-9
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-09 13:18:48 +02:00
Thomas Lamprecht
1d606ec161 d/control: update build-dependency of libproxmox-backup-qemu0-dev
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-09 13:17:29 +02:00
Thomas Lamprecht
3499c5b45a PBS patches: block driver, adapat encrypt/compress param, add query-proxmox-support QMP cmd
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-09 13:15:49 +02:00
Thomas Lamprecht
102ddd7e59 bump version to 5.0.0-8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-06 23:05:42 +02:00
Thomas Lamprecht
4c17eebee4 fixup: proxmox_backup_check_incremental is negated
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-06 23:05:42 +02:00
Thomas Lamprecht
dfed71b229 bump version to 5.0.0-7
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-06 22:19:12 +02:00
Thomas Lamprecht
3ab149ccdd update/add PBS integration patches
* rename "incremental" param to "use-dirty-bitmap", avoids confusion
  as the backup can be incrementally also with that param set to
  false.
* use new proxmox_backup_check_incremental
* fix setting dirty counter and adapt to new connect API semantic

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-06 22:13:12 +02:00
Thomas Lamprecht
1f8140323f bump version to 5.0.0-6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-03 19:26:09 +02:00
Thomas Lamprecht
15b9c76e1f pbs: query-backup: set reused field also for dirty-bitmap
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-03 19:26:09 +02:00
Thomas Lamprecht
d7f4e01a34 debian/patches: squash some followup patches and regroup a bit more together
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-02 13:33:16 +02:00
Thomas Lamprecht
20be7fa0a0 backup: improve QAPI info and remove all dirty-bitmaps on failed drive-job
effectively two commits merged as one:
https://pve.proxmox.com/pipermail/pve-devel/2020-July/044185.html
https://pve.proxmox.com/pipermail/pve-devel/2020-July/044194.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-02 13:03:49 +02:00
Thomas Lamprecht
0943af81a6 bump version to 5.0.0-5
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-06-30 12:59:26 +02:00
Thomas Lamprecht
04e436ea6b d/control: build depend on newer libproxmox-backup-qemu0-dev
to ensure we have the new 'incremental' parameter for the
proxmox_backup_register_image and proxmox_backup_register_image_async
functions available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-06-30 12:53:01 +02:00
Dietmar Maurer
c96a4a38cb add incremental backup patches
and fix typo: s/BPS/PBS/
2020-06-30 10:34:00 +02:00
Stefan Reiter
f0b53ef0b2 fix #2794: Include legacy-igd passthrough fix
See https://bugs.launchpad.net/qemu/+bug/1882784

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2020-06-25 13:24:34 +02:00
Thomas Lamprecht
b570f1c41e Fix backup for not 64k-aligned storages
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Roland Kammerer <roland.kammerer@linbit.com>
2020-06-24 16:26:30 +02:00
Thomas Lamprecht
fff7e250ee pbs-restore: flush verbose log before calling into library
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-06-02 13:20:56 +02:00
Thomas Lamprecht
5107839915 bump version to 5.0.0-4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-30 18:48:00 +02:00
Thomas Lamprecht
bce72611f9 pbs-restore: be more verbose if asked to
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-30 18:48:00 +02:00
Thomas Lamprecht
c6979241f1 small cleanups for pbs-restore
Add trailing newline to two error messages, and drop an extra
unconditional `qdict_put_str(options, "driver", format);`
Besides that it's just formatting.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-30 15:24:20 +02:00
Thomas Lamprecht
4e74eca7ed install pbs-restore to usr/bin
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-30 13:54:08 +02:00
Thomas Lamprecht
62b7007c2a bump version to 5.0.0-3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-27 18:54:06 +02:00
Thomas Lamprecht
f063a8aadb fix vmstate-snapshots with iothread=1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-27 18:54:06 +02:00
Thomas Lamprecht
63be960208 bump version to 5.0.0-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-04 15:23:37 +02:00
Wolfgang Bumiller
abc9e57f05 add optional buffer size to QEMUFile
and use 4M for our savevm-async buffer size

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-05-04 15:09:10 +02:00
Wolfgang Bumiller
24e289d025 experimentally move savevm-async back into a coroutine
Move qemu_savevm_state_{header,setup} into the main loop and
the rest of the iteration into a coroutine. The former need
to lock the iothread (and we can't unlock it in the
coroutine), and the latter can't deal with being in a
separate thread, so a coroutine it must be.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-05-04 15:09:10 +02:00
Thomas Lamprecht
9d5bec4ded bump version to 5.0.0-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-29 09:54:19 +02:00
Thomas Lamprecht
fa5ebda23f bump version to 5.0.0~rc3-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-17 09:11:27 +02:00
Thomas Lamprecht
751ed3661b avoid using QemuRecMutex inside coroutines, QemuMutex to lock outside
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-17 09:09:12 +02:00
Thomas Lamprecht
9e4a452f24 bump version to 5.0.0~rc3-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-16 16:53:20 +02:00
Thomas Lamprecht
9ba27d39e0 d/control: build deps; switch libcap to libcap-ng, add libattr
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-16 16:53:20 +02:00
Thomas Lamprecht
d5619ef646 pve backup: avoid using recursive mutex
Release the lock on qemu_coroutine_yield, so coroutines don't
deadlock.

Originally-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-16 15:20:22 +02:00
Thomas Lamprecht
b7e851a529 rebase patches onto v5.0.0-rc3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-16 15:19:31 +02:00
Thomas Lamprecht
ad9dbe4930 bump version to 5.0.0~rc2-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-08 15:36:32 +02:00
Thomas Lamprecht
83faa3fe30 import QEMU 5.0.0-rc2 and rebase patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-08 15:36:32 +02:00
Thomas Lamprecht
e791d95bb8 bump version to 4.2.0-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-25 12:20:15 +01:00
Thomas Lamprecht
48d490fe54 patches: move upstream cherry picked to extra folder, like we did in the past
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-23 10:16:35 +01:00
Fabian Grünbichler
059a9447e2 add bitmap drive-mirror patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-23 10:15:22 +01:00
Dominic Jäger
66e3df5d45 vma_writer: Display more error information
Also print the reason why the function vma_writer_register_stream failed to
help debug errors like in [0].

[0] https://forum.proxmox.com/threads/backup-error-vma_writer_register_stream-drive-scsi0-failed-pve-6-1-7.65925/

Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
Reviewed-by: Stefan Reiter <s.reiter@proxmox.com>
2020-03-19 18:58:47 +01:00
Oguz Bektas
1be32c854f slirp: re-add security patches
the first two patches were mistakenly left out during the 4.2 qemu
rebase.

also adds another patch for issue CVE-2019-14378 (heap-based BOF)

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2020-03-13 13:20:11 +01:00
Dietmar Maurer
20505f521e fixup backup with io-threads 2020-03-12 10:30:18 +01:00
Thomas Lamprecht
c3e8606cd9 bump version to 4.2.0-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-11 07:26:21 +01:00
Thomas Lamprecht
6402d96100 update submodule and patches for 4.2.0
The long overdue nice rebase+cleanup was done by Dietmar

Originally-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-11 07:26:21 +01:00
Thomas Lamprecht
75697a753c bump version to 4.1.1-4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-06 16:33:14 +01:00
Oguz Bektas
284d3b2cab security patches for libslirp CVE-2020-8608
original commits and email can be found here[0]

A out-of-bounds heap buffer access issue was found in the SLiRP
networking implementation of the QEMU emulator. It occurs in tcp_emu()
routine while emulating IRC and other protocols due to unsafe usage of
snprintf(3) function.

A user/process could use this flaw to crash the Qemu process on the host
resulting in DoS or potentially execute arbitrary code with privileges
of the QEMU process on the host.

[0]: https://seclists.org/oss-sec/2020/q1/64

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-06 15:17:29 +01:00
Oguz Bektas
ee8bd5bfbe add patch for CVE-2019-20382 (vnc disconnect memory leak)
oss-security email can be found here[0]

upstream commit here[1]

this effects our vncproxy. dominik and me tested if the issue is present
on our branch and it appears that it is.
in essence when we disconnect from a vnc connection, the memory isn't
free'd afterwards which causes the qemu process to use more and more
memory with each disconnect, which could lead to a dos scenario.

we tested the patch and it seems to mitigate the problem.

[0]: https://seclists.org/oss-sec/2020/q1/105
[1]: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2020-03-05 13:34:29 +01:00
Thomas Lamprecht
487df43ff9 fix changelog release
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-02-18 11:26:27 +01:00
Dietmar Maurer
f9e67b6b00 bump version to 4.1.1-3 2020-02-18 10:56:59 +01:00
Dietmar Maurer
84403c2d53 improve qemu backup by reducing lock contention
- reducing lock contention by using CoRwLock
- correctly call aio_wait_kick()
2020-02-18 10:47:21 +01:00
Thomas Lamprecht
2c67b15290 followup: fix indentation
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-25 16:17:23 +01:00
Tim Marx
f47a9db42a fix hmp info backup command
Signed-off-by: Tim Marx <t.marx@proxmox.com>
2020-01-25 16:09:47 +01:00
Thomas Lamprecht
9714cead2c grammar fix: s/does not exists/does not exist/g
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-12-13 12:10:51 +01:00
Thomas Lamprecht
bd8036e403 bump version to 4.1.1-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-29 09:05:43 +01:00
Thomas Lamprecht
656c50e3b8 fix #2478: record python3-minimal as build dependency
Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-26 13:07:55 +01:00
Stefan Reiter
d090eaa209 fix #2486: include fix for disk hot-resize regression (w/ iothread=1)
See: https://lists.nongnu.org/archive/html/qemu-devel/2019-09/msg03201.html

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-25 13:50:28 +01:00
Thomas Lamprecht
a0866d18a5 fixup patch author
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-25 11:49:06 +01:00
Thomas Lamprecht
d756352751 bump version to 4.1.1-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-25 09:12:48 +01:00
Thomas Lamprecht
ac2969b218 allow to pass PVE version to machine
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-25 09:12:48 +01:00
Thomas Lamprecht
99b86f4f9d handle virtio-balloon cfg size compat with our 4.0 machines
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-22 10:07:39 +01:00
Thomas Lamprecht
917265984c update diffs/indexes from patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-22 10:07:39 +01:00
Stefan Reiter
1dc952cf51 Update and rebase to QEMU 4.1.1
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-21 07:59:09 +01:00
Stefan Reiter
a9b8206ded Apply fixups for 4.1
* Fix VMA tool build
* Change PVE code to new blockjob API
* Acquire missing lock for block_job_add_bdrv

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-21 07:59:05 +01:00
Stefan Reiter
be901f6656 Update and rebase to QEMU 4.1
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-21 07:58:57 +01:00
Wolfgang Bumiller
42d06563fb bump version to 4.0.1-5
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-04 14:39:47 +01:00
Wolfgang Bumiller
d4824fa37a fix backup speed regression
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-04 14:23:17 +01:00
Thomas Lamprecht
82d7827472 bump version to 4.0.1-4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-30 18:10:04 +01:00
Thomas Lamprecht
22ff24871d various small pve backup co-routine related fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-30 16:03:56 +01:00
Thomas Lamprecht
219fbf03ff bump version to 4.0.1-3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-24 08:50:26 +02:00
Thomas Lamprecht
a5db0e22d7 backup: add various cleanups
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-24 08:49:09 +02:00
Thomas Lamprecht
5a98917c4b bump version to 4.0.1-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-23 09:16:19 +02:00
Thomas Lamprecht
cbb547903c run backup related code inside co-routines and improve locking
Patches-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-23 09:14:51 +02:00
Thomas Lamprecht
c306e84e86 bump version to 4.0.1-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-22 09:52:03 +02:00
Thomas Lamprecht
b8d43c594b update sources for v4.0.1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-22 09:52:03 +02:00
Dietmar Maurer
69cb18950a fix #1071: use correct AioContext to cope with IOThreads
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2019-10-21 15:51:43 +02:00
Thomas Lamprecht
376d9ce806 Write recognized CPUID flags into static file
located at /usr/share/kvm/recognized-CPUID-flags-x86_64

It's a simple one flag per line list of all flags the build of QEMU
can understand for x86_64 CPUs.

It will be used in qemu-server for the custom CPU model feature.

For now, only x86_64 is implemented, since aarch64 doesn't print any flags when
called this way.

Co-developed-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-17 13:39:21 +02:00
Wolfgang Bumiller
b8e0d5bc0f bump version to 4.0.0-7
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-10-10 11:04:20 +02:00
Wolfgang Bumiller
23ea029343 disable oob again
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-10-10 11:03:20 +02:00
Wolfgang Bumiller
6116f08aea bump version to 4.0.0-6
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-10-02 10:16:40 +02:00
Wolfgang Bumiller
3b1986f02f merge monitor oob fixup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-10-02 10:16:40 +02:00
Wolfgang Bumiller
21833e1b41 bump version to 4.0.0-5
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-08-06 12:49:25 +02:00
Fabian Grünbichler
f3c1e32615 fix #2269: build: adapt to glusterfs changes
build-depend on Buster's re-introduced libglusterfs-dev, and depend on
either libglusterfs0 / libgfFOO (Debian repos) or glusterfs-common
(upstream community repos), until the latter gets fixed upstream.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-08-06 12:48:20 +02:00
Wolfgang Bumiller
937226f202 bump version to 4.0.0-4
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-08-05 11:22:46 +02:00
Wolfgang Bumiller
d09c80068a merge fix for CVE-2019-14378
merge: slirp: Fix heap overflow in ip_reass on big packet input

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-08-05 11:22:10 +02:00
Wolfgang Bumiller
92f7f9e807 bump version to 4.0.0-3
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-11 09:34:27 +02:00
Wolfgang Bumiller
99c47abaac update live migration patches
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-11 09:34:03 +02:00
Thomas Lamprecht
8b017a9a20 bump version to 4.0.0-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-04 16:22:17 +02:00
Thomas Lamprecht
d5699f0388 virtio-balloon: use smaller config on older guests
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-04 16:14:49 +02:00
Thomas Lamprecht
1024d89400 fix qemu PKGVERSION
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-02 13:32:06 +02:00
Thomas Lamprecht
3c99120036 bump version to 4.0.0-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 11:39:54 +02:00
Thomas Lamprecht
8dfe6145c8 buildsys: ensure docs (man pages) are build
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 11:39:54 +02:00
Thomas Lamprecht
b70222791a debian/rules: disable building with SDL integration
This was added once by accident, we do not really need it for Proxmox
VE, it could bring some value for testing but here one can build qemu
oneself too.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 11:39:54 +02:00
Thomas Lamprecht
b855dce76d update patches for v4.0.0
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 11:39:54 +02:00
Thomas Lamprecht
5666715394 bump version to 3.0.1-62
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 20:54:44 +02:00
Thomas Lamprecht
54e7428425 d/control: add libcurl4-gnutls-dev to build dependencies
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 20:50:38 +02:00
Thomas Lamprecht
42dfcf977c d/rules: enable curl support
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 13:34:49 +02:00
Thomas Lamprecht
ec302df911 d/rules: disable libxml2 support
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 13:34:49 +02:00
Thomas Lamprecht
bffcf456a2 d/control: add libseccomp-dev to build dependencies
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 12:32:55 +02:00
Thomas Lamprecht
1dab59e702 d/control: run wrap-and-sort -tkn
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 12:32:24 +02:00
Thomas Lamprecht
73e12bd731 d/rules: ensure QEMU gets compiled with seccomp on
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 11:41:17 +02:00
Thomas Lamprecht
964a487a03 d/rules: split and sort configure flags
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-14 11:41:13 +02:00
Oguz Bektas
9be61fa466 add fixes for intel MDS CVEs
fixes for:
* CVE-2018-12126
* CVE-2018-12127
* CVE-2018-12130
* CVE-2019-11091

adds the md-clear cpuflag.

Not included by default in any Intel CPU model.

Must be explicitly turned on for all Intel CPU models.

Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-06-05 14:21:44 +02:00
Thomas Lamprecht
7951909dad remove outdated postinst, cruft from old times
It was for the switch from doing our QEMU/KVM build as 'qemu' to
'kvm', see
https://git.proxmox.com/?p=pve-qemu-kvm.git;a=commitdiff;h=8b7e35182aba87372ba5da5d322791557b744c15

Based on:
https://pve.proxmox.com/pipermail/pve-devel/2019-May/037153.html

Co-developed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-27 19:34:06 +02:00
Thomas Lamprecht
a862f375cb bump version to 3.0.1-61
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 18:26:00 +02:00
Thomas Lamprecht
7392a9817d fixup libspice* dependencies
we only corrected the build-dep, but not the installation one,
so fix this up and bump the version while we're at it - ensures we
have relevant security fixes available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 18:26:00 +02:00
Thomas Lamprecht
6b0a3c0f45 bump version to 3.0.1-60
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 17:59:27 +02:00
Thomas Lamprecht
7df330a978 add lintian overrides for shipped strange BLOBs
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 17:59:27 +02:00
Thomas Lamprecht
edf1ab9a03 disable capstone support for now
would either need another submodule or a extra dependency, for now
disable.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 17:59:27 +02:00
Thomas Lamprecht
6c69567d15 d/control: record missing build dependency libpixman
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 17:59:27 +02:00
Thomas Lamprecht
5c0cf1a177 d/control: use libspice-server-dev
we dropped the pve maintained version of this in spiceterm, the only
real user - which used a small patch to allow enabling SASL with this
libary - as it bring much more headache then it brings use we dropped
that support for PVE 6.0 and thus can use the Debian upstream version
here just fine.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 17:58:05 +02:00
Thomas Lamprecht
0c02b38c72 d/control: fix priority-extra-is-replaced-by-priority-optional
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 17:12:42 +02:00
Wolfgang Bumiller
64be2e7557 bump version to 3.0.1-2
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-04-26 09:20:04 +02:00
Wolfgang Bumiller
c36c53f829 merge: make file locking optional also on creation
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-04-26 09:18:00 +02:00
Wolfgang Bumiller
0775f12b63 bump version to 3.0.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-04-19 10:32:03 +02:00
Dietmar Maurer
583378ed06 build and include qemu-system-aarch64
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2019-04-19 09:53:44 +02:00
Wolfgang Bumiller
53e83913af bump version to 3.0.0-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-09-07 14:52:23 +02:00
Wolfgang Bumiller
9b05d1d427 bump version to 2.11.2-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-09 10:06:27 +02:00
Wolfgang Bumiller
053dd5777e bump version to 2.11.1-5
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-05 11:05:32 +02:00
Wolfgang Bumiller
e220dcddbc merge: vma & rbd changes
vma: remove forced NO_FLUSH option
rbd: fix cache mode behavior
vma: add cache option to device map

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-05 11:04:11 +02:00
Wolfgang Bumiller
a7dac7e733 bump version to 2.11.1-4
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-03-21 15:35:50 +01:00
Alexandre Derumier
46598e97c3 qemu-img : add -n option to dd to skip destination image create 2018-03-21 15:34:39 +01:00
Fabian Grünbichler
8e326f3032 build: use 3.0 source format
instead of manually including and calling quilt. resulting binary debs
are identical.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-14 14:18:17 +01:00
Thomas Lamprecht
8fefb8827a buildsys: remove new PPC specific files
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-03-01 10:26:44 +01:00
Geert Stappers
426b89f032 debian/rules: don't disable Flat Device Tree
I don't know why fdt, Flat Device Tree, is disabled,
but that disabling blocks building e.g. qemu-system-aarch64.
It stops the build and yields this:

 ERROR: fdt disabled but some requested targets require it.
        You can turn off fdt only if you also disable all the system
        emulation targets which need it
        (by specifying a cut down --target-list).

Signed-off-by: Geert Stappers <stappers@stappers.it>
2018-03-01 08:13:41 +01:00
Wolfgang Bumiller
d201635146 bump version to 2.11.1-3
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-23 10:33:56 +01:00
Wolfgang Bumiller
c854115a5f merge: qemu-img dd: add isize parameter
to write small images from stdin to bigger destinations

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-23 10:33:09 +01:00
Wolfgang Bumiller
707e85d013 bump version to 2.11.1-2
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-22 17:15:45 +01:00
Wolfgang Bumiller
23f2c0ccb0 reapply: vma: add throttling options to drive mapping fifo protocol
This one got lost when rebasing

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-22 17:15:45 +01:00
Wolfgang Bumiller
6838f03890 bump version to 2.11.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-22 12:40:28 +01:00
Wolfgang Bumiller
db442fc8d3 bump version to 2.9.1-9
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-19 10:43:06 +01:00
Wolfgang Bumiller
507c6de3ce merge EPYC and EPYC-IPBP cpu models
and a patch format cleanup round

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-19 10:40:26 +01:00
Wolfgang Bumiller
b07d2367db vma: add throttling options to drive mapping fifo protocol
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-19 10:39:42 +01:00
Wolfgang Bumiller
23102ed6dc patch cleanup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-19 10:38:54 +01:00
Wolfgang Bumiller
84303d56d7 bump version to 2.9.1-8
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-08 10:16:07 +01:00
Alexandre Derumier
b45e13fe5c fix qemu 2.9 drive mirroring to nbd target
cherry pick from qemu-kvm-ev-2.9.0-16.el7_4.11.1
https://cbs.centos.org/koji/buildinfo?buildID=21003

Tue Jun 13 2017 Miroslav Rezanina <mrezanin@redhat.com> - rhev-2.9.0-10.el7

- kvm-nbd-make-it-thread-safe-fix-qcow2-over-nbd.patch [bz#1454582]

Tue Aug 15 2017 Miroslav Rezanina <mrezanin@redhat.com> - rhev-2.9.0-16.el7_4.4
- kvm-nbd-strict-nbd_wr_syncv.patch [bz#1467509]
- kvm-nbd-read_sync-and-friends-return-0-on-success.patch [bz#1467509]
- kvm-nbd-make-nbd_drop-public.patch [bz#1467509]
- kvm-nbd-server-get-rid-of-nbd_negotiate_read-and-friends.patch [bz#1467509]

Mon Oct 09 2017 Miroslav Rezanina <mrezanin@redhat.com> - rhev-2.9.0-16.el7_4.9
- kvm-nbd-client-Fix-regression-when-server-sends-garbage.patch [bz#1495474]
- kvm-fix-build-failure-in-nbd_read_reply_entry.patch [bz#1495474]
- kvm-nbd-client-avoid-spurious-qio_channel_yield-re-entry.patch [bz#1495474]
- kvm-nbd-client-avoid-read_reply_co-entry-if-send-failed.patch [bz#1495474]
- kvm-qemu-iotests-improve-nbd-fault-injector.py-startup-p.patch [bz#1495474]
- kvm-qemu-iotests-test-NBD-over-UNIX-domain-sockets-in-08.patch [bz#1495474]
- kvm-block-nbd-client-nbd_co_send_request-fix-return-code.patch [bz#1495474]
- Resolves: bz#1495474
2018-02-08 10:12:21 +01:00
Wolfgang Bumiller
db2a3b4757 bump version to 2.9.1-7
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-08 10:03:52 +01:00
Wolfgang Bumiller
22ea5045c3 fix #1642: merge: ratelimit: don't align wait time with slices
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-08 10:03:10 +01:00
Wolfgang Bumiller
ec24bd7a23 bump version to 2.9.1-6
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-01-15 15:26:08 +01:00
Wolfgang Bumiller
3dcc8d3ba2 merge SPEC_CTRL MSR and -IBRS CPU model patches
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-01-15 15:26:07 +01:00
Wolfgang Bumiller
2bd9a6dd9e bump version to 2.9.1-5
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-12-06 11:50:25 +01:00
Wolfgang Bumiller
e49090106b merge gluster fixes
* block/gluster: glfs_lseek() workaround
     https://bugzilla.redhat.com/show_bug.cgi?id=1425293
     https://bugzilla.redhat.com/show_bug.cgi?id=1451191

* gluster: add support for PREALLOC_MODE_FALLOC

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-12-06 11:46:25 +01:00
Wolfgang Bumiller
18eb98f0a4 bump version to 2.9.1-4
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-12-06 09:06:59 +01:00
Wolfgang Bumiller
c25a222062 merge CVE-2017-17381 fix and backup race condition fix
* CVE-2017-17381: virtio: divide by zero exception while updating rings
* race condition when issuing a 'backup-stop' command

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-12-06 09:06:59 +01:00
Wolfgang Bumiller
c53dfb5728 bump version to 2.9.1-3 2017-11-29 10:15:04 +01:00
Wolfgang Bumiller
5b379b84ff lower debhelper dependency to version 9
We're not actually using anything from > 7 - but we also
don't build anywhere with a version < 9.
2017-10-17 12:52:59 +02:00
Wolfgang Bumiller
8d4a2d3f55 bump version to 2.9.1-2
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-10-16 14:05:22 +02:00
Wolfgang Bumiller
e780c1e758 cleanup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-10-16 14:05:22 +02:00
Emmanuel Kasper
723a82fbc5 Add a 'Conflicts' with qemu-system-common from Debian
Both qemu-system-common and our pve-qemu-kvm package install the
file /usr/bin/virtfs-proxy-helper.

Since qemu-system-common does not have reverse dependencies in Debian for
packages besides  qemu-system-<arch>, and ovmf, which we don't want to
install anyway, we do not need a 'Provides' for it.

Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-10-16 14:05:22 +02:00
Emmanuel Kasper
b090f37a6b Provides a qemu-system-x86 virtual package
This allows adding additional debian packages on pve hosts
which depends on a qemu binary being installed.

The following install paths were tested:

 * install of proxmox-ve on debian systems with standard package
 set:  works as expected

 * install of proxmox-ve on debian having the debian qemu package
 installed: refused by the package manager as expected, until
 qemu, qemu-system-x86, libspice-server1 are deinstalled

 * manual install of qemu-system-x86 after proxmox-ve
 is installed: refused by the package manager as expected, until
 libspice-server1 is installed. If libspice-server1 is installed
 then proxmox-ve is deinstalled.

 * install of packages depending on qemu-system-x86
 having proxmox-ve installed: thoses packages are installed as
 expected, no conflict

Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-10-16 14:05:22 +02:00
Emmanuel Kasper
2c2626ddc3 Bump dephelper compatibility level to 10
The debian package content was found to be the same
with diffoscope. No functional change.

Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-10-16 14:05:22 +02:00
Emmanuel Kasper
fd202a5abe Install userspace utilities and UEFI roms via dh_install
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-10-16 14:05:22 +02:00
Emmanuel Kasper
68ba098a84 Remove deprecated dh_clean -k
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-10-16 14:05:22 +02:00
Wolfgang Bumiller
fb8b489c87 fix #1107: merge: virtio: fix descriptor counting in virtqueue_pop 2017-10-16 09:54:18 +02:00
Fabian Grünbichler
e1375c973b build: reformat debian/control
using wrap-and-sort -abt
2017-10-04 11:05:33 +02:00
Wolfgang Bumiller
ddbcf45e51 bump version to 2.9.1-1 2017-09-08 09:44:31 +02:00
Wolfgang Bumiller
6c7dbd74a9 bump version to 2.9.0-5 2017-09-05 10:13:07 +02:00
Wolfgang Bumiller
507c2194b2 cleanups & style fixups 2017-09-05 10:05:47 +02:00
Fabian Grünbichler
027092309e fix #1420: fix stop mode backup with virtio-blk
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2017-09-05 09:51:36 +02:00
Fabian Grünbichler
ab8770fa38 bump version to 2.9.0-4 2017-08-14 13:33:21 +02:00
Wolfgang Bumiller
2ab9b48ef8 vma: fix regression in backup with non-cluster-aligned sizes 2017-08-14 13:29:14 +02:00
Wolfgang Bumiller
4741af5c8f bump version to 2.9.0-3 2017-08-07 10:34:19 +02:00
Wolfgang Bumiller
e74c0f316d add CVE fixes
CVE-2017-7539:
   qemu-nbd crashes due to undefined I/O coroutine
 CVE-2017-11434:
   slirp: out-of-bounds read while parsing dhcp options
 CVE-2017-11334:
   exec: oob access during dma operation
 CVE-2017-10806:
   usb-redirect: stack buffer overflow in debug logging
 CVE-2017-10664:
   qemu-nbd: server breaks with SIGPIPE upon client abort
 CVE-2017-9524:
   nbd: segmentation fault due to client non-negotiation
 CVE-2017-9503:
   scsi: null pointer dereference while processing megasas command
2017-08-07 10:32:32 +02:00
Wolfgang Bumiller
67af0fa481 rebased pve patches 2017-08-07 10:16:57 +02:00
Wolfgang Bumiller
3c6facff3f add qemu-img dd stdin/stdout pipe patch 2017-06-23 12:12:36 +02:00
Wolfgang Bumiller
730abe448d bump version to 2.9.0-2 2017-06-06 13:27:30 +02:00
Wolfgang Bumiller
90a6d95729 merge various stable fixes 2017-06-06 13:27:30 +02:00
Wolfgang Bumiller
f185a9695e update to 2.9.0 2017-04-21 11:08:44 +02:00
Wolfgang Bumiller
076b402685 update to 2.9.0-rc5 2017-04-19 12:11:00 +02:00
Emmanuel Kasper
a21f577853 Disable building the qemu-guest-agent (binary + docs)
This fixes a conflict when installing the qemu-guest-agent debian
package, where our pve-qemu-kvm and the debian package both
tried to install the usr/share/man/man8/qemu-ga.8.gz file
2017-04-11 12:57:17 +02:00
Emmanuel Kasper
2fb093cfd6 Split the very long configure line to fit in 80 columns
No functionnal changes
2017-04-11 12:57:12 +02:00
Wolfgang Bumiller
4516929316 bump version to 2.9.0-1~rc3 2017-04-05 12:15:08 +02:00
Wolfgang Bumiller
a544966dce update to 2.9.0-rc2 build files 2017-04-05 11:40:20 +02:00
Wolfgang Bumiller
9525982417 import stable-4 build files 2017-04-05 11:39:09 +02:00