The long overdue nice rebase+cleanup was done by Dietmar
Originally-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
original commits and email can be found here[0]
A out-of-bounds heap buffer access issue was found in the SLiRP
networking implementation of the QEMU emulator. It occurs in tcp_emu()
routine while emulating IRC and other protocols due to unsafe usage of
snprintf(3) function.
A user/process could use this flaw to crash the Qemu process on the host
resulting in DoS or potentially execute arbitrary code with privileges
of the QEMU process on the host.
[0]: https://seclists.org/oss-sec/2020/q1/64
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
oss-security email can be found here[0]
upstream commit here[1]
this effects our vncproxy. dominik and me tested if the issue is present
on our branch and it appears that it is.
in essence when we disconnect from a vnc connection, the memory isn't
free'd afterwards which causes the qemu process to use more and more
memory with each disconnect, which could lead to a dos scenario.
we tested the patch and it seems to mitigate the problem.
[0]: https://seclists.org/oss-sec/2020/q1/105
[1]: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
* Fix VMA tool build
* Change PVE code to new blockjob API
* Acquire missing lock for block_job_add_bdrv
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
located at /usr/share/kvm/recognized-CPUID-flags-x86_64
It's a simple one flag per line list of all flags the build of QEMU
can understand for x86_64 CPUs.
It will be used in qemu-server for the custom CPU model feature.
For now, only x86_64 is implemented, since aarch64 doesn't print any flags when
called this way.
Co-developed-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
build-depend on Buster's re-introduced libglusterfs-dev, and depend on
either libglusterfs0 / libgfFOO (Debian repos) or glusterfs-common
(upstream community repos), until the latter gets fixed upstream.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This was added once by accident, we do not really need it for Proxmox
VE, it could bring some value for testing but here one can build qemu
oneself too.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
