Re: [Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
Marc-André Lureau, le ven. 02 août 2019 15:07:46 +0400, a ecrit: > And Samuel probably thought the same, since he didn't update the submodule. I'm rather mostly buried under piles of things to do... > According to MAINTAINERS, this is for Samuel to take care of. But I'll > do it if he ask me. Please do. Samuel
Re: [Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
Hi On Fri, Aug 2, 2019 at 2:44 PM Peter Maydell wrote: > > On Fri, 2 Aug 2019 at 11:31, Marc-André Lureau > wrote: > > > > Hi > > > > On Fri, Aug 2, 2019 at 2:19 PM Peter Maydell > > wrote: > > > > > > On Wed, 31 Jul 2019 at 19:17, Peter Maydell > > > wrote: > > > > > > > > On Wed, 31 Jul 2019 at 19:05, Philippe Mathieu-Daudé > > > > wrote: > > > > > > > > > > > Unless there are any release critical bugs discovered, this > > > > > > will be the last release candidate before final release of 4.1.0 > > > > > > on the 6th August. Otherwise we'll do an rc4 and release on > > > > > > the 13th August. > > > > > > > > > > We forgot to update the slirp submodule :( > > > > > > > > Were there any RC bugs in it? > > > > > > Ping! If we want to put this into an rc4 can we have a > > > pull request with a justification on the mailing list > > > sooner rather than later, please? > > > > It's about a CVE-2019-14378, that Samuel fixed a few days ago: > > https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 > > > > Imho, it's not a regression, so no need to delay qemu release. > > Yeah, but it is a security bug, presumably, given the CVE. > https://access.redhat.com/security/cve/cve-2019-14378 > suggests the consequences are more than just a DoS. > I think that merits including in the release. I don't think non-regression deserve rc4, it could be a stable update. And Samuel probably thought the same, since he didn't update the submodule. > > I would encourage distributions to switch to the shared library > > version instead, so they can more easily and quickly apply updates. > > Well, that might be nice eventually, but it's not where we are > right now. QEMU is the primary consumer of the slirp library > and we ship a copy of it, so we need to coordinate about releases > and potential security issues. fwiw, Fedora rawhide qemu links to libslirp already, and it is also possible to do it on f30 and earlier. podman uses slirp4netns, which also embeds an old copy of slirp. With the upcoming libslirp release, we should have what is necessary to make slirp4netns link to libslirp. I hope in the near future we will have better alternatives, such as vpnkit or netstack or other. > Could you send out a pull request which updates our slirp > submodule to a version which just has that CVE fix on top > of what we already have (slirp commit f0da6726207b740f6), > please? According to MAINTAINERS, this is for Samuel to take care of. But I'll do it if he ask me. -- Marc-André Lureau
Re: [Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
On Fri, 2 Aug 2019 at 11:31, Marc-André Lureau wrote: > > Hi > > On Fri, Aug 2, 2019 at 2:19 PM Peter Maydell wrote: > > > > On Wed, 31 Jul 2019 at 19:17, Peter Maydell > > wrote: > > > > > > On Wed, 31 Jul 2019 at 19:05, Philippe Mathieu-Daudé > > > wrote: > > > > > > > > > Unless there are any release critical bugs discovered, this > > > > > will be the last release candidate before final release of 4.1.0 > > > > > on the 6th August. Otherwise we'll do an rc4 and release on > > > > > the 13th August. > > > > > > > > We forgot to update the slirp submodule :( > > > > > > Were there any RC bugs in it? > > > > Ping! If we want to put this into an rc4 can we have a > > pull request with a justification on the mailing list > > sooner rather than later, please? > > It's about a CVE-2019-14378, that Samuel fixed a few days ago: > https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 > > Imho, it's not a regression, so no need to delay qemu release. Yeah, but it is a security bug, presumably, given the CVE. https://access.redhat.com/security/cve/cve-2019-14378 suggests the consequences are more than just a DoS. I think that merits including in the release. > I would encourage distributions to switch to the shared library > version instead, so they can more easily and quickly apply updates. Well, that might be nice eventually, but it's not where we are right now. QEMU is the primary consumer of the slirp library and we ship a copy of it, so we need to coordinate about releases and potential security issues. Could you send out a pull request which updates our slirp submodule to a version which just has that CVE fix on top of what we already have (slirp commit f0da6726207b740f6), please? thanks -- PMM
Re: [Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
Hi On Fri, Aug 2, 2019 at 2:19 PM Peter Maydell wrote: > > On Wed, 31 Jul 2019 at 19:17, Peter Maydell wrote: > > > > On Wed, 31 Jul 2019 at 19:05, Philippe Mathieu-Daudé > > wrote: > > > > > > > Unless there are any release critical bugs discovered, this > > > > will be the last release candidate before final release of 4.1.0 > > > > on the 6th August. Otherwise we'll do an rc4 and release on > > > > the 13th August. > > > > > > We forgot to update the slirp submodule :( > > > > Were there any RC bugs in it? > > Ping! If we want to put this into an rc4 can we have a > pull request with a justification on the mailing list > sooner rather than later, please? It's about a CVE-2019-14378, that Samuel fixed a few days ago: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 Imho, it's not a regression, so no need to delay qemu release. I would encourage distributions to switch to the shared library version instead, so they can more easily and quickly apply updates. -- Marc-André Lureau
Re: [Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
On Wed, 31 Jul 2019 at 19:17, Peter Maydell wrote: > > On Wed, 31 Jul 2019 at 19:05, Philippe Mathieu-Daudé > wrote: > > > > > Unless there are any release critical bugs discovered, this > > > will be the last release candidate before final release of 4.1.0 > > > on the 6th August. Otherwise we'll do an rc4 and release on > > > the 13th August. > > > > We forgot to update the slirp submodule :( > > Were there any RC bugs in it? Ping! If we want to put this into an rc4 can we have a pull request with a justification on the mailing list sooner rather than later, please? thanks -- PMM
Re: [Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
On Wed, 31 Jul 2019 at 19:05, Philippe Mathieu-Daudé wrote: > > > Unless there are any release critical bugs discovered, this > > will be the last release candidate before final release of 4.1.0 > > on the 6th August. Otherwise we'll do an rc4 and release on > > the 13th August. > > We forgot to update the slirp submodule :( Were there any RC bugs in it? thanks -- PMM
Re: [Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
> Unless there are any release critical bugs discovered, this > will be the last release candidate before final release of 4.1.0 > on the 6th August. Otherwise we'll do an rc4 and release on > the 13th August. We forgot to update the slirp submodule :( Does that mean we need a rc4? Thanks, Phil.
[Qemu-devel] [ANNOUNCE] QEMU 4.1.0-rc3 is now available
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fourth release candidate for the QEMU 4.1 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu-project.org/qemu-4.1.0-rc3.tar.xz
http://download.qemu-project.org/qemu-4.1.0-rc3.tar.xz.sig
A note from the maintainer:
Unless there are any release critical bugs discovered, this
will be the last release candidate before final release of 4.1.0
on the 6th August. Otherwise we'll do an rc4 and release on
the 13th August.
You can help improve the quality of the QEMU 4.1 release by testing this
release and reporting bugs on Launchpad:
https://bugs.launchpad.net/qemu/
The release plan, as well a documented known issues for release
candidates, are available at:
http://wiki.qemu.org/Planning/4.1
Please add entries to the ChangeLog for the 4.1 release below:
http://wiki.qemu.org/ChangeLog/4.1
Thank you to everyone involved!
Changes since rc2:
3bd6cbbb18: Update version for v4.1.0-rc3 release (Peter Maydell)
c8557f1b48: pcie_root_port: Disable ACS on older machines (Dr. David Alan
Gilbert)
a58dfba201: pcie_root_port: Allow ACS to be disabled (Dr. David Alan Gilbert)
987a232242: target/arm: Deliver BKPT/BRK exceptions to correct exception level
(Peter Maydell)
6817416014: iotests/118: Test inserting a read-only medium (Kevin Wolf)
0b9e918f03: fdc: Fix inserting read-only media in empty drive (Kevin Wolf)
1120407bdf: nvme: Limit blkshift to 12 (for 4 kB blocks) (Max Reitz)
7cef3d1290: scsi-cd: Fix inserting read-only media in empty drive (Kevin Wolf)
2b23f28639: block/copy-on-read: Fix permissions for inactive node (Kevin Wolf)
251071e0c0: Fixes: add read-zeroes to 051.out (Andrey Shinkevich)
6078a0b64f: tests/multiboot: Fix load address of test kernels (Kevin Wolf)
22235bb609: pc-dimm: fix crash when invalid slot number is used (Igor Mammedov)
dd56040d29: Revert "hw: report invalid disable-legacy|modern usage for
virtio-1-only devs" (Dr. David Alan Gilbert)
92fd453c67: Revert "Revert "globals: Allow global properties to be optional""
(Dr. David Alan Gilbert)
ff656fcd33: i386: Fix Snowridge CPU model name and features (Paul Lai)
f77bed14f0: net/colo-compare.c: Fix memory leak and code style issue. (Zhang
Chen)
389abe1dd1: net: tap: replace snprintf with g_strdup_printf calls (Prasad J
Pandit)
3283dde4b5: qemu-bridge-helper: move repeating code in parse_acl_file (Prasad J
Pandit)
6f5d867122: qemu-bridge-helper: restrict interface name to IFNAMSIZ (Prasad J
Pandit)
f46efa9b08: e1000: don't raise interrupt in pre_save() (Jason Wang)
8d216d8c53: xics/kvm: Fix fallback to emulated XICS (Greg Kurz)
f5bda01066: spapr/irq: Inform the user when falling back to emulated IC (Greg
Kurz)
75ea2529cf: riscv/boot: Fixup the RISC-V firmware warning (Alistair Francis)
5bfce0b74f: linux-user: Make sigaltstack stacks per-thread (Peter Maydell)
67505c114e: hw/arm/boot: Further improve initrd positioning code (Peter Maydell)
d5fef92f6a: hw/arm/boot: Rename elf_{low, high}_addr to image_{low, high}_addr
(Peter Maydell)
0c413ba0d8: vmstate.h: Type check VMSTATE_STRUCT_VARRAY macros (Peter Maydell)
372e458ebc: stellaris_input: Fix vmstate description of buttons field (Peter
Maydell)
830fc739d0: pl330: fix vmstate description (Damien Hedde)
7e095e84ba: tpm_emulator: Translate TPM error codes to strings (Stefan Berger)
1b47b37c33: virtio-balloon: free pbp more aggressively (Michael S. Tsirkin)
bcfd16fe26: tpm: Exit in reset when backend indicates failure (Stefan Berger)
9a7ca8a7c9: virtio-balloon: don't track subpages for the PBP (David Hildenbrand)
a8cd64d488: virtio-balloon: Use temporary PBP only (David Hildenbrand)
1c5cfc2b71: virtio-balloon: Rework pbp tracking data (David Hildenbrand)
e6129b271b: virtio-balloon: Better names for offset variables in
inflate/deflate code (David Hildenbrand)
2ffc49eea1: virtio-balloon: Simplify deflate with pbp (David Hildenbrand)
483f13524b: virtio-balloon: Fix QEMU crashes on pagesize > BALLOON_PAGE_SIZE
(David Hildenbrand)
ffa207d082: virtio-balloon: Fix wrong sign extension of PFNs (David Hildenbrand)
ee4b0c8686: i386/acpi: show PCI Express bus on pxb-pcie expanders (Evgeny
Yakovlev)
be1927c97e: ioapic: kvm: Skip route updates for masked pins (Jan Kiszka)
21e2acd583: i386/acpi: fix gint overflow in crs_range_compare (Evgeny Yakovlev)
df98d7ccc2: docs: clarify multiqueue vs multiple virtqueues (Stefan Hajnoczi)
6ef2d01abf: MAINTAINERS: vfio-ccw: Remove myself as the maintainer (Farhan Ali)
f193bc0c53: migration: fix migrate_cancel multifd migration leads destination
hung forever (Ivan Ren)
3c3ca25d1f: migration: Make explicit that we are quitting multifd (Juan
Quintela)
a3ec6b7d23: migration: fix migrate_cancel leads live_migration thread hung
forever (Ivan Ren)
713f762a31: migration: fix migrate_cancel leads live_migration thread endless
loop (Ivan Ren)
6baabe5cf8: docs: correct kconfig option (Marc-André
