diff --git a/0001-virtiofsd-Drop-membership-of-all-supplementary-groups.patch b/0001-virtiofsd-Drop-membership-of-all-supplementary-groups.patch index 7c9b8740a2acc1c76327ada03773efa635329d8b..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 100644 --- a/0001-virtiofsd-Drop-membership-of-all-supplementary-groups.patch +++ b/0001-virtiofsd-Drop-membership-of-all-supplementary-groups.patch @@ -1,101 +0,0 @@ -From 449e8171f96a6a944d1f3b7d3627ae059eae21ca Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Tue, 25 Jan 2022 13:51:14 -0500 -Subject: [PATCH] virtiofsd: Drop membership of all supplementary groups - (CVE-2022-0358) - -At the start, drop membership of all supplementary groups. This is -not required. - -If we have membership of "root" supplementary group and when we switch -uid/gid using setresuid/setsgid, we still retain membership of existing -supplemntary groups. And that can allow some operations which are not -normally allowed. - -For example, if root in guest creates a dir as follows. - -$ mkdir -m 03777 test_dir - -This sets SGID on dir as well as allows unprivileged users to write into -this dir. - -And now as unprivileged user open file as follows. - -$ su test -$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755); - -This will create SGID set executable in test_dir/. - -And that's a problem because now an unpriviliged user can execute it, -get egid=0 and get access to resources owned by "root" group. This is -privilege escalation. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 -Fixes: CVE-2022-0358 -Reported-by: JIETAO XIAO -Suggested-by: Miklos Szeredi -Reviewed-by: Stefan Hajnoczi -Reviewed-by: Dr. David Alan Gilbert -Signed-off-by: Vivek Goyal -Message-Id: -Signed-off-by: Dr. David Alan Gilbert - dgilbert: Fixed missing {}'s style nit ---- - tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 64b5b4fbb1..b3d0674f6d 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -54,6 +54,7 @@ - #include - #include - #include -+#include - - #include "qemu/cutils.h" - #include "passthrough_helpers.h" -@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) - #define OURSYS_setresuid SYS_setresuid - #endif - -+static void drop_supplementary_groups(void) -+{ -+ int ret; -+ -+ ret = getgroups(0, NULL); -+ if (ret == -1) { -+ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n", -+ errno, strerror(errno)); -+ exit(1); -+ } -+ -+ if (!ret) { -+ return; -+ } -+ -+ /* Drop all supplementary groups. We should not need it */ -+ ret = setgroups(0, NULL); -+ if (ret == -1) { -+ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n", -+ errno, strerror(errno)); -+ exit(1); -+ } -+} -+ - /* - * Change to uid/gid of caller so that file is created with - * ownership of caller. -@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[]) - - qemu_init_exec_dir(argv[0]); - -+ drop_supplementary_groups(); -+ - pthread_mutex_init(&lo.mutex, NULL); - lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal); - lo.root.fd = -1; --- -GitLab - diff --git a/qemu-6.2.0.tar.xz b/qemu-7.2.0.tar.xz similarity index 85% rename from qemu-6.2.0.tar.xz rename to qemu-7.2.0.tar.xz index da2f1cd0f62dc3048369fa1b4c459d005b104a79..f7c83f7415d812c9a2528d67e844f8b5bbf58237 100644 Binary files a/qemu-6.2.0.tar.xz and b/qemu-7.2.0.tar.xz differ diff --git a/qemu.spec b/qemu.spec index d6569c49a077818f35c45d31b4eb198f24d5c818..ccada53f70d2fed3394fd1f2a60d8be7d6f1752e 100644 --- a/qemu.spec +++ b/qemu.spec @@ -77,8 +77,6 @@ %define have_block_nfs 1 -%define have_capstone_devel 0 - %define have_librdma 1 %global _lto_cflags %{nil} @@ -145,6 +143,9 @@ %define requires_audio_jack %{nil} %endif +%define requires_audio_dbus Requires: %{name}-audio-dbus = %{evr} +%define requires_ui_dbus Requires: %{name}-ui-dbus = %{evr} + %if %{have_spice} %define requires_ui_spice_app Requires: %{name}-ui-spice-app = %{evr} %define requires_ui_spice_core Requires: %{name}-ui-spice-core = %{evr} @@ -204,17 +205,17 @@ Obsoletes: %{name}-system-moxie-core <= %{epoch}:%{version}-%{release} \ Obsoletes: %{name}-system-unicore32 <= %{epoch}:%{version}-%{release} \ Obsoletes: %{name}-system-unicore32-core <= %{epoch}:%{version}-%{release} -%define anolis_release 2 +%define anolis_release 1 Summary: QEMU is a FAST! processor emulator Name: qemu -Version: 6.2.0 +Version: 7.2.0 Release: %{anolis_release}%{?dist} Epoch: 2 License: GPLv2 and BSD and MIT and CC-BY URL: http://www.qemu.org/ -Source0: http://wiki.qemu-project.org/download/%{name}-%{version}.tar.xz +Source0: https://download.qemu.org/%{name}-%{version}.tar.xz Source10: qemu-guest-agent.service Source11: 99-qemu-guest-agent.rules @@ -229,8 +230,6 @@ Source36: README.tests Patch0001: 0001-sgx-stub-fix.patch -Patch0002: 0001-virtiofsd-Drop-membership-of-all-supplementary-groups.patch - BuildRequires: meson >= %{meson_version} BuildRequires: zlib-devel BuildRequires: glib2-devel @@ -339,12 +338,8 @@ BuildRequires: libcacard-devel # virgl 3d support BuildRequires: virglrenderer-devel %endif -%if %{have_capstone_devel} # preferred disassembler for TCG BuildRequires: capstone-devel -%endif -# parallels disk images require libxml2 -BuildRequires: libxml2-devel # qemu-ga BuildRequires: libudev-devel # qauth infrastructure @@ -377,6 +372,7 @@ Requires: %{name}-system-alpha = %{epoch}:%{version}-%{release} Requires: %{name}-system-arm = %{epoch}:%{version}-%{release} Requires: %{name}-system-avr = %{epoch}:%{version}-%{release} Requires: %{name}-system-cris = %{epoch}:%{version}-%{release} +Requires: %{name}-system-loongarch64 = %{epoch}:%{version}-%{release} Requires: %{name}-system-m68k = %{epoch}:%{version}-%{release} Requires: %{name}-system-microblaze = %{epoch}:%{version}-%{release} Requires: %{name}-system-mips = %{epoch}:%{version}-%{release} @@ -574,6 +570,12 @@ Requires: %{name}-common = %{epoch}:%{version}-%{release} %description audio-alsa This package provides the additional ALSA audio driver for QEMU. +%package audio-dbus +Summary: QEMU D-Bus audio driver +Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} +%description audio-dbus +This package provides the additional D-Bus audio driver for QEMU. + %package audio-oss Summary: QEMU OSS audio driver Requires: %{name}-common = %{epoch}:%{version}-%{release} @@ -601,6 +603,14 @@ Requires: %{name}-common = %{epoch}:%{version}-%{release} %description ui-curses This package provides the additional curses UI for QEMU. + +%package ui-dbus +Summary: QEMU D-Bus UI driver +Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} +%description ui-dbus +This package provides the additional D-Bus UI for QEMU. + + %package ui-gtk Summary: QEMU GTK UI driver Requires: %{name}-common = %{epoch}:%{version}-%{release} @@ -864,6 +874,20 @@ Requires: %{name}-common = %{epoch}:%{version}-%{release} This package provides the QEMU system emulator for HPPA. +%package system-loongarch64 +Summary: QEMU system emulator for LoongArch (LA64) +Requires: %{name}-system-loongarch64-core = %{epoch}:%{version}-%{release} +%{requires_all_modules} +%description system-loongarch64 +This package provides the QEMU system emulator for Loongson boards. + +%package system-loongarch64-core +Summary: QEMU system emulator for LoongArch (LA64) +Requires: %{name}-common = %{epoch}:%{version}-%{release} +%description system-loongarch64-core +This package provides the QEMU system emulator for Loongson boards. + + %package system-m68k Summary: QEMU system emulator for ColdFire (m68k) Requires: %{name}-system-m68k-core = %{epoch}:%{version}-%{release} @@ -1133,7 +1157,6 @@ mkdir -p %{static_builddir} --disable-libssh \\\ --disable-libudev \\\ --disable-libusb \\\ - --disable-libxml2 \\\ --disable-linux-aio \\\ --disable-linux-io-uring \\\ --disable-linux-user \\\ @@ -1186,17 +1209,14 @@ mkdir -p %{static_builddir} --disable-vhost-crypto \\\ --disable-vhost-kernel \\\ --disable-vhost-net \\\ - --disable-vhost-scsi \\\ --disable-vhost-user \\\ --disable-vhost-user-blk-server \\\ --disable-vhost-vdpa \\\ - --disable-vhost-vsock \\\ --disable-virglrenderer \\\ --disable-virtfs \\\ --disable-virtiofsd \\\ --disable-vnc \\\ --disable-vnc-jpeg \\\ - --disable-vnc-png \\\ --disable-vnc-sasl \\\ --disable-vte \\\ --disable-vvfat \\\ @@ -1204,7 +1224,6 @@ mkdir -p %{static_builddir} --disable-whpx \\\ --disable-xen \\\ --disable-xen-pci-passthrough \\\ - --disable-xfsctl \\\ --disable-xkbcommon \\\ --disable-zstd \\\ --with-git-submodules=ignore \\\ @@ -1263,9 +1282,10 @@ run_configure \ %endif --enable-bpf \ --enable-cap-ng \ - --enable-capstone=auto \ + --enable-capstone \ --enable-coroutine-pool \ --enable-curl \ + --enable-dbus-display \ --enable-debug-info \ --enable-docs \ %if %{have_fdt} @@ -1307,7 +1327,7 @@ run_configure \ %if 0%{?must_remember_to_add_this_in_qemu_6_2} --enable-selinux \ %endif - --enable-slirp=system \ + --enable-slirp \ --enable-slirp-smbd \ --enable-snappy \ --enable-system \ @@ -1323,9 +1343,7 @@ run_configure \ --enable-vhost-user \ --enable-vhost-user-blk-server \ --enable-vhost-vdpa \ - --enable-vhost-vsock \ --enable-vnc \ - --enable-vnc-png \ --enable-vnc-sasl \ %if %{enable_werror} --enable-werror \ @@ -1352,7 +1370,6 @@ run_configure \ --enable-libnfs \ %endif --enable-libudev \ - --enable-libxml2 \ %if %{have_liburing} --enable-linux-io-uring \ %endif @@ -1376,7 +1393,6 @@ run_configure \ --enable-usb-redir \ --enable-vdi \ --enable-vhost-crypto \ - --enable-vhost-scsi \ %if %{have_virgl} --enable-virglrenderer \ %endif @@ -1776,6 +1792,8 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %files audio-alsa %{_libdir}/%{name}/audio-alsa.so +%files audio-dbus +%{_libdir}/%{name}/audio-dbus.so %files audio-oss %{_libdir}/%{name}/audio-oss.so %files audio-pa @@ -1788,6 +1806,8 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %files ui-curses %{_libdir}/%{name}/ui-curses.so +%files ui-dbus +%{_libdir}/%{name}/ui-dbus.so %files ui-gtk %{_libdir}/%{name}/ui-gtk.so %files ui-egl-headless @@ -1859,6 +1879,7 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{_bindir}/qemu-cris %{_bindir}/qemu-hppa %{_bindir}/qemu-hexagon +%{_bindir}/qemu-loongarch64 %{_bindir}/qemu-m68k %{_bindir}/qemu-microblaze %{_bindir}/qemu-microblazeel @@ -1892,6 +1913,7 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{_datadir}/systemtap/tapset/qemu-cris*.stp %{_datadir}/systemtap/tapset/qemu-hppa*.stp %{_datadir}/systemtap/tapset/qemu-hexagon*.stp +%{_datadir}/systemtap/tapset/qemu-loongarch64*.stp %{_datadir}/systemtap/tapset/qemu-m68k*.stp %{_datadir}/systemtap/tapset/qemu-microblaze*.stp %{_datadir}/systemtap/tapset/qemu-mips*.stp @@ -1960,6 +1982,13 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{_datadir}/%{name}/hppa-firmware.img +%files system-loongarch64 +%files system-loongarch64-core +%{_bindir}/qemu-system-loongarch64 +%{_datadir}/systemtap/tapset/qemu-system-loongarch64*.stp +%{_mandir}/man1/qemu-system-loongarch64.1* + + %files system-m68k %files system-m68k-core %{_bindir}/qemu-system-m68k @@ -2019,6 +2048,7 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{_datadir}/%{name}/u-boot-sam460-20100605.bin %{_datadir}/%{name}/slof.bin %{_datadir}/%{name}/openbios-ppc +%{_datadir}/%{name}/vof*.bin %if %{have_memlock_limits} %{_sysconfdir}/security/limits.d/95-kvm-memlock.conf %endif @@ -2029,7 +2059,6 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{_bindir}/qemu-system-riscv32 %{_bindir}/qemu-system-riscv64 %{_datadir}/%{name}/opensbi-riscv*.bin -%{_datadir}/%{name}/opensbi-riscv*.elf %{_datadir}/systemtap/tapset/qemu-system-riscv*.stp %{_mandir}/man1/qemu-system-riscv*.1* @@ -2112,6 +2141,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Mon Feb 13 2023 Kun(llfl) - 7.2.0-1 +- Update to 7.2.0 + * Tue Nov 22 2022 mgb01105731 - 6.2.0-2 - remove sdl & change bios,slof Requires