* [ANNOUNCE] QEMU 7.0.0-rc4 is now available
@ 2022-04-13 0:44 Michael Roth
2022-04-18 18:14 ` Stefan Weil
0 siblings, 1 reply; 3+ messages in thread
From: Michael Roth @ 2022-04-13 0:44 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fifth release candidate for the QEMU 7.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu-project.org/qemu-7.0.0-rc4.tar.xz
http://download.qemu-project.org/qemu-7.0.0-rc4.tar.xz.sig
A note from the maintainer:
rc4 contains three fixes for late-breaking security bugs. The plan
is to make the final 7.0 release in a week's time on the 19th April,
with no further changes, unless we discover some last-minute
catastrophic problem.
You can help improve the quality of the QEMU 7.0 release by testing this
release and reporting bugs using our GitLab issue tracker:
https://gitlab.com/qemu-project/qemu/-/issues
The release plan, as well a documented known issues for release
candidates, are available at:
http://wiki.qemu.org/Planning/7.0
Please add entries to the ChangeLog for the 7.0 release below:
http://wiki.qemu.org/ChangeLog/7.0
Thank you to everyone involved!
Changes since rc3:
81c7ed41a1: Update version for v7.0.0-rc4 release (Peter Maydell)
4bf58c7213: virtio-iommu: use-after-free fix (Wentao Liang)
fa892e9abb: ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella)
9569f5cb5b: display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [ANNOUNCE] QEMU 7.0.0-rc4 is now available
2022-04-13 0:44 [ANNOUNCE] QEMU 7.0.0-rc4 is now available Michael Roth
@ 2022-04-18 18:14 ` Stefan Weil
2022-04-19 13:01 ` Peter Maydell
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Weil @ 2022-04-18 18:14 UTC (permalink / raw)
To: Michael Roth, qemu-devel; +Cc: peter.maydell
Am 13.04.22 um 02:44 schrieb Michael Roth:
> A note from the maintainer:
>
> rc4 contains three fixes for late-breaking security bugs. The plan
> is to make the final 7.0 release in a week's time on the 19th April,
> with no further changes, unless we discover some last-minute
> catastrophic problem.
>
> You can help improve the quality of the QEMU 7.0 release by testing this
> release and reporting bugs using our GitLab issue tracker:
QEMU 7.0 seems to trigger an issue with makensis which is used for
building the QEMU installer for Windows: it terminates with different
kinds to errors (SIGBUS, SIGSEGV and mmap related errors) depending on
the details of the build environment.
I currently think that this is related to the total size of the
installed components which exceeds 2 GiB. Maybe a 32 bit int value is
used somewhere in makensis.
A simple workaround is removing /SOLID in qemu.nsi, but that increases
the size of the installer significantly.
Stripping the executables might also help to stay below the critical size.
I'm sorry that I missed sending patches to add qemu-storage-daemon.exe
to qemu.nsi and for some format strings in calls of vu_panic. I don't
think those are critical for the release.
Kind regards,
Stefan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [ANNOUNCE] QEMU 7.0.0-rc4 is now available
2022-04-18 18:14 ` Stefan Weil
@ 2022-04-19 13:01 ` Peter Maydell
0 siblings, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2022-04-19 13:01 UTC (permalink / raw)
To: Stefan Weil; +Cc: Michael Roth, qemu-devel
On Mon, 18 Apr 2022 at 19:14, Stefan Weil <sw@weilnetz.de> wrote:
>
> Am 13.04.22 um 02:44 schrieb Michael Roth:
> > A note from the maintainer:
> >
> > rc4 contains three fixes for late-breaking security bugs. The plan
> > is to make the final 7.0 release in a week's time on the 19th April,
> > with no further changes, unless we discover some last-minute
> > catastrophic problem.
> >
> > You can help improve the quality of the QEMU 7.0 release by testing this
> > release and reporting bugs using our GitLab issue tracker:
>
> QEMU 7.0 seems to trigger an issue with makensis which is used for
> building the QEMU installer for Windows: it terminates with different
> kinds to errors (SIGBUS, SIGSEGV and mmap related errors) depending on
> the details of the build environment.
Unfortunately our CI doesn't notice this because although it
builds the installer it doesn't do it for an "all targets at
once" config, only for a couple of "some targets, not all" builds.
> I currently think that this is related to the total size of the
> installed components which exceeds 2 GiB. Maybe a 32 bit int value is
> used somewhere in makensis.
Searching around it does seem like there's a 2GB limit to
the installer, that's been known about for some years.
(There's a fork 'nsisbi' which raises it to 4GB.)
> Stripping the executables might also help to stay below the critical size.
That seems like it would be a good idea anyway -- does it
have any downsides ?
I think we probably can't really fix this for 7.0, unfortunately:
we found it too late.
thanks
-- PMM
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-19 13:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-13 0:44 [ANNOUNCE] QEMU 7.0.0-rc4 is now available Michael Roth
2022-04-18 18:14 ` Stefan Weil
2022-04-19 13:01 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.