ELSA-2026-50118

Описание

hivex [1.3.18-23]

• Limit recursion in ri-records (CVE-2021-3622) resolves: rhbz#1976194

[1.3.18-22.el8]

• Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6)

[1.3.18-21]

• Bounds check for block exceeding page length (CVE-2021-3504) resolves: rhbz#1950501

[1.3.18]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[1.3.18]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[1.3.15-7]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[1.3.15-6]

• Drop hivex-static subpackage resolves: rhbz#1560207

[1.3.15-5]

• Rebuild for OCaml 4.07.0.

[1.3.15-4]

• Remove python2 support resolves: rhbz#1559086

[1.3.15-3]

• Add upstream patch to fix injection of LDFLAGS (RHBZ#1548536).

libguestfs libguestfs-winsupport [8.10-1]

• Rebase to ntfs-3g 2022.10.3
• Fixes: CVE-2022-40284
• resolves: rhbz#2236373

[8.8-1]

• Rebase to ntfs-3g 2022.5.17
• Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789 resolves: rhbz#2127240 rhbz#2127248 (also: 2127233 2127234 2127241 2127249 2127255 2127256 2127262 2127263)

[8.6-1]

• Rebase to ntfs-3g 2021.8.22
• Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254 resolves: rhbz#2004490

[8.2-1.el8]

• Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6)

[8.2]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[8.0-4]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[8.0-3]

• Fix for CVE-2019-9755 (heap-based buffer overflow leads to local root privilege escalation) resolves: rhbz#1698503

[8.0-2]

• Fix for ntfsclone crash (RHBZ#1601146).

[8.0-1]

• Rebase to 2017.3.23.
• Remove patches which are now upstream.
• Resynch with Fedora package.
• Enable all architectures for RHEL 8.

[7.2-2]

• Fix for handling guest filenames with invalid or incomplete multibyte or wide characters resolves: rhbz#1301593

libiscsi [1.18.0-8]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[1.18.0-7.el8]

• libiscsi-redhat-Remove-disable-werror-from-spec-file.patch [bz#1581025]
• Resolves: bz#1581025 (Remove --disable-werror from spec file)

[-]

• libiscsi-fix-connection-to-LUN-with-IPv6-address.patch [bz#1597942]
• Resolves: bz#1597942 (Qemu-kvm fails to connect to iscsi LUN by IPV6 address)

[1.18.0-5.el8]

• libiscsi-iser_rcv_completion-unify-error-handling.patch [bz#1634541]
• libiscsi-iser-fix-posting-of-receive-descriptors.patch [bz#1634541]
• libiscsi-sync-remove-unnecessary-checks.patch [bz#1634541]
• libiscsi-do-not-warn-for-strncpy.patch [bz#1634541]
• libiscsi-avoid-fallthrough.patch [bz#1634541]
• libiscsi-avoid-truncation-when-logging-message-that-includes-.patch [bz#1634541]
• Resolves: bz#1634541 (Fix important coverity issues (libiscsi))

[1.18.0-4.el8]

• Fixed a build issue with the latest rdma-core

[1.18.0-2]

• Fix rdma deps and don't restrict archs
• Add --disable-werror to fix gcc8 build (bz #1556044)
• Spec file cleanups (bz #1483290)

[1.18.0-2]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1.18.0-1]

• Rebased to version 1.18.0
• Added patch to fix gcc7 warnings

[1.15.0-5]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1.15.0-4]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

libnbd [1.6.0-6.el8]

• Fix CVE-2024-7383 NBD server improper certificate validation resolves: RHEL-52728

[1.6.0-5.el8]

• Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718

[1.6.0-4.el8]

• Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6)

[1.2.2]

• Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[1.2.2-1]

• New stable release 1.2.2.

[1.2.1-1]

• New stable release 1.2.1.

[1.2.0-1]

• New stable release 1.2.0.

[1.0.3-1]

• New upstream version 1.0.3.
• Contains fix for remote code execution vulnerability.
• Add new libnbd-security(3) man page.

[1.0.2-1]

• New upstream version 1.0.2.
• Remove patches which are upstream.
• Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842).
• Fix previous commit message.

[1.0.1-2]

• Add upstream patch to fix nbdsh (for nbdkit tests).
• Fix interop tests on slow machines.

libtpms [0.9.1-2.20211126git1ff6fe1f43]

• Backport 'tpm2: Check size of buffer before accessing it' (CVE-2023-1017 & CVE-2023-1018) Resolves: rhbz#2173964 Resolves: rhbz#2173970

[0.9.1-1.20211126git1ff6fe1f43]

• Backport s_ContextSlotMask initialization fix Resolves: rhbz#2111433

[0.9.1-0.20211126git1ff6fe1f43]

• Rebase to 0.9.1 (sync with RHEL9) Resolves: rhbz#2029355

[0.7.4-6.20201106git2452a24dab]

• Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets Resolves: rhbz#1999307

[0.7.4-5.20201106git2452a24dab]

• Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM Fixes: rhbz#1976816

[0.7.4-4.20201106git2452a24dab]

• tpm2: CryptSym: fix AES output IV Fixes: rhbz#1942904

[0.7.4-3.20201106git2452a24dab]

• Add git as build dependency Related: rhbz#1858821

[0.7.4-2.20201106git2452a24dab]

• tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180 Fixes: rhbz#1858821

[0.7.4-1.20201106git2452a24dab]

• Follow stable-0.7.0 branch to v0.7.4 with security-related fixes. Fixes: rhbz#1893444

[0.7.3-1.20200818git1d392d466a]

• Update to v0.7.3 stable, fixes rhbz#1868447
• (includes 'tpm2: fix PCRBelongsTCBGroup for PCClient')

libvirt [9.0.0-15.el8]

• qemu: domain: Fix logic when tainting domain (Peter Krempa) [Orabug: 38669211]
• resctrl: Account for memory bandwidth of 0 being valid (Martin Kletzander) [Orabug: 38264014]

[9.0.0-14.el8]

• MASH up various tests that lead to imperfections (Wim ten Have) [Orabug: 38325535]
• conf: Fix migration in some firmware autoselection scenarios (Andrea Bolognani) [Orabug: 38325535]
• qemu: Move validation check out of postparse (Andrea Bolognani) [Orabug: 38325535]
• conf: Move validation check out of postparse (Andrea Bolognani) [Orabug: 38325535]
• conf: Don't explicitly set the secure-boot feature (Andrea Bolognani) [Orabug: 38325535]
• qemu: Automatically add firmware type/features information (Andrea Bolognani) [Orabug: 38325535]
• qemu: Don't drop firmware type/features information (Andrea Bolognani) [Orabug: 38325535]
• conf: Don't format firmware type/features when migrating (Andrea Bolognani) [Orabug: 38325535]
• conf: Remove some firmware validation checks (Andrea Bolognani) [Orabug: 38325535]
• qemu: Always go through firmware autoselection (Andrea Bolognani) [Orabug: 38325535]
• qemu: Discard requires-smm firmware when loader.secure=no (Andrea Bolognani) [Orabug: 38325535]
• qemu: Introduce qemuFirmwareMatchesPaths() (Andrea Bolognani) [Orabug: 38325535]
• tests: Fix firmware descriptor masking test (Andrea Bolognani) [Orabug: 38325535]
• tests: Add more tests for manual Secure Boot configuration (Andrea Bolognani) [Orabug: 38325535]
• tests: Add firmware-auto-efi-loader-path (Andrea Bolognani) [Orabug: 38325535]
• tests: Fix firmware-auto-efi-loader-path-nonstandard (Andrea Bolognani) [Orabug: 38325535]
• tests: Rename a few firmware tests (Andrea Bolognani) [Orabug: 38325535]
• news: Document support for QCOW2 format firmware (Andrea Bolognani) [Orabug: 38325535]
• news: Document changes to firmware autoselection (Andrea Bolognani) [Orabug: 38325535]
• docs: Document firmware format attribute (Andrea Bolognani) [Orabug: 38325535]
• tests: Add more firmware tests (Andrea Bolognani) [Orabug: 38325535]
• qemu: Add support for QCOW2 format firmware (Andrea Bolognani) [Orabug: 38325535]
• conf: Accept QCOW2 firmware format (Andrea Bolognani) [Orabug: 38325535]
• qemu: Propagate firmware format (Andrea Bolognani) [Orabug: 38325535]
• qemu: Filter firmwares based on format (Andrea Bolognani) [Orabug: 38325535]
• drivers: Reject unsupported firmware formats (Andrea Bolognani) [Orabug: 38325535]
• conf: Parse firmware format (Andrea Bolognani) [Orabug: 38325535]
• conf: Change handling for empty NVRAM path (Andrea Bolognani) [Orabug: 38325535]
• qemu: Introduce qemuFirmwareEnsureNVRAM() (Andrea Bolognani) [Orabug: 38325535]
• qemu: Move qemuDomainNVRAMPathFormat() to qemu_firmware (Andrea Bolognani) [Orabug: 38325535]
• qemu: Move firmware selection from startup to postparse (Andrea Bolognani) [Orabug: 38325535]
• conf: Export virDomainDefOSValidate() (Andrea Bolognani) [Orabug: 38325535]
• tests: Add descriptors for QCOW2 format firmware builds (Andrea Bolognani) [Orabug: 38325535]
• qemu: Don't pick firmware with unsupported format (Andrea Bolognani) [Orabug: 38325535]
• qemu: Don't pick firmware that requires SMM when smm=off (Andrea Bolognani) [Orabug: 38325535]
• qemu: Clear os.firmwareFeatures after autoselection (Andrea Bolognani) [Orabug: 38325535]
• qemu: Only fill nvramTemplate for local sources (Andrea Bolognani) [Orabug: 38325535]
• qemu: Add convenience local variables (Andrea Bolognani) [Orabug: 38325535]
• conf: Introduce virDomainLoaderDefNew() (Andrea Bolognani) [Orabug: 38325535]
• conf: Introduce virDomainLoaderDefParseXMLLoader() (Andrea Bolognani) [Orabug: 38325535]
• qemu: Introduce qemuDomainDefBootPostParse() (Andrea Bolognani) [Orabug: 38325535]
• qemu: Introduce qemuDomainDefMachinePostParse() (Andrea Bolognani) [Orabug: 38325535]
• tests: Add more firmware tests (Andrea Bolognani) [Orabug: 38325535]
• tests: Enable qemuxml2xml for more firmware tests (Andrea Bolognani) [Orabug: 38325535]
• tests: Unify input files for firmware tests (Andrea Bolognani) [Orabug: 38325535]
• tests: Move firmware tests to CAPS_LATEST (Andrea Bolognani) [Orabug: 38325535]
• tests: Use x86_64 for all x86 firmware tests (Andrea Bolognani) [Orabug: 38325535]
• tests: Rename firmware-manual-efi-rw* tests (Andrea Bolognani) [Orabug: 38325535]
• tests: Set nvramDir in qemuxml2xmltest (Andrea Bolognani) [Orabug: 38325535]
• docs: Fix documentation for loader.stateless attribute (Andrea Bolognani) [Orabug: 38325535]
• Revert 'conf: Fix migration in some firmware autoselection scenarios' (Wim ten Have) [Orabug: 38325535]

[9.0.0-13.el8]

• qemu: fix switchover-ack regression for old qemu (Jon Kohler) [Orabug: 38408711]
• qemu: add support for qemu switchover-ack (Jon Kohler) [Orabug: 38408711]
• qemu: Add support for optional migration capabilities (Jiri Denemark) [Orabug: 38408711]
• qemu: Document qemuMigrationParamsFlagMapItem fields (Jiri Denemark) [Orabug: 38408711]
• qemu: Rename remoteCaps parameter in qemuMigrationParamsCheck (Jiri Denemark) [Orabug: 38408711]
• qemu: Use C99 initializers for qemuMigrationParamsFlagMap (Jiri Denemark) [Orabug: 38408711]

[9.0.0-12.el8]

• Clean up resources on vhost-scsi hot plug/unplug (Joshua Brown) [Orabug: 38028900]

[9.0.0-11.el8]

• cpu_map: Remove rtm, hle and taa-no from the Sapphire Rapids CPU model (Mark Kanda) [Orabug: 37845537]

[9.0.0-10.el8]

• cpu_map: Fix SierraForest CPU model (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Install SierraForest description file (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add SierraForest CPU model (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x491 (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x490 (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x48F (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x48E (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x48D (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x48C (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x48B (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x485 (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing vmx features from MSR 0x480 (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'pbrsb-no' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'psdp-no' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'fbsdp-no' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'sbdr-ssdp-no' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'mcdt-no' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'cmpccxadd' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'avx-vnni-int8' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'avx-ne-convert' (Tim Wiederhake) [Orabug: 37296073]
• cpu_map: Add missing feature 'avx-ifma' (Tim Wiederhake) [Orabug: 37296073]

[9.0.0-9.el8]

• qemu: conf: Set default vCPU hot plug/unplug timeout to 30s (Karl Heubaum) [Orabug: 37249230]

[9.0.0-8.el8]

• qemu: Add x-orcl-dirty-bitmap-devices measure mode (Joao Martins) [Orabug: 37097510]

[9.0.0-7.el8]

• qemu: conf: Add configuration to tune vcpu unplug timeout (Partha Satapathy) [Orabug: 37098750]
• conf: Fix migration in some firmware autoselection scenarios (Andrea Bolognani) [Orabug: 37024703]
• cpu_map: Add SapphireRapids CPU model (Lin Yang)
• cpu_map: Add missing feature 'fsrc' (Tim Wiederhake)
• cpu_map: Add missing feature 'fsrs' (Tim Wiederhake)
• cpu_map: Add missing feature 'fzrm' (Tim Wiederhake)

[9.0.0-6.el8]

• rpc: ensure temporary GSource is removed from client event loop (Daniel P. Berrange) [Orabug: 36821472] {CVE-2024-4418}
• rpc: Don't warn about 'max_client_requests' in single-threaded daemons (Peter Krempa) [Orabug: 36422853]

libvirt-dbus [1.3.0-2.el8]

• Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6)

[1.3.0]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[1.2.0-3]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[1.2.0-2]

• util: fix virtDBusUtilDecodeUUID (rhbz#1647823)

[1.2.0-1]

• Rebased to libvirt-dbus-1.2.0 (rhbz#1630196)

[1.0.0-1]

• Rebase from Fedora

libvirt-python [9.0.0-15.el8]

• Update to libvirt 9.0.0-15 (Karl Heubaum)

[9.0.0-14.el8]

• Update to libvirt 9.0.0-14 (Karl Heubaum)

[9.0.0-13.el8]

• Update to libvirt 9.0.0-13 (Mark Kanda)

[9.0.0-12.el8]

• Update to libvirt 9.0.0-12 (Karl Heubaum)

[9.0.0-11.el8]

• Update to libvirt 9.0.0-11 (Karl Heubaum)

[9.0.0-10.el8]

• Update to libvirt 9.0.0-10 (Karl Heubaum)

[9.0.0-9.el8]

• Update to libvirt 9.0.0-9 (Karl Heubaum)

[9.0.0-8.el8]

• Update to libvirt 9.0.0-8 (Karl Heubaum)

[9.0.0-7.el8]

• Update to libvirt 9.0.0-7 (Karl Heubaum)

[9.0.0-6.el8]

• Update to libvirt 9.0.0-6 (Karl Heubaum)

nbdkit [1.24.0-5]

• vddk: Add support for VDDK 8.0.0 resolves: rhbz#2143907

[1.24.0-4]

• Fix build on RHEL 8.6 with qemu >= 6.1 resolves: rhbz#2045945

[1.24.0-3]

• Fix CVE-2021-3716 NBD_OPT_STRUCTURED_REPLY injection on STARTTLS resolves: rhbz#1994915

[1.24.0-2]

• Fix data corruption in zero and trim on unaligned tail resolves: rhbz#1990135

[1.24.0-1.el8]

• Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6)

[1.16.2]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[1.16.2]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[1.4.2-5]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[1.4.2-4]

• Remove misguided LDFLAGS hack which removed server hardening. https://bugzilla.redhat.com/show_bug.cgi?id=1624149#c6 resolves: rhbz#1624149

[1.4.2-3]

• Use platform-python resolves: rhbz#1659159

netcf [0.2.8-12]

• Resolves: rhbz#1602628

[0.2.8-11]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[0.2.8-10]

• Remove artificial dependency on bridge-utils. rhbz #1605333

[0.2.8-9]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[0.2.8-8]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[0.2.8-7]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[0.2.8-6]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

[0.2.8-5]

• Rebuild for readline 7.x

[0.2.8-4]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

• Wed Oct 14 2015 Laine Stump laine@redhat.com

• Improve performance with large number of interfaces (Bug 1268384, Bug 1271341)
• recognize bond devices with no slaves

perl-Sys-Virt [8.0.0-1]

• Rebase to 8.0.0 release
• Resolves: rhbz#2012813

[7.10.0-1]

• Rebase to 7.10.0 release
• Resolves: rhbz#2012813

[7.8.0-2]

• Fix bug passing flags when creating NWFilterBinding
• Resolves: rhbz#2029647

[7.8.0-1]

• Rebase to 7.8.0 release
• Resolves: rhbz#2012813

[7.4.0-1.el8]

• Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6)

[6.0.0]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[4.5.0-5]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[4.5.0-4]

• Fix typed parameter memory handling (rhbz #1602346)
• Fix missing NWFilterBinding module (rhbz #1615841)

[4.5.0-3]

• Included BuildRequire: git to fix a building issue

[4.5.0-2]

• Fix typed parameter memory handling (rhbz#1602346)

qemu-kvm [7.2.0-33.el8]

• migration: Change default pages to scan to 8192 for Exadata (Elena Ufimtseva) [Orabug: 38732433]
• meson: check if isa-l installed and enable it (Elena Ufimtseva) [Orabug: 38732433]
• migration/page_cache: Improve isal-crypto-mb-sha256 cache-miss handling (Joao Martins) [Orabug: 38732433]
• migration/page_cache: Add isal_crypto multi-buffer sha256 variant (Joao Martins) [Orabug: 38732433]
• migration/page_cache: Add batching mode support for isa-l_crypto (Joao Martins) [Orabug: 38732433]
• migration: Use algorithm table to initialize hashing (Elena Ufimtseva) [Orabug: 38732433]
• migration: Add existing algorithms to description table (Elena Ufimtseva) [Orabug: 38732433]
• migration: Add a unified description structure for hashing algorithms (Elena Ufimtseva) [Orabug: 38732433]

[7.2.0-32.el8]

• spec: Provide aarch64 and mips user static packages (Mark Kanda) These packages are for Oracle internal use only (not for external customers)
• cpu: Only compile runstate_is_running() for system mode (Mark Kanda)
• linux-user: Do not define struct sched_attr if libc headers do (Khem Raj)

[7.2.0-31.el8]

• migration: Fix the cancellation/error path (Elena Ufimtseva) [Orabug: 38739293]

[7.2.0-30.el8]

• live migration: scan and clear contiguous dirty pages regions of ram (Elena Ufimtseva) [Orabug: 38388170]
• migration: add hash_rate trace point (Elena Ufimtseva) [Orabug: 38388170]
• migration: add parameter to specify max number of contiguous pages (Elena Ufimtseva) [Orabug: 38388170]
• multifd: send more pages then IOV_MAX (Elena Ufimtseva) [Orabug: 38388170]
• io: fix use after free in websocket handshake code (Daniel P. Berrange) [Orabug: 38687831] {CVE-2025-11234}

[7.2.0-29.el8]

• hw/core/machine.c: Add vhost-scsi-pci num_queues = 1 to hw_compat_7_2_exadata (Greg Jumper) [Orabug: 38544462]
• target/i386/kvm: account blackout downtime for kvm-clock and guest TSC (Dongli Zhang) [Orabug: 38307402]
• cpus: resume hotplugged vCPU only when the guest is running (Dongli Zhang) [Orabug: 38307402]
• system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add() (Dmitrii Gavrilov) [Orabug: 38298220]
• acpi: pcihp: allow repeating hot-unplug requests (Igor Mammedov) [Orabug: 38257990]
• hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint (Peter Maydell) [Orabug: 37517799] {CVE-2024-8354}
• target/i386: Introduce GraniteRapids-v2 model (Tao Su) [Orabug: 38330786]
• target/i386: Add AVX512 state when AVX10 is supported (Tao Su) [Orabug: 38330786]
• target/i386: Add feature dependencies for AVX10 (Tao Su) [Orabug: 38330786]
• target/i386: add CPUID.24 features for AVX10 (Tao Su) [Orabug: 38330786]
• target/i386: add AVX10 feature and AVX10 version property (Tao Su) [Orabug: 38330786]
• target/i386: return bool from x86_cpu_filter_features (Paolo Bonzini) [Orabug: 38330786]
• target/i386: do not rely on ExtSaveArea for accelerator-supported XCR0 bits (Paolo Bonzini) [Orabug: 38330786]
• target/i386: Call accel-agnostic x86_cpu_get_supported_cpuid() (Philippe Mathieu-Daude) [Orabug: 38330786]
• target/i386: Add new CPU model GraniteRapids (Tao Su) [Orabug: 38330786]

[7.2.0-28.el8]

• hw/i386: Add an exadata machine (Joao Martins) [Orabug: 38408711]
• arm/kvm: add support for MTE (Cornelia Huck)
• target/arm: When tag memory is not present, set MTE=1 (Richard Henderson)
• spec: provide qemu-kvm-device-usb-host package (Mark Kanda) [Orabug: 38355110]
• kvm.conf: do not automatically enable virt when loading kvm (Mark Kanda) [Orabug: 38320046]

[7.2.0-26.el8]

• accel/kvm: Enable Dirty bit tracking if hash cache is used (Joao Martins) [Orabug: 37699414]
• migration/page_cache: Add nettle sha256 function (Elena Ufimtseva) [Orabug: 37699414]
• migration/page_cache: Add libgcrypt sha256 function (Elena Ufimtseva) [Orabug: 37699414]
• migration/page_cache: Add gnutls sha256 function (Joao Martins) [Orabug: 37699414]
• migration: Add a parameter to select sha256 library (Joao Martins) [Orabug: 37699414]
• migration: Export cache statistics to QMP (Joao Martins) [Orabug: 37699414]
• migration/ram: Adjust estimate/exact to time-to-hash dirty data (Joao Martins) [Orabug: 37699414]
• migration: Sync dirty bitmap in exact() considering factor (Joao Martins) [Orabug: 37699414]
• migration: Time cache hit/miss operations (Joao Martins) [Orabug: 37699414]
• migration/ram: Calculate real dirty pages based on hash cache stats (Elena Ufimtseva) [Orabug: 37699414]
• migration: Add hash cache for dirty page tracking (Elena Ufimtseva) [Orabug: 37699414]
• migration/page-cache: Differentiate page size from cache data size (Joao Martins) [Orabug: 37699414]
• target/i386: do not expose ARCH_CAPABILITIES on AMD CPU (Paolo Bonzini) [Orabug: 38225280]

[7.2.0-24.el8]

• Revert 'migration: Temporarily re-enable our custom switchover event by default' (Mark Kanda)
• target/i386: Enumerate verw-clear CPUID feature (Boris Ostrovsky) [Orabug: 38118557] {CVE-2024-36350} {CVE-2024-36357}

[7.2.0-23.el8]

• vhost-scsi: support VIRTIO_SCSI_F_HOTPLUG (Dongli Zhang) [Orabug: 38113473]

[7.2.0-22.el8]

• migration/multifd: Don't send device state packets with zerocopy flag (Maciej S. Szmigiero) [Orabug: 37372623]
• migration/dirtyrate: skip kvm_log_start/kvm_log_stop for non-KVM (Dongli Zhang) [Orabug: 37939813]

supermin [5.2.1-2.0.1.el8]

• Rebuild [Orabug: 35720304]

[5.2.1-2.el8]

• Supermin should ignore +debug kernels resolves: rhbz#2051332
• Add copy-patches script.

[5.2.1-1.el8]

• Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6)

[5.1.19]

• Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

[5.1.19-9]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[5.1.19-8]

• Pass CFLAGS & LDFLAGS to final supermin link resolves: rhbz#1624175

[5.1.19-7]

• Rebuild for OCaml 4.07.0.

[5.1.19-6]

• Drop dietlibc in RHEL 8 resolves: rhbz#1588067

[5.1.19-5]

• Bump release and rebuild.

[5.1.19-4]

• Reenable hardened build

swtpm [0.7.0-4.20211109gitb79fd91]

• swtpm_localca: Test for available issuercert before creating CA Resolves: rhbz#2100508

[0.7.0-3.20211109gitb79fd91]

• Disable OpenSSL FIPS mode to avoid libtpms failures Resolves: rhbz#2097947

[0.7.0-2.20211109gitb79fd91]

• Add fix for CVE-2022-23645. Resolves: rhbz#2056517

[0.7.0-1.20211109gitb79fd91]

• Rebase to 0.7.0, disable TPM 1.2. Resovles: rhbz#2029612

[0.6.0-2.20210607gitea627b3]

• rebuilt with missing CFLAGS fix.

[0.6.0-1.20210607gitea627b3]

• Update to 0.6.0. Resolves: rhbz#1972783

[0.4.2-1.20201201git2df14e3]

• Update to 0.4.2, to address potential symlink vulnerabilities (CVE-2020-28407). Resolves: rhbz#1906043

[0.4.0-3.20200828git0c238a2]

• swtpm_setup: Add missing .config path when using /home/opc. Resolves: rhbz#1881418

[0.4.0-2.20200828git0c238a2]

• Backport fixes from 0.4.0 stable branch. Resolves: rhbz#1868375 (fixes usage of swtpm-localca with passwords when signing keys)

[0.4.0-1.20200828git0c238a2]

• Update to v0.4.0. Resolves: rhbz#1868375

seabios [1.16.0-4]

• seabios-malloc-use-variable-for-ZoneHigh-size.patch [bz#2227373]
• seabios-malloc-use-large-ZoneHigh-when-there-is-enough-memor.patch [bz#2227373]
• Resolves: bz#2227373 ('No bootable device' with OS boot disk interface VirtIO-SCSI and with more than 9 VirtIO disks.)

[1.16.0-3]

• seabios-virtio-blk-use-larger-default-request-size.patch [bz#2101787]
• Resolves: bz#2101787 ([rhel.8.7] Loading a kernel/initrd is sometimes very slow)

[1.16.0-2]

• seabios-shortcut-skip-unbootable-disks-optimitation.patch [bz#2073012]
• seabios-pci-refactor-the-pci_config_-functions.patch [bz#2083884]
• seabios-reset-force-standard-PCI-configuration-access.patch [bz#2083884]
• Resolves: bz#2073012 (Guest whose os is installed multiple disks but boot partition is installed on single disk can't boot into OS on RHEL 8 [rhel-8.7.0])
• Resolves: bz#2083884 (qemu reboot problem with seabios 1.16.0)

[1.16.0-1]

• Rebase to upstream 1.16 tag [bz#2066828]
• Resolves: bz#2066828 (rebase seabios to 1.16 release)

[1.15.0-1.el8]

• Rebase to 1.15 (bz#2018392)
• Resolves: bz#2018392

[1.15.0-1.el8]

• pci-reserve-resources-for-pcie-pci-bridge-to-fix-reg.patch [bz#2001921]
• pci: let firmware reserve IO for pcie-pci-bridge.patch [bz#2001921]
• Resolves: bz#2001921

[1.14.0-1.el8]

• Rebase to 1.14 (bz#1809772)
• Resolves: bz#1809772 (rebase seabios for RHEL AV-8.3.0)

[1.13.0-1.el8]

• Rebase to 1.13 (bz#1793377)
• Resolves: bz#1793377 (rebase seabios to 1.13)

[1.12.0-5.el8]

• seabios-add-get_keystroke_full-helper.patch [bz#1693031]
• seabios-bootmenu-add-support-for-more-than-9-entries.patch [bz#1693031]
• Resolves: bz#1693031 (On systems with more than 10 available boot devices, keys are uninintuitive)

[1.12.0-4.el8]

• seabios-tpm-Check-for-TPM-related-ACPI-tables-before-attempt.patch [bz#1705212]
• seabios-usb-ehci-Clear-pipe-token-on-pipe-reallocate.patch [bz#1705212]
• Resolves: bz#1705212 (Backport 1.12.1 patches to RHEL-AV 8.1.0)

sgabios [1:0.20170427git-3]

• Rebuild all virt packages to fix RHEL's upgrade path
• Resolves: rhbz#1695587 (Ensure modular RPM upgrade path)

[1:0.20170427git-2]

• Trigger a new sgabios build

[1:0.20170427git-1]

• Switch to qemu sgabios repo, which has an extra bugfix

[1:0.20110622svn-13]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1:0.20110622svn-12]

• Allow disabling cross-compilation

[1:0.20110622svn-11]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1:0.20110622svn-10]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

[1:0.20110622svn-9]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[1:0.20110622svn-8]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[1:0.20110622svn-7]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

virt-v2v [1:1.42.0-22]

• RHEL 8: If setfiles fails fall back to autorelabel resolves: rhbz#XXX
• Reapply patches since we are using git format-patch --submodule=diff

[1:1.42.0-21]

• Fix assertion failure when parsing OVA dir with trailing slash resolves: rhbz#2028823
• For -o rhv-upload wait for VM creation task resolves: rhbz#1985827
• If listing RPM applications fails, rebuild DB and retry (2089623)
• Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102720

[1:1.42.0-18]

• Additional fix for backing file specified without backing format related: rhbz#2025769

[1:1.42.0-17]

• Correct regexps used to fix schtasks command
• Fix backing file specified without backing format resolves: rhbz#2023279, rhbz#2025769

[1:1.42.0-16]

• Implement cookie scripts for more reliable vCenter/HTTPS transfers resolves: rhbz#2018173

[1:1.42.0-15]

• v2v: windows: Do not fix NTFS heads in Windows Vista and later resolves: rhbz#1995000

[1:1.42.0-14]

• v2v: rhv-upload-plugin: Fix waiting for finalize resolves: rhbz#1976024

[1:1.42.0-13]

• docs: Fix version of virt-v2v which added UEFI for OpenStack related: rhbz#1872100
• v2v: Increase Linux minimum root filesystem to 100 MB resolves: rhbz#1764569

[1:1.42.0-12]

• v2v: Fix conversion of BitLocker guests resolves: rhbz#1959051

[1:1.42.0-11]

• v2v: windows: Allow qxldod.inf as synonym for qxl.inf resolves: rhbz#1926102
• v2v: Increase required free space in Windows to 100 MB resolves: rhbz#1949147
• docs: Document how to remove 'Out of HTTP sessions' limit
• v2v: Disable readahead for VMware curl sources too resolves: rhbz#1848862
• v2v: Allow output to block devices resolves: rhbz#1868690
• docs: -o openstack: Clarify name of file containing OpenStack auth resolves: rhbz#1871754
• docs: UEFI guest conversion to -o openstack is supported resolves: rhbz#1872100
• v2v: Turn pnp_wait.exe warning into a debug message resolves: rhbz#1903960
• v2v: windows: Fix schtasks /SD parameter resolves: rhbz#1895323