We need to bump up vdsm spec for all branches +++ This bug was initially created as a clone of Bug #1408122 +++
This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
confirmed to affect all rhel-6 based machine types
Francesco, can you check if qemu-kvm-ev currently in -snapshot is ok so you can move this bug to modified?
> Francesco, can you check if qemu-kvm-ev currently in -snapshot is ok so you > can move this bug to modified? It is: Fixed in version: qemu-kvm-rhev-2.6.0-28.el7_3.3 http://resources.ovirt.org/pub/ovirt-4.1-snapshot/rpm/el7Server/x86_64/qemu-kvm-ev-2.6.0-28.el7_3.3.1.x86_64.rpm but the patch bumping the spec is not yet merged or backported.
4.0.6 has been the last oVirt 4.0 release, please re-target this bug.
*** Bug 1417944 has been marked as a duplicate of this bug. ***
nope, still POST
In branch 4.0.z we still depend on QEMU >= 2.3.0 (https://github.com/oVirt/vdsm/blob/ovirt-4.0/vdsm.spec.in#L256). The Opteron_G4 issue AFAIU affects QEMU 2.6.z, so what to do here? Should we bump the dep to >= 2.6.0 also on branch 4.0.z?
(In reply to Francesco Romani from comment #8) > In branch 4.0.z we still depend on QEMU >= 2.3.0 > (https://github.com/oVirt/vdsm/blob/ovirt-4.0/vdsm.spec.in#L256). The > Opteron_G4 issue AFAIU affects QEMU 2.6.z, so what to do here? Should we > bump the dep to >= 2.6.0 also on branch 4.0.z? I can answer myself. The regression was introduced during one 2.6 rebase, it is not present in the 2.3.0 codebase. Thus, the only vulnerability in the 4.0.z branch is on RHEL7.3, and only if one user manages to update to the buggy version of qemu, but this will be automatically fixed when yum -y update is run again. Thus, we don't need patches to 4.0.z branch. THe patch was merged on master and ovirt-4.1 branch, so we can move to MODIFIED.
fixed by https://bugzilla.redhat.com/show_bug.cgi?id=1408122#c9