1 files changed, 29 insertions, 0 deletions

diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2829.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2829.toml
new file mode 100644
index 00000000..5d29071a
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_missing/2829.toml
@@ -0,0 +1,29 @@
+id = 2829
+title = "SMB sharing on FIPS enabled hosts with Samba broken"
+state = "opened"
+created_at = "2025-02-21T20:06:48.512Z"
+closed_at = "n/a"
+labels = []
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2829"
+host-os = "Ubuntu 22.04 (FIPS enabled)"
+host-arch = "x86"
+qemu-version = "QEMU emulator version 9.2.0"
+guest-os = "Win7sp1"
+guest-arch = "x86"
+description = """Similar to #2593 , newer security features on GNU+Linux host OSes are continuing
+to break communication with guests running older OSes.
+
+QEMU executes the `smbd` process in [slirp.c](net/slirp.c) to facilitate the SMB
+sharing between guest and host.
+
+The host `smbd` process links in GnuTLS for authentication ciphers and algorithm
+primitives.  When `smbd` processes SMB requests from these older OS's SMB implementations,
+it errors out with error lines:
+
+`Failed to setup SPNEGO negTokenInit request`
+
+`Failed to start SPNEGO handler for negprot OID list!`"""
+reproduce = """1. Access a GNU+Linux machine with GnuTLS library in FIPS mode which `smbd` links against
+2. Run `qemu-system-*` with an older guest OS with a `smb` share to host
+3. See errors in `/tmp/qemu.smb*/log.smbd`"""
+additional = """#"""