Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:merge-focal/4.2-for-focal into ubuntu/+source/qemu:debian/sid

Proposed by Christian Ehrhardt  on 2020-01-16

Status:

Merged

Merge reported by:

Christian Ehrhardt 

Merged at revision:

1c069c8a2d8dc1ef83769db5d676aac92358bb19

Proposed branch:

~paelzer/ubuntu/+source/qemu:merge-focal/4.2-for-focal

Merge into:

ubuntu/+source/qemu:debian/sid

Diff against target:

5913 lines (+5016/-118)

30 files modified

debian/binfmt-update-in (+4/-6)
debian/changelog (+3485/-0)
debian/control (+94/-25)
debian/control-in (+93/-21)
debian/kvm.arm32 (+2/-0)
debian/kvm.arm64 (+2/-0)
debian/kvm.powerpc (+13/-0)
debian/kvm.s390x (+2/-0)
debian/kvm.x86 (+1/-1)
debian/not-installed (+4/-0)
debian/patches/lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch (+43/-0)
debian/patches/series (+10/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+633/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/expose-vmx_qemu64cpu.patch (+17/-0)
debian/patches/ubuntu/lp-1857033-i386-Add-MSR-feature-bit-for-MDS-NO.patch (+37/-0)
debian/patches/ubuntu/lp-1857033-i386-Add-macro-for-stibp.patch (+40/-0)
debian/patches/ubuntu/lp-1857033-i386-Add-new-CPU-model-Cooperlake.patch (+99/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.maintscript (+4/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-data.install (+1/-1)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/qemu-utils.install (+2/-0)
debian/rules (+93/-16)
dev/null (+0/-48)

Related bugs:

Bug #1790856: [MIR] pmdk	Undecided	Fix Released
Bug #1859527: vring_get_region_caches: Assertion `caches != NULL' failed.	Undecided	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Rafael David Tinoco (community)	2020-01-16	Approve on 2020-01-24
Canonical Server packageset reviewers	2020-01-16	Pending
Canonical Server	2020-01-16	Pending
Review via email: mp+377706@code.launchpad.net

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-01-16:

Intro for the MP why this is somewhat special
  - this is the first time we fully go git-ubuntu on Qemu
    - old branches were based on Debian repos
    - the roms directory was usually not well tracked in git
      - usually ignored, content depended on the tarball
    - Git Ubuntu uses clear imports as uploaded, therefore it has the roms
    - Those show up as conflicts between old/new branches and led to some "clenaup"
      commits synchronizing them
      e.g. 99be3979 "New upstream release v4.0" for 4.0-0ubuntu1 was following the Debian
      approach
      But I now needed to add "CLEANUP - New upstream release v4.0" to match git-ubuntu
      imports instead of salsa git
      Those commits can be dropped eventually and will not need to be listed in the
      changelog to be dropped as from
      a git-ubuntu and Ubuntu-Archive POV they never existed.
  - Furthermore there will be no update-maintainer commit as it is generated from d/
    control-in to d/control.
    Instead of "update-maintainer" you'll see "d/control: regenerate debian/control out
    of control-in" which does the same (and more) being handled as we'd usualy do with
    "update-maintainer".
  - due to bug 1858767, I created everything manually but it still should feel "as usual"
    Tags:
      merge-focal/deconstruct
      merge-focal/logical*
      merge-focal/new/debian
      merge-focal/old/debian
      merge-focal/old/ubuntu
    Branch:
      merge-focal/4.2-for-focal
  - It contains multiple versions of logical in case the reviewer ever wonders how we got
    form that huge list down.
    git range diff between those is really neat if you need to track changes there.

I directly upstreamed and discussed most new things to Debian:
=> https://salsa.debian.org/qemu-team/qemu/merge_requests/12
=> https://salsa.debian.org/qemu-team/qemu/merge_requests/10

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2020-01-16:

This merge review is mine! Will do it soon.

~paelzer/ubuntu/+source/qemu:merge-focal/4.2-for-focal updated on 2020-01-20

6019e1a... by Christian Ehrhardt  on 2020-01-20

Changelog: mention bug 1812822

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message

Dan Streetman (ddstreet) wrote on 2020-01-21:

I cloned the repo and if i'm looking at it right, I believe this patch isn't included:
https://github.com/qemu/qemu/commit/725fe5d10dbd4259b1853b7d253cef83a3c0d22a

That fixes bug 1859527, and would be great to include here so the fix can be sru'ed back to b/e.

~paelzer/ubuntu/+source/qemu:merge-focal/4.2-for-focal updated on 2020-01-22

016960f... by Christian Ehrhardt  on 2020-01-22

d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)

Signed-off-by: Christian Ehrhardt <email address hidden>

23a9ab3... by Christian Ehrhardt  on 2020-01-22

changelog: avoid breakage on high virtqueue counts (LP: #1859527)

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-01-22:

@Dan - thanks for the hint -I added it right to the 4.2 branch. Thanks for the work on this bug btw!

FYI: I will closer to the release of 20.04 do usually backport quite a bunch of fixes (like a 4.2.1 if it doesn't exist at the time) and would have expected to have picked that up anyway.

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2020-01-22:

Alright, doing the review now...

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2020-01-23:

Christian I have made observations on lines starting either with:

--
??
!!

Its mostly asking for more info about some things.

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2020-01-23:

Download full text (7.1 KiB)

(https://pastebin.ubuntu.com/p/b5hgJggtSp/)

##
## NOTES USING CHANGELOG FILE
##

qemu (1:4.2-1ubuntu1) focal; urgency=medium

* Merge with Debian testing, Among many other things this fixes LP Bugs:

ok LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
ok LP: #1812822 - avoid crashes on detaching vhost_net interfaces

Remaining changes:

ok - qemu-kvm to systemd unit
ok - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, huge...
ok - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-...
ok - d/qemu-system-common.install: install helper script
ok - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
ok - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm
ok - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
ok - Distribution specific machine type (LP: 1304107 1621042)
ok - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types
ok - d/qemu-system-x86.NEWS Info on fixed machine type definitions for ...
ok - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
ok - provide pseries-bionic-2.11-sxxm type as convenience with all melt...
ok - improved dependencies
ok - Make qemu-system-common depend on qemu-block-extra
ok - Make qemu-utils depend on qemu-block-extra
ok - let qemu-utils recommend sharutils
ok - s390x support
ok - Create qemu-system-s390x package
ok - Enable numa support for s390x
ok - d/rules: build s390-ccw.img with upstream Makefile
ok - d/rules: build s390-netboot.img with upstream Makefile
-- - arch aware kvm wrappers
?? (are you blocking one to run QEMU/KVM on Power8 because sec issues only ?)
?? (is that something worth doing by default ?)
ok - d/control: update VCS links
ok - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
ok - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types ...
ok - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to ...
ok - d/control-in: Disable capstone disassembler library support (universe)
ok - d/control: disable bluetooth being deprecated
ok - d/not-installed: ignore new interop docs and extra icons for now
ok - d/not-installed: do not install elf2dmp until namespaced
?? (out of curiosity only, what do you mean by elf2dmp being namespaced ?)
ok - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
ok - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
-- - d/binfmt-update-in: fix binfmt being called in some containers ...
?? (is this upstreamable ?)

- Dropped changes (in Debian)

(https://pastebin.ubuntu.com/p/b5hgJggtSp/)

##
## NOTES USING CHANGELOG FILE
##

qemu (1:4.2-1ubuntu1) focal; urgency=medium

* Merge with Debian testing, Among many other things this fixes LP Bugs:

ok  LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
ok  LP: #1812822 - avoid crashes on detaching vhost_net interfaces

Remaining changes:

ok  - qemu-kvm to systemd unit
ok    - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, huge...
ok    - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-...
ok    - d/qemu-system-common.install: install helper script
ok    - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
ok    - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm
ok    - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
ok  - Distribution specific machine type (LP: 1304107 1621042)
ok    - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types
ok    - d/qemu-system-x86.NEWS Info on fixed machine type definitions for ...
ok    - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
ok    - provide pseries-bionic-2.11-sxxm type as convenience with all melt...
ok  - improved dependencies
ok    - Make qemu-system-common depend on qemu-block-extra
ok    - Make qemu-utils depend on qemu-block-extra
ok    - let qemu-utils recommend sharutils
ok  - s390x support
ok    - Create qemu-system-s390x package
ok    - Enable numa support for s390x
ok    - d/rules: build s390-ccw.img with upstream Makefile
ok    - d/rules: build s390-netboot.img with upstream Makefile
--    - arch aware kvm wrappers
??    (are you blocking one to run QEMU/KVM on Power8 because sec issues only ?)
??    (is that something worth doing by default ?)
ok  - d/control: update VCS links
ok  - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
ok    - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types ...
ok    - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to ...
ok    - d/control-in: Disable capstone disassembler library support (universe)
ok    - d/control: disable bluetooth being deprecated
ok  - d/not-installed: ignore new interop docs and extra icons for now
ok  - d/not-installed: do not install elf2dmp until namespaced
??    (out of curiosity only, what do you mean by elf2dmp being namespaced ?)
ok  - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
ok  - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
--  - d/binfmt-update-in: fix binfmt being called in some containers ...
??    (is this upstreamable ?)

- Dropped changes (in Debian)

ok  - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
ok    - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
ok    - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
--  - d/control-in: enable RDMA support in qemu (LP: 1692476)
--      - enable RDMA config option
--      - add libibumad-dev build-dep
??    (why ? was support dropped from upstream ? is it just us ?)
ok  - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back...
ok  - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
ok  - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
ok  - d/rules: fix qemu-kvm service for debhelper compat >=12
ok  - Refreshed patches for v4.0 context changes
ok  - d/control*: remove sdlabi which was removed upstream
ok  - d/control*: enable docs (now explicit) and provide new build-dep ...
ok  - d/qemu-system-data.install: use new paths for formerly used icons
ok  - Merge with Upstream release of qemu 4.0
ok  - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch

- Dropped changes (Upstream)

ok  - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
ok  - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
ok  - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch: fix ...
ok  - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector ...
ok  - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues ...
ok  - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer ...
ok  - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags (LP 1...
ok  - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.p...
ok  - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.p...
ok  - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*: ...
ok  - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch ...
ok  - SECURITY UPDATE: Add support for exposing md-clear functionality to guests
ok    - d/p/ubuntu/enable-md-clear.patch
ok    - d/p/ubuntu/enable-md-no.patch
ok    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
ok  - SECURITY UPDATE: heap overflow when loading device tree blob
ok    - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to ...
ok    - CVE-2018-20815
ok  - SECURITY UPDATE: device driver denial of service via NULL pointer der...
ok    - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read' routine
ok    - CVE-2019-5008
ok  - SECURITY UPDATE: information leak in SLiRP
ok    - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when emulating ...
ok    - CVE-2019-9824
ok  - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimpl...
!! (typo: archicture, prob from upstream)

* Dropped changes (no more needed)

ok  - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for mv_conf...
      [ only needed between disco and eoan ]
ok  - disable pvrdma
ok    [ CVEs all fixed now ]
!!  (does this mean we now have the pvrdma feature ? should we highlight that ?)
ok  - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: av...
      [ qemu now detects and handles nesting - needs kernel >=4.20 ]
ok  - Enable nesting by default
ok    - d/qemu-system-x86.modprobe: set nested=1 module option on intel. ...
ok    - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded ...
ok    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default ...
ok    - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default...
ok    - d/qemu-system-x86.README.Debian: document intention of nested being ...
      [ nesting is default in kernel modules and default selected cpu types ]

* Added changes

ok  - d/control: regenerate debian/control out of control-in
ok  - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
ok    - added ubuntu focal types for qemu 4.2
ok    - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
ok  - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model (LP: #1857033)
ok  - d/qemu-system-x86.README.Debian: add info abou nesting changes
!!    (abou <- typo)
ok  - d/control*, d/rules: disable xen by default, but provide universe pac...
ok  - fix typos in changelog and d/qemu-system-x86.NEWS
??    (maybe remove typo changes as they are not important for changelog ?)
ok  - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)

-- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 08 Jan 2020 15:27:42 +0100

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2020-01-23:

Download full text (4.1 KiB)

(https://pastebin.ubuntu.com/p/vZzK5z6mHG/)

##
## NOTES USING GIT-UBUNTU LOGICAL TAG
##

ok changelog: avoid breakage on high virtqueue counts (LP: #1859527)
ok d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
ok 2b479e9c98 Changelog: mention bug 1812822
-- 868b5b3969 - d/rules: move down dh_install of qemu-kvm
(missed CHANGELOG)
ok a63346226b (tag: paelzer/merge-focal/logical-v9, tag: merge-focal/logical-v9)
ok f9b430895c - d/control-in: promote qemu-efi in Ubuntu (LP: #1570617)
ok 2248d99e84 - d/control-in: update VCS links
ok f6c44bd3e2 DROP: - d/control-in: enable docs (now explcit) and provide new
ok f51c05bec1 DROP: - d/control-in: remove sdlabi which was removed upstream
ok f7752c82ce - d/control-in: disable bluetooth being deprecated
ok ff18ce7638 DROP: fix migration issue from qemu <4.0 when using virtio-balloon
ok b9c4255178 DROP: fix a potential hang in qemu or qemu-img (LP: #1848556)
ok 40b5778df8 DROP: d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-descr
ok 0d85d8398c d/binfmt-update-in: fix binfmt being called in some containers
ok bb6527781a DROP: - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability
ok 0e6a96df05 DROP: d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model
ok 53e3585a54 DROP: d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix bu
ok 03c2c4a077 DROP: d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the
ok 7de571b95d DROP: d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error
ok bf527e21c3 DROP: d/qemu-system-data.install: use new paths for formerly used
ok c28afff934 d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
ok 74d3bba980 do not install elf2dmp until namespaced
ok 2696d05622 d/not-installed: ignore new interop docs and extra icons for now
ok 85ae234465 DROP: - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #
ok 124aec41df DROP: - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Tolera
ok 34e64a7a36 DROP: refresh DEBIAN PATCH use-fixed-data-path.patch for context
ok a3e888b0d5 DROP: drop patches no more applicable in qemu 4.0
ok f926a3ccf6 DROP: CLEANUP - New upstream release v4.0
ok fb695d97cf DROP: New upstream release v4.0
ok dc0ca54437 DROP: d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expan
ok a1713cfd39 DROP: security fixes for MDS in 1:3.1+dfsg-2ubuntu4
-- 1b80fb61d6 DROP: i2c-ddc-fix-oob-read-CVE-2019-3812.patch (#922635)
!! (missed CHANGELOG)
ok 5b0efb9693 DROP: qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
ok b499c763ba DROP: disable pvrdma for now, it is a bit too buggy Besides seve
ok 8d72816752 DROP: slirp-check-data-length-while-emulating-ident-function-CVE-
-- 026721e6b4 DROP: scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6
!! (missed CHANGELOG)
ok 421b6ecede DROP: properly return archicture defined exception on bad subcod
!! (typo: archicture)
ok ee3a6375ef - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.pa
?? (why not DROP: ?)
ok 0f5438e3a5 DROP: - d/p/debianize-qemu-guest-service.patch: fix path of qemu
ok 36baee9d37 DROP: remove /dev/kvm permission handling (moved to systemd 239-
ok 7e3697c9dc DROP: debian/patches/ubuntu/lp-1790901-partial-SLOF-for-s390x-...

(https://pastebin.ubuntu.com/p/vZzK5z6mHG/)

##
## NOTES USING GIT-UBUNTU LOGICAL TAG
##

ok changelog: avoid breakage on high virtqueue counts (LP: #1859527)
ok d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
ok 2b479e9c98 Changelog: mention bug 1812822
-- 868b5b3969 - d/rules: move down dh_install of qemu-kvm
   (missed CHANGELOG)
ok a63346226b (tag: paelzer/merge-focal/logical-v9, tag: merge-focal/logical-v9)
ok f9b430895c - d/control-in: promote qemu-efi in Ubuntu (LP: #1570617)
ok 2248d99e84 - d/control-in: update VCS links
ok f6c44bd3e2 DROP: - d/control-in: enable docs (now explcit) and provide new 
ok f51c05bec1 DROP: - d/control-in: remove sdlabi which was removed upstream
ok f7752c82ce - d/control-in: disable bluetooth being deprecated
ok ff18ce7638 DROP: fix migration issue from qemu <4.0 when using virtio-balloon
ok b9c4255178 DROP: fix a potential hang in qemu or qemu-img (LP: #1848556)
ok 40b5778df8 DROP: d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-descr
ok 0d85d8398c d/binfmt-update-in: fix binfmt being called in some containers 
ok bb6527781a DROP: - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability
ok 0e6a96df05 DROP: d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model 
ok 53e3585a54 DROP: d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix bu
ok 03c2c4a077 DROP: d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the
ok 7de571b95d DROP: d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error
ok bf527e21c3 DROP: d/qemu-system-data.install: use new paths for formerly used
ok c28afff934 d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
ok 74d3bba980 do not install elf2dmp until namespaced
ok 2696d05622 d/not-installed: ignore new interop docs and extra icons for now
ok 85ae234465 DROP: - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #
ok 124aec41df DROP: - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Tolera
ok 34e64a7a36 DROP: refresh DEBIAN PATCH use-fixed-data-path.patch for context
ok a3e888b0d5 DROP: drop patches no more applicable in qemu 4.0
ok f926a3ccf6 DROP: CLEANUP - New upstream release v4.0
ok fb695d97cf DROP: New upstream release v4.0
ok dc0ca54437 DROP: d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expan
ok a1713cfd39 DROP: security fixes for MDS in 1:3.1+dfsg-2ubuntu4
-- 1b80fb61d6 DROP: i2c-ddc-fix-oob-read-CVE-2019-3812.patch (#922635)
!! (missed CHANGELOG)
ok 5b0efb9693 DROP: qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
ok b499c763ba DROP: disable pvrdma for now, it is a bit too buggy Besides seve
ok 8d72816752 DROP: slirp-check-data-length-while-emulating-ident-function-CVE-
-- 026721e6b4 DROP: scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6
!! (missed CHANGELOG)
ok 421b6ecede DROP: properly return archicture defined exception on bad subcod
!! (typo: archicture)
ok ee3a6375ef - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.pa
?? (why not DROP: ?)
ok 0f5438e3a5 DROP: - d/p/debianize-qemu-guest-service.patch: fix path of qemu
ok 36baee9d37 DROP: remove /dev/kvm permission handling (moved to systemd 239-
ok 7e3697c9dc DROP: debian/patches/ubuntu/lp-1790901-partial-SLOF-for-s390x-ne
-- 9e302af13a DROP: - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsusp
!! (missed CHANGELOG)
ok 40e7045b8c - d/control-in: Disable capstone disassembler library support (
ok 1fc45260f6    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713
ok 873e9db590 DROP: - d/control-in: enable RDMA support in qemu (LP: 1692476) 
ok 761aaa725b DROP: - qemu-guest-agent: freeze-hook fixes (LP: 1484990)   - d/q
ok e15e0347b1 * improved s390x support   - Create qemu-system-s390x package   
ok d4ee6db167   - let qemu-utils recommend sharutils
ok b3d5f59c39   - Make qemu-utils depend on qemu-block-extra
ok d773d49985 * improved dependencies   - Make qemu-system-common depend on qem
ok 2ce40d378a - Distribution specific machine type (LP: 1304107 1621042 177618
-- 47a3137058 * Enable nesting by default   - d/qemu-system-x86.modprobe: set
?? (why not DROP: ?)
ok b7a7250692 * arch aware kvm wrappers
ok 686291c525 * qemu-kvm to systemd unit   - d/qemu-kvm-init: script for QEMU

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) on 2020-01-23:

review: Needs Information

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2020-01-23:

Small clarification on something I forgot to write:

-- - arch aware kvm wrappers
?? (are you blocking one to run QEMU/KVM on Power8 because sec issues only ?)
?? (is that something worth doing by default ?)

I meant on Power8 SMT of course...

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-01-24:

Download full text (3.2 KiB)

QUESTIONS

-- - arch aware kvm wrappers
?? (are you blocking one to run QEMU/KVM on Power8 because sec issues only ?)
?? (is that something worth doing by default ?)

=> We are only blocking P8 is SMP is enabled.
That is not a security reason, but an architectural limitations.
If you have SMP enabled the threads will clobber each other and the guest dies going into paused state

---

ok - d/not-installed: do not install elf2dmp until namespaced
?? (out of curiosity only, what do you mean by elf2dmp being namespaced ?

=> I forgot the details, but it was conflicting with something else so I was referring to that conflict no more happening. Like a name change or a prefix.

---

-- - d/binfmt-update-in: fix binfmt being called in some containers ...
?? (is this upstreamable ?)

=> This is in discussion if it needs to be a fix in qemu OR one in binfmt that generally works
   https://salsa.debian.org/qemu-team/qemu/merge_requests/8
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868217
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866756
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789011

---

-- - add libibumad-dev build-dep
?? (why ? was support dropped from upstream ? is it just us ?)

=> It was only in Ubuntu for a while, Debian has accepted it
Please do realize this is under the category ""in Debian"

---

ok - fix typos in changelog and d/qemu-system-x86.NEWS
?? (maybe remove typo changes as they are not important for changelog ?)

=> I'd be ok, but on other times I was challenged on the same.
As it doesn't hurt to add them I think we are fine. We won't mention them again as kept next time thou.

---

ok ee3a6375ef - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.pa
?? (why not DROP: ?)

=> This is only in the old logical tag and in fact dropped already

---

-- 47a3137058 * Enable nesting by default - d/qemu-system-x86.modprobe: set
?? (why not DROP: ?)

=> This is only present in the logical-tag and in fact dropped already
But this one is tricky - the VMX/SVM flags I'll have to bring back (one of the test findings, required for backwards migration).

IMPERATIVES

ok - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimpl...
!! (typo: archicture, prob from upstream)

Done

---

ok - disable pvrdma
ok [ CVEs all fixed now ]
!! (does this mean we now have the pvrdma feature ? should we highlight that ?)

We have it, but pv* will be highlighted in the context of pmdk/ndctl.
pvrdma itself was recently too shaky (thats why we have taken it out) to be mentioned alone.

---

ok - d/qemu-system-x86.README.Debian: add info abou nesting changes
!! (abou <- typo)

Done

---

-- 1b80fb61d6 DROP: i2c-ddc-fix-oob-read-CVE-2019-3812.patch (#922635)
!! (missed CHANGELOG)
-- 026721e6b4 DROP: scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6
!! (missed CHANGELOG)
ok 421b6ecede DROP: properly return archicture defined exception on bad subcod
!! (typo: archicture)
-- 9e302af13a DROP: - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsusp
!! (missed CHANGELOG)

=> Those all were already dropped in 4.0 when we went ahead of Debian for Eoan.
The drop changelog is there at the 4.0 version, the...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Christian Ehrhardt 

git-ubuntu developers

Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:merge-focal/4.2-for-focal into ubuntu/+source/qemu:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

 diff --git a/debian/binfmt-update-in b/debian/binfmt-update-in
 index be0ace4..ab3eeac 100644
 --- a/debian/binfmt-update-in
 +++ b/debian/binfmt-update-in
@@ -1,9 +1,8 @@
--# check if we're running inside an (lxc) container
--# (we may copy or move this to the postinst script too, to skip installing it)
--grep -zqs ^container= /proc/1/environ && exit 0
--
  # == binfmt registration/deregistration ==
--if command -v update-binfmts > /dev/null ; then
++# Early exit if binfmt-support not installed or if run in a container.
++if ! command -v update-binfmts > /dev/null || systemd-detect-virt --quiet --container; then
++    exit 0
++fi
  fmts="aarch64 alpha arm armeb cris hppa i386 m68k microblaze mips mipsel mipsn32 mipsn32el mips64 mips64el ppc ppc64 ppc64abi32 ppc64le riscv32 riscv64 s390x sh4 sh4eb sparc sparc32plus sparc64 x86_64 xtensa xtensaeb"
@@ -116,5 +115,4 @@ case "$DPKG_MAINTSCRIPT_NAME:$1" in
  esac
--fi
  # == binfmt registration/deregistration ==
 diff --git a/debian/changelog b/debian/changelog
 index f399cef..62cbf2a 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,158 @@
++qemu (1:4.2-1ubuntu1) focal; urgency=medium
++
++  * Merge with Debian testing, Among many other things this fixes LP Bugs:
++    LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
++    LP: #1812822 - avoid crashes on detaching vhost_net interfaces
++    LP: #1852744 - Crypto Passthrough Interrupt Support
++    LP: #1853316 - CCW IPL Support
++    Remaining changes:
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
++        qemu-kvm-init
++      - d/qemu-system-common.install: install helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
++    - Distribution specific machine type (LP: 1304107 1621042)
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++        for host-phys-bits=true (LP: 1776189)
++      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
++      - provide pseries-bionic-2.11-sxxm type as convenience with all
++        meltdown/spectre workarounds enabled by default. (LP: 1761372).
++    - Enable nesting by default
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++        [ No more strictly needed, but required for backward compatibility ]
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Enable numa support for s390x
++      - d/rules: build s390-ccw.img with upstream Makefile
++      - d/rules: build s390-netboot.img with upstream Makefile
++    - arch aware kvm wrappers
++    - d/control: update VCS links
++    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
++      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
++        reference 256k path
++      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
++        handle incoming migrations from former releases.
++    - d/control-in: Disable capstone disassembler library support (universe)
++    - d/control: disable bluetooth being deprecated
++    - d/not-installed: ignore new interop docs and extra icons for now
++    - d/not-installed: do not install elf2dmp until namespaced
++    - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
++    - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
++    - d/binfmt-update-in: fix binfmt being called in some containers
++      (LP 1840956)
++  - Dropped changes (in Debian)
++    - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
++      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
++      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
++    - d/control-in: enable RDMA support in qemu (LP: 1692476)
++        - enable RDMA config option
++        - add libibumad-dev build-dep
++    - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
++      some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
++      As that hack to build s390-ccw.img rom can't build s390x-netboot.img
++      replace it with a build-indep using the upstream makefiles.
++      This is less prone to miss future changes/fixes that are done to the
++      makefiles
++    - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
++    - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
++    - d/rules: fix qemu-kvm service for debhelper compat >=12
++    - Refreshed patches for v4.0 context changes
++    - d/control*: remove sdlabi which was removed upstream
++    - d/control*: enable docs (now explicit) and provide new build-dep
++      python3-sphinx
++    - d/qemu-system-data.install: use new paths for formerly used icons
++    - Merge with Upstream release of qemu 4.0
++    - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
++  - Dropped changes (Upstream)
++    - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
++    - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
++    - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
++      fix i386 build error
++    - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
++      fix naming of the new vector facitlity (LP 1836066)
++    - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
++      for missing SIOCGSTAMP definition; final fix is still in discussion
++      upstream (LP: 1836159)
++    - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
++      s390x machines (LP 1836154)
++    - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
++      (LP 1841066)
++    - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
++      update the z15 model name (LP 1842774)
++    - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
++      fix a potential hang when qemu or qemu-img where accessing http backed
++      disks via libcurl (LP 1848556)
++    - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
++      fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
++    - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
++      toleration for future machines (LP 1830704)
++    - SECURITY UPDATE: Add support for exposing md-clear functionality
++      to guests
++      - d/p/ubuntu/enable-md-clear.patch
++      - d/p/ubuntu/enable-md-no.patch
++      - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++    - SECURITY UPDATE: heap overflow when loading device tree blob
++      - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
++        copy the device tree blob into is.
++      - CVE-2018-20815
++    - SECURITY UPDATE: device driver denial of service via NULL pointer
++      dereference
++      - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
++        routine
++      - CVE-2019-5008
++    - SECURITY UPDATE: information leak in SLiRP
++      - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
++        emulating ident.
++      - CVE-2019-9824
++    - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
++      unimplement.patch: properly return architecture defined exception
++      on bad subcodes of diag 308 (LP 1812384)
++  * Dropped changes (no more needed)
++    - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
++      mv_conffile since the new path is a directory in the old package
++      version which can not be handled by mv_conffile.
++      [ only needed between disco and eoan ]
++    - disable pvrdma
++      [ CVEs all fixed now ]
++    - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
++      avoid misdetection of simplified nesting blocking all migrations
++      [ qemu now detects and handles nesting - needs kernel >=4.20 ]
++    - Enable nesting by default
++      - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
++        (is default on amd)
++      - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
++        without nested=1
++        [ nesting is default in kernel modules and default selected cpu types ]
++  * Added changes
++    - d/control: regenerate debian/control out of control-in
++    - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
++      - added ubuntu focal types for qemu 4.2
++      - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
++    - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
++      (LP: #1857033)
++    - d/qemu-system-x86.README.Debian: add info about updated nesting changes
++    - d/control*, d/rules: disable xen by default, but provide universe
++      package qemu-system-x86-xen as alternative
++    - fix typos in changelog and d/qemu-system-x86.NEWS
++    - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
++    - d/control*: enable libpmem support for nvdimms (LP: #1790856)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 08 Jan 2020 15:27:42 +0100
++
  qemu (1:4.2-1) unstable; urgency=medium
    * new upstream release (4.2.0)
@@ -74,6 +229,205 @@ qemu (1:4.1-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 27 Aug 2019 12:43:43 +0300
++qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
++
++  * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
++    fix a potential hang when qemu or qemu-img where accessing http backed
++    disks via libcurl (LP: #1848556)
++  * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
++    fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 21 Oct 2019 14:51:45 +0200
++
++qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
++
++  * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
++    update the z15 model name (LP: #1842774)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 24 Sep 2019 11:42:58 +0200
++
++qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
++
++  * d/binfmt-update-in: fix binfmt being called in some containers
++    (LP: #1840956)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 09 Sep 2019 11:03:13 +0200
++
++qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
++
++  * No-change upload with strops.h and sys/strops.h removed in glibc.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 05 Sep 2019 11:07:25 +0000
++
++qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
++    (LP: #1841066)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 26 Aug 2019 12:08:04 +0200
++
++qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
++    s390x machines (LP: #1836154)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 17 Jul 2019 13:20:42 +0200
++
++qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
++
++  * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
++    - pick Debian change for (#889885)
++      move ovmf to recommends on debian and update aarch ovmf refs
++    - stop Ubuntu to drop ovmf/qemu-efi to a suggest
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 12 Jul 2019 12:48:24 +0200
++
++qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
++    for missing SIOCGSTAMP definition; final fix is still in discussion
++    upstream (LP: 1836159)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 11 Jul 2019 10:10:00 +0200
++
++qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
++    fix naming of the new vector facitlity (LP: #1836066)
++  * d/control-in: update VCS links in control template as well
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 11 Jul 2019 08:18:44 +0200
++
++qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
++
++  * Merge with Upstream release of qemu 4.0.
++    Among many other things this fixes LP Bugs:
++    LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
++    LP: #1828038 - Update s390x CPU Model for more HW support
++    LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
++    Remaining Changes:
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
++        qemu-kvm-init
++      - d/qemu-system-common.install: install helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
++    - Enable nesting by default
++      - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
++        (is default on amd)
++      - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
++        without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++      - d/qemu-system-x86.README.Debian: document intention of nested being
++        default is comfort, not full support
++    - Distribution specific machine type (LP: 1304107 1621042)
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++        for host-phys-bits=true (LP: 1776189)
++      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
++      - provide pseries-bionic-2.11-sxxm type as convenience with all
++        meltdown/spectre workarounds enabled by default. (LP: 1761372).
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Enable numa support for s390x
++    - arch aware kvm wrappers
++    - d/control: update VCS links
++    - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
++      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
++      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
++    - d/control-in: enable RDMA support in qemu (LP: 1692476)
++        - enable RDMA config option
++        - add libibumad-dev build-dep
++    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
++      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
++        reference 256k path
++      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
++        handle incoming migrations from former releases.
++    - d/control-in: Disable capstone disassembler library support (universe)
++    - Move s390x roms to a new qemu-system-data-s390x
++      - d/qemu-system-data.install: install s390x roms as architecture:all in
++        qemu-system-data
++      - d/rules: build s390-ccw.img with upstream Makefile
++      - d/rules: build s390-netboot.img with upstream Makefile
++      - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
++        some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
++        As that hack to build s390-ccw.img rom can't build s390x-netboot.img
++        replace it with a build-indep using the upstream makefiles.
++        This is less prone to miss future changes/fixes that are done to the
++        makefiles
++      - d/control-in: add breaks/replaces for moving s390x roms from
++        qemu-system-s390x to qemu-system-data
++    - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
++      [From not yet uploaded Debian branch]
++    - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
++    - d/rules: fix qemu-kvm service for debhelper compat >=12
++    - disable pvrdma - besides several security holes there are many other
++      bugs there as well
++  * Dropped patches that are upstream in v4.0
++    - d/p/do-not-link-everything-with-xen.patch
++    - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
++    - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
++    - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
++    - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
++    - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
++    - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
++      (LP: 1759509)
++    - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
++    - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
++    - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
++    - d/p/ubuntu/CVE-2018-20815.patch
++    - d/p/ubuntu/CVE-2019-5008.patch
++    - d/p/ubuntu/CVE-2019-9824.patch
++    - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
++      avoid misdetection of simplified nesting blocking all migrations
++  * Dropped further patches
++    d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
++    [upstream deprecated the whole subsystem instead of applying the fix]
++  * Added Changes
++    - updated ubuntu machine types for v4.0
++      - added eoan types
++      - fixed s390x issue of upstream types having a "v" prefix
++      - add back dropped machine types to avoid more issues like LP: 1802944
++      - fix kvm split irqchip default in ubuntu q35 machine type
++      - drop no more needed spapr_machine_2_11_sxxm_instance_options and
++        adapt updated CamelCase
++      - -hpb types now need to use GlobalProperties
++      - pc_compat_2_0 got a _fn suffix and slight changes
++    - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
++      SLOF of qemu 4.0
++    - Refreshed patches still needed for v4.0 context changes
++      - d/p/use-fixed-data-path.patch
++      - d/p/ubuntu/enable-svm-by-default.patch
++      - d/p/ubuntu/enable-md-clear.patch
++      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
++    - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
++      (LP: #1830243)
++    - d/control: disable bluetooth being deprecated
++    - d/control*: remove sdlabi which was removed upstream
++    - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
++    - d/control*: enable docs (now explicit) and provide new build-dep
++      python3-sphinx
++    - d/not-installed: ignore new interop docs and extra icons for now
++    - d/not-installed: do not install elf2dmp until namespaced
++    - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
++    - d/qemu-system-data.install: use new paths for formerly used icons
++    - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
++      fix i386 build error
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 24 Jun 2019 16:33:19 +0200
++
  qemu (1:3.1+dfsg-8) unstable; urgency=high
    * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
@@ -176,6 +530,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 06 Feb 2019 12:23:01 +0300
++qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
++
++  * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
++    broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
++    fix migrations from old machines (LP: #1829868).
++  * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
++    toleration for future machines (LP: #1830704
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 28 May 2019 11:30:42 +0200
++
++qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
++
++  * SECURITY UPDATE: Add support for exposing md-clear functionality
++    to guests
++    - d/p/ubuntu/enable-md-clear.patch
++    - d/p/ubuntu/enable-md-no.patch
++    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++  * SECURITY UPDATE: heap overflow when loading device tree blob
++    - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
++      copy the device tree blob into is.
++    - CVE-2018-20815
++  * SECURITY UPDATE: device driver denial of service via NULL pointer
++    dereference
++    - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
++      routine
++    - CVE-2019-5008
++  * SECURITY UPDATE: information leak in SLiRP
++    - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
++      emulating ident.
++    - CVE-2019-9824
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Wed, 08 May 2019 09:27:53 -0700
++
++qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
++
++  * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
++    - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
++    - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
++      mv_conffile since the new path is a directory in the old package
++      version which can not be handled by mv_conffile.
++  * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
++    OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
++    Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
++    CVE-2019-3812
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 18 Mar 2019 09:20:07 +0100
++
++qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
++
++  * disable pvrdma - besides several security holes there are many other
++    bugs there as well, and the amount of patches applied upstream after
++    3.1 release is large (Closes, or actuallymakes unimportant again)
++    - CVE-2018-20123
++    - CVE-2018-20124
++    - CVE-2018-20125
++    - CVE-2018-20126
++    - CVE-2018-20191
++    - CVE-2018-20216
++  * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
++    - CVE-2019-6501
++  * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
++    - CVE-2019-6778
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 19 Feb 2019 06:43:04 +0100
++
++qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
++
++  * Merge with Debian testing, Among many other things this fixes LP Bugs:
++    LP: #1806104 - fix misleading page size error on ppc64el
++    LP: #1782205 - SnowRidge enabled new ISAs
++    LP: #1786956 - upgrade to qemu >= 3.0
++    LP: #1809083 - Backward migration to Xenial on ppc64el
++    LP: #1803315 - s390x Huge page enablement
++    LP: #1657409 - enable virglrenderer
++    Remaining Changes:
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
++      - d/qemu-system-common.install: install systemd unit and helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: install /etc/default/qemu-kvm
++    - Enable nesting by default
++      - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
++        (is default on amd)
++      - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
++        without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++      - d/qemu-system-x86.README.Debian: document intention of nested being
++        default is comfort, not full support
++    - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++        for host-phys-bits=true (LP: 1776189)
++      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
++      - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
++        convenience with all meltdown/spectre workarounds enabled by default.
++        (LP: 1761372).
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Enable numa support for s390x
++    - arch aware kvm wrappers
++    - d/control: update VCS links (updated to match latest Ubuntu)
++    - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
++      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
++      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
++    - d/control-in: enable RDMA support in qemu (LP: 1692476)
++        - enable RDMA config option
++        - add libibumad-dev build-dep
++    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
++      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
++        reference 256k path
++      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
++        handle incoming migrations from former releases.
++    - d/control-in: Disable capstone disassembler library support (universe)
++  * Added Changes:
++    - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
++      for qemu 3.1 in the Ubuntu Disco release
++    - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
++    - Move s390x roms to a new qemu-system-data-s390x
++      - d/qemu-system-data.install: install s390x roms as architecture:all in
++        qemu-system-data
++      - d/rules: build s390-ccw.img with upstream Makefile
++      - d/rules: build s390x-netboot.img with upstream Makefile
++      - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
++        some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
++        As that hack to build s390-ccw.img rom can't build s390x-netboot.img
++        replace it with a build-indep using the upstream makefiles.
++        This is less prone to miss future changes/fixes that are done to the
++        makefiles
++      - d/control-in: add breaks/replaces for moving s390x roms from
++        qemu-system-s390x to qemu-system-data
++    - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
++      [From not yet uploaded Debian branch]
++    - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
++      (Closes: #918378)
++    - d/rules: fix qemu-kvm service for debhelper compat >=12
++    - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
++      avoid misdetection of simplified nesting blocking all migrations
++    - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
++      unimplement.patch: properly return archicture defined exception
++      on bad subcodes of diag 308 (LP: #1812384)
++  * Dropped Changes:
++    - Include s390-ccw.img firmware (old style native build)
++    - d/rules enable install s390x-netboot.img (old style native build)
++    - libvirt/qemu user/group support
++      - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
++        trigger.
++        [ Droppable since logind properly sets ACLs now ]
++      - qemu-system-common.preinst: add kvm group if needed
++        [ Droppable because systemd/udev take care of it since 239-6]
++    - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
++      freeze-hook fixes (LP: 1484990)
++      [upstream]
++    - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
++      merged upstream
++      [upstream]
++    - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
++      computation while concatenating mbuf.
++      CVE-2018-11806
++      [upstream]
++    - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
++      for powerpc64 to speed up translation (LP: 1781526)
++      [upstream]
++    - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
++      cpu model for z14 ZR1 (LP: 1780773).
++      [upstream]
++    - Mark qemu-system-data foreign to be able to install it e.g. on i386
++      (Closes: 903562)
++      [in Debian]
++    - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
++      unreleased Debian version)
++      [in Debian]
++    - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
++      by migrations with UI frontends or frequent guest resolution changes
++      (LP #1755912)
++      [upstream]
++    - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
++      extend eieio for POWER9 emulation (LP: 1787408).
++      [upstream]
++    - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
++      ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
++      [upstream]
++    - improve s390x spectre mitigation with etoken facility (LP: 1790457)
++      [upstream]
++    - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
++      [upstream]
++    - d/control-in: our addition of a qemu-system-s390x package needs to follow
++      the split of qemu-system-data by adding a dependency to it (LP: 1798084)
++      [in Debian]
++    - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++      Adapters on s390x (LP: 1787405)
++      [upstream]
++    - enable opengl for vfio-MDEV support (LP: 1804766)
++      [in Debian]
++    - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
++      [upstream]
++    - SECURITY UPDATE: integer overflow via crafted QMP command
++      [upstream]
++    - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
++      [upstream]
++    - SECURITY UPDATE: buffer overflow in rtl8139
++      [upstream]
++    - SECURITY UPDATE: buffer overflow in pcnet
++      [upstream]
++    - SECURITY UPDATE: DoS via large packet sizes
++      [upstream]
++    - SECURITY UPDATE: DoS in lsi53c895a
++      [upstream]
++    - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
++      [upstream]
++    - SECURITY UPDATE: race condition in 9p
++      [upstream]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 08 Jan 2019 09:41:08 +0100
++
  qemu (1:3.1+dfsg-2) unstable; urgency=medium
    * d/rules: split arch and indep builds
@@ -255,6 +835,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 02 Dec 2018 19:10:27 +0300
++qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
++
++  [ Marc Deslauriers ]
++  * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
++    - debian/patches/CVE-2018-10839.patch: use proper type in
++      hw/net/ne2000.c.
++    - CVE-2018-10839
++  * SECURITY UPDATE: integer overflow via crafted QMP command
++    - debian/patches/CVE-2018-12617.patch: check bytes count read by
++      guest-file-read in qga/commands-posix.c.
++    - CVE-2018-12617
++  * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
++    - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
++    - CVE-2018-16847
++  * SECURITY UPDATE: buffer overflow in rtl8139
++    - debian/patches/CVE-2018-17958.patch: use proper type in
++      hw/net/rtl8139.c.
++    - CVE-2018-17958
++  * SECURITY UPDATE: buffer overflow in pcnet
++    - debian/patches/CVE-2018-17962.patch: use proper type in
++      hw/net/pcnet.c.
++    - CVE-2018-17962
++  * SECURITY UPDATE: DoS via large packet sizes
++    - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
++    - CVE-2018-17963
++  * SECURITY UPDATE: DoS in lsi53c895a
++    - debian/patches/CVE-2018-18849.patch: check message length value is
++      valid in hw/scsi/lsi53c895a.c.
++    - CVE-2018-18849
++  * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
++    - debian/patches/CVE-2018-18954.patch: check size before data buffer
++      access in hw/ppc/pnv_lpc.c.
++    - CVE-2018-18954
++  * SECURITY UPDATE: race condition in 9p
++    - debian/patches/CVE-2018-19364-1.patch: use write lock in
++      hw/9pfs/cofile.c.
++    - debian/patches/CVE-2018-19364-2.patch: use write lock in
++      hw/9pfs/9p.c.
++    - CVE-2018-19364
++
++  [ Christian Ehrhardt]
++  * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++    Adapters on s390x (LP: #1787405)
++  * enable opengl for vfio-MDEV support (LP: #1804766)
++    - d/control-in: set --enable-opengl
++    - d/control-in: add gl related build-dependencies
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 21 Nov 2018 13:17:01 -0500
++
++qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
++
++  * d/control-in: our addition of a qemu-system-s390x package needs to follow
++    the split of qemu-system-data by adding a dependency to it (LP: #1798084)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 17 Oct 2018 10:50:27 +0200
++
++qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
++
++  * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
++    The SLOF source pieces in src:qemu are only used for s390x netboot,
++    which are independent ROMs (no linking). All other binaries out of this
++    are part of src:slof and independent.
++    - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
++    - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
++      and related fixes
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Sep 2018 13:31:15 +0200
++
++qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
++
++  * improve s390x spectre mitigation with etoken facility (LP: #1790457)
++    - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
++    - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 12 Sep 2018 10:06:48 +0200
++
++qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
++
++  * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
++    ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
++    - CVE-2018-15746
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 29 Aug 2018 08:50:36 +0200
++
++qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
++
++  [ Murilo Opsfelder Araujo ]
++  * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
++    extend eieio for POWER9 emulation (LP: #1787408).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 20 Aug 2018 11:52:39 +0200
++
++qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
++
++  * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
++    by migrations with UI frontends or frequent guest resolution changes
++    (LP: #1755912)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 19 Jul 2018 08:26:52 +0200
++
++qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
++
++  * Disable capstone disassembler library support (universe dependency)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 17 Jul 2018 08:35:32 +0200
++
++qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian testing, Remaining Changes:
++    - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
++      - d/qemu-system-common.install: install systemd unit and helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: install /etc/default/qemu-kvm
++    - Enable nesting by default
++      - set nested=1 module option on intel. (is default on amd)
++      - re-load kvm_intel.ko if it was loaded without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++      - d/qemu-system-x86.README.Debian: document intention of nested being
++        default is comfort, not full support
++    - libvirt/qemu user/group support
++      - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
++        trigger.
++      - qemu-system-common.preinst: add kvm group if needed
++    - Distribution specific machine type
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types to ease future live vm migration.
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++      - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
++        for host-phys-bits=true (LP: 1776189)
++      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
++      - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
++        convenience with all meltdown/spectre workarounds enabled by default.
++        (LP: 1761372).
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Include s390-ccw.img firmware
++      - Enable numa support for s390x
++    - arch aware kvm wrappers
++    - update VCS-git (updated to match cosmic)
++    - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
++      - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
++      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
++      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
++    - Create and install pxe netboot images for KVM s390x (LP: 1732094)
++      - d/rules enable install s390x-netboot.img
++    - d/control-in: enable RDMA support in qemu (LP: 1692476)
++    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
++      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
++        reference 256k path
++      - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
++        handle incoming migrations from former releases.
++    - SECURITY UPDATE: Speculative Store Bypass
++      - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
++        CPUID feature bit in target/i386/cpu.*.
++      - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
++        'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
++      - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
++        MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
++        target/i386/machine.c.
++      - CVE-2018-3639
++  * Added Changes:
++    - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
++      - add cosmic types for base and -hpb
++      - drop no more supported types (zesty and yakkety)
++      - d/p/series: group machine type changes
++    - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
++      merged upstream
++    - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
++      computation while concatenating mbuf.
++      CVE-2018-11806
++    - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
++      deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
++    - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
++    - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
++    - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
++      to POWER8
++    - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
++      is no more needed with systemd-detect-virt being more mature and always
++      present.
++    - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
++    - d/control-in: add libibumad-dev which is now needed for rdma
++    - d/rules: update s390x delta to match new Debian packaging
++    - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
++      for powerpc64 to speed up translation (LP: #1781526)
++    - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
++      cpu model for z14 ZR1 (LP: #1780773).
++    - Mark qemu-system-data foreign to be able to install it e.g. on i386
++      (Closes: 903562)
++    - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
++      unreleased Debian version)
++  * Dropped Changes:
++    - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
++      (No more removed when building DFSG orig tarball in Debian)
++    - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
++      we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
++      so we revert related changes to stick with the proven for now:
++      - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
++                   depends on it)
++      - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
++      (Debian switched to gtk which seems to work better and has all
++      dependencies in main.)
++    - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
++    - Changes that are now upstream with qemu 2.12
++      - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
++        newer versions of glibc >=2.27 (LP: 1753826)
++      - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
++      - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
++        SSE/AVX/AVX512 cpu features (LP: 1739665)
++      - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
++        space+commpage continuous which avoids long startup times on
++        qemu-user-static (LP: 1740219)
++      - provide pseries-2.12-sxxm type (LP: 1761372)
++      - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
++        filesystem-dax with pmem by backporting align and unarmed options
++        (LP: 1704312).
++      - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
++        option to slirp's DHCP server (LP: 1762315)
++      - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
++        Protection information (LP: 1762854).
++      - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
++        migration (LP: 1763468).
++      - SECURITY UPDATE: out-of-bounds access during migration via ps2
++        CVE-2017-16845
++      - SECURITY UPDATE: arbitrary code execution via load_multiboot
++        CVE-2018-7550
++      - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
++        CVE-2018-7858
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 21 Jun 2018 14:24:06 +0200
++
  qemu (1:2.12+dfsg-3) unstable; urgency=medium
    * make qemu-system-foo depending
@@ -343,6 +1166,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 12 Apr 2018 19:04:03 +0300
++qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
++
++  * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
++    for host-phys-bits=true (LP: #1776189)
++    - add an info about this change in debian/qemu-system-x86.NEWS
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 12 Jun 2018 09:01:00 +0200
++
++qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
++
++  * SECURITY UPDATE: Speculative Store Bypass
++    - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
++      CPUID feature bit in target/i386/cpu.*.
++    - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
++      'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
++    - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
++      MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
++      target/i386/machine.c.
++    - CVE-2018-3639
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 22 May 2018 09:34:52 -0400
++
++qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
++
++  * SECURITY UPDATE: out-of-bounds access during migration via ps2
++    - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
++      in post_load routine in hw/input/ps2.c.
++    - CVE-2017-16845
++  * SECURITY UPDATE: arbitrary code execution via load_multiboot
++    - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
++      zero in hw/i386/multiboot.c.
++    - CVE-2018-7550
++  * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
++    - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
++      hw/display/vga.c.
++    - CVE-2018-7858
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 16 May 2018 14:14:20 -0400
++
++qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
++
++  * No-change rebuild for ncurses soname changes.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 03 May 2018 14:18:39 +0000
++
++qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
++
++  * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
++    information (LP: #1762854).
++  * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
++    (LP: #1763468).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 11 Apr 2018 07:46:18 +0200
++
++qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
++
++  * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
++    The Kernel fixes are preferred and already committed to the kernel.
++    Therefore remove the default disabling of the HTM feature (LP: #1761175)
++  * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
++    SSE/AVX/AVX512 cpu features (LP: #1739665)
++  * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
++    space+commpage continuous which avoids long startup times on
++    qemu-user-static (LP: #1740219)
++  * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
++    convenience with all meltdown/spectre workarounds enabled by default.
++    This is not the default type following upstream and x86 on that.
++    (LP: #1761372).
++  * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
++    with pmem by backporting align and unarmed options (LP: #1704312).
++  * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
++    option to slirp's DHCP server (LP: #1762315)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 04 Apr 2018 15:16:07 +0200
++
++qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
++
++  * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
++    accepted to be better long term maintainable (LP: #1753938)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 22 Mar 2018 10:31:23 +0100
++
++qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
++
++  * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
++    ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
++  * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
++    versions of glibc >=2.27 (LP: #1753826)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 05 Mar 2018 16:43:01 +0100
++
++qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
++
++  * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
++    d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
++    Add domainname option and classless static routes support to the user
++    networking's DHCP server
++
++ -- Benjamin Drung <benjamin.drung@profitbricks.com>  Fri, 02 Mar 2018 21:08:54 +0100
++
++qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
++
++  * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
++    - among other fixes this adds code to:
++      - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
++        However, enabling this functionality requires additional configuration
++        beyond just updating QEMU. Also migrations need special consideration.
++        Details about that can be found at:
++        https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
++      - Power9 allocation of max 8 threads per core (LP: #1750526)
++  * Drop changes that are part of the upstream stable release
++    - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
++    - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
++    - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
++    - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
++  * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
++  * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
++    common compat.h header and add some extra info in the patch header.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Feb 2018 11:03:11 +0100
++
++qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian testing, among other fixes this includes
++    - fix fatal error on negative maxcpus (LP: #1722495)
++    - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
++    - linux user threading issues (LP: #1350435)
++    - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
++    Remaining changes:
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
++      - d/qemu-system-common.install: install systemd unit and helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: install /etc/default/qemu-kvm
++    - Enable nesting by default
++      - set nested=1 module option on intel. (is default on amd)
++      - re-load kvm_intel.ko if it was loaded without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++    - libvirt/qemu user/group support
++      - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
++        trigger.
++      - qemu-system-common.preinst: add kvm group if needed
++    - Distribution specific machine type
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types to ease future live vm migration.
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Include s390-ccw.img firmware
++      - Enable numa support for s390x
++    - ppc64[le] support
++      - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
++    - arch aware kvm wrappers
++  * Added Changes
++    - update VCS-git to match the bionic branch
++    - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
++      we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
++      so we revert related changes to stick with the proven for now:
++      - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
++                   depends on it)
++      - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
++    - d/qemu-system-x86.README.Debian: document intention of nested being
++      default is comfort, not full support
++    - update Ubuntu machine types for qemu 2.11
++    - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
++      - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
++      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
++      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
++    - Create and install pxe netboot images for KVM s390x (LP: #1732094)
++      - d/rules enable install s390x-netboot.img
++      - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
++    - d/control-in: enable RDMA support in qemu (LP: #1692476)
++    - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
++      - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
++      - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
++      - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
++      - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
++    - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
++      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
++        reference 256k path
++      - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
++        handle incoming migrations from former releases.
++    - d/control-in: enable seccomp on s390x
++  * Dropped changes (no more needed):
++    - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
++      The functionality is retained for upgraders, but is deprecated.
++      Post 18.04 the implementation for these configurations will be removed.
++  * Dropped changes (in Debian now):
++    - ppc64[le] support
++      - Enable seccomp for ppc64el
++      - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
++    - disable missing x32 architecture
++    - d/rules: or32 is now named or1k (since 4a09d0bb)
++    - d/qemu-system-common.docs: new paths since (ac06724a)
++    - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
++      by qapi-schema.json which is already packaged (since 4d8bb958)
++    - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
++      to Debian patch to match qemu 2.10)
++    - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
++      since 8508eee7
++    - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
++    - make nios2/hppa not installed explicitly until further stablized
++    - d/qemu-guest-agent.install: add the new guest agent reference man page
++      qemu-ga-ref
++    - d/qemu-system-common.install: add the now generated qapi/qmp reference
++      along the qapi intro
++    - d/not-installed: ignore further generated (since 56e8bdd4) files in
++      dh_missing that are already provided in other formats qemu-doc,
++      qemu-qmp-ref,qemu-ga-ref
++  * Dropped changes (integrated upstream):
++    - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
++      on arm64 when doing suspend/resume and reboots due to older kernels not
++      supporting ITS (LP 1731051).
++    - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
++      James Cowgill to prevent qemu-user from forwarding prctl seccomp
++      calls (LP 1726394)
++    - update to upstream 2.10.1 point release (LP 1722808)
++
++
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 22 Jan 2018 14:35:18 +0100
++
  qemu (1:2.11+dfsg-1) unstable; urgency=medium
    [ Michael Tokarev ]
@@ -457,6 +1513,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 23 Sep 2017 16:47:02 +0300
++qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
++
++  * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
++    on arm64 when doing suspend/resume and reboots due to older kernels not
++    supporting ITS (LP: #1731051).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 14 Nov 2017 08:30:29 +0100
++
++qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
++
++  * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
++    James Cowgill to prevent qemu-user from forwarding prctl seccomp
++    calls (LP: #1726394)
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Sat, 04 Nov 2017 00:21:14 +0100
++
++qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
++
++  * fix enablement of qemu-kvm service (LP: #1720397)
++    - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
++    - d/rules: add proper enablement debhelper calls
++    - d/qemu-system-common.install: install covered by dh_installinit
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 16 Oct 2017 11:28:39 +0200
++
++qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
++
++  * update to upstream 2.10.1 point release (LP: #1722808)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 11 Oct 2017 15:33:40 +0200
++
++qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
++
++  * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
++    Remaining changes:
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
++      - d/qemu-system-common.install: install systemd unit and helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: install /etc/default/qemu-kvm
++    - Enable nesting by default
++      - set nested=1 module option on intel. (is default on amd)
++      - re-load kvm_intel.ko if it was loaded without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++    - libvirt/qemu user/group support
++      - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
++        trigger.
++      - qemu-system-common.preinst: add kvm group if needed
++    - Distribution specific machine type
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types to ease future live vm migration.
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Include s390-ccw.img firmware
++      - Enable numa support for s390x
++    - ppc64[le] support
++      - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
++      - Enable seccomp for ppc64el
++      - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
++    - arch aware kvm wrappers
++    - update VCS-git to match the Artful branch
++    - disable missing x32 architecture
++    - d/rules: or32 is now named or1k (since 4a09d0bb)
++    - d/qemu-system-common.docs: new paths since (ac06724a)
++    - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
++      by qapi-schema.json which is already packaged (since 4d8bb958)
++    - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
++      to Debian patch to match qemu 2.10)
++    - s390x package now builds correctly on all architectures (LP 1710695)
++    - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
++      since 8508eee7
++    - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
++    - make nios2/hppa not installed explicitly until further stablized
++    - d/qemu-guest-agent.install: add the new guest agent reference man page
++      qemu-ga-ref
++    - d/qemu-system-common.install: add the now generated qapi/qmp reference
++      along the qapi intro
++    - d/not-installed: ignore further generated (since 56e8bdd4) files in
++      dh_missing that are already provided in other formats qemu-doc,
++      qemu-qmp-ref,qemu-ga-ref
++
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 05 Sep 2017 08:31:26 +0200
++
++qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
++
++  * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
++    Remaining changes:
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
++      - d/qemu-system-common.install: install systemd unit and helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: install /etc/default/qemu-kvm
++    - Enable nesting by default
++      - set nested=1 module option on intel. (is default on amd)
++      - re-load kvm_intel.ko if it was loaded without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++    - libvirt/qemu user/group support
++      - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
++        trigger.
++      - qemu-system-common.preinst: add kvm group if needed
++    - Distribution specific machine type
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types to ease future live vm migration.
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Include s390-ccw.img firmware
++      - Enable numa support for s390x
++    - ppc64[le] support
++      - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
++      - Enable seccomp for ppc64el
++      - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
++    - arch aware kvm wrappers
++    - update VCS-git to match the Artful branch
++    - disable missing x32 architecture
++    - d/rules: or32 is now named or1k (since 4a09d0bb)
++    - d/qemu-system-common.docs: new paths since (ac06724a)
++    - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
++      by qapi-schema.json which is already packaged (since 4d8bb958)
++    - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
++      to Debian patch to match qemu 2.10)
++    - s390x package now builds correctly on all architectures (LP 1710695)
++  * Added changes:
++    - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
++      since 8508eee7
++    - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
++    - make nios2/hppa not installed explicitly until further stablized
++    - d/qemu-guest-agent.install: add the new guest agent reference man page
++      qemu-ga-ref
++    - d/qemu-system-common.install: add the now generated qapi/qmp reference
++      along the qapi intro
++    - d/not-installed: ignore further generated (since 56e8bdd4) files in
++      dh_missing that are already provided in other formats qemu-doc,
++      qemu-qmp-ref,qemu-ga-ref
++    - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
++      changes in 2.10-rc4
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 25 Aug 2017 07:49:30 +0200
++
++qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
++    a set of bugs
++    - [FFE] Qemu 2.10 in Artful (LP: #1699968)
++    - CPU hot unplug fails after migrating a CPU hotplugged guest
++      from source (LP: #1677552)
++    - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
++    - New KVM 288 Pass Through (LP: #1672447)
++    - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
++  * Remaining changes:
++    - qemu-kvm to systemd unit
++      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
++        hugepages and architecture specifics
++      - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
++      - d/qemu-system-common.install: install systemd unit and helper script
++      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
++      - d/qemu-system-common.qemu-kvm.default: defaults for
++        /etc/default/qemu-kvm
++      - d/rules: install /etc/default/qemu-kvm
++    - Enable nesting by default
++      - set nested=1 module option on intel. (is default on amd)
++      - re-load kvm_intel.ko if it was loaded without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
++        in qemu64 cpu type.
++      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
++        in qemu64 on amd
++    - libvirt/qemu user/group support
++      - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
++        trigger.
++      - qemu-system-common.preinst: add kvm group if needed
++    - Distribution specific machine type
++      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++        types to ease future live vm migration.
++      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
++    - improved dependencies
++      - Make qemu-system-common depend on qemu-block-extra
++      - Make qemu-utils depend on qemu-block-extra
++      - let qemu-utils recommend sharutils
++    - s390x support
++      - Create qemu-system-s390x package
++      - Include s390-ccw.img firmware
++      - Enable numa support for s390x
++    - ppc64[le] support
++      - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
++      - Enable seccomp for ppc64el
++      - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
++    - arch aware kvm wrappers
++    - disable missing x32 architecture
++    - update VCS links
++  * Added changes
++      - d/rules: or32 is now named or1k (since 4a09d0bb)
++      - d/qemu-system-common.docs: new paths since (ac06724a)
++      - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
++        by qapi-schema.json which is already packaged (since 4d8bb958)
++      - Updates in debian/patches to match qemu 2.10
++        - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
++        - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
++        - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
++        - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
++        - update VCS-git to match the Artful branch
++      - s390x package now builds correctly on all architectures (LP: #1710695)
++  * Dropped changes (integrated upstream):
++    - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
++      "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
++    - All CVE fixes formerly applied are upstream and thereby dropped.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 08 Aug 2017 16:59:19 +0200
++
  qemu (1:2.8+dfsg-7) unstable; urgency=medium
    * uploading to unstable all fixes which went to stretch-security
@@ -566,6 +1854,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 03 Apr 2017 16:28:49 +0300
++qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
++
++  * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
++    This was inadvertently dropped on 2.8 merge.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 22 May 2017 15:45:58 +0200
++
++qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
++
++  * SECURITY UPDATE: denial of service via leak in virtFS
++    - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
++      hw/9pfs/9p.c.
++    - CVE-2017-7377
++  * SECURITY UPDATE: denial of service in cirrus_vga
++    - debian/patches/CVE-2017-7718.patch: check parameters in
++      hw/display/cirrus_vga_rop.h.
++    - CVE-2017-7718
++  * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
++    - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
++      hw/display/cirrus_vga.c.
++    - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
++      hw/display/cirrus_vga.c.
++    - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
++      in hw/display/cirrus_vga.c.
++    - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
++      hw/display/cirrus_vga.c.
++    - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
++      in hw/display/cirrus_vga.c.
++    - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
++      pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
++      hw/display/cirrus_vga_rop2.h.
++    - debian/patches/CVE-2017-7980-7.patch: stop passing around src
++      pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
++      hw/display/cirrus_vga_rop2.h.
++    - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
++      hw/display/cirrus_vga_rop.h.
++    - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
++      hw/display/cirrus_vga.c.
++    - CVE-2017-7980
++  * SECURITY UPDATE: denial of service via memory leak in virtFS
++    - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
++    - CVE-2017-8086
++  * SECURITY UPDATE: denial of service via leak in audio
++    - debian/patches/CVE-2017-8309.patch: release capture buffers in
++      audio/audio.c.
++    - CVE-2017-8309
++  * SECURITY UPDATE: denial of service via leak in keyboard
++    - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
++      ui/input.c.
++    - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
++      ui/input.c.
++    - CVE-2017-8379
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 18 May 2017 09:20:54 -0400
++
++qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
++
++  * SECURITY UPDATE: DoS in virtio GPU device
++    - debian/patches/CVE-2016-10028.patch: check virgl capabilities
++      max_size in hw/display/virtio-gpu-3d.c.
++    - CVE-2016-10028
++  * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
++    - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
++      in hw/dma/rc4030.c.
++    - CVE-2016-8667
++  * SECURITY UPDATE: host filesystem access via virtFS
++    - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
++      hw/9pfs/*.
++    - CVE-2016-9602
++  * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
++    - debian/patches/CVE-2016-9603.patch: remove bitblit support from
++      console code in hw/display/cirrus_vga.c, include/ui/console.h,
++      ui/console.c, ui/vnc.c.
++    - CVE-2016-9603
++  * SECURITY UPDATE: information leak in virtio GPU device
++    - debian/patches/CVE-2016-9908.patch: properly clear out memory in
++      hw/display/virtio-gpu-3d.c.
++    - CVE-2016-9908
++  * SECURITY UPDATE: DoS via memory leak in virtio GPU device
++    - debian/patches/CVE-2016-9912.patch: properly free memory in
++      hw/display/virtio-gpu.c.
++    - CVE-2016-9912
++  * SECURITY UPDATE: DoS via virtFS
++    - debian/patches/CVE-2016-9914.patch: add cleanup operations to
++      fsdev/file-op-9p.h, hw/9pfs/9p.c.
++    - CVE-2016-9914
++  * SECURITY UPDATE: DoS via memory leak in virtio GPU device
++    - debian/patches/CVE-2017-5552.patch: check return value in
++      hw/display/virtio-gpu-3d.c.
++    - CVE-2017-5552
++  * SECURITY UPDATE: DoS via memory leak in virtio GPU device
++    - debian/patches/CVE-2017-5578.patch: check res->iov in
++      hw/display/virtio-gpu.c.
++    - CVE-2017-5578
++  * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
++    - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
++      handling in hw/sd/sdhci.c.
++    - CVE-2017-5987
++  * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
++    - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
++      hw/usb/hcd-ohci.c.
++    - CVE-2017-6505
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 24 Apr 2017 07:30:11 -0400
++
++qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
++
++  * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
++    "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 07 Mar 2017 09:23:08 +0100
++
++qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
++
++  * Merge with Debian;
++    This fixes several CVEs that were reported against qemu 2.8 and also
++    includes a few important functional backports (LP: #1667033); remaining
++    changes:
++    - add qemu-kvm init script and defaults file
++      (d/qemu-system-common.qemu-kvm.*)
++    - d/rules, d/qemu-kvm-init: add and install script loading kvm
++      modules and handling /etc/default/qemu-kvm
++    - qemu-system-common.preinst: add kvm group if needed
++    - Enable nesting by default on intel.
++      - set default module option
++      - re-load kvm_intel.ko if it was loaded without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
++        default in qemu64 cpu type.
++    - Enable svm by default for qemu64 on amd
++    - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
++      define distro machine types to ease future live vm migration (includes
++      all former follow up fixes).
++    - Make qemu-system-common depend on qemu-block-extra
++    - Make qemu-utils depend on qemu-block-extra
++    - s390x support
++      - Create qemu-system-s390x package
++      - Include s390-ccw.img firmware
++    - qemu-system-common.postinst:
++      - change acl placed by udev, and add udevadm trigger.
++    - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
++    - Several changes were applied but missing in the changelog so far
++      - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
++      - arch aware kvm wrapper
++      - update VCS links
++      - let qemu-utils recommend sharutils
++      - disable x32 architecture
++    - Enable seccomp for ppc64el
++    - Enable numa support for s390x
++    - d/qemu-system-common.qemu-kvm.init: fix lintian error type
++      init.d-script-missing-dependency-on-remote_fs
++    - d/qemu-system-common.postinst: fix lintian error type
++      command-with-path-in-maintainer-script
++    - Transition qemu-kvm to a systemd unit
++    - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
++    - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
++      that it shows up where the user expects (sytemctl status, kvm stdout)
++    - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
++    - add arch aware kvm wrapper for s390x
++  * Dropped Changes (in Debian now):
++    - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
++    - d/control-in: change dependencies for fix of wrong acl for newly
++      created device node on ubuntu
++    - have qemu-system-arm suggest: qemu-efi; this should be a stronger
++      relationship, but qemu-efi is still in universe right now.
++    - Disable glusterfs (Universe dependency)
++    - no more skip disable libiscsi on Ubuntu
++    - d/rules, d/control-in: avoid people editing d/control
++  * Added Changes:
++    - d/control: bump libseccomp-dev dependency as enabling libseccomp for
++      power makes 2.3 the minimum level.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 01 Mar 2017 14:23:16 +0100
++
  qemu (1:2.8+dfsg-3) unstable; urgency=high
    * urgency high due to security fixes
@@ -626,6 +2087,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
   -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 28 Feb 2017 11:40:18 +0300
++qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - add qemu-kvm init script and defaults file
++      (d/qemu-system-common.qemu-kvm.*)
++    - d/rules, d/qemu-kvm-init: add and install script loading kvm
++      modules and handling /etc/default/qemu-kvm
++    - qemu-system-common.preinst: add kvm group if needed
++    - Enable nesting by default on intel.
++      - set default module option
++      - re-load kvm_intel.ko if it was loaded without nested=1
++      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
++        default in qemu64 cpu type.
++    - Enable svm by default for qemu64 on amd
++    - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++      types to ease future live vm migration.
++    - Make qemu-system-common depend on qemu-block-extra
++    - Make qemu-utils depend on qemu-block-extra
++    - s390x support
++      - Create qemu-system-s390x package
++      - Include s390-ccw.img firmware
++    - qemu-system-common.postinst:
++      - change acl placed by udev, and add udevadm trigger.
++      - d/control-in: change dependencies for fix of wrong acl for newly
++        created device node on ubuntu
++    - have qemu-system-arm suggest: qemu-efi; this should be a stronger
++      relationship, but qemu-efi is still in universe right now.
++    - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
++    - Several changes were applied but missing in the changelog so far
++      - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
++      - arch aware kvm wrapper
++      - update VCS links
++      - no more skip disable libiscsi on Ubuntu
++      - let qemu-utils recommend sharutils
++      - disable x32 architecture
++  * Dropped Changes:
++    - Several changes were applied but missing in the changelog so far
++      but are no more needed
++      - no pie for relocatable LD calls, with toolchain defaulting to
++        pie (fixed upstream)
++      - enable libnuma-dev (now in Debian)
++      - transition for moved init scripts (can be dropped after LTS
++        containing >=2.5 which is Xenial)
++      - --enable-seccomp related whitespace change (had no effect)
++    - apport hook for qemu source package (In Debian)
++    - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
++    - d/qemu-system-x86.maintscript: transition off of
++      /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
++    - Enable pie by default, on ubuntu/s390x. (Is the default since
++      >=Xenial, no cloud archive backport <=Xenial to consider)
++    - no pie for relocatable LD calls (fixed upstream in commit
++      7ecf44a5)
++    - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
++    - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
++      (Improved fix included by upstream)
++    - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
++    - Fixed wrong migration blocker when vhost is used (is upstream in
++      qemu 2.8)
++  * Added Changes:
++    - d/rules, d/control-in: avoid people editing d/control by warning
++      header and non writable permissions
++    - fixed moving trusty machine type definition which made it
++      ambiguous (LP: #1641532)
++      - d/qemu-system-x86.NEWS describe the issue
++    - Enable seccomp for ppc64el (LP: #1644639)
++    - Enable numa support for s390x
++    - d/qemu-system-common.qemu-kvm.init: fix lintian error type
++      init.d-script-missing-dependency-on-remote_fs
++    - d/qemu-system-common.postinst: fix lintian error type
++      command-with-path-in-maintainer-script
++    - Transition qemu-kvm to a systemd unit
++    - Disable glusterfs (Universe dependency)
++    - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
++    - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
++      that it shows up where the user expects (sytemctl status, kvm stdout)
++    - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
++    - add arch aware kvm wrapper for s390x
++    - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
++    - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
++      ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
++      merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 16 Jan 2017 16:27:11 +0100
++
  qemu (1:2.8+dfsg-2) unstable; urgency=medium
    * Revert "update binfmt registration for mipsn32"
@@ -744,6 +2289,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 14 Oct 2016 13:31:40 +0300
++qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
++
++  * No-change rebuild to compile against new libxen version.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 30 Sep 2016 14:24:37 +0200
++
++qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
++
++  * retain older xenial machine type to avoid issues starting guests
++    created on xenial prior to the SRU for bug 1621042. In that regard the old
++    broken xenial machine type and the new fixed one have both to be considered
++    as valid LTS machine types (LP: #1626070).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 21 Sep 2016 14:57:09 +0200
++
++qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
++
++  * fix default ubuntu machine types. (LP: #1621042)
++    - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
++    - remove double default and double ubuntu alias
++    - drop former devel releases utopic, vivid, wily
++    - add xenial and yakkety machine types
++    - add q35 based ubuntu machine type starting at xenial
++    - add ubuntu machine types on ppc64el and s390x starting at xenial
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Sep 2016 07:50:50 +0200
++
++qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
++
++  * Enable GPU Passthru for ppc64le (LP: #1541902)
++    - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
++    - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
++    - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
++    - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
++    - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
++    - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
++    - 0007-spapr_iommu-Migrate-full-state.patch
++    - 0008-spapr_iommu-Add-root-memory-region.patch
++    - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
++    - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
++    - 0011-memory-Add-reporting-of-supported-page-sizes.patch
++    - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
++    - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
++    - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
++    - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
++    - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
++    - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
++    - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
++    - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
++    - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
++    - 0021-memory-Fix-IOMMU-replay-base-address.patch
++
++ -- Jon Grimm <jon.grimm@canonical.com>  Fri, 16 Sep 2016 14:14:47 -0500
++
++qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
++
++  * New upstream release. LP: #1617055.
++  * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 09 Sep 2016 23:33:57 +0100
++
  qemu (1:2.6+dfsg-3.1) unstable; urgency=high
    * Non-maintainer upload.
@@ -777,6 +2383,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
   -- Andrew James <ajames@hpe.com>  Wed, 14 Sep 2016 00:56:18 -0600
++qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
++
++  * SECURITY UPDATE: DoS via unbounded memory allocation
++    - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
++    - CVE-2016-5403
++  * SECURITY UPDATE: oob write access while reading ESP command
++    - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
++      maximum CDB size and handle migration in hw/scsi/esp.c,
++      include/hw/scsi/esp.h, include/migration/vmstate.h.
++    - CVE-2016-6351
++  * SECURITY UPDATE: infinite loop in virtqueue_pop
++    - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
++      length in hw/virtio/virtio.c.
++    - CVE-2016-6490
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 Aug 2016 08:36:16 -0400
++
++qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++      types to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - Make qemu-system-common and qemu-utils depend on qemu-block-extra
++      to fix errors with missing block backends.
++    - s390x:
++      * Create qemu-system-s390x package
++      * Enable pie by default, on ubuntu/s390x.
++      * Enable svm by default for qemu64 on amd
++      * Include s390-ccw.img firmware
++      * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
++        relationship, but qemu-efi is still in universe right now.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 15 Jun 2016 16:49:49 -0500
++
  qemu (1:2.6+dfsg-3) unstable; urgency=high
    * more security fixes picked from upstream:
@@ -830,6 +2485,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 13 Jun 2016 12:10:44 +0300
++qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
++
++  * Merge with Debian; remaining changes:  (LP: #1583775)
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++      types to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - Make qemu-system-common and qemu-utils depend on qemu-block-extra
++      to fix errors with missing block backends. (LP: #1495895)
++    - s390x:
++      * Create qemu-system-s390x package
++      * Enable pie by default, on ubuntu/s390x.
++      * Enable svm by default for qemu64 on amd
++      * Include s390-ccw.img firmware
++      * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
++        relationship, but qemu-efi is still in universe right now.
++  * Drop patches which have been applied upstream:
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 19 May 2016 12:11:36 -0500
++
  qemu (1:2.6+dfsg-1) unstable; urgency=medium
    * new upstream release
@@ -867,6 +2555,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 18 May 2016 14:44:14 +0300
++qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
++
++  * Cherrypick upstream patches to support the query-gic-version QMP command
++    (LP: #1566564)
++
++ -- dann frazier <dannf@ubuntu.com>  Tue, 05 Apr 2016 16:56:11 -0600
++
++qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
++
++  [Stefan Bader]
++  * Enable svm by default for qemu64 on amd (LP: #1561019)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 22 Apr 2016 16:53:55 -0500
++
++qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
++
++  * qemu-system-s390x only available on s390x, so qemu-system should only
++    depend on it on this arch.
++  * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
++    relationship, but qemu-efi is still in universe right now.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 19 Apr 2016 13:41:37 -0700
++
++qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
++
++  * And actually ship the right things in qemu-system-s390x.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 19 Apr 2016 16:49:00 +0100
++
++qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
++
++  * Create qemu-system-s390x package on ubuntu only.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 18 Apr 2016 10:16:19 +0100
++
++qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
++
++  * Cherrypick patch from mailing list to fix qemu in sandbox.  (LP: #1560149)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Apr 2016 15:13:06 -0500
++
++qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
++
++  * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
++    (LP: #1556306)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 16 Mar 2016 16:35:22 -0700
++
++qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
++
++  * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 07 Mar 2016 18:53:34 -0800
++
++qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
++
++  * d/control{-in}: Re-generate and build with libiscsi-dev now
++    that its in Ubuntu main (LP: #1271653).
++
++ -- James Page <james.page@ubuntu.com>  Wed, 24 Feb 2016 17:59:13 +0000
++
++qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
++
++  * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 24 Feb 2016 14:40:19 +0000
++
++qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
++
++  * No-change rebuild for gnutls transition.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:27:20 +0000
++
++qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++      types to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - Make qemu-system-common and qemu-utils depend on qemu-block-extra
++      to fix errors with missing block backends. (LP: #1495895)
++    - Enable pie by default, on ubuntu/s390x.
++    - Include s390-ccw.img firmware.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 09 Feb 2016 10:24:49 -0800
++
  qemu (1:2.5+dfsg-5) unstable; urgency=medium
    * fix misspellings in previous debian/changelog entry
@@ -924,6 +2712,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
   -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 09 Jan 2016 21:40:43 +0300
++qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
++
++  * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
++    contents
++    - debian/patches/CVE-2015-8550-1.patch: avoid double access in
++      hw/block/xen_blkif.h.
++    - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
++      hw/display/xenfb.c.
++    - CVE-2015-8550
++  * SECURITY UPDATE: infinite loop in ehci_advance_state
++    - debian/patches/CVE-2015-8558.patch: make idt processing more robust
++      in hw/usb/hcd-ehci.c.
++    - CVE-2015-8558
++  * SECURITY UPDATE: host memory leakage in vmxnet3
++    - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
++      hw/net/vmxnet3.c.
++    - CVE-2015-8567
++    - CVE-2015-8568
++  * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
++    - debian/patches/CVE-2015-8613.patch: initialise info object with
++      appropriate size in hw/scsi/megasas.c.
++    - CVE-2015-8613
++  * SECURITY UPDATE: DoS via Human Monitor Interface
++    - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
++      in hmp.c, include/ui/console.h, ui/input-legacy.c.
++    - CVE-2015-8619
++  * SECURITY UPDATE: incorrect array bounds check in rocker
++    - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
++      check in hw/net/rocker/rocker.c.
++    - CVE-2015-8701
++  * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
++    - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
++      operations in hw/net/ne2000.c.
++    - CVE-2015-8743
++  * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
++    - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
++      error in hw/ide/ahci.c.
++    - CVE-2016-1568
++  * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
++    - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
++      hw/i386/kvmvapic.c.
++    - CVE-2016-1922
++  * SECURITY UPDATE: e1000 infinite loop
++    - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
++      out-of-bounds transfer start in hw/net/e1000.c
++    - CVE-2016-1981
++  * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
++    engines
++    - debian/patches/CVE-2016-2197.patch: add check before calling
++      dma_memory_unmap in hw/ide/ahci.c.
++    - CVE-2016-2197
++  * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
++    - debian/patches/CVE-2016-2198.patch: add capability mmio write
++      function in hw/usb/hcd-ehci.c.
++    - CVE-2016-2198
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 01 Feb 2016 09:39:01 -0500
++
++qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
++
++  * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
++    Ubuntu specific running-in-container wrapper. (LP: #1539016)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 28 Jan 2016 13:24:51 +0100
++
++qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
++
++  * Include s390-ccw.img firmware.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 12 Jan 2016 15:53:43 +0000
++
++qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
++
++  * Place qemu-kvm.defaults file in qemu-system-common, next to the init
++    scripts.  Fix the comparison operator when checking KVM_HUGEPAGES.
++    Thanks Simon.  (LP: #1531191)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 06 Jan 2016 09:45:37 -0800
++
++qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
++      types to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - Make qemu-system-common and qemu-utils depend on qemu-block-extra
++      to fix errors with missing block backends. (LP: #1495895)
++    - Enable pie by default, on ubuntu/s390x.
++  * Drop vGICv3 support patches - all is now upstream
++  * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 05 Jan 2016 15:42:50 -0800
++
  qemu (1:2.5+dfsg-1) unstable; urgency=medium
    * new upstream release
@@ -950,6 +2845,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 16 Dec 2015 20:00:04 +0300
++qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
++
++  * Enable pie by default, on ubuntu/s390x.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 07 Dec 2015 16:04:16 +0000
++
++qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
++
++  * undo the libseccomp delta from debian.  libseccomp is indeed available
++    on other arches, but we need qemu's configure script to be fixed before
++    we can use it on anything other than amd64|i386.  Fixes FTBFS.
++    (LP: #1522531)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 03 Dec 2015 12:44:46 -0600
++
++qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - Update the ubuntu machine types patch to reflect upstream churn
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - Make qemu-system-common and qemu-utils depend on qemu-block-extra
++      to fix errors with missing block backends. (LP: #1495895)
++    - control-in: build with libseccomp an all architectures
++    - Add vGICv3 support
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 02 Dec 2015 21:31:36 +0100
++
  qemu (1:2.4+dfsg-5) unstable; urgency=medium
    * trace-remove-malloc-tracing.patch from upstream.
@@ -962,6 +2900,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 29 Nov 2015 12:22:52 +0300
++qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
++
++  * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
++    - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
++      hw/net/pcnet.c.
++    - CVE-2015-7504
++  * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
++    - debian/patches/CVE-2015-7512.patch: check packet length in
++      hw/net/pcnet.c.
++    - CVE-2015-7512
++  * SECURITY UPDATE: infinite loop in eepro100
++    - debian/patches/CVE-2015-8345.patch: prevent endless loop in
++      hw/net/eepro100.c.
++    - CVE-2015-8345
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 01 Dec 2015 13:36:40 -0500
++
++qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
++
++  * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
++
++ -- dann frazier <dann.frazier@canonical.com>  Tue, 03 Nov 2015 08:05:46 -0700
++
++qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
++
++  * Merge 2.4 from unstable.  Remaining changes:
++    - Update the ubuntu machine types patch to reflect upstream churn
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - Make qemu-system-common and qemu-utils depend on qemu-block-extra
++      to fix errors with missing block backends. (LP: #1495895)
++    - control-in: build with libseccomp an all architectures.
++  * Add vGICv3 support
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 27 Oct 2015 13:28:58 -0500
++
  qemu (1:2.4+dfsg-4) unstable; urgency=medium
    * applied 3 patches from upstream to fix virtio-net
@@ -1028,6 +3017,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 11 Jun 2015 20:03:40 +0300
++qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
++
++  * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
++
++ -- Ryan Harper <ryan.harper@canonical.com>  Wed, 21 Oct 2015 08:59:29 -0500
++
++qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
++
++  * debian/patches/upstream-fix-irq-route-entries.patch
++    Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
++    (LP: #1465935)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 09 Oct 2015 15:38:53 +0200
++
++qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
++
++  * Build using libseccomp on all architectures.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 03 Oct 2015 21:12:15 +0200
++
++qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
++
++  * SECURITY UPDATE: denial of service via NE2000 driver
++    - debian/patches/CVE-2015-5278.patch: fix infinite loop in
++      hw/net/ne2000.c.
++    - CVE-2015-5278
++  * SECURITY UPDATE: denial of service and possible code execution via
++    heap overflow in NE2000 driver
++    - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
++      hw/net/ne2000.c.
++    - CVE-2015-5279
++  * SECURITY UPDATE: denial of service via e1000 infinite loop
++    - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
++    - CVE-2015-6815
++  * SECURITY UPDATE: denial of service via illegal ATAPI commands
++    - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
++      hw/ide/core.c.
++    - CVE-2015-6855
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 23 Sep 2015 15:05:51 -0400
++
++qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
++
++  * Make qemu-system-common and qemu-utils depend on qemu-block-extra
++    to fix errors with missing block backends. (LP: #1495895)
++  * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
++  * Apply fix for memory corruption during live-migration in tcg mode
++    (LP: #1493049)
++  * Apply tracing patch to remove use of custom vtable in newer glibc
++    (LP: #1491972)
++
++ -- Ryan Harper <ryan.harper@canonical.com>  Tue, 15 Sep 2015 09:37:23 -0500
++
++qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
++
++  * Import qcow2-handle-eagain-from-update_refcount from upstream
++    to fix errors when using qemu-img convert -c.  (LP: #1491050)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 04 Sep 2015 16:35:56 -0500
++
++qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
++
++  * SECURITY UPDATE: process heap memory disclosure
++    - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
++    - CVE-2015-5165
++  * SECURITY UPDATE: privilege escalation via block device unplugging
++    - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
++      in hw/ide/piix.c.
++    - CVE-2015-5166
++  * SECURITY UPDATE: privilege escalation via memory corruption in vnc
++    - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
++      limits in ui/vnc.c.
++    - CVE-2015-5225
++  * SECURITY UPDATE: denial of service via virtio-serial
++    - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
++      for control messages in hw/char/virtio-serial-bus.c.
++    - CVE-2015-5745
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 25 Aug 2015 09:38:43 -0400
++
++qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
++
++  * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
++    - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
++    - CVE-2015-3214
++  * SECURITY UPDATE: heap overflow when processing ATAPI commands
++    - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
++      hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
++    - CVE-2015-5154
++  * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
++    - debian/patches/CVE-2015-5158.patch: check length in
++      hw/scsi/scsi-bus.c.
++    - CVE-2015-5158
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 27 Jul 2015 10:07:05 -0400
++
++qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
++
++  * SECURITY UPDATE: heap overflow in PCNET controller
++    - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
++    - CVE-2015-3209
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 11 Jun 2015 14:25:05 -0400
++
++qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
++
++  * Merge 1:2.3+dfsg-5 from Debian.
++  * Remaining changes:
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++  * Refreshed patches:
++    - ubuntu/expose-vmx_qemu64cpu.patch
++    - ubuntu/define-ubuntu-machine-types.patch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 10 Jun 2015 14:28:39 -0500
++
  qemu (1:2.3+dfsg-5) unstable; urgency=high
    * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
@@ -1039,6 +3159,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
   -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 03 Jun 2015 17:18:58 +0300
++qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
++
++  * Merge 1:2.3+dfsg-4 from Debian.
++  * Remaining changes:
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++  * Dropped all patches which are applied upstream
++  * Move the upstart jobs to a generic script
++    - add new qemu-kvm-init script
++    - call that from upstart and sysvrc qemu-kvm scripts
++    - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 03 Jun 2015 13:36:36 -0500
++
  qemu (1:2.3+dfsg-4) unstable; urgency=medium
    * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
@@ -1100,6 +3249,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 17 Apr 2015 21:54:53 +0300
++qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
++
++  * SECURITY UPDATE: denial of service in vnc web
++    - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
++      frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
++    - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
++      websockets clients in ui/vnc-ws.c.
++    - CVE-2015-1779
++  * SECURITY UPDATE: host code execution via floppy device (VEMON)
++    - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
++      bounds of the allocated buffer in hw/block/fdc.c.
++    - CVE-2015-3456
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 13 May 2015 07:25:59 -0400
++
++qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
++
++  * CVE-2015-2756 / XSA-126
++    - xen: limit guest control of PCI command register
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 08 Apr 2015 10:17:45 +0200
++
++qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
++
++  * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
++    accidentally create /1
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 12 Mar 2015 16:46:51 -0700
++
++qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
++
++  * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 26 Feb 2015 08:55:35 +0100
++
++qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
++
++  * No-change rebuild to pull in libxl-4.5.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 25 Feb 2015 13:58:37 +0100
++
++qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
++
++  * debian/control-in: enable numa on architectures where numa is built
++    (LP: #1417937)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 Feb 2015 23:18:58 -0600
++
++qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
++
++  [Scott Moser]
++  * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
++    profile when started by libvirt.
++
++  [Serge Hallyn]
++  * add symlink qemu-system-ppc64le -> qemu-system-ppc64
++  * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
++    (LP: #1419855)
++
++  [Chris J Arges]
++  * Determine if we are running inside a virtual environment. If running inside
++    a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 Feb 2015 13:04:21 -0600
++
++qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
++
++  * Merge 1:2.2+dfsg-5exp from Debian.  (LP: #1409308)
++    - debian/rules: do not drop the init scripts loading kvm modules
++      (still needed in precise in cloud archive)
++  * Remaining changes:
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++  * Dropped all patches which are applied upstream
++  * Update ubuntu-vivid machine type to default to std graphics (following
++    upstream's lead for pc-i440fx-2.2 machine type)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 09 Feb 2015 22:31:09 -0600
++
  qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
    * fix initscript removal once again
@@ -1149,6 +3390,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 09 Dec 2014 23:09:26 +0300
++qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
++
++  * Cherrypick upstream patch needed to allow ESx hosts to run under
++    kvm (LP: #1411575)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 16 Jan 2015 16:32:48 -0600
++
++qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
++
++  * Merge 2.1+dfsg-11.  Remaining changes:
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - debian/qemu-system-alternatives.in: use a later version as ubuntu
++      removed the alternatives bit later.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - debian/binfmt-update-in: support ppcle
++      * debian/binfmt-update-in
++      * Support-ppcle.patch
++    - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
++      * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
++      * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
++      * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
++  * Dropped patches (upstream or now in debian's tree):
++    - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
++    - CVE-2014-7840.patch
++    - CVE-2014-8106.patch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 17 Dec 2014 13:57:34 -0600
++
  qemu (1:2.1+dfsg-11) unstable; urgency=medium
    * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
@@ -1218,6 +3500,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 27 Nov 2014 18:32:45 +0300
++qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
++
++  * SECURITY UPDATE: code execution via savevm data
++    - debian/patches/CVE-2014-7840.patch: validate parameters in
++      arch_init.c.
++    - CVE-2014-7840
++  * SECURITY UPDATE: code execution via cirrus vga blit regions
++    (LP: #1400775)
++    - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
++      hw/display/cirrus_vga.c.
++    - CVE-2014-8106
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 11 Dec 2014 14:11:52 -0500
++
++qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
++
++  * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
++    dropped and VENDOR now will be all capital UBUNTU).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Mon, 08 Dec 2014 14:45:31 +0100
++
++qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
++
++  * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
++    d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
++    d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
++    Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
++    SPSel=0 in certain conditions. (LP: #1349277)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Thu, 04 Dec 2014 14:17:01 -0600
++
++qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
++
++  * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
++    Cherry-pick of qemu-upstream patch to fix issues with persistent
++    grants and the PV backend (Qdisk) (LP: #1394327).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 28 Nov 2014 13:14:37 +0100
++
++qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
++
++  * Merge 2.1+dfsg-7.  Remaining changes:
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - debian/qemu-system-alternatives.in: use a later version as ubuntu
++      removed the alternatives bit later.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - debian/binfmt-update-in: support ppcle
++      * debian/binfmt-update-in
++      * Support-ppcle.patch
++  * Dropped patches (upstream or now in debian's tree):
++    - pc-reserve-more-memory-for-acpi.patch
++    - CVE-2014-5388.patch
++    - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
++      502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
++      in debian)
++    - CVE-2014-3615.patch
++    - CVE-2014-3640.patch
++    - CVE-2014-3689.patch
++    - CVE-2014-7815.patch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Sat, 22 Nov 2014 18:36:53 -0600
++
  qemu (2.1+dfsg-7) unstable; urgency=high
    * urgency is high due to 2 security fixes
@@ -1269,6 +3626,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 26 Sep 2014 17:43:26 +0400
++qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
++
++  * SECURITY UPDATE: information disclosure via vga driver
++    - debian/patches/CVE-2014-3615.patch: return the correct memory size,
++      sanity check register writes, and don't use fixed buffer sizes in
++      hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
++      ui/spice-display.c.
++    - CVE-2014-3615
++  * SECURITY UPDATE: denial of service via slirp NULL pointer deref
++    - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
++      stub in slirp/udp.c.
++    - CVE-2014-3640
++  * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
++    - debian/patches/CVE-2014-3689.patch: verify rectangles in
++      hw/display/vmware_vga.c.
++    - CVE-2014-3689
++  * SECURITY UPDATE: denial of service via VNC console
++    - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
++      ui/vnc.c.
++    - CVE-2014-7815
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 13 Nov 2014 07:31:03 -0500
++
++qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
++
++  * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
++    (LP: #1389897)  (Patch thanks to mwhudson, BenC, and infinity)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Nov 2014 15:51:47 -0600
++
++qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
++
++  * Apply two patches to fix intermittent qemu-img corruption
++    (LP: #1368815)
++    - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
++    - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 29 Oct 2014 22:31:43 -0500
++
++qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
++
++  * debian/control: slof is moving into main, so we can depend on qemu-slof as
++    debian does.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 15 Oct 2014 22:01:27 +0200
++
++qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
++
++  * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
++    versa.
++  * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
++  * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
++    to latest upstream machine type, rather than distro one.  Add 'ubuntu'
++    machine type for that.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 06 Oct 2014 13:41:31 -0500
++
++qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
++
++  * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
++    container. (LP: #1370199)
++  * load kvm module on ppc64le at boot (LP: #1369785)
++    - debian/rules: install qemu-kvm on ppc64el
++    - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
++      kvm-hv module if available
++  * qemu-system-x86.maintscript: remove accidentally installed
++    /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
++  * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
++    ubuntu.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 17 Sep 2014 14:20:12 -0500
++
++qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
++
++  * Re-stick the trusty machine type to 2.0 (where it must always stay) and
++    define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 15 Sep 2014 14:04:57 -0500
++
++qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
++
++  * move kvm_intel nested setting to qemu-system-x86.postinst.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 12 Sep 2014 23:12:52 +0000
++
++qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
++
++  * Merge new debian release
++  * Remaining changes:
++    - qemu-system-common.postinst:
++      * remove acl placed by udev, and add udevadm trigger.
++      * reload kvm_intel if needed to set nested=1
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - debian/qemu-system-alternatives.in: use a later version as ubuntu
++      removed the alternatives bit later.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++    - debian/binfmt-update-in: support ppcle
++      * debian/binfmt-update-in
++      * Support-ppcle.patch
++    - d/p/CVE-2014-5388.patch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 09 Sep 2014 17:56:15 -0500
++
  qemu (2.1+dfsg-4) unstable; urgency=medium
    * mention libnuma-dev but not enable for now
@@ -1286,6 +3756,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 31 Aug 2014 09:32:59 +0400
++qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
++
++  * SECURITY UPDATE: memory disclosure via out-of-bounds array access
++    - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
++    - CVE-2014-5388
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 09 Sep 2014 08:26:24 -0400
++
++qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
++
++  * replace d/p/revert-acpi-table-size-bump with
++    pc-reserve-more-memory-for-acpi.patch from upstream
++  * debian/binfmt-update-in
++    - don't run in a container
++    - add ppc64le as target (LP: #1358268)
++  * Add experimental ppcle support (LP: #1358268)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 27 Aug 2014 18:24:32 -0500
++
++qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
++
++  * revert-acpi-table-size-bump - get qemu -kernel working again.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 15 Aug 2014 15:33:24 -0500
++
++qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
++
++  * Merge new debian release
++  * Remaining changes:
++    - control-in: stick to libsdl1.2-dev.
++    - qemu-system-common.install: add debian/tmp/usr/lib to install the
++      qemu-bridge-helper
++    - qemu-system-common.postinst: remove acl placed by udev,
++      and add udevadm trigger.
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - debian/qemu-system-alternatives.in: use a later version as ubuntu
++      removed the alternatives bit later.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++  * Upstart job: use getent group to check for kvm group
++  * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 15 Aug 2014 08:44:54 -0500
++
  qemu (2.1+dfsg-3) unstable; urgency=medium
    * set SHELL = /bin/sh -e, so that more complex shell constructs
@@ -1312,6 +3835,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 14 Aug 2014 14:30:24 +0400
++qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
++
++  * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Aug 2014 12:58:50 -0500
++
++qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
++
++  * Merge new debian release
++  * Remaining changes:
++    - qemu-system-x86.links: add eepro100.rom link, drop links which we
++      have in ipxe-qemu package.
++    - control-in: stick to libsdl1.2-dev.
++    - qemu-system-common.install: add debian/tmp/usr/lib to install the
++      qemu-bridge-helper
++    - qemu-system-common.postinst: remove acl placed by udev,
++      and add udevadm trigger.
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - debian/rules: add qemu-kvm-spice
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - binfmt-update-in: make sure to filter out compat arches.
++    - debian/qemu-system-alternatives.in: use a later version as ubuntu
++      removed the alternatives bit later.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - apport hook for qemu source package: d/source_qemu-kvm.py,
++      d/qemu-system-common.install
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 05 Aug 2014 13:53:06 -0500
++
  qemu (2.1+dfsg-2) unstable; urgency=medium
    * l2tp-linux-only.patch: fix FTBFS on kfreebsd
@@ -1363,6 +3922,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 24 Jul 2014 16:51:16 +0400
++qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
++
++  * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
++    /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 25 Jul 2014 08:35:02 -0500
++
++qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
++
++  * Merge 2.0.0+dfsg-6.  Remaining changes:
++    - qemu-system-x86.links: add eepro100.rom link, drop links which we
++      have in ipxe-qemu package.
++    - control-in: stick to libgnutls-dev and libsdl1.2-dev.
++    - qemu-system-common.install: add debian/tmp/usr/lib to install the
++      qemu-bridge-helper
++    - qemu-system-common.postinst: remove acl placed by udev,
++      and add udevadm trigger.
++    - qemu-system-common.preinst: add kvm group if needed
++    - add qemu-kvm upstart job and defaults file (rules,
++      qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
++    - debian/rules: add qemu-kvm-spice
++    - rules,qemu-system-x86.modprobe: support use under older udevs which
++      do not auto-load the kvm kernel module.  Enable nesting by default
++      on intel.
++    - binfmt-update-in: make sure to filter out compat arches.
++    - debian/qemu-system-alternatives.in: use a later version as ubuntu
++      removed the alternatives bit later.
++    - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
++      in qemu64 cpu type.
++    - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
++      machine type to ease future live vm migration.
++    - re-introduce apport hook for qemu source package:
++      d/source_qemu-kvm.py, d/qemu-system-common.install
++  * enable-build-dep on libjpeg8-dev - which is now in main
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 23 Jun 2014 14:52:54 -0500
++
  qemu (2.0.0+dfsg-6) unstable; urgency=medium
    * build-depend on libgnutls28-dev not libgnutls-dev
@@ -1406,6 +4002,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 21 Apr 2014 12:34:03 +0400
++qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
++
++  * remove alternatives for qemu: different architectures
++    aren't really alternatives and never had been  (LP: #1316829)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 07 May 2014 15:12:33 +0000
++
++qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
++
++  * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
++  * debian/control: drop the versioning requirement from libfdt-dev
++    build-dependency, as it is longer needed (LP: #1295072)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 02 May 2014 11:43:44 -0500
++
++qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
++
++  * Merge 2.0.0+dfsg-2
++  * Incorporates a fix for spice users (LP: #1309452)
++  * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
++    the regression requiring it was reverted for 2.0 upstream.
++  * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
++  * debian/qemu-debootstrap: add arm64
++  * Remaining changes from debian:
++    - keep qemu 'alternative' (not something to change in SRU)
++    - debian/control and debian/control-in:
++      * versioned libfdt-dev check, until libfdt is fixed in precise
++      * enable rbd
++      * remove ovmf Recommends, as it is in multiverse
++      * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
++      * add a qemu-system-aarch64 metapackage for transitions from trusty
++        development version.  This can be removed after trusty.
++    - qemu-system-common.install: add debian/tmp/usr/lib to install the
++      qemu-bridge-helper
++    - qemu-system-common.postinst: fix /dev/kvm acls
++    - qemu-system-common.preinst: add kvm group if needed
++    - qemu-system-x86.links: add eepro100.rom link, drop links which we
++      have in ipxe-qemu package.
++    - qemu-system-x86.modprobe: set module options for older releases
++    - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
++    - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
++    - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
++    - debian/rules
++      * add legacy kvm-spice link
++      * fix ppc and arm slections
++      * add aarch64 to user_targets
++    - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
++      pc-i440fx-trusty machine type as the default.
++    - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
++      default in qemu64 cpu time.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 18 Apr 2014 09:23:27 -0500
++
  qemu (2.0.0+dfsg-2) unstable; urgency=medium
    * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
@@ -1465,6 +4114,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 05 Apr 2014 16:23:48 +0400
++qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
++
++  * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
++    don't abort() just because the kernel has no dirty bitmap.
++    (LP: #1303926)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 08 Apr 2014 22:32:00 -0500
++
++qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
++
++  * define-trusty-machine-type.patch: update the trusty machine type name to
++    pc-i440fx-trusty (LP: #1304107)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 08 Apr 2014 11:49:04 -0500
++
++qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
++
++  * Merge 2.0.0-rc1
++  * debian/rules: consolidate ppc filter entries.
++  * Move qemu-system-arch64 into qemu-system-arm
++  * debian/patches/define-trusty-machine-type.patch: define a trusty machine
++    type, currently the same as pc-i440fx-2.0, to put is in a better position
++    to enable live migrations from trusty onward.  (LP: #1294823)
++  * debian/control: build-dep on libfdt >= 1.4.0  (LP: #1295072)
++  * Merge latest upstream git to commit dc9528f
++  * Debian/rules:
++    - remove -enable-uname-release=2.6.32
++    - don't make the aarch64 target Ubuntu-specific.
++  * Remove patches which are now upstream:
++    - fix-smb-security-share.patch
++    - slirp-smb-redirect-port-445-too.patch
++    - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
++    - signal-added-a-wrapper-for-sigprocmask-function.patch
++    - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
++    - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
++    - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
++  * add link for /usr/share/qemu/bios-256k.bin
++  * Remove all linaro patches.
++  * Remove all arm64/ patches.  Many but not all are upstream.
++  * Remove CVE-2013-4377.patch which is upstream.
++  * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 25 Feb 2014 22:31:43 -0600
++
  qemu (1.7.0+dfsg-9) unstable; urgency=medium
    * remove rbd/rados/ceph support *again*, till they'll actually provide
@@ -1529,6 +4222,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 12 Mar 2014 18:34:03 +0400
++qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
++
++  * No-change rebuild to build with libxen-4.4.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 21 Mar 2014 10:04:36 +0100
++
++qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
++
++  * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
++    upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Mar 2014 00:03:00 -0500
++
++qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
++
++  [ dann frazier ]
++  * Add patches from the susematz tree to avoid intermittent segfaults:
++     - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
++     - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
++     - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
++
++  [ Serge Hallyn ]
++  * Modify do_sigprocmask to only change behavior for aarch64.
++    (LP: #1285363)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 06 Mar 2014 16:15:50 -0600
++
++qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
++
++  [ Steve Langasek ]
++  * Merge debian/control with unreleased Debian branch: our architecture
++    lists should now be in sync.
++
++  [ Dann Frazier ]
++  * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
++    on arm64 and maybe others. (LP: #1284344)
++
++  [ Serge Hallyn ]
++  * Move the OVMF.fd link to the ovmf package.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 21 Feb 2014 12:14:53 -0800
++
++qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
++
++  * Add ppc64el to the architecture list (supposedly added in the previous
++    upload, but really wasn't).
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 20 Feb 2014 23:40:07 -0800
++
++qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
++
++  * Backport changes to enable qemu-user-static support for aarch64
++  * debian/control: add ppc64el to Architectures
++  * debian/rules: only install qemu-system-aarch64 on arm64.
++    Fixes a FTBFS  when built twice in a row on non-arm64 due to a stale
++    debian/qemu-system-aarch64 directory
++
++ -- dann frazier <dann.frazier@canonical.com>  Tue, 11 Feb 2014 15:41:53 -0700
++
++qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
++
++  * Fix broken filter_binfmts
++  * Remove use of dpkg-version in postinsts, as we're not Depending on
++    dpkg-dev.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 05 Feb 2014 21:57:38 -0600
++
++qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
++
++  * Merge 1.7.0+dfsg-3 from debian.  Remaining changes:
++    - debian/patches/ubuntu:
++      * expose-vmx_qemu64cpu.patch
++      * linaro (omap3) and arm64 patches
++      * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
++        on ppc
++      * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
++    - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
++    - debian/control:
++      * add arm64 to Architectures
++      * add qemu-common and qemu-system-aarch64 packages
++    - debian/qemu-system-common.install: add debian/tmp/usr/lib
++    - debian/qemu-system-common.preinst: add kvm group
++    - debian/qemu-system-common.postinst: remove acl placed by udev,
++      and add udevadm trigger.
++    - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
++      pxe-e1000 and pxe-rtl8139.
++    - add qemu-system-x86.qemu-kvm.upstart and .default
++    - qemu-user-static.postinst-in: remove arm64 binfmt
++    - debian/rules:
++      * allow parallel build
++      * add aarch64 to system_targets and sys_systems
++      * add qemu-kvm-spice links
++      * install qemu-system-x86.modprobe
++    - add debian/qemu-system-common.links for OVMF.fd link
++  * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 04 Feb 2014 12:13:08 -0600
++
  qemu (1.7.0+dfsg-3) unstable; urgency=low
    * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
@@ -1554,6 +4345,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 16 Jan 2014 15:17:46 +0400
++qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
++
++  * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
++    may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 28 Jan 2014 14:41:20 +0000
++
++qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
++
++  * SECURITY UPDATE: denial of service via virtio device hot-plugging
++    - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
++      virtio device unplugging.
++    - CVE-2013-4377
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 27 Jan 2014 09:10:37 -0500
++
++qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
++
++  * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
++    powerpc.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 22 Jan 2014 11:59:26 -0600
++
++qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
++
++  [ Serge Hallyn ]
++  * add arm64 patchset from upstream.  The three arm virt patches previously
++    pushed are in that set, so drop them.
++
++  [ dann frazier ]
++  * Add packaging for qemu-system-aarch64. This package is currently only
++    available for arm64, as full software emulation is not yet supported.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 10 Jan 2014 12:19:08 -0600
++
++qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
++
++  * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
++    supported any longer.
++  * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
++  * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
++    churn caused by linaro patchset.
++  * debian/rules: enable parallel builds.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 03 Jan 2014 10:53:17 -0600
++
++qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
++
++  * d/control: enable usbredir (LP: 1126390)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 02 Jan 2014 08:55:43 -0600
++
++qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
++
++  * add missing arm virt patches from the mach-virt-v7 branch of
++    git://git.linaro.org/people/cdall/qemu-arm.git
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 18 Dec 2013 12:25:59 -0600
++
++qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
++
++  * debian/control: add arm64 to list of architectures.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 Dec 2013 10:22:47 -0600
++
++qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
++
++  * Merge 1.7.0+dfsg-2 from debian experimental.  Remaining changes:
++    - debian/control
++      * update maintainer
++      * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
++        from build-deps
++      * enable rbd
++      * add qemu-system and qemu-common B/R to qemu-keymaps
++      * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
++        qemu-system-common
++      * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
++        - add qemu-common, qemu-kvm, kvm to B/R
++        - remove openbios-sparc from qemu-system-sparc D
++        - drop openbios-ppc and openhackware Depends to Suggests (for now)
++      * qemu-system-x86:
++        - add qemu-common to Breaks/Replaces.
++        - add cpu-checker to Recommends.
++      * qemu-user: add B/R:qemu-kvm
++      * qemu-kvm:
++        - add armhf armel powerpc sparc to Architecture
++        - C/R/P: qemu-kvm-spice
++      * add qemu-common package
++      * drop qemu-slof which is not packaged in ubuntu
++    - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
++    - qemu-system-x86.links:
++      * remove pxe rom links which are in kvm-ipxe
++    - debian/rules
++      * add kvm-spice symlink to qemu-kvm
++      * call dh_installmodules for qemu-system-x86
++      * update dh_installinit to install upstart script
++      * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
++    - Add qemu-utils.links for kvm-* symlinks.
++    - Add qemu-system-x86.qemu-kvm.upstart and .default
++    - Add qemu-system-x86.modprobe to set nesting=1
++    - Add qemu-system-common.preinst to add kvm group
++    - qemu-system-common.postinst: remove bad group acl if there, then have
++      udev relabel /dev/kvm.
++    - New linaro patches from qemu-linaro rebasing branch
++    - Dropped patches:
++      * linaro patchset
++      * mach-virt patchset
++    - Kept patches:
++      * expose_vms_qemu64cpu.patch
++      * fix-pci-add
++  * qemu-system-common.install: add debian/tmp/usr/lib to install the
++    qemu-bridge-helper
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Sat, 07 Dec 2013 06:08:11 +0000
++
  qemu (1.7.0+dfsg-2) unstable; urgency=low
    * switch from vgabios to seavgabios
@@ -1583,6 +4489,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 28 Nov 2013 03:14:21 +0400
++qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
++
++  * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
++    to prevent lts-to-lts updates from breaking.  (LP: #1243403)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 23 Oct 2013 14:31:05 -0500
++
++qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
++
++  * Merge 1.6.0~rc0+dfsg-2exp from debian experimental.  Remaining changes:
++    - debian/control
++      * update maintainer
++      * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
++        from build-deps
++      * enable rbd
++      * add qemu-system and qemu-common B/R to qemu-keymaps
++      * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
++        qemu-system-common
++      * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
++        - add qemu-kvm to Provides
++        - add qemu-common, qemu-kvm, kvm to B/R
++        - remove openbios-sparc from qemu-system-sparc D
++        - drop openbios-ppc and openhackware Depends to Suggests (for now)
++      * qemu-system-x86:
++        - add qemu-common to Breaks/Replaces.
++        - add cpu-checker to Recommends.
++      * qemu-user: add B/R:qemu-kvm
++      * qemu-kvm:
++        - add armhf armel powerpc sparc to Architecture
++        - C/R/P: qemu-kvm-spice
++      * add qemu-common package
++      * drop qemu-slof which is not packaged in ubuntu
++    - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
++    - qemu-system-x86.links:
++      * remove pxe rom links which are in kvm-ipxe
++      * add symlink for kvm.1 manpage
++    - debian/rules
++      * add kvm-spice symlink to qemu-kvm
++      * call dh_installmodules for qemu-system-x86
++      * update dh_installinit to install upstart script
++      * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
++    - Add qemu-utils.links for kvm-* symlinks.
++    - Add qemu-system-x86.qemu-kvm.upstart and .default
++    - Add qemu-system-x86.modprobe to set nesting=1
++    - Add qemu-system-common.preinst to add kvm group
++    - qemu-system-common.postinst: remove bad group acl if there, then have
++      udev relabel /dev/kvm.
++    - New linaro patches from qemu-linaro rebasing branch
++    - Dropped patches:
++      * xen-simplify-xen_enabled.patch
++      * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
++      * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
++      * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
++      * virtio-rng-fix-crash
++    - Kept patches:
++      * expose_vms_qemu64cpu.patch - updated
++      * linaro arm patches from qemu-linaro rebasing branch
++    - New patches:
++      * fix-pci-add: change CONFIG variable in ifdef to make sure that
++        pci_add is defined.
++  * Add linaro patches
++  * Add experimental mach-virt patches for arm virtualization.
++  * qemu-system-common.install: add debian/tmp/usr/lib to install the
++    qemu-bridge-helper
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 22 Oct 2013 22:47:07 -0500
++
  qemu (1.6.0+dfsg-2) unstable; urgency=low
    * Build-depend in seccomp again once it is in -testing
@@ -1653,6 +4626,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 06 Jun 2013 01:50:32 +0400
++qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
++
++  * No change rebuild for new seccomp.
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Mon, 21 Oct 2013 18:34:50 -0400
++
++qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
++
++  * Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
++    - virtio-rng-fix-crash
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 09 Oct 2013 17:46:49 -0500
++
++qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low
++
++  * Re-introduce snippet in upstart job to load kvm modules if needed.
++    (LP: #1218459)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 16 Sep 2013 22:43:52 +0000
++
++qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low
++
++  * Cherry-picking three Xen related patches targetted for qemu-stable:
++    * xen-simplify-xen_enabled.patch
++    * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
++    * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 26 Jul 2013 15:01:44 +0200
++
++qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low
++
++  * Drop openbios-ppc and openhackware Depends to Suggests for now.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Wed, 05 Jun 2013 03:23:56 -0600
++
++qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low
++
++  * Merge 1.5.0+dfs-3 from debian unstable.  Remaining changes:
++    - debian/control
++      * update maintainer
++      * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
++        from build-deps
++      * enable rbd
++      * add qemu-system and qemu-common B/R to qemu-keymaps
++      * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
++        qemu-system-common
++      * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
++        - add qemu-kvm to Provides
++        - add qemu-common, qemu-kvm, kvm to B/R
++        - remove openbios-sparc from qemu-system-sparc D
++      * qemu-system-x86:
++        - add qemu-common to Breaks/Replaces.
++        - add cpu-checker to Recommends.
++      * qemu-user: add B/R:qemu-kvm
++      * qemu-kvm:
++        - add armhf armel powerpc sparc to Architecture
++        - C/R/P: qemu-kvm-spice
++      * add qemu-common package
++      * drop qemu-slof which is not packaged in ubuntu
++    - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
++    - qemu-system-x86.links:
++      * remove pxe rom links which are in kvm-ipxe
++      * add symlink for kvm.1 manpage
++    - debian/rules
++      * add kvm-spice symlink to qemu-kvm
++      * call dh_installmodules for qemu-system-x86
++      * update dh_installinit to install upstart script
++      * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
++    - Add qemu-utils.links for kvm-* symlinks.
++    - Add qemu-system-x86.qemu-kvm.upstart and .default
++    - Add qemu-system-x86.modprobe to set nesting=1
++    - Add qemu-system-common.preinst to add kvm group
++    - qemu-system-common.postinst: remove bad group acl if there, then have
++      udev relabel /dev/kvm.
++    - Dropped patches:
++      * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
++    - Kept patches:
++      * expose_vms_qemu64cpu.patch - updated
++      * gridcentric patch - updated
++      * linaro arm patches from qemu-linaro rebasing branch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 04 Jun 2013 22:56:43 +0200
++
  qemu (1.5.0+dfsg-3) unstable; urgency=low
    * fix sections: misc => otherosfs
@@ -1672,6 +4728,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 02 Jun 2013 01:49:47 +0400
++qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low
++
++  * Merge 1.5.0+dfs-2 from debian unstable.  Remaining changes:
++    - debian/control
++      * update maintainer
++      * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
++        from build-deps
++      * enable rbd
++      * add qemu-system and qemu-common B/R to qemu-keymaps
++      * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
++        qemu-system-common
++      * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
++        - add qemu-kvm to Provides
++        - add qemu-common, qemu-kvm, kvm to B/R
++        - remove openbios-sparc from qemu-system-sparc D
++      * qemu-system-x86:
++        - add qemu-common to Breaks/Replaces.
++        - add cpu-checker to Recommends.
++      * qemu-user: add B/R:qemu-kvm
++      * qemu-kvm:
++        - add armhf armel powerpc sparc to Architecture
++        - C/R/P: qemu-kvm-spice
++      * add qemu-common package
++      * drop qemu-slof which is not packaged in ubuntu
++    - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
++    - qemu-system-x86.links:
++      * remove pxe rom links which are in kvm-ipxe
++      * add symlink for kvm.1 manpage
++    - debian/rules
++      * add kvm-spice symlink to qemu-kvm
++      * call dh_installmodules for qemu-system-x86
++      * update dh_installinit to install upstart script
++      * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
++    - Add qemu-utils.links for kvm-* symlinks.
++    - Add qemu-system-x86.qemu-kvm.upstart and .default
++    - Add qemu-system-x86.modprobe to set nesting=1
++    - Add qemu-system-common.preinst to add kvm group
++    - qemu-system-common.postinst: remove bad group acl if there, then have
++      udev relabel /dev/kvm.
++    - Dropped patches:
++      * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
++    - Kept patches:
++      * expose_vms_qemu64cpu.patch - updated
++      * gridcentric patch - updated
++      * linaro arm patches from qemu-linaro rebasing branch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 28 May 2013 08:18:30 -0500
++
  qemu (1.5.0+dfsg-2) unstable; urgency=low
    * merged development history of wheezy and experimental branches.
@@ -1739,6 +4843,76 @@ qemu (1.4.0+dfsg-2exp) experimental; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 18 Apr 2013 14:45:30 +0400
++qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low
++
++  * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177)
++  * qemu-system-x86.qemu-kvm.upstart:
++    - remove NESTED workarounds from upstart file.
++    - remove loading of modules which is now always done
++    - remove TAPR define which is no longer used
++  * move customizable defines back to qemu-kvm.default
++  * copy creation of group kvm to preinst - the group must exist when the
++    kvm udev rule is installed (LP: #1103022) (LP: #1092715)
++  * add adduser to qemu-system-common Pre-Depends for use by preinst.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 14 Mar 2013 14:21:53 -0500
++
++qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low
++
++  * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on
++    i386/amd64 targets.  (LP: #1126258)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 28 Feb 2013 15:17:16 -0600
++
++qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low
++
++  * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing
++    tree.
++  * add qemu-common to qemu-system-common B/R (was accidentally dropped from
++    1.3.0 in 1.4.0 merge).
++  * debian/control: fix kvm P/C/B/R:
++    - make all C/B/R against kvm versioned
++    - don't have any qemu-system-* other than x86 Provides: kvm
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 22 Feb 2013 13:34:07 -0600
++
++qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low
++
++  * Merge 1.4.0+dfsg-1exp from debian.  Remaining changes:
++    - debian/control:
++      * update maintainer
++      * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps
++      * enable rbd
++      * add qemu-system and qemu-common B/R to qemu-keymaps
++      * add D:udev and R:qemu to qemu-system-common
++      * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
++        - add qemu-kvm and kvm to Provides
++        - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc,
++          qemu-system-sparc:
++        - remove openbios-$arch from Depends
++      * qemu-system-x86:
++        - add qemu-common to Breaks/Replaces.
++        - add cpu-checker to Recommends.
++      * qemu-user:
++        - add B/R qemu-kvm
++      * qemu-utils:
++        - add B/R qemu-user and qemu-kvm
++      * qemu-kvm: add armhf armel powerpc sparc to Architecture
++      * add qemu-common package
++    - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
++    - qemu-system-x86.links:
++      * remove pxe rom links which are in kvm-ipxe
++      * add symlink for kvm.1 manpage
++    - Add qemu-utils.links for kvm-* symlinks.
++    - Add qemu-kvm.conf upstart job to qemu-system
++    - Clear /dev/kvm acls on install
++    - Add linaro arm patches.
++    - Add gridcentric patches.
++    - Re-add expose_vms_qemu64cpu.patch (from Daviey)
++  * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 20 Feb 2013 11:58:27 -0600
++
  qemu (1.4.0+dfsg-1exp) experimental; urgency=low
    [ Michael Tokarev ]
@@ -1794,6 +4968,116 @@ qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 02 Feb 2013 21:05:28 +0400
++qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low
++
++  * qemu-system-common.postinst: only run setfacl when /dev/kvm exists.
++    (LP: #1130591)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 20 Feb 2013 08:58:53 -0600
++
++qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low
++
++  * Update workarounds for udev/inotify:  (LP: #1092715)
++    - qemu-system-common.udev: go back to original, simple rule
++    - qemu-system-common.postinst: manually run setfacl
++    - (keep Depends: on acl as well)
++    - this can be removed once bug 1092715 is fixed.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 19 Feb 2013 12:41:22 -0600
++
++qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low
++
++  * Now that qemu provides spice support, and qemu-kvm-spice is removed from
++    the archive, have qemu-kvm (which qemu-kvm-spice always depended on)
++    P/C/R qemu-kvm-spice.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 14 Feb 2013 13:43:27 -0600
++
++qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low
++
++  * Enable spice.
++  * Address lintian warning by adding ${misc:Depends} to qemu-common and
++    qemu-kvm.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 12 Feb 2013 16:07:04 -0600
++
++qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low
++
++  [ Serge Hallyn ]
++  * Merge 1.3.0+dfsg-5exp from Debian.
++  * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1:
++    - debian/control:
++      * update maintainer
++      * remove vde2 recommends
++      * build-deps: remove libusbredir, libvdeplug2-dev,
++        libspice-server-dev, libspice-protocol-dev, libiscsi-dev
++      * qemu-system:
++        - break/replace qemu-common
++        - depend on udev
++        - remove openbios-ppc, openbios-sparc, and openhackware from
++          Depends.  (Intend to add them back once we can build them.)
++      * qemu-utils: break/replace qemu-kvm
++    - qemu-kvm.upstart:
++      - add qemu-system.qemu-kvm.upstart
++      - debian/rules: add dh_installinit to get qemu-system.upstart installed.
++      - take the defaults from the old qemu-kvm.defaults, and move them into
++        the upstart job
++    - debian/patches:
++      - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
++      - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
++    - add links for qemu-ifup/down in qemu-system-common.links
++    - debian/qemu-system-common.postinst
++      - udevadm trigger to fix up /dev/kvm perms
++    - debian/qemu-system.links:
++      - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
++        with ones from kvm-ipxe).  We may want to move the links from kvm-ipxe
++        back to qemu-system at some point.
++  * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1:
++    - qemu-system-common.links: add link for OVMF
++    - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages.
++    - qemu-system.links:
++      * Add link to usr/share/ovmf/OVMF.fd
++      * Fix target of /etc/kvm/kvm-if{up,down} links
++    - debian/control: qemu-system should Recommend cpu-checker
++    - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
++      (i.e.) qemu-x86_64.
++    - add qemu-kvm, and qemu-common transitional packages.
++    - Add breaks/replaces to qemu-keymaps for qemu-system.
++    - Add provides: qemu-kvm and kvm to qemu-system-ppc.
++    - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common.
++    - Add breaks/replaces to qemu-kvm for qemu-common.
++    - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm.
++    - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional
++      package.
++    - Add qemu-common package.
++    - Make sure /dev/kvm gets its acls cleared:
++      * Add acl to qemu-system.depends
++      * update qemu-system.udev to run setfacl to set g::rw acl
++    - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
++  * dropped debian/patches/CVE-2012-6075.patch (duplicate of
++    e1000-discard-oversize-packets-based-on-SBP_LPE.patch)
++  * debian/{control,configure-opts}: enable rbd (LP: #1118406)
++  * add symlink for kvm.1 -> qemu.1 manpage (LP: #1117636)
++  * add replaces to qemu-system-common for qemu - we briefly moved conflicting
++    docs to qemu, which debian moved to qemu-system-common.  This can be
++    dropped after raring.
++  * move qemu-kvm.upstart from qemu-system to qemu-system-x86.
++  * Support upgrade from qemu-kvm on non-x86 arches:
++    - Add Provides: qemu-kvm, kvm to qemu-system-{arm,ppc,sparc,x86}
++    - Add Breaks/Replaces for qemu-{common,system,kvm} and kvm.
++  * Re-add expose_vms_qemu64cpu.patch (from Daviey) from quantal.
++
++  [ Steve Langasek ]
++  * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that
++    we have a sensible baseline kernel value regardless of what the
++    underlying host kernel is.  This makes eglibc happier when running under
++    emulation on a very old kernel for instance (whose host syscall ABI has
++    nothing to do with what emulated syscalls are supported), and probably
++    also lets us steer clear for the moment of code that has problem with
++    the new kernel upstream versioning convention.  LP: #921078.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 07 Feb 2013 14:15:26 -0600
++
  qemu (1.3.0+dfsg-5exp) experimental; urgency=low
    * qemu-system-split: split qemu-system into several target-specific packages:
@@ -1873,6 +5157,106 @@ qemu (1.3.0+dfsg-2exp) experimental; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 20 Jan 2013 22:12:11 +0400
++qemu (1.3.0+dfsg-1~exp3ubuntu8) raring; urgency=low
++
++  * qemu-system.links:
++    - Add link to usr/share/ovmf/OVMF.fd (LP: #1074207)
++    - Fix target of /etc/kvm/kvm-if{up,down} links
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 29 Jan 2013 10:52:22 -0600
++
++qemu (1.3.0+dfsg-1~exp3ubuntu7) raring; urgency=low
++
++  * debian/control: qemu-system should Recommend cpu-checker (LP: #1103982)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 28 Jan 2013 11:52:10 -0600
++
++qemu (1.3.0+dfsg-1~exp3ubuntu6) raring; urgency=low
++
++  * configure-opts: add audio-cards list (LP: #1102487)
++  * configure-opts: change order of audio-drv-list for ubuntu, putting pa
++    first.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 21 Jan 2013 12:02:09 -0600
++
++qemu (1.3.0+dfsg-1~exp3ubuntu5) raring; urgency=low
++
++  * Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
++    (i.e.) qemu-x86_64. (LP: #1102332)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 21 Jan 2013 08:58:07 -0600
++
++qemu (1.3.0+dfsg-1~exp3ubuntu4) raring; urgency=low
++
++  * Move three docs from qemu-system.install to qemu.docs (LP: #1101798)
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Sat, 19 Jan 2013 20:12:48 -0700
++
++qemu (1.3.0+dfsg-1~exp3ubuntu3) raring; urgency=low
++
++  * debian/patches/CVE-2012-6075.patch: Fix guest denial of service and
++    possible code execution in hw/e1000.c by dropping oversize packets.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Sat, 19 Jan 2013 07:31:50 -0700
++
++qemu (1.3.0+dfsg-1~exp3ubuntu2) raring; urgency=low
++
++  * debian/rules: empty MAKEFLAGS when building spapr-rtas.bin on powerpc, to
++    fix FTBFS due to parallel compile.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 18 Jan 2013 15:51:09 -0600
++
++qemu (1.3.0+dfsg-1~exp3ubuntu1) raring; urgency=low
++
++  * Merge 1.3.0+dfsg-1~exp3.  Remaining ubuntu delta:
++    - debian/control:
++      * update maintainer
++      * remove vde2 recommends
++      * build-deps: remove libusbredir, libvdeplug2-dev,
++        libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
++        and libxen-dev.
++      * qemu-keymaps: break/replace qemu-common
++      * qemu-system:
++        - break/replace qemu-common
++        - depend on udev
++        - remove openbios-ppc, openbios-sparc, and openhackware from
++          Depends.  (Intend to add them back once we can build them.)
++        - provides: qemu-kvm
++      * qemu-utils: break/replace qemu-kvm
++      * set up transitional packages for qemu-kvm, qemu-common, and kvm.
++    - qemu-kvm.upstart:
++      - add qemu-system.qemu-kvm.upstart
++      - debian/rules: add dh_installinit to get qemu-system.upstart installed.
++      - take the defaults from the old qemu-kvm.defaults, and move them into
++        the upstart job
++    - debian/patches:
++      - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
++      - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
++    - ifup/down:
++      - copy Debian qemu-kvm's kvm-ifup/down into debian/
++      - fix dh_install for kvm-ifup/down in debian/rules
++      - add links for qemu-ifup/down in qemu-system.links
++      - remove (debian's original) qemu-ifup from qemu-system.install
++    - debian/qemu-system.postinst
++      - udevadm trigger to fix up /dev/kvm perms
++      - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
++    - debian/qemu-system.links:
++      - point 'kvm' to qemu-system-x86_64
++      - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
++        with ones from kvm-ipxe).  We may want to move the links from kvm-ipxe
++        back to qemu-system at some point.
++  * Add note about kvm to qemu-system.README.debian.
++  * Copy kvm-ifup and kvm-ifdown from debian's qemu-kvm
++  * Remove TAPBR from qemu-kvm.conf.
++  * Make sure /dev/kvm gets its acls cleared:
++    - Add acl to qemu-system.depends
++    - update qemu-system.udev to run setfacl to set g::rw acl
++  * qemu-system.qemu-kvm.conf: don't rmmod at stop
++  * Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
++  * Remove hugepages sysctl file - qemu now supports transparent hugepages.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 14 Jan 2013 23:22:51 -0600
++
  qemu (1.3.0+dfsg-1~exp3) experimental; urgency=low
    * enable vde on kFreebsd too (no idea why it was disabled)
@@ -1957,6 +5341,107 @@ qemu (1.3.0+dfsg-1~exp1) experimental; urgency=low
   -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 30 Dec 2012 01:52:21 +0400
++qemu (1.2.0.dfsg-1~exp1-0ubuntu2) raring; urgency=low
++
++  * Remove kvm package
++    - make qemu-system P/C/B: kvm.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 14 Jan 2013 12:03:19 -0600
++
++qemu (1.2.0.dfsg-1~exp1-0ubuntu1) raring; urgency=low
++
++  [ Serge Hallyn ]
++  * debian/control:
++    - update maintainer
++    - remove vde2 recommends
++    - build-deps: remove libusbredir, libvdeplug2-dev,
++      libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
++      and libxen-dev.
++    - qemu-keymaps: break/replace qemu-common
++    - qemu-system:
++      - break/replace qemu-common
++      - depend on udev
++      - remove openbios-ppc, openbios-sparc, and openhackware from
++        Depends.  (Intend to add them back once we can build them.)
++      - provides: qemu-kvm
++    - qemu-utils: break/replace qemu-kvm
++    - set up transitional packages for qemu-kvm, qemu-common, and kvm.
++  * debian/rules:
++    - install kvm-ifup and kvm-ifdown
++    - dh_installinit the qemu-kvm upstart job
++  * install a 30-qemu-kvm.conf into /etc/sysctl.c for nr_hugepages.
++  * qemu-kvm.upstart:
++    - add qemu-system.qemu-kvm.upstart
++    - add mv_confile to qemu-system.preinst, postinst, and .postrm to rename
++      /etc/init/qemu-kvm.conf to qemu-system.conf
++    - debian/rules: add dh_installinit to get qemu-system.upstart installed.
++    - take the defaults from the old qemu-kvm.defaults, and move them into
++      the upstart job
++  * debian/patches:
++    - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
++    - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
++    - apply nbd-fixes-to-read-only-handling.patch from upstream to
++      make read-write mount after read-only mount work.  (LP: #1077838)
++  * ifup/down:
++    - copy Ubuntu qemu-kvm's kvm-ifup/down into debian/
++    - fix dh_install for kvm-ifup/down in debian/rules
++    - add links for qemu-ifup/down in qemu-system.links
++    - remove (debian's original) qemu-ifup from qemu-system.install
++  * debian/qemu-system.postinst
++    - udevadm trigger to fix up /dev/kvm perms
++    - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
++  * debian/qemu-system.links:
++    - point 'kvm' to qemu-system-x86_64
++    - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
++      with ones from kvm-ipxe).  We may want to move the links from kvm-ipxe
++      back to qemu-system at some point.
++    - add qemu-ifdown and qemu-ifup links
++  * debian/qemu-system.install:
++    - remove /etc/qemu-ifup link
++    - add /etc/sysctl.d/30-qemu-kvm.conf
++
++  [ Adam Conrad ]
++  * Appease apt-get's dist-upgrade resolver by creating a qemu-common
++    transitional package to upgrade more gracefully to qemu-keymaps.
++  * Move all the empty transitional packages to the oldlibs section.
++  * Restore the versioned dep from qemu-kvm (and kvm) to qemu-system.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 04 Jan 2013 08:50:24 -0600
++
++qemu (1.2.0+dfsg-1~exp1) UNRELEASED; urgency=low
++
++  [ Michael Tokarev ]
++  * new upstream version (1.3.0)
++    (Closes: #676374, #622319, #597527, #593547, #660154)
++   - Removed patches included upstream:
++     do-not-include-libutil.h.patch
++     configure-nss-usbredir.patch
++     tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch
++     net-add--netdev-options-to-man-page.patch
++   - update 02_kfreebsd.patch
++   - do not build mpc8544ds.dtb
++   - include new targets
++  * Cleaned up the build system ALOT.  Larger changes:
++    - used explicit lists of emulated targets in debian/rules
++      and generate everything else from there, instead of repeating
++      these lists in lots of places.
++    - stop using debian/$pkg.manpages and other auxilary files like this,
++      moving eveything to debian/$pkg.install, because with the number
++      of packages growing, amount of these small files becomes very
++      large and the result is difficult to maintain.
++  * ship forgotten target-x86_64.conf in qemu-system.
++  * ship virtfs-proxy-helper in qemu-utils.
++  * stop shipping tundev.c, since it does not reflect the reality for
++    a long time now (Closes: #325761, #325754).
++  * re-introduce support parallel build using DEB_BUILD_OPTIONS=parallel=N,
++    this time by adding to $MAKEFLAGS instead of passing down to submakes
++  * build-depend on libcap-ng-dev (for virtfs-proxy-helper)
++
++  [ Vagrant Cascadian ]
++  * Add libcap-dev to Build-Depends to support virtfs-proxy-helper.
++
++ -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 30 Dec 2012 01:52:21 +0400
++
  qemu (1.1.2+dfsg-6a) unstable; urgency=low
    * reupload to remove two unrelated files slipped in debian/
 diff --git a/debian/control b/debian/control
 index b9a6e25..8a0b440 100644
 --- a/debian/control
 +++ b/debian/control
@@ -2,11 +2,12 @@
  Source: qemu
  Section: otherosfs
  Priority: optional
--Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
  Uploaders: Aurelien Jarno <aurel32@debian.org>,
  	Riku Voipio <riku.voipio@iki.fi>,
  	Michael Tokarev <mjt@tls.msk.ru>
--Build-Depends: debhelper (>= 11),
++Build-Depends: debhelper (>= 12),
  # In comments below we also specify (system-specific) arguments
  # to qemu's configure script, -- optional features which depend
  # on build-dependencies.
@@ -17,8 +18,6 @@ Build-Depends: debhelper (>= 11),
   texinfo, python3-sphinx,
  # iasl (from acpica-tools) is used only in a single test these days, not for building
  # acpica-tools,
--# --enable-capstone=system
-- libcapstone-dev,
  # --enable-linux-aio	linux-*
   libaio-dev [linux-any],
  # --audio-drv-list=pa,alsa,oss	linux-*
@@ -28,8 +27,8 @@ Build-Depends: debhelper (>= 11),
  # for virtfs
  # --enable-attr
   libattr1-dev,
--# --enable-bluez	linux-*
-- libbluetooth-dev [linux-any],
++# bluetooth subsystem got deprecated by upstream
++# --disable-bluez
  # --enable-brlapi
   libbrlapi-dev,
  # --enable-virtfs	linux-*
@@ -53,10 +52,8 @@ Build-Depends: debhelper (>= 11),
   libvirglrenderer-dev,
  # --enable-opengl
   libepoxy-dev, libdrm-dev, libgbm-dev,
--# --enable-libnfs
-- libnfs-dev (>> 1.9.3),
--# --enable-numa	i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc
-- libnuma-dev   [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc],
++# --enable-numa	i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc|s390x
++ libnuma-dev   [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc s390x],
  # --enable-smartcard
   libcacard-dev,
   libpixman-1-dev,
@@ -64,8 +61,6 @@ Build-Depends: debhelper (>= 11),
   librados-dev [linux-any], librbd-dev [linux-any],
  # glusterfs is debian-only since ubuntu/glusterfs is in universe (MIR LP: #1274247)
  # before buster it was glusterfs-common so keep it for now for bpo
--# --enable-glusterfs
-- libglusterfs-dev|glusterfs-common,
  # --enable-vnc-sasl
   libsasl2-dev,
  # --disable-sdl
@@ -78,6 +73,8 @@ Build-Depends: debhelper (>= 11),
   libspice-protocol-dev (>= 0.12.3~) [linux-amd64 linux-i386 linux-arm64],
  # --enable-rdma
   librdmacm-dev, libibverbs-dev, libibumad-dev,
++# --enable-libpmem linux-amd64
++ libpmem-dev [amd64],
  # --enable-libusb	linux-*
   libusb-1.0-0-dev (>= 2:1.0.13~) [linux-any],
  # --enable-usb-redir	linux-*
@@ -85,9 +82,6 @@ Build-Depends: debhelper (>= 11),
  # --enable-libssh
   libssh-dev,
  # vde is debian-only since ubuntu/vde2 is in universe
--# --enable-vde
-- libvdeplug-dev,
--# --enable-xen	linux-amd64|linux-i386
   libxen-dev [linux-amd64 linux-i386],
  # --enable-nettle
   nettle-dev,
@@ -124,8 +118,10 @@ Build-Depends-Indep:
  Build-Conflicts: oss4-dev
  Standards-Version: 3.9.8
  Homepage: http://www.qemu.org/
--Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
--Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
++XS-Debian-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
++XS-Debian-Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
++Vcs-Browser: https://git.launchpad.net/ubuntu/+source/qemu
++Vcs-Git: https://git.launchpad.net/ubuntu/+source/qemu
  Package: qemu
  Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
@@ -156,6 +152,7 @@ Depends: ${misc:Depends},
   qemu-system-ppc,
   qemu-system-sparc,
   qemu-system-x86,
++ qemu-system-s390x,
   qemu-system-misc
  Description: QEMU full system emulation binaries
   QEMU is a fast processor emulator: currently the package supports
@@ -187,7 +184,9 @@ Package: qemu-system-data
  Architecture: all
  Multi-Arch: foreign
  Conflicts: sgabios
--Replaces: qemu-system-common (<< 1:2.12+dfsg-2~), sgabios
++Replaces: qemu-system-common (<< 1:2.12+dfsg-2~), sgabios,
++    qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
++Breaks: qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
  Provides: qemu-keymaps, sgabios
  Depends: ${misc:Depends}
  Description: QEMU full system emulation (data files)
@@ -201,7 +200,10 @@ Multi-Arch: foreign
  Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
  Breaks:   qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
  Depends: ${misc:Depends}, ${shlibs:Depends},
++ qemu-block-extra (= ${binary:Version}),
++ powerpc-utils [ppc64el],
  # to fix wrong acl for newly created device node on ubuntu:
++ acl
  Description: QEMU full system emulation binaries (common files)
   QEMU is a fast processor emulator: currently the package supports
   ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
@@ -252,6 +254,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 1:2.12~), qe
  Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
  # aarch64 arm uses bootroms
   ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~),
++ ipxe-qemu-256k-compat-efi-roms,
   qemu-efi-aarch64, qemu-efi-arm
  Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
  Provides: ${sysprovides:arm}
@@ -296,9 +299,10 @@ Multi-Arch: foreign
  Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 1:2.12~), qemu-system-data (>> ${source:Version}~),
   qemu-slof,
  # ubuntu can't Depend on openbios-ppc and openhackware as they're in universe
-- openbios-ppc (>= 1.1+svn1229), openhackware
  Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
++ openbios-ppc (>= 1.1+svn1229), openhackware
  Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
++ ipxe-qemu-256k-compat-efi-roms,
  # ppc targets use vgabios-stdvga and bootroms
   seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
  Provides: ${sysprovides:ppc}
@@ -320,11 +324,11 @@ Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386
  Multi-Arch: foreign
  Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 1:2.12~), qemu-system-data (>> ${source:Version}~),
  # ubuntu/openbios-sparc is in universe
-- openbios-sparc (>> 1.1+svn1395-1~)
  Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
  # sparc64 uses vgabios-stdvga and bootroms
   seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
  Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
++ openbios-sparc (>> 1.1+svn1395-1~)
  Provides: ${sysprovides:sparc}
  Description: QEMU full system emulation binaries (sparc)
   QEMU is a fast processor emulator: currently the package supports
@@ -343,12 +347,13 @@ Package: qemu-system-x86
  Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
  Multi-Arch: foreign
  Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 1:2.12~), qemu-system-data (>> ${source:Version}~),
++ ipxe-qemu-256k-compat-efi-roms,
   seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
  Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
   ovmf,
++ cpu-checker
  Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
   sgabios,
--# can we recommend ovmf on ubuntu the same way as on debian?
  Provides: ${sysprovides:x86}
  Description: QEMU full system emulation binaries (x86)
   QEMU is a fast processor emulator: currently the package supports
@@ -433,8 +438,10 @@ Package: qemu-utils
  Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
  Multi-Arch: foreign
  Breaks: qemu-system-common (<< 1:3.1+dfsg-3~)
--Depends: ${shlibs:Depends}, ${misc:Depends}
--Suggests: debootstrap, qemu-block-extra (= ${binary:Version}),
++Depends: ${shlibs:Depends}, ${misc:Depends},
++ qemu-block-extra (= ${binary:Version})
++Recommends: sharutils
++Suggests: debootstrap,
  Description: QEMU utilities
   QEMU is a fast processor emulator: currently the package supports
   ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
@@ -472,11 +479,73 @@ Description: Guest-side qemu-system agent
   qemu virtual machine.  It is not used on the host.
  Package: qemu-kvm
--Architecture: i386 amd64
++Architecture: i386 amd64 x32 armhf armel arm64 powerpc ppc64 ppc64el s390x
  Multi-Arch: foreign
  Pre-Depends: ${misc:Pre-Depends}
--Depends: ${misc:Depends}, qemu-system-x86
++Depends:
++ ${misc:Depends},
++ qemu-system-x86 (= ${binary:Version}) [i386 amd64 x32],
++ qemu-system-arm (= ${binary:Version}) [armhf armel arm64],
++ qemu-system-ppc (= ${binary:Version}) [powerpc ppc64 ppc64el],
++ qemu-system-s390x (= ${binary:Version}) [s390x],
++ powerpc-utils [ppc64el],
  Description: QEMU Full virtualization on x86 hardware
   QEMU is a fast processor emulator.  This package provides just a wrapper
   script /usr/bin/kvm which run qemu-system-x86 in kvm mode for backwards
   compatibility.
++
++Package: qemu-system-s390x
++Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64
++Multi-Arch: foreign
++Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 2.0.0+dfsg-8~), qemu-system-data (>> ${source:Version}~),
++Recommends: qemu-utils,
++Suggests: qemu-block-extra (= ${binary:Version}),
++Provides: ${sysprovides:s390x}
++Breaks: qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
++Replaces: qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
++Description: QEMU full system emulation binaries (s390x)
++ QEMU is a fast processor emulator: currently the package supports
++ s390x emulation. By using dynamic translation it achieves reasonable
++ speed while being easy to port on new host CPUs.
++ .
++ This package provides the full system emulation binaries to emulate
++ the following s390x hardware: ${sysarch:s390x}.
++ .
++ In system emulation mode QEMU emulates a full system, including a processor
++ and various peripherals.  It enables easier testing and debugging of system
++ code.  It can also be used to provide virtual hosting of several virtual
++ machines on a single server.
++
++# xen support generally is disabled, this is an extra build with xen enabled
++# as needed by xen-utils-4.11 [amd64 arm64 armhf i386]
++# Xen will depend on this; this package and the main qemu-system-x86 are
++# mutually exclusive
++Package: qemu-system-x86-xen
++Architecture:  amd64 i386
++Multi-Arch: foreign
++Depends:
++ ${shlibs:Depends},
++ ${misc:Depends},
++ qemu-system-common (>> ${source:Version}~),
++ qemu-system-data (>> ${source:Version}~),
++ ipxe-qemu,
++Recommends:
++ qemu-system-gui (= ${binary:Version}),
++ qemu-utils,
++ seabios,
++Suggests:
++ qemu-block-extra (= ${binary:Version}),
++ ovmf,
++Conflicts: qemu-system-x86
++Description: QEMU full system emulation binaries (x86)
++ QEMU is a fast processor emulator: currently the package supports
++ i386 and x86-64 emulation. By using dynamic translation it achieves
++ reasonable speed while being easy to port on new host CPUs.
++ .
++ This package provides the full system emulation binaries to emulate
++ the following x86 hardware: ${sysarch:x86-xen}.
++ .
++ In comparison to the main qemu-system-x86 this package has xen support
++ enabled, but is only maintained as universe package. Qemu with xen support
++ is needed to run Xen in HVM mode. For any other use case you should install
++ and use qemu-system-x86 instead.
 diff --git a/debian/control-in b/debian/control-in
 index 1289416..2e06ee3 100644
 --- a/debian/control-in
 +++ b/debian/control-in
@@ -7,7 +7,7 @@ Priority: optional
  Uploaders: Aurelien Jarno <aurel32@debian.org>,
  	Riku Voipio <riku.voipio@iki.fi>,
  	Michael Tokarev <mjt@tls.msk.ru>
--Build-Depends: debhelper (>= 11),
++Build-Depends: debhelper (>= 12),
  # In comments below we also specify (system-specific) arguments
  # to qemu's configure script, -- optional features which depend
  # on build-dependencies.
@@ -18,8 +18,8 @@ Build-Depends: debhelper (>= 11),
   texinfo, python3-sphinx,
  # iasl (from acpica-tools) is used only in a single test these days, not for building
  # acpica-tools,
--# --enable-capstone=system
-- libcapstone-dev,
++:debian:# --enable-capstone=system
++:debian: libcapstone-dev,
  # --enable-linux-aio	linux-*
   libaio-dev [linux-any],
  # --audio-drv-list=pa,alsa,oss	linux-*
@@ -29,8 +29,8 @@ Build-Depends: debhelper (>= 11),
  # for virtfs
  # --enable-attr
   libattr1-dev,
--# --enable-bluez	linux-*
-- libbluetooth-dev [linux-any],
++# bluetooth subsystem got deprecated by upstream
++# --disable-bluez
  # --enable-brlapi
   libbrlapi-dev,
  # --enable-virtfs	linux-*
@@ -56,8 +56,8 @@ Build-Depends: debhelper (>= 11),
   libepoxy-dev, libdrm-dev, libgbm-dev,
  :debian:# --enable-libnfs
  :debian: libnfs-dev (>> 1.9.3),
--# --enable-numa	i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc
-- libnuma-dev   [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc],
++# --enable-numa	i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc|s390x
++ libnuma-dev   [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc s390x],
  # --enable-smartcard
   libcacard-dev,
   libpixman-1-dev,
@@ -79,6 +79,8 @@ Build-Depends: debhelper (>= 11),
   libspice-protocol-dev (>= 0.12.3~) [linux-amd64 linux-i386 linux-arm64],
  # --enable-rdma
   librdmacm-dev, libibverbs-dev, libibumad-dev,
++# --enable-libpmem linux-amd64
++ libpmem-dev [amd64],
  # --enable-libusb	linux-*
   libusb-1.0-0-dev (>= 2:1.0.13~) [linux-any],
  # --enable-usb-redir	linux-*
@@ -88,7 +90,7 @@ Build-Depends: debhelper (>= 11),
  # vde is debian-only since ubuntu/vde2 is in universe
  :debian:# --enable-vde
  :debian: libvdeplug-dev,
--# --enable-xen	linux-amd64|linux-i386
++:debian:# --enable-xen	linux-amd64|linux-i386
   libxen-dev [linux-amd64 linux-i386],
  # --enable-nettle
   nettle-dev,
@@ -126,11 +128,11 @@ Build-Conflicts: oss4-dev
  Standards-Version: 3.9.8
  Homepage: http://www.qemu.org/
  :debian:Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
--:ubuntu:Vcs-Browser: https://salsa.debian.org/qemu-team/qemu/commits/ubuntu-utopic
--:ubuntu:XS-Debian-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
  :debian:Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
--:ubuntu:Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git -b ubuntu-utopic
++:ubuntu:XS-Debian-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
  :ubuntu:XS-Debian-Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
++:ubuntu:Vcs-Browser: https://git.launchpad.net/ubuntu/+source/qemu
++:ubuntu:Vcs-Git: https://git.launchpad.net/ubuntu/+source/qemu
  Package: qemu
  Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
@@ -161,6 +163,7 @@ Depends: ${misc:Depends},
   qemu-system-ppc,
   qemu-system-sparc,
   qemu-system-x86,
++:ubuntu: qemu-system-s390x,
   qemu-system-misc
  Description: QEMU full system emulation binaries
   QEMU is a fast processor emulator: currently the package supports
@@ -192,7 +195,9 @@ Package: qemu-system-data
  Architecture: all
  Multi-Arch: foreign
  Conflicts: sgabios
--Replaces: qemu-system-common (<< 1:2.12+dfsg-2~), sgabios
++Replaces: qemu-system-common (<< 1:2.12+dfsg-2~), sgabios,
++:ubuntu:    qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
++:ubuntu:Breaks: qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
  Provides: qemu-keymaps, sgabios
  Depends: ${misc:Depends}
  Description: QEMU full system emulation (data files)
@@ -206,6 +211,8 @@ Multi-Arch: foreign
  Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
  Breaks:   qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
  Depends: ${misc:Depends}, ${shlibs:Depends},
++:ubuntu: qemu-block-extra (= ${binary:Version}),
++:ubuntu: powerpc-utils [ppc64el],
  # to fix wrong acl for newly created device node on ubuntu:
  :ubuntu: acl
  Description: QEMU full system emulation binaries (common files)
@@ -258,9 +265,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 1:2.12~), qe
  Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
  # aarch64 arm uses bootroms
   ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~),
--:debian: qemu-efi-aarch64, qemu-efi-arm
++:ubuntu: ipxe-qemu-256k-compat-efi-roms,
++ qemu-efi-aarch64, qemu-efi-arm
  Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
--:ubuntu: qemu-efi-aarch64, qemu-efi-arm
  Provides: ${sysprovides:arm}
  Description: QEMU full system emulation binaries (arm)
   QEMU is a fast processor emulator: currently the package supports
@@ -307,6 +314,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 1:2.12~), qe
  Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
  :ubuntu: openbios-ppc (>= 1.1+svn1229), openhackware
  Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
++:ubuntu: ipxe-qemu-256k-compat-efi-roms,
  # ppc targets use vgabios-stdvga and bootroms
   seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
  Provides: ${sysprovides:ppc}
@@ -352,14 +360,13 @@ Package: qemu-system-x86
  Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
  Multi-Arch: foreign
  Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 1:2.12~), qemu-system-data (>> ${source:Version}~),
++:ubuntu: ipxe-qemu-256k-compat-efi-roms,
   seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
  Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
--:debian: ovmf,
++ ovmf,
  :ubuntu: cpu-checker
  Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
   sgabios,
--# can we recommend ovmf on ubuntu the same way as on debian?
--:ubuntu: ovmf,
  Provides: ${sysprovides:x86}
  Description: QEMU full system emulation binaries (x86)
   QEMU is a fast processor emulator: currently the package supports
@@ -444,8 +451,11 @@ Package: qemu-utils
  Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
  Multi-Arch: foreign
  Breaks: qemu-system-common (<< 1:3.1+dfsg-3~)
--Depends: ${shlibs:Depends}, ${misc:Depends}
--Suggests: debootstrap, qemu-block-extra (= ${binary:Version}),
++Depends: ${shlibs:Depends}, ${misc:Depends},
++:ubuntu: qemu-block-extra (= ${binary:Version})
++:ubuntu:Recommends: sharutils
++Suggests: debootstrap,
++:debian: qemu-block-extra (= ${binary:Version}),
  Description: QEMU utilities
   QEMU is a fast processor emulator: currently the package supports
   ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
@@ -484,11 +494,73 @@ Description: Guest-side qemu-system agent
  Package: qemu-kvm
  :debian:Architecture: i386 amd64
--:ubuntu:Architecture: i386 amd64 armhf armel powerpc sparc
++:ubuntu:Architecture: i386 amd64 x32 armhf armel arm64 powerpc ppc64 ppc64el s390x
  Multi-Arch: foreign
  Pre-Depends: ${misc:Pre-Depends}
--Depends: ${misc:Depends}, qemu-system-x86
++Depends:
++ ${misc:Depends},
++ qemu-system-x86 (= ${binary:Version}) [i386 amd64 x32],
++ qemu-system-arm (= ${binary:Version}) [armhf armel arm64],
++ qemu-system-ppc (= ${binary:Version}) [powerpc ppc64 ppc64el],
++:ubuntu: qemu-system-s390x (= ${binary:Version}) [s390x],
++:ubuntu: powerpc-utils [ppc64el],
  Description: QEMU Full virtualization on x86 hardware
   QEMU is a fast processor emulator.  This package provides just a wrapper
   script /usr/bin/kvm which run qemu-system-x86 in kvm mode for backwards
   compatibility.
++
++:ubuntu:Package: qemu-system-s390x
++:ubuntu:Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64
++:ubuntu:Multi-Arch: foreign
++:ubuntu:Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> 2.0.0+dfsg-8~), qemu-system-data (>> ${source:Version}~),
++:ubuntu:Recommends: qemu-utils,
++:ubuntu:Suggests: qemu-block-extra (= ${binary:Version}),
++:ubuntu:Provides: ${sysprovides:s390x}
++:ubuntu:Breaks: qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
++:ubuntu:Replaces: qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
++:ubuntu:Description: QEMU full system emulation binaries (s390x)
++:ubuntu: QEMU is a fast processor emulator: currently the package supports
++:ubuntu: s390x emulation. By using dynamic translation it achieves reasonable
++:ubuntu: speed while being easy to port on new host CPUs.
++:ubuntu: .
++:ubuntu: This package provides the full system emulation binaries to emulate
++:ubuntu: the following s390x hardware: ${sysarch:s390x}.
++:ubuntu: .
++:ubuntu: In system emulation mode QEMU emulates a full system, including a processor
++:ubuntu: and various peripherals.  It enables easier testing and debugging of system
++:ubuntu: code.  It can also be used to provide virtual hosting of several virtual
++:ubuntu: machines on a single server.
++
++:ubuntu:# xen support generally is disabled, this is an extra build with xen enabled
++:ubuntu:# as needed by xen-utils-4.11 [amd64 arm64 armhf i386]
++:ubuntu:# Xen will depend on this; this package and the main qemu-system-x86 are
++:ubuntu:# mutually exclusive
++:ubuntu:Package: qemu-system-x86-xen
++:ubuntu:Architecture:  amd64 i386
++:ubuntu:Multi-Arch: foreign
++:ubuntu:Depends:
++:ubuntu: ${shlibs:Depends},
++:ubuntu: ${misc:Depends},
++:ubuntu: qemu-system-common (>> ${source:Version}~),
++:ubuntu: qemu-system-data (>> ${source:Version}~),
++:ubuntu: ipxe-qemu,
++:ubuntu:Recommends:
++:ubuntu: qemu-system-gui (= ${binary:Version}),
++:ubuntu: qemu-utils,
++:ubuntu: seabios,
++:ubuntu:Suggests:
++:ubuntu: qemu-block-extra (= ${binary:Version}),
++:ubuntu: ovmf,
++:ubuntu:Conflicts: qemu-system-x86
++:ubuntu:Description: QEMU full system emulation binaries (x86)
++:ubuntu: QEMU is a fast processor emulator: currently the package supports
++:ubuntu: i386 and x86-64 emulation. By using dynamic translation it achieves
++:ubuntu: reasonable speed while being easy to port on new host CPUs.
++:ubuntu: .
++:ubuntu: This package provides the full system emulation binaries to emulate
++:ubuntu: the following x86 hardware: ${sysarch:x86-xen}.
++:ubuntu: .
++:ubuntu: In comparison to the main qemu-system-x86 this package has xen support
++:ubuntu: enabled, but is only maintained as universe package. Qemu with xen support
++:ubuntu: is needed to run Xen in HVM mode. For any other use case you should install
++:ubuntu: and use qemu-system-x86 instead.
 diff --git a/debian/kvm.arm32 b/debian/kvm.arm32
 new file mode 100644
 index 0000000..2138f46
 --- /dev/null
 +++ b/debian/kvm.arm32
@@ -0,0 +1,2 @@
++#!/bin/sh
++exec qemu-system-arm -enable-kvm "$@"
 diff --git a/debian/kvm.arm64 b/debian/kvm.arm64
 new file mode 100644
 index 0000000..1764712
 --- /dev/null
 +++ b/debian/kvm.arm64
@@ -0,0 +1,2 @@
++#!/bin/sh
++exec qemu-system-aarch64 -enable-kvm "$@"
 diff --git a/debian/kvm.powerpc b/debian/kvm.powerpc
 new file mode 100644
 index 0000000..e6c10e1
 --- /dev/null
 +++ b/debian/kvm.powerpc
@@ -0,0 +1,13 @@
++#!/bin/sh
++set -f
++
++SMT=$(/usr/sbin/ppc64_cpu --smt 2>&1 | grep "SMT=[248]")
++if [ -n "$SMT" ]
++then
++  if grep -q -e '^cpu\s*:\s*POWER8'  /proc/cpuinfo; then
++    echo "Error: You must disable SMT if you want to run QEMU/KVM on Power8 based ppc64le architecture"
++    echo "In order to disable SMT, run: # ppc64_cpu --smt=off"
++  fi
++fi
++
++exec qemu-system-ppc64 -enable-kvm "$@"
 diff --git a/debian/kvm.s390x b/debian/kvm.s390x
 new file mode 100644
 index 0000000..0171120
 --- /dev/null
 +++ b/debian/kvm.s390x
@@ -0,0 +1,2 @@
++#!/bin/sh
++exec qemu-system-s390x -enable-kvm "$@"
 diff --git a/debian/kvm b/debian/kvm.x86
 similarity index 50%
 rename from debian/kvm
 rename to debian/kvm.x86
 old mode 100755
 new mode 100644
 index 2e89893..43c0b24
 --- a/debian/kvm
 +++ b/debian/kvm.x86
@@ -1,2 +1,2 @@
--#! /bin/sh
++#!/bin/sh
  exec qemu-system-x86_64 -enable-kvm "$@"
 diff --git a/debian/not-installed b/debian/not-installed
 new file mode 100644
 index 0000000..8d78526
 --- /dev/null
 +++ b/debian/not-installed
@@ -0,0 +1,4 @@
++usr/share/doc/qemu/interop
++usr/share/icons
++usr/share/applications/qemu.desktop
++usr/bin/elf2dmp
 diff --git a/debian/patches/lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch b/debian/patches/lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch
 new file mode 100644
 index 0000000..6dc0fdc
 --- /dev/null
 +++ b/debian/patches/lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch
@@ -0,0 +1,43 @@
++From 725fe5d10dbd4259b1853b7d253cef83a3c0d22a Mon Sep 17 00:00:00 2001
++From: Li Hangjing <lihangjing@baidu.com>
++Date: Mon, 16 Dec 2019 10:30:50 +0800
++Subject: [PATCH] virtio-blk: fix out-of-bounds access to bitmap in
++ notify_guest_bh
++
++When the number of a virtio-blk device's virtqueues is larger than
++BITS_PER_LONG, the out-of-bounds access to bitmap[ ] will occur.
++
++Fixes: e21737ab15 ("virtio-blk: multiqueue batch notify")
++Cc: qemu-stable@nongnu.org
++Cc: Stefan Hajnoczi <stefanha@redhat.com>
++Signed-off-by: Li Hangjing <lihangjing@baidu.com>
++Reviewed-by: Xie Yongji <xieyongji@baidu.com>
++Reviewed-by: Chai Wen <chaiwen@baidu.com>
++Message-id: 20191216023050.48620-1-lihangjing@baidu.com
++Message-Id: <20191216023050.48620-1-lihangjing@baidu.com>
++Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
++
++Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=725fe5d10dbd4259b1853b7d253cef83a3c0d22a
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1859527
++Last-Update: 2020-01-22
++
++---
++ hw/block/dataplane/virtio-blk.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
++index 119906a5fe..1b52e8159c 100644
++--- a/hw/block/dataplane/virtio-blk.c
+++++ b/hw/block/dataplane/virtio-blk.c
++@@ -67,7 +67,7 @@ static void notify_guest_bh(void *opaque)
++     memset(s->batch_notify_vqs, 0, sizeof(bitmap));
++
++     for (j = 0; j < nvqs; j += BITS_PER_LONG) {
++-        unsigned long bits = bitmap[j];
+++        unsigned long bits = bitmap[j / BITS_PER_LONG];
++
++         while (bits != 0) {
++             unsigned i = j + ctzl(bits);
++--
++2.25.0
++
 diff --git a/debian/patches/series b/debian/patches/series
 index a345b42..1873488 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -1,2 +1,12 @@
  use-fixed-data-path.patch
  bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch
++
++# ubuntu patches
++ubuntu/expose-vmx_qemu64cpu.patch
++ubuntu/enable-svm-by-default.patch
++ubuntu/define-ubuntu-machine-types.patch
++ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
++ubuntu/lp-1857033-i386-Add-MSR-feature-bit-for-MDS-NO.patch
++ubuntu/lp-1857033-i386-Add-macro-for-stibp.patch
++ubuntu/lp-1857033-i386-Add-new-CPU-model-Cooperlake.patch
++lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch
 diff --git a/debian/patches/ubuntu/define-ubuntu-machine-types.patch b/debian/patches/ubuntu/define-ubuntu-machine-types.patch
 new file mode 100644
 index 0000000..11a09a8
 --- /dev/null
 +++ b/debian/patches/ubuntu/define-ubuntu-machine-types.patch
@@ -0,0 +1,633 @@
++Description: Carry Ubuntu specific machine types
++
++Since Ubuntu is a downstream of qemu carrying patches it needs custom machine
++types to be able to identify and manage the delta that might affect machine
++types.
++
++This is an important piece to keep cross release migration supported for any
++downstream.
++
++Since the p->t transition these types are mostly stable copies of the upstream
++type (in the past this was more unstable upstream, so there was more delta),
++but they need to stay specific to reflect the delta we have. And even more so
++to have something to base off for affecting SRU changes.
++
++Also add a hint if instantiating fails due to now unsupported old guest
++types (LP: #1637936).
++
++Package maintainers please see https://wiki.ubuntu.com/QemuKVMMigration when
++maintaining this patch on SRU, merge or other packaging activity.
++While support on a type is dropped with the Release going EOL we never drop the
++type itself as long as it is maintainable. This will give people an extra
++chance to migrate and avoid issues like LP: 1802944.
++
++##
++
++This later on got extended by further ubuntu specific machine type changes:
++LP 1776189: Add a -hpb Ubuntu specific machine type suffix
++
++This works already fine on commandline, but Libvirt and other stacks above
++have no exploitation yet. Using a machine type has the benefit of being already
++controllable by most upper layer software like Libvirt (type= in os tag) but
++even up to Openstack (nova.conf or per image metadata on hw_machine_type).
++
++This is based on a discussion:
++   https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1769053
++
++A similar change is in CentOS/RH (there the default is switched, without
++even a way to go back.
++But since this can cause issues e.g. when migrating
++across hosts with different characteristics, it is not set as the default
++in Ubuntu with this change.
++
++Further we want to avoid "machine type proliferation", so we certainly won't
++add a type for every feature. But using a huge guest is more common and
++otherwise not yet achievable.
++
++This can be dropped when:
++ - libvirt exposes phys-bits/host-phys-bits natively
++ - at least the important stacks above exploit that config
++As an alternative we might decide at some point to make it the default without
++a way to switch back in following releases, but for now we don't want to do so.
++
++##
++
++This later on got extended by further ubuntu specific machine type changes:
++LP 1761372: special type for ppc64 meltdown/spectre defaults
++
++Upstresm 2.12 is not yet set in stone (almost but not full), and we ship 2.11
++with backports. SO we don't want to make a 2.12 machine type fully recommended
++yet.
++PPC was following x86 in providing a non default convenience type that has the
++spectre/meltdown flags toggled - in bug 1761372 we were requested to carry the
++same - but we agreed to do so as a 2.11 based type.
++
++Note I: x86 changes CPU types with -IBRS suffix, power chose to change machine
++types.
++
++Note II: this change can be squashed into ubuntu-machine-types.patch >=2.12
++where the base content will exist in the upstream source instead of
++patches on top.
++
++##
++
++[1] introduced a major regression into the 4.0 types by setting split
++irqchip to be the default. This was corrected by [2] and the fix further
++modified by [3] which overall adds a 4.0.1 machine type in qemu 4.1 (not
++yet released) and probably eventually stable branches.
++We will follow upstream with the upstream types, but the Ubuntu types so
++far didn't release a 4.0 type yet so for us we can fix it on the initial
++release right away.
++
++[1]: https://git.qemu.org/?p=qemu.git;a=commit;h=b2fc91db
++[2]: https://git.qemu.org/?p=qemu.git;a=commit;h=c87759ce
++[3]: https://git.qemu.org/?p=qemu.git;a=commit;h=8e8cbed0
++
++##
++
++Original-Author: Serge Hallyn <serge.hallyn@ubuntu.com>
++Original-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1304107
++Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1621042
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1776189
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1761372
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1829868
++Forwarded: not-needed
++Forward-info: downstream decision
++
++--- a/hw/i386/pc_piix.c
+++++ b/hw/i386/pc_piix.c
++@@ -429,7 +429,7 @@ static void pc_i440fx_4_2_machine_option
++     PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++     pc_i440fx_machine_options(m);
++     m->alias = "pc";
++-    m->is_default = 1;
+++    m->is_default = 0;
++     pcmc->default_cpu_version = 1;
++ }
++
++@@ -1026,3 +1026,175 @@ static void xenfv_machine_options(Machin
++ DEFINE_PC_MACHINE(xenfv, "xenfv", pc_xen_hvm_init,
++                   xenfv_machine_options);
++ #endif
+++
+++/* Ubuntu machine types */
+++static void pc_trusty_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_0_machine_options(m);
+++    m->desc = "Ubuntu 14.04 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(trusty, "pc-i440fx-trusty", pc_compat_2_0_fn,
+++                      pc_trusty_machine_options)
+++
+++static void pc_xenial_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_5_machine_options(m);
+++    m->desc = "Ubuntu 16.04 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(xenial, "pc-i440fx-xenial", NULL,
+++                      pc_xenial_machine_options);
+++
+++static void pc_yakkety_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_6_machine_options(m);
+++    m->desc = "Ubuntu 16.10 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(yakkety, "pc-i440fx-yakkety", NULL,
+++                      pc_yakkety_machine_options);
+++
+++static void pc_zesty_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_8_machine_options(m);
+++    m->desc = "Ubuntu 17.04 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(zesty, "pc-i440fx-zesty", NULL,
+++                      pc_zesty_machine_options);
+++
+++static void pc_artful_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_10_machine_options(m);
+++    m->desc = "Ubuntu 17.10 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(artful, "pc-i440fx-artful", NULL,
+++                      pc_artful_machine_options);
+++
+++static void pc_bionic_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_11_machine_options(m);
+++    m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(bionic, "pc-i440fx-bionic", NULL,
+++                      pc_bionic_machine_options);
+++
+++static void pc_bionic_hpb_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_11_machine_options(m);
+++    m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, +host-phys-bits=true, 1996)";
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_I440FX_MACHINE(bionic_hpb, "pc-i440fx-bionic-hpb", NULL,
+++                      pc_bionic_hpb_machine_options);
+++
+++static void pc_cosmic_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_12_machine_options(m);
+++    m->desc = "Ubuntu 18.10 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(cosmic, "pc-i440fx-cosmic", NULL,
+++                      pc_cosmic_machine_options);
+++
+++static void pc_cosmic_hpb_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_2_12_machine_options(m);
+++    m->desc = "Ubuntu 18.10 PC (i440FX + PIIX +host-phys-bits=true, 1996)";
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_I440FX_MACHINE(cosmic_hpb, "pc-i440fx-cosmic-hpb", NULL,
+++                      pc_cosmic_hpb_machine_options);
+++
+++static void pc_disco_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_3_1_machine_options(m);
+++    m->desc = "Ubuntu 19.04 PC (i440FX + PIIX, 1996)";
+++}
+++DEFINE_I440FX_MACHINE(disco, "pc-i440fx-disco", NULL,
+++                      pc_disco_machine_options);
+++
+++static void pc_disco_hpb_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_3_1_machine_options(m);
+++    m->desc = "Ubuntu 19.04 PC (i440FX + PIIX +host-phys-bits=true, 1996)";
+++    m->alias = NULL;
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_I440FX_MACHINE(disco_hpb, "pc-i440fx-disco-hpb", NULL,
+++                      pc_disco_hpb_machine_options);
+++
+++static void pc_eoan_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_4_0_machine_options(m);
+++    m->desc = "Ubuntu 19.10 PC (i440FX + PIIX, 1996)";
+++    m->alias = NULL;
+++}
+++DEFINE_I440FX_MACHINE(eoan, "pc-i440fx-eoan", NULL,
+++                      pc_eoan_machine_options);
+++
+++static void pc_eoan_hpb_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_4_0_machine_options(m);
+++    m->desc = "Ubuntu 19.10 PC (i440FX + PIIX +host-phys-bits=true, 1996)";
+++    m->alias = NULL;
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_I440FX_MACHINE(eoan_hpb, "pc-i440fx-eoan-hpb", NULL,
+++                      pc_eoan_hpb_machine_options);
+++
+++static void pc_focal_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_4_0_machine_options(m);
+++    m->desc = "Ubuntu 20.04 PC (i440FX + PIIX, 1996)";
+++    m->alias = "ubuntu";
+++    m->is_default = 1;
+++}
+++DEFINE_I440FX_MACHINE(focal, "pc-i440fx-focal", NULL,
+++                      pc_focal_machine_options);
+++
+++static void pc_focal_hpb_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_4_0_machine_options(m);
+++    m->desc = "Ubuntu 20.04 PC (i440FX + PIIX +host-phys-bits=true, 1996)";
+++    m->alias = NULL;
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_I440FX_MACHINE(focal_hpb, "pc-i440fx-focal-hpb", NULL,
+++                      pc_focal_hpb_machine_options);
+++
+++/*
+++ * Due to bug 1621042 we have to consider the broken old wily machine
+++ * type as valid xenial type to ensure older VMs that got created prio
+++ * to fixing 1621042 will still work.
+++ * Therefore we have to keep it as-is (sans alias and being default) for
+++ * the same time we keep the fixed xenial type above.
+++ *
+++ * Further bug 1829868 identified issues due to the wily type being released
+++ * defined as a hybrid of pc_i440fx_2_4_machine_options and pc_compat_2_3.
+++ * That mismatch caused issues since qemu 2.11 due to some definitions
+++ * moving between those version references.
+++ * This introduces pc_i440fx_wily_machine_options which encapsulates the
+++ * old behavior as it was (this is the purpose of machine types).
+++ */
+++static void pc_i440fx_wily_machine_options(MachineClass *m)
+++{
+++    PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+++    pc_i440fx_2_4_machine_options(m);
+++    m->hw_version = "2.4.0";
+++    pcmc->broken_reserved_end = true;
+++    compat_props_add(m->compat_props, hw_compat_2_3, hw_compat_2_3_len);
+++    compat_props_add(m->compat_props, pc_compat_2_3, pc_compat_2_3_len);
+++}
+++
+++static void pc_wily_machine_options(MachineClass *m)
+++{
+++    pc_i440fx_wily_machine_options(m);
+++    pc_i440fx_machine_options(m);
+++    m->desc = "Ubuntu 15.04 PC (i440FX + PIIX, 1996)",
+++    m->default_display = "std";
+++}
+++
+++DEFINE_I440FX_MACHINE(wily, "pc-i440fx-wily", NULL,
+++                      pc_wily_machine_options);
++--- a/hw/i386/pc_q35.c
+++++ b/hw/i386/pc_q35.c
++@@ -533,3 +533,144 @@ static void pc_q35_2_4_machine_options(M
++
++ DEFINE_Q35_MACHINE(v2_4, "pc-q35-2.4", NULL,
++                    pc_q35_2_4_machine_options);
+++
+++/* Ubuntu machine types */
+++static void pc_q35_xenial_machine_options(MachineClass *m)
+++{
+++    pc_q35_2_5_machine_options(m);
+++    m->desc = "Ubuntu 16.04 PC (Q35 + ICH9, 2009)";
+++}
+++DEFINE_Q35_MACHINE(xenial, "pc-q35-xenial", NULL,
+++                   pc_q35_xenial_machine_options);
+++
+++static void pc_q35_yakkety_machine_options(MachineClass *m)
+++{
+++    pc_q35_2_6_machine_options(m);
+++    m->desc = "Ubuntu 16.10 PC (Q35 + ICH9, 2009)";
+++}
+++DEFINE_Q35_MACHINE(yakkety, "pc-q35-yakkety", NULL,
+++                   pc_q35_yakkety_machine_options);
+++
+++static void pc_q35_zesty_machine_options(MachineClass *m)
+++{
+++    pc_q35_2_8_machine_options(m);
+++    m->desc = "Ubuntu 17.04 PC (Q35 + ICH9, 2009)";
+++}
+++DEFINE_Q35_MACHINE(zesty, "pc-q35-zesty", NULL,
+++                   pc_q35_zesty_machine_options);
+++
+++static void pc_q35_artful_machine_options(MachineClass *m)
+++{
+++    pc_q35_2_10_machine_options(m);
+++    m->desc = "Ubuntu 17.10 PC (Q35 + ICH9, 2009)";
+++}
+++DEFINE_Q35_MACHINE(artful, "pc-q35-artful", NULL,
+++                   pc_q35_artful_machine_options);
+++
+++static void pc_q35_bionic_machine_options(MachineClass *m)
+++{
+++    pc_q35_2_11_machine_options(m);
+++    m->desc = "Ubuntu 18.04 PC (Q35 + ICH9, 2009)";
+++}
+++DEFINE_Q35_MACHINE(bionic, "pc-q35-bionic", NULL,
+++                   pc_q35_bionic_machine_options);
+++
+++static void pc_q35_bionic_hpb_machine_options(MachineClass *m)
+++{
+++    pc_q35_2_11_machine_options(m);
+++    m->desc = "Ubuntu 18.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)";
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_Q35_MACHINE(bionic_hpb, "pc-q35-bionic-hpb", NULL,
+++                   pc_q35_bionic_hpb_machine_options);
+++
+++static void pc_q35_cosmic_machine_options(MachineClass *m)
+++{
+++    /* yes that is "wrong" but has to stay that way for compatibility */
+++    pc_q35_2_11_machine_options(m);
+++    m->desc = "Ubuntu 18.10 PC (Q35 + ICH9, 2009)";
+++}
+++DEFINE_Q35_MACHINE(cosmic, "pc-q35-cosmic", NULL,
+++                   pc_q35_cosmic_machine_options);
+++
+++static void pc_q35_cosmic_hpb_machine_options(MachineClass *m)
+++{
+++    pc_q35_2_12_machine_options(m);
+++    m->desc = "Ubuntu 18.10 PC (Q35 + ICH9, +host-phys-bits=true, 2009)";
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_Q35_MACHINE(cosmic_hpb, "pc-q35-cosmic-hpb", NULL,
+++                   pc_q35_cosmic_hpb_machine_options);
+++
+++static void pc_q35_disco_machine_options(MachineClass *m)
+++{
+++    pc_q35_3_1_machine_options(m);
+++    m->desc = "Ubuntu 19.04 PC (Q35 + ICH9, 2009)";
+++}
+++DEFINE_Q35_MACHINE(disco, "pc-q35-disco", NULL,
+++                   pc_q35_disco_machine_options);
+++
+++static void pc_q35_disco_hpb_machine_options(MachineClass *m)
+++{
+++    pc_q35_3_1_machine_options(m);
+++    m->desc = "Ubuntu 19.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)";
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_Q35_MACHINE(disco_hpb, "pc-q35-disco-hpb", NULL,
+++                   pc_q35_disco_hpb_machine_options);
+++
+++static void pc_q35_eoan_machine_options(MachineClass *m)
+++{
+++    pc_q35_4_0_machine_options(m);
+++    m->desc = "Ubuntu 19.10 PC (Q35 + ICH9, 2009)";
+++    /*
+++     * [1] introduced a major regression into the 4.0 types by setting split
+++     * irqchip to be the default. This was corrected by [2] and the fix further
+++     * modified by [3] which overall adds a 4.0.1 machine type in qemu 4.1 (not
+++     * yet released) and probably eventually stable branches.
+++     * We will follow upstream with the upstream types, but the Ubuntu types so
+++     * far didn't release a 4.0 type yet so for us we can fix it on the initial
+++     * release right away.
+++     * [1]: https://git.qemu.org/?p=qemu.git;a=commit;h=b2fc91db
+++     * [2]: https://git.qemu.org/?p=qemu.git;a=commit;h=c87759ce
+++     * [3]: https://git.qemu.org/?p=qemu.git;a=commit;h=8e8cbed0
+++     */
+++    m->default_kernel_irqchip_split = false;
+++}
+++DEFINE_Q35_MACHINE(eoan, "pc-q35-eoan", NULL,
+++                   pc_q35_eoan_machine_options);
+++
+++static void pc_q35_eoan_hpb_machine_options(MachineClass *m)
+++{
+++    pc_q35_eoan_machine_options(m);
+++    m->desc = "Ubuntu 19.10 PC (Q35 + ICH9, +host-phys-bits=true, 2009)";
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_Q35_MACHINE(eoan_hpb, "pc-q35-eoan-hpb", NULL,
+++                   pc_q35_eoan_hpb_machine_options);
+++
+++static void pc_q35_focal_machine_options(MachineClass *m)
+++{
+++    pc_q35_4_2_machine_options(m);
+++    m->desc = "Ubuntu 20.04 PC (Q35 + ICH9, 2009)";
+++    /* The ubuntu alias and default is on the i440fx type. The
+++     * ubuntu-q35 alias auto-picks the most recent ubuntu q35 type */
+++    m->alias = "ubuntu-q35";
+++}
+++DEFINE_Q35_MACHINE(focal, "pc-q35-focal", NULL,
+++                   pc_q35_focal_machine_options);
+++
+++static void pc_q35_focal_hpb_machine_options(MachineClass *m)
+++{
+++    pc_q35_focal_machine_options(m);
+++    m->desc = "Ubuntu 20.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)";
+++    m->alias = NULL;
+++    compat_props_add(m->compat_props,
+++        host_phys_bits_compat, host_phys_bits_compat_len);
+++}
+++DEFINE_Q35_MACHINE(focal_hpb, "pc-q35-focal-hpb", NULL,
+++                   pc_q35_focal_hpb_machine_options);
++--- a/hw/ppc/spapr.c
+++++ b/hw/ppc/spapr.c
++@@ -4470,11 +4470,14 @@ static const TypeInfo spapr_machine_info
++ };
++
++ #define DEFINE_SPAPR_MACHINE(suffix, verstr, latest)                 \
+++    DEFINE_SPAPR_MACHINE_NAMED(suffix, suffix, verstr, latest)
+++
+++#define DEFINE_SPAPR_MACHINE_NAMED(qemuver, suffix, verstr, latest)  \
++     static void spapr_machine_##suffix##_class_init(ObjectClass *oc, \
++                                                     void *data)      \
++     {                                                                \
++         MachineClass *mc = MACHINE_CLASS(oc);                        \
++-        spapr_machine_##suffix##_class_options(mc);                  \
+++        spapr_machine_##qemuver##_class_options(mc);                 \
++         if (latest) {                                                \
++             mc->alias = "pseries";                                   \
++             mc->is_default = 1;                                      \
++@@ -4499,7 +4502,7 @@ static void spapr_machine_4_2_class_opti
++     /* Defaults for the latest behaviour inherited from the base class */
++ }
++
++-DEFINE_SPAPR_MACHINE(4_2, "4.2", true);
+++DEFINE_SPAPR_MACHINE(4_2, "4.2", false);
++
++ /*
++  * pseries-4.1
++@@ -4791,11 +4794,16 @@ DEFINE_SPAPR_MACHINE(2_6, "2.6", false);
++  * pseries-2.5
++  */
++
+++/*
+++ * ddw was backported to 2.6 (Yakkety), so we have to disable it in <=2.5
+++ * can be dropped when dropping Yakkety machine type (18.10)
+++ */
++ static void spapr_machine_2_5_class_options(MachineClass *mc)
++ {
++     SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++     static GlobalProperty compat[] = {
++         { "spapr-vlan", "use-rx-buffer-pools", "off" },
+++        { TYPE_SPAPR_PCI_HOST_BRIDGE, "ddw", "off" },
++     };
++
++     spapr_machine_2_6_class_options(mc);
++@@ -4864,6 +4872,30 @@ static void spapr_machine_2_1_class_opti
++ }
++ DEFINE_SPAPR_MACHINE(2_1, "2.1", false);
++
+++/* Ubuntu machine types */
+++DEFINE_SPAPR_MACHINE_NAMED(2_5, ubuntu_xenial, "xenial", false);
+++DEFINE_SPAPR_MACHINE_NAMED(2_6, ubuntu_yakkety, "yakkety", false);
+++DEFINE_SPAPR_MACHINE_NAMED(2_8, ubuntu_zesty, "zesty", false);
+++DEFINE_SPAPR_MACHINE_NAMED(2_10, ubuntu_artful, "artful", false);
+++DEFINE_SPAPR_MACHINE_NAMED(2_11, ubuntu_bionic, "bionic", false);
+++DEFINE_SPAPR_MACHINE_NAMED(2_12, ubuntu_cosmic, "cosmic", false);
+++DEFINE_SPAPR_MACHINE_NAMED(3_1, ubuntu_disco, "disco", false);
+++DEFINE_SPAPR_MACHINE_NAMED(4_0, ubuntu_eoan, "eoan", false);
+++DEFINE_SPAPR_MACHINE_NAMED(4_2, ubuntu_focal, "focal", true);
+++
+++/* Special 2.11 type for 1761372, since 2.12 is unreleased and 18.04 is 2.11 */
+++static void spapr_machine_2_11_sxxm_class_options(MachineClass *mc)
+++{
+++    SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+++
+++    spapr_machine_2_11_class_options(mc);
+++    smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
+++    smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
+++    smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_FIXED_CCD;
+++}
+++DEFINE_SPAPR_MACHINE_NAMED(2_11_sxxm, ubuntu_bionic_sxxm, "bionic-sxxm", false);
+++/* end Special 2.11 type for 1761372 */
+++
++ static void spapr_machine_register_types(void)
++ {
++     type_register_static(&spapr_machine_info);
++--- a/hw/s390x/s390-virtio-ccw.c
+++++ b/hw/s390x/s390-virtio-ccw.c
++@@ -610,12 +610,15 @@ bool css_migration_enabled(void)
++ }
++
++ #define DEFINE_CCW_MACHINE(suffix, verstr, latest)                            \
+++    DEFINE_CCW_MACHINE_NAMED(suffix, suffix, verstr, latest)
+++
+++#define DEFINE_CCW_MACHINE_NAMED(qemuver, suffix, verstr, latest)             \
++     static void ccw_machine_##suffix##_class_init(ObjectClass *oc,            \
++                                                   void *data)                 \
++     {                                                                         \
++         MachineClass *mc = MACHINE_CLASS(oc);                                 \
++-        ccw_machine_##suffix##_class_options(mc);                             \
++-        mc->desc = "VirtIO-ccw based S390 machine v" verstr;                  \
+++        ccw_machine_##qemuver##_class_options(mc);                            \
+++        mc->desc = "VirtIO-ccw based S390 machine " verstr;                   \
++         if (latest) {                                                         \
++             mc->alias = "s390-ccw-virtio";                                    \
++             mc->is_default = 1;                                               \
++@@ -625,7 +628,7 @@ bool css_migration_enabled(void)
++     {                                                                         \
++         MachineState *machine = MACHINE(obj);                                 \
++         current_mc = S390_MACHINE_CLASS(MACHINE_GET_CLASS(machine));          \
++-        ccw_machine_##suffix##_instance_options(machine);                     \
+++        ccw_machine_##qemuver##_instance_options(machine);                      \
++     }                                                                         \
++     static const TypeInfo ccw_machine_##suffix##_info = {                     \
++         .name = MACHINE_TYPE_NAME("s390-ccw-virtio-" verstr),                 \
++@@ -646,7 +649,7 @@ static void ccw_machine_4_2_instance_opt
++ static void ccw_machine_4_2_class_options(MachineClass *mc)
++ {
++ }
++-DEFINE_CCW_MACHINE(4_2, "4.2", true);
+++DEFINE_CCW_MACHINE(4_2, "4.2", false);
++
++ static void ccw_machine_4_1_instance_options(MachineState *machine)
++ {
++@@ -867,6 +870,17 @@ static void ccw_machine_2_4_class_option
++ }
++ DEFINE_CCW_MACHINE(2_4, "2.4", false);
++
+++/* Ubuntu machine types */
+++DEFINE_CCW_MACHINE_NAMED(2_5, ubuntu_xenial, "xenial", false);
+++DEFINE_CCW_MACHINE_NAMED(2_6, ubuntu_yakkety, "yakkety", false);
+++DEFINE_CCW_MACHINE_NAMED(2_8, ubuntu_zesty, "zesty", false);
+++DEFINE_CCW_MACHINE_NAMED(2_10, ubuntu_artful, "artful", false);
+++DEFINE_CCW_MACHINE_NAMED(2_11, ubuntu_bionic, "bionic", false);
+++DEFINE_CCW_MACHINE_NAMED(2_12, ubuntu_cosmic, "cosmic", false);
+++DEFINE_CCW_MACHINE_NAMED(3_1, ubuntu_disco, "disco", false);
+++DEFINE_CCW_MACHINE_NAMED(3_1, ubuntu_eoan, "eoan", false);
+++DEFINE_CCW_MACHINE_NAMED(4_2, ubuntu_focal, "focal", true);
+++
++ static void ccw_machine_register_types(void)
++ {
++     type_register_static(&ccw_machine_info);
++--- a/vl.c
+++++ b/vl.c
++@@ -2471,6 +2471,17 @@ static gint machine_class_cmp(gconstpoin
++                   object_class_get_name(OBJECT_CLASS(mc1)));
++ }
++
+++static int EndsWith(const char *str, const char *suffix)
+++{
+++    if (!str || !suffix)
+++        return 0;
+++    size_t lenstr = strlen(str);
+++    size_t lensuffix = strlen(suffix);
+++    if (lensuffix >  lenstr)
+++        return 0;
+++    return strncmp(str + lenstr - lensuffix, suffix, lensuffix) == 0;
+++}
+++
++ static MachineClass *machine_parse(const char *name, GSList *machines)
++ {
++     MachineClass *mc;
++@@ -2493,8 +2504,23 @@ static MachineClass *machine_parse(const
++
++     mc = find_machine(name, machines);
++     if (!mc) {
++-        error_report("unsupported machine type");
+++        error_report("unsupported machine type '%s'", name);
++         error_printf("Use -machine help to list supported machines\n");
+++
+++        /*
+++         * check for formerly supported, but now dropped distro
+++         * specific types. Add extra hint to the error on match.
+++         * This is arch-independent as it only checks for the suffix.
+++         */
+++        if (EndsWith(name, "precise") ||
+++            EndsWith(name, "utopic") ||
+++            EndsWith(name, "vivid")) {
+++            error_printf("The machine type is old and out of support now\n");
+++            error_printf("Please study https://wiki.ubuntu.com/"
+++                         "QemuKVMMigration#Upgrade_machine_type how to"
+++                         "upgrade machine types");
+++        }
+++
++         exit(1);
++     }
++     return mc;
++--- a/hw/i386/pc.c
+++++ b/hw/i386/pc.c
++@@ -109,6 +109,11 @@ const size_t pc_compat_4_1_len = G_N_ELE
++ GlobalProperty pc_compat_4_0[] = {};
++ const size_t pc_compat_4_0_len = G_N_ELEMENTS(pc_compat_4_0);
++

Ubuntuqemu package

Merge ~paelzer/ubuntu/+source/qemu:merge-focal/4.2-for-focal into ubuntu/+source/qemu:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
qemu package