Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:merge-5.1-4-HIRSUTE into ubuntu/+source/qemu:debian/sid

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. merge-5.1-4-HIRSUTE
  4. Merge into debian/sid
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: cbfb1102b8803c608139c2b175079e03a0020dfc
Merge reported by: Christian Ehrhardt 
Merged at revision: 7c8901a7dcec6cd6bd58bc05e4a057eea9d357d6
Proposed branch: ~paelzer/ubuntu/+source/qemu:merge-5.1-4-HIRSUTE
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 6297 lines (+5622/-29)
18 files modified
debian/changelog (+4098/-3)
debian/control (+90/-17)
debian/control-in (+59/-8)
debian/patches/series (+5/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+784/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/qemu-block-extra.postrm.in (+43/-0)
debian/qemu-block-extra.prerm.in (+45/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-gui.postrm.in (+44/-0)
debian/qemu-system-gui.prerm.in (+46/-0)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/rules (+71/-1)
Reviewer Review Type Date Requested Status
Lucas Kanashiro (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
Review via email: mp+393044@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4321/+packages

So far this is "drop a lot + carry the rest + usual updates", not much more.
But then testing has only started ... we will see how much happens until we consider this ready.

Never the less I'd appreciate a review on the current state so that we can handle any later changes (which in comparison are small then) much faster.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Almost forgot, I also have pushed tag:5.0-5ubuntu9-logical to help to compare the merge.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Summary:
I started with 85 patches after split, 71 without changelog and finally
64 after squashing
I also marked changes that are expected to drop (in commit message)
and expect 47 to be dropped.

Things work fine so far, I'll now merge libvirt alongside it to test them together.
As mentioned reviewing this already would be awesome.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI - the armhf build issue is discussed in bug 1890435 and shall not bother this for now.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

I am grabbing this MP for review.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

* Changelog:
  - [x] old content and logical tag match as expected
  - [√] changelog entry correct version and targeted codename
  - [√] changelog entries correct
  - [√] update-maintainer has been run

* Actual changes:
  - [√] no upstream changes to consider
  - [√] no further upstream version to consider
  - [√] debian changes look safe

* Old Delta:
  - [√] dropped changes are ok to be dropped
  - [√] nothing else to drop
  - [√] changes forwarded upstream/debian (if appropriate)

* New Delta:
  - [√] no new patches added
  - [-] patches match what was proposed upstream
  - [-] patches correctly included in debian/patches/series
  - [-] patches have correct DEP3 metadata

* Build/Test:
  - [√] build is ok
  - [√] verified PPA package installs/uninstalls
  - [-] autopkgtest against the PPA package passes
  - [√] sanity checks test fine

In short, LGTM, +1.

This is the first time I am reviewing a qemu MP (quite interesting, learned some packaging tricks along the way) so forgive me if I am missing anything.

A good portion of the delta was dropped either because they were applied upstream or Debian, that's great! I have just a single question about one piece of the current delta: the "improved dependencies" changes, were they proposed to Debian at some point? They do not seem strictly related to Ubuntu. If it was (maybe via a bug report? or salsa MP?) a link to it would be good IMHO.

I also think you forgot to push the git-ubuntu tags (those tags in the git repo under your namespace are outdated), however, I was able to follow the changes.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for your review Lucas.

There are two kinds of dependency deltas.
One set is for packages in universe and that doesn't bother Debian.
The other set - and that is probably the one you asked for - is related to the default installed block backends. That was discussed with Debian but they have a much less Openstack centric use case in mind and therefore didn't want that (maybe 3 years ago).
Unfortunately I haven't found a good bug/link to share. But I'll add a comment to the commit to help reviewers next time.

Tags, well better late than never.
5.0-5ubuntu9-logical (was there)
5.0-5ubuntu9-new-v1
5.0-5ubuntu9-orig
5.0-5ubuntu9-split

Unfortunately due to git-ubutu errors the imports and due to tat to some extend the usual workflow didn't work (and won't until we can handle .git dirs). But I should maybe have used a more common name scheme - my bad.

Thanks for the review.
The tests are still blocked by bug 1902540, but other than that we seem to be ready.

~paelzer/ubuntu/+source/qemu:merge-5.1-4-HIRSUTE updated
a52a4b1... by Christian Ehrhardt 

changelog: mention LP: #1897854

Signed-off-by: Christian Ehrhardt <email address hidden>

e552a0d... by Christian Ehrhardt 

changelog: fix wily machine type (LP: #1902654)

Signed-off-by: Christian Ehrhardt <email address hidden>

2262601... by Christian Ehrhardt 

fix wily machine type (LP: #1902654)

This is the same change as in 1:5.0-5ubuntu11 which happened while this
merge was ongoing. It will on the next merge be squashed into the base
define-ubuntu-machine-types.patch and since it is a fixup of an existing
delta does not need to be mentioned in the changelog as Dropped/Added.
It was added in 1:5.0-5ubuntu11 and remains as part of
  "Distribution specific machine type (LP: 1304107 1621042)"

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Pushed updates to the merge related to minor uploads that happened while this was in flight (no need to re-review).

~paelzer/ubuntu/+source/qemu:merge-5.1-4-HIRSUTE updated
9521553... by Christian Ehrhardt 

d/control, d/rules: build with gcc-9 on armhf as workaround until resolved in gcc-10 (LP: 1890435)

Signed-off-by: Christian Ehrhardt <email address hidden>

7c8901a... by Christian Ehrhardt 

changelog: build with gcc-9 on armhf as workaround until resolved in gcc-10 (LP: 1890435)

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

After debugging with Doko for weeks, we need to makr armhf to compile with gcc-9 for now due to bug 1890435.

That was done and all tests now passed.

One remaining issue in bug 1904584 that will be tracked separately.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/qemu
 * [new tag] upload/1%5.1+dfsg-4ubuntu1 -> upload/1%5.1+dfsg-4ubuntu1

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading qemu_5.1+dfsg-4ubuntu1.dsc: done.
  Uploading qemu_5.1+dfsg.orig.tar.xz: done.
  Uploading qemu_5.1+dfsg-4ubuntu1.debian.tar.xz: done.
  Uploading qemu_5.1+dfsg-4ubuntu1_source.buildinfo: done.
  Uploading qemu_5.1+dfsg-4ubuntu1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index ef7764a..3190cb0 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,131 @@
6+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
7+
8+ * Merge with Debian testing, remaining changes:
9+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
10+ - qemu-kvm to systemd unit
11+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
12+ hugepages and architecture specifics
13+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
14+ qemu-kvm-init
15+ - d/qemu-system-common.install: install helper script
16+ - d/qemu-system-common.qemu-kvm.default: defaults for
17+ /etc/default/qemu-kvm
18+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
19+ - Distribution specific machine type (LP: 1304107 1621042)
20+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
21+ types
22+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
23+ for host-phys-bits=true (LP: 1776189)
24+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
25+ - provide pseries-bionic-2.11-sxxm type as convenience with all
26+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
27+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
28+ - Enable nesting by default
29+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
30+ in qemu64 on amd
31+ [ No more strictly needed, but required for backward compatibility ]
32+ - improved dependencies
33+ - Make qemu-system-common depend on qemu-block-extra
34+ - Make qemu-utils depend on qemu-block-extra
35+ - let qemu-utils recommend sharutils
36+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
37+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
38+ reference 256k path
39+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
40+ handle incoming migrations from former releases.
41+ - d/control-in: Disable capstone disassembler library support (universe)
42+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
43+ - d/control*, d/rules: disable xen by default, but provide universe
44+ package qemu-system-x86-xen as alternative
45+ [includes compat links changes of 5.0-5ubuntu4]
46+ - allow qemu to load old modules post upgrade (LP 1847361)
47+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
48+ upgrade
49+ - d/rules: generate maintainer scripts matching package version on build
50+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
51+ - d/control: regenerate debian/control out of control-in
52+ * Dropped changes [in Debian or no more needed]
53+ - d/control-in: disable pmem on ppc64 as it is currently considered
54+ experimental on that architecture (pmdk v1.8-1)
55+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
56+ - d/rules: report config log from the correct subdir
57+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
58+ - Pick further changes for groovy from debian/master since 5.0-5
59+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
60+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
61+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
62+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
63+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
64+ - megasas-fix-possible-out-of-bounds-array-access.patch
65+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
66+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
67+ - a few patches from the stable series:
68+ - fix-tulip-breakage.patch
69+ - 9p-lock-directory-streams-with-a-CoMutex.patch
70+ Prevent deadlocks in 9pfs readdir code
71+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
72+ Fix newline accidentally sneaked into id string of a nic
73+ - qemu-nbd-close-inherited-stderr.patch
74+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
75+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
76+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
77+ - acpi-tmr-allow-2-byte-reads.patch
78+ - reapply CVE-2020-13253 fixes from upstream
79+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
80+ - linux-user-add-netlink-RTM_SETLINK-command.patch
81+ - d/control: since qemu-system-data now contains module(s),
82+ it can't be multi-arch. Ditto for qemu-block-extra.
83+ - qemu-system-foo: depend on exact version of qemu-system-data,
84+ due to the latter having modules
85+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
86+ This is another incarnation of the recent bugfix which actually enabled
87+ memory access constraints, like #964247
88+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
89+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
90+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
91+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
92+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
93+ - do not install outdated (0.12 and before) Changelog
94+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
95+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
96+ Closes: CVE-2020-15863
97+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
98+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
99+ another fix for revert-memory-accept-.. CVE-2020-13754
100+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
101+ - d/control-in: build-dep libcap is no more needed
102+ - arch aware kvm wrappers
103+ [upstream now automatically enables KVM if available and called with
104+ kvm* name, provides KVM as before but with auto-fallback to tcg.
105+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
106+ * Dropped changes [upstream now]
107+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
108+ setup_len
109+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
110+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
111+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
112+ from vfio-ccw (LP 1887935)
113+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
114+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
115+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
116+ SQXBR (LP 1883984)
117+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
118+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
119+ environments (LP 1887763)
120+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
121+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
122+ crashes it on shutdown (LP 1878973)
123+ - update d/p/ubuntu/lp-1835546-* to the final versions
124+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
125+ FTBFS in groovy
126+ * Added Changes:
127+ - update ubuntu machine types for hirsute@5.1
128+ - d/control: regenerated from d/control-in
129+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
130+ resolved in gcc-10 (LP: 1890435)
131+
132+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
133+
134 qemu (1:5.1+dfsg-4) unstable; urgency=high
135
136 * mention closing of CVE-2020-16092 by 5.1
137@@ -239,6 +367,298 @@ qemu (1:5.0-6) unstable; urgency=medium
138
139 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
140
141+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
142+
143+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
144+ machine type to match how it originally was released (LP: #1902654)
145+
146+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
147+
148+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
149+
150+ * No-change rebuild for brltty soname change.
151+
152+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
153+
154+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
155+
156+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
157+ setup_len
158+ CVE-2020-14364
159+
160+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
161+
162+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
163+
164+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
165+
166+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
167+
168+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
169+
170+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
171+
172+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
173+
174+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
175+
176+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
177+ from vfio-ccw (LP: #1887935)
178+
179+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
180+
181+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
182+
183+ * fix qemu-user-static initialization to allow executing systemd
184+ (LP: #1890881)
185+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
186+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
187+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
188+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
189+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
190+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
191+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
192+ CVE-2020-16092
193+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
194+
195+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
196+
197+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
198+
199+ * xen: provide compat links to what libxen-dev reports where to find
200+ the binaries (LP: #1890005)
201+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
202+ SQXBR (LP: #1883984)
203+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
204+
205+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
206+
207+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
208+
209+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
210+ environments (LP: #1887763)
211+ * Pick further changes for groovy from debian/master since 5.0-5
212+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
213+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
214+ infinite recursion via a crafted mm_index value during
215+ ati_mm_read or ati_mm_write call.
216+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
217+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
218+ devices which uses min_access_size and max_access_size Memory API fields.
219+ Also closes: CVE-2020-13791
220+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
221+ CVE-2020-13659: address_space_map in exec.c can trigger
222+ a NULL pointer dereference related to BounceBuffer
223+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
224+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
225+ has an OOB read via a crafted reply_queue_head field from a guest OS user
226+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
227+ fix other possible cases like in CVE-2020-13362 (#961887)
228+ - megasas-fix-possible-out-of-bounds-array-access.patch
229+ Some tracepoints use a guest-controlled value as an index into the
230+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
231+ impact OOB errors here
232+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
233+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
234+ This flaw occurs when an nbd-client sends a spec-compliant request that is
235+ near the boundary of maximum permitted request length. A remote nbd-client
236+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
237+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
238+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
239+ properly validate the frame count, which allows guest OS users to trigger
240+ an out-of-bounds access during an es1370_write() operation
241+ - a few patches from the stable series:
242+ - fix-tulip-breakage.patch
243+ The tulip network driver in a qemu-system-hppa emulation is broken in
244+ the sense that bigger network packages aren't received any longer and
245+ thus even running e.g. "apt update" inside the VM fails. Fix this.
246+ - 9p-lock-directory-streams-with-a-CoMutex.patch
247+ Prevent deadlocks in 9pfs readdir code
248+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
249+ Fix newline accidentally sneaked into id string of a nic
250+ - qemu-nbd-close-inherited-stderr.patch
251+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
252+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
253+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
254+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
255+ - reapply CVE-2020-13253 fixed from upstream:
256+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
257+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
258+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
259+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
260+ Closes: #961297, CVE-2020-13253
261+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
262+ (Closes: #965109)
263+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
264+ - d/control: since qemu-system-data now contains module(s),
265+ it can't be multi-arch. Ditto for qemu-block-extra.
266+ - qemu-system-foo: depend on exact version of qemu-system-data,
267+ due to the latter having modules
268+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
269+ This is another incarnation of the recent bugfix which actually enabled
270+ memory access constraints, like #964247
271+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
272+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
273+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
274+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
275+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
276+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
277+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
278+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
279+ Closes: CVE-2020-15863
280+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
281+ List of patches:
282+ sm501-convert-printf-abort-to-qemu_log_mask.patch
283+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
284+ sm501-use-BIT-macro-to-shorten-constant.patch
285+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
286+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
287+ Closes: #961451, CVE-2020-12829
288+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
289+ another fix for revert-memory-accept-.. CVE-2020-13754
290+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
291+
292+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
293+
294+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
295+
296+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
297+
298+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
299+
300+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
301+
302+ * Merge with Debian testing (LP: #1749393), remaining changes:
303+ - qemu-kvm to systemd unit
304+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
305+ hugepages and architecture specifics
306+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
307+ qemu-kvm-init
308+ - d/qemu-system-common.install: install helper script
309+ - d/qemu-system-common.qemu-kvm.default: defaults for
310+ /etc/default/qemu-kvm
311+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
312+ - Distribution specific machine type (LP: 1304107 1621042)
313+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
314+ types
315+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
316+ for host-phys-bits=true (LP: 1776189)
317+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
318+ - provide pseries-bionic-2.11-sxxm type as convenience with all
319+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
320+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
321+ - Enable nesting by default
322+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
323+ in qemu64 on amd
324+ [ No more strictly needed, but required for backward compatibility ]
325+ - improved dependencies
326+ - Make qemu-system-common depend on qemu-block-extra
327+ - Make qemu-utils depend on qemu-block-extra
328+ - let qemu-utils recommend sharutils
329+ - arch aware kvm wrappers
330+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
331+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
332+ reference 256k path
333+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
334+ handle incoming migrations from former releases.
335+ - d/control-in: Disable capstone disassembler library support (universe)
336+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
337+ - d/control*, d/rules: disable xen by default, but provide universe
338+ package qemu-system-x86-xen as alternative
339+ [includes --disable-xen for user-static builds]
340+ - d/control-in: disable pmem on ppc64 as it is currently considered
341+ experimental on that architecture (pmdk v1.8-1)
342+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
343+ - d/rules: report config log from the correct subdir
344+ - allow qemu to load old modules post upgrade (LP 1847361)
345+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
346+ upgrade
347+ - d/rules: generate maintainer scripts matching package version on build
348+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
349+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
350+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
351+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
352+ crashes it on shutdown (LP 1878973)
353+ * Dropped changes (no more needed)
354+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
355+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
356+ in qemu64 cpu type.
357+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
358+ Debian. Fixed by bumping the related Breaks/Replaces to the
359+ Version Ubuntu introduced the change (LP 1862287)
360+ * Dropped changes (in Debian)
361+ - improved s390x support
362+ - d/binfmt-update-in: fix binfmt being called in some containers
363+ (LP 1840956)
364+ - qemu-system-x86-microvm package
365+ In addition to the generic multi-purpose qemu also provide a minimal
366+ feature binary that is loading faster for use cases with microvm machine
367+ type and qboot bios
368+ - d/control-in: add a new qemu-system-x86-microvm package
369+ - d/rules: add an extra config/build step to get the minimal qemu
370+ - Security and packaging fixes (LP 1872937)
371+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
372+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
373+ CVE-2020-10702
374+ CVE-2020-11102
375+ - fix external spice UI
376+ + install ui-spice-app.so in qemu-system-common
377+ + install ui-spice-app.so only if built, spice is optional
378+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
379+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
380+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
381+ - enable riscv build (LP 1872931)
382+ [ changes picked from Debian ]
383+ - enable support for riscv64 hosts
384+ - only enable librbd on architectures where it is built
385+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
386+ depends on the former
387+ - seccomp grew up, no need in versioned build-dep
388+ - enable seccomp only on architectures where it can be built
389+ * Dropped changes (upstream)
390+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
391+ (LP 1857033)
392+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
393+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
394+ vhost-user-gpu
395+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
396+ avoid unnecessary IOTLB transactions (LP 1866207)
397+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
398+ patches @qemu-stable (LP 1867519)
399+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
400+ to avoid broken nesting (LP 1868692)
401+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
402+ (LP 1871830)
403+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
404+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
405+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
406+ and clobbered doubles (LP 1872945)
407+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
408+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
409+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
410+ - CVE-2020-11869
411+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
412+ - async: use explicit memory barriers (LP 1805256)
413+ - aio-wait: delegate polling of main AioContext if BQL not held
414+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
415+ supporting to set them (LP 1882774)
416+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
417+ load to a versioned path
418+ * Added Changes:
419+ - d/control: regenerate debian/control out of control-in
420+ - update d/p/ubuntu/lp-1835546-* to the final versions
421+ - 11 patches dropped as they are in 5.0
422+ - 20 patches updated to how they will be in 5.1
423+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
424+ FTBFS in groovy
425+ - Make qemu-system-x86-microvm a transitional package as the binary is now
426+ in qemu-system-x86 itself.
427+ - d/control-in: build-dep libcap is no more needed
428+ - d/rules: update arch aware kvm wrappers
429+ - d/qemu-system-x86.README.Debian: fix typo
430+
431+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
432+
433 qemu (1:5.0-5) unstable; urgency=medium
434
435 * more binfmt-install updates
436@@ -371,6 +791,188 @@ qemu (1:4.2-4) unstable; urgency=medium
437
438 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
439
440+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
441+
442+ * No-change rebuild against libnettle8
443+
444+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
445+
446+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
447+
448+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
449+ crashes it on shutdown (LP: #1878973)
450+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
451+ supporting to set them (LP: #1882774)
452+
453+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
454+
455+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
456+
457+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
458+ - async: use explicit memory barriers (LP: #1805256)
459+ - aio-wait: delegate polling of main AioContext if BQL not held
460+
461+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
462+
463+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
464+
465+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
466+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
467+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
468+ - CVE-2020-11869
469+
470+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
471+
472+qemu (1:4.2-3ubuntu6) focal; urgency=medium
473+
474+ [ Christian Ehrhardt ]
475+ * enable riscv build (LP: #1872931)
476+ [ changes picked from Debian ]
477+ - enable support for riscv64 hosts
478+ - only enable librbd on architectures where it is built
479+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
480+ depends on the former
481+ - seccomp grew up, no need in versioned build-dep
482+ - enable seccomp only on architectures where it can be built
483+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
484+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
485+ and clobbered doubles (LP: #1872945)
486+
487+ [ William Grant ]
488+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
489+
490+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
491+
492+qemu (1:4.2-3ubuntu5) focal; urgency=medium
493+
494+ [ Christian Ehrhardt ]
495+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
496+ (LP: #1871830)
497+ * Security and packaging fixes (LP: #1872937)
498+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
499+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
500+ CVE-2020-10702
501+ CVE-2020-11102
502+ - fix external spice UI
503+ + install ui-spice-app.so in qemu-system-common
504+ + install ui-spice-app.so only if built, spice is optional
505+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
506+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
507+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
508+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
509+
510+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
511+
512+qemu (1:4.2-3ubuntu4) focal; urgency=medium
513+
514+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
515+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
516+ to avoid broken nesting (LP: #1868692)
517+
518+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
519+
520+qemu (1:4.2-3ubuntu3) focal; urgency=medium
521+
522+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
523+ patches @qemu-stable (LP: #1867519)
524+
525+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
526+
527+qemu (1:4.2-3ubuntu2) focal; urgency=medium
528+
529+ * allow qemu to load old modules post upgrade (LP: #1847361)
530+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
531+ load to a versioned path
532+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
533+ upgrade
534+ - d/rules: generate maintainer scripts matching package version on build
535+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
536+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
537+ avoid unnecessary IOTLB transactions (LP: #1866207)
538+
539+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
540+
541+qemu (1:4.2-3ubuntu1) focal; urgency=medium
542+
543+ * Merge with Debian testing, remaining changes:
544+ - qemu-kvm to systemd unit
545+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
546+ hugepages and architecture specifics
547+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
548+ qemu-kvm-init
549+ - d/qemu-system-common.install: install helper script
550+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
551+ - d/qemu-system-common.qemu-kvm.default: defaults for
552+ /etc/default/qemu-kvm
553+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
554+ - Distribution specific machine type (LP: 1304107 1621042)
555+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
556+ types
557+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
558+ for host-phys-bits=true (LP: 1776189)
559+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
560+ - provide pseries-bionic-2.11-sxxm type as convenience with all
561+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
562+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
563+ - Enable nesting by default
564+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
565+ in qemu64 cpu type.
566+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
567+ in qemu64 on amd
568+ [ No more strictly needed, but required for backward compatibility ]
569+ - improved dependencies
570+ - Make qemu-system-common depend on qemu-block-extra
571+ - Make qemu-utils depend on qemu-block-extra
572+ - let qemu-utils recommend sharutils
573+ - improved s390x support
574+ - d/rules: build s390-ccw.img with upstream Makefile
575+ - d/rules: build s390-netboot.img with upstream Makefile
576+ - arch aware kvm wrappers
577+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
578+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
579+ reference 256k path
580+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
581+ handle incoming migrations from former releases.
582+ - d/control-in: Disable capstone disassembler library support (universe)
583+ - d/binfmt-update-in: fix binfmt being called in some containers
584+ (LP 1840956)
585+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
586+ (LP 1857033)
587+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
588+ - d/control*, d/rules: disable xen by default, but provide universe
589+ package qemu-system-x86-xen as alternative
590+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
591+ - Dropped changes [ in Debian ]
592+ - d/control: update VCS links
593+ - d/control-in: bump debhelper build-dep for compat 12
594+ - d/control: disable bluetooth being deprecated
595+ - d/not-installed: ignore new interop docs and extra icons for now
596+ - d/not-installed: do not install elf2dmp until namespaced
597+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
598+ [ not needed ]
599+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
600+ - s390x support
601+ - Create qemu-system-s390x package
602+ - Enable numa support for s390x
603+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
604+ * Added changes
605+ - d/control: regenerate debian/control out of control-in
606+ - qemu-system-x86-microvm package
607+ In addition to the generic multi-purpose qemu also provide a minimal
608+ feature binary that is loading faster for use cases with microvm machine
609+ type and qboot bios
610+ - d/control-in: add a new qemu-system-x86-microvm package
611+ - d/rules: add an extra config/build step to get the minimal qemu
612+ - d/control-in: disable pmem on ppc64 as it is currently considered
613+ experimental on that architecture (pmdk v1.8-1)
614+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
615+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
616+ vhost-user-gpu
617+ - d/rules: report config log from the correct subdir
618+ - d/rules: --disable-xen for user-static builds
619+
620+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
621+
622 qemu (1:4.2-3) unstable; urgency=medium
623
624 * mention closing of #909743 in previous changelog (Closes: #909743)
625@@ -413,6 +1015,169 @@ qemu (1:4.2-2) unstable; urgency=medium
626
627 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
628
629+qemu (1:4.2-1ubuntu2) focal; urgency=medium
630+
631+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
632+ Debian. Fixed by by bumping the related Breaks/Replaces to the
633+ Version Ubuntu introduced the change (LP: #1862287)
634+
635+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
636+
637+qemu (1:4.2-1ubuntu1) focal; urgency=medium
638+
639+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
640+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
641+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
642+ LP: #1852744 - Crypto Passthrough Interrupt Support
643+ LP: #1853316 - CCW IPL Support
644+ Remaining changes:
645+ - qemu-kvm to systemd unit
646+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
647+ hugepages and architecture specifics
648+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
649+ qemu-kvm-init
650+ - d/qemu-system-common.install: install helper script
651+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
652+ - d/qemu-system-common.qemu-kvm.default: defaults for
653+ /etc/default/qemu-kvm
654+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
655+ - Distribution specific machine type (LP: 1304107 1621042)
656+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
657+ types
658+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
659+ for host-phys-bits=true (LP: 1776189)
660+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
661+ - provide pseries-bionic-2.11-sxxm type as convenience with all
662+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
663+ - Enable nesting by default
664+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
665+ in qemu64 cpu type.
666+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
667+ in qemu64 on amd
668+ [ No more strictly needed, but required for backward compatibility ]
669+ - improved dependencies
670+ - Make qemu-system-common depend on qemu-block-extra
671+ - Make qemu-utils depend on qemu-block-extra
672+ - let qemu-utils recommend sharutils
673+ - s390x support
674+ - Create qemu-system-s390x package
675+ - Enable numa support for s390x
676+ - d/rules: build s390-ccw.img with upstream Makefile
677+ - d/rules: build s390-netboot.img with upstream Makefile
678+ - arch aware kvm wrappers
679+ - d/control: update VCS links
680+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
681+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
682+ reference 256k path
683+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
684+ handle incoming migrations from former releases.
685+ - d/control-in: Disable capstone disassembler library support (universe)
686+ - d/control: disable bluetooth being deprecated
687+ - d/not-installed: ignore new interop docs and extra icons for now
688+ - d/not-installed: do not install elf2dmp until namespaced
689+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
690+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
691+ - d/binfmt-update-in: fix binfmt being called in some containers
692+ (LP 1840956)
693+ - Dropped changes (in Debian)
694+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
695+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
696+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
697+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
698+ - enable RDMA config option
699+ - add libibumad-dev build-dep
700+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
701+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
702+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
703+ replace it with a build-indep using the upstream makefiles.
704+ This is less prone to miss future changes/fixes that are done to the
705+ makefiles
706+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
707+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
708+ - d/rules: fix qemu-kvm service for debhelper compat >=12
709+ - Refreshed patches for v4.0 context changes
710+ - d/control*: remove sdlabi which was removed upstream
711+ - d/control*: enable docs (now explicit) and provide new build-dep
712+ python3-sphinx
713+ - d/qemu-system-data.install: use new paths for formerly used icons
714+ - Merge with Upstream release of qemu 4.0
715+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
716+ - Dropped changes (Upstream)
717+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
718+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
719+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
720+ fix i386 build error
721+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
722+ fix naming of the new vector facitlity (LP 1836066)
723+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
724+ for missing SIOCGSTAMP definition; final fix is still in discussion
725+ upstream (LP: 1836159)
726+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
727+ s390x machines (LP 1836154)
728+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
729+ (LP 1841066)
730+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
731+ update the z15 model name (LP 1842774)
732+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
733+ fix a potential hang when qemu or qemu-img where accessing http backed
734+ disks via libcurl (LP 1848556)
735+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
736+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
737+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
738+ toleration for future machines (LP 1830704)
739+ - SECURITY UPDATE: Add support for exposing md-clear functionality
740+ to guests
741+ - d/p/ubuntu/enable-md-clear.patch
742+ - d/p/ubuntu/enable-md-no.patch
743+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
744+ - SECURITY UPDATE: heap overflow when loading device tree blob
745+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
746+ copy the device tree blob into is.
747+ - CVE-2018-20815
748+ - SECURITY UPDATE: device driver denial of service via NULL pointer
749+ dereference
750+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
751+ routine
752+ - CVE-2019-5008
753+ - SECURITY UPDATE: information leak in SLiRP
754+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
755+ emulating ident.
756+ - CVE-2019-9824
757+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
758+ unimplement.patch: properly return architecture defined exception
759+ on bad subcodes of diag 308 (LP 1812384)
760+ * Dropped changes (no more needed)
761+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
762+ mv_conffile since the new path is a directory in the old package
763+ version which can not be handled by mv_conffile.
764+ [ only needed between disco and eoan ]
765+ - disable pvrdma
766+ [ CVEs all fixed now ]
767+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
768+ avoid misdetection of simplified nesting blocking all migrations
769+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
770+ - Enable nesting by default
771+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
772+ (is default on amd)
773+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
774+ without nested=1
775+ [ nesting is default in kernel modules and default selected cpu types ]
776+ * Added changes
777+ - d/control: regenerate debian/control out of control-in
778+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
779+ - added ubuntu focal types for qemu 4.2
780+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
781+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
782+ (LP: #1857033)
783+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
784+ - d/control*, d/rules: disable xen by default, but provide universe
785+ package qemu-system-x86-xen as alternative
786+ - fix typos in changelog and d/qemu-system-x86.NEWS
787+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
788+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
789+
790+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
791+
792 qemu (1:4.2-1) unstable; urgency=medium
793
794 * new upstream release (4.2.0)
795@@ -489,6 +1254,205 @@ qemu (1:4.1-1) unstable; urgency=medium
796
797 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
798
799+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
800+
801+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
802+ fix a potential hang when qemu or qemu-img where accessing http backed
803+ disks via libcurl (LP: #1848556)
804+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
805+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
806+
807+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
808+
809+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
810+
811+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
812+ update the z15 model name (LP: #1842774)
813+
814+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
815+
816+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
817+
818+ * d/binfmt-update-in: fix binfmt being called in some containers
819+ (LP: #1840956)
820+
821+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
822+
823+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
824+
825+ * No-change upload with strops.h and sys/strops.h removed in glibc.
826+
827+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
828+
829+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
830+
831+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
832+ (LP: #1841066)
833+
834+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
835+
836+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
837+
838+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
839+ s390x machines (LP: #1836154)
840+
841+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
842+
843+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
844+
845+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
846+ - pick Debian change for (#889885)
847+ move ovmf to recommends on debian and update aarch ovmf refs
848+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
849+
850+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
851+
852+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
853+
854+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
855+ for missing SIOCGSTAMP definition; final fix is still in discussion
856+ upstream (LP: 1836159)
857+
858+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
859+
860+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
861+
862+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
863+ fix naming of the new vector facitlity (LP: #1836066)
864+ * d/control-in: update VCS links in control template as well
865+
866+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
867+
868+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
869+
870+ * Merge with Upstream release of qemu 4.0.
871+ Among many other things this fixes LP Bugs:
872+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
873+ LP: #1828038 - Update s390x CPU Model for more HW support
874+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
875+ Remaining Changes:
876+ - qemu-kvm to systemd unit
877+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
878+ hugepages and architecture specifics
879+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
880+ qemu-kvm-init
881+ - d/qemu-system-common.install: install helper script
882+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
883+ - d/qemu-system-common.qemu-kvm.default: defaults for
884+ /etc/default/qemu-kvm
885+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
886+ - Enable nesting by default
887+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
888+ (is default on amd)
889+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
890+ without nested=1
891+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
892+ in qemu64 cpu type.
893+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
894+ in qemu64 on amd
895+ - d/qemu-system-x86.README.Debian: document intention of nested being
896+ default is comfort, not full support
897+ - Distribution specific machine type (LP: 1304107 1621042)
898+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
899+ types
900+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
901+ for host-phys-bits=true (LP: 1776189)
902+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
903+ - provide pseries-bionic-2.11-sxxm type as convenience with all
904+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
905+ - improved dependencies
906+ - Make qemu-system-common depend on qemu-block-extra
907+ - Make qemu-utils depend on qemu-block-extra
908+ - let qemu-utils recommend sharutils
909+ - s390x support
910+ - Create qemu-system-s390x package
911+ - Enable numa support for s390x
912+ - arch aware kvm wrappers
913+ - d/control: update VCS links
914+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
915+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
916+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
917+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
918+ - enable RDMA config option
919+ - add libibumad-dev build-dep
920+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
921+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
922+ reference 256k path
923+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
924+ handle incoming migrations from former releases.
925+ - d/control-in: Disable capstone disassembler library support (universe)
926+ - Move s390x roms to a new qemu-system-data-s390x
927+ - d/qemu-system-data.install: install s390x roms as architecture:all in
928+ qemu-system-data
929+ - d/rules: build s390-ccw.img with upstream Makefile
930+ - d/rules: build s390-netboot.img with upstream Makefile
931+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
932+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
933+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
934+ replace it with a build-indep using the upstream makefiles.
935+ This is less prone to miss future changes/fixes that are done to the
936+ makefiles
937+ - d/control-in: add breaks/replaces for moving s390x roms from
938+ qemu-system-s390x to qemu-system-data
939+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
940+ [From not yet uploaded Debian branch]
941+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
942+ - d/rules: fix qemu-kvm service for debhelper compat >=12
943+ - disable pvrdma - besides several security holes there are many other
944+ bugs there as well
945+ * Dropped patches that are upstream in v4.0
946+ - d/p/do-not-link-everything-with-xen.patch
947+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
948+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
949+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
950+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
951+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
952+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
953+ (LP: 1759509)
954+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
955+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
956+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
957+ - d/p/ubuntu/CVE-2018-20815.patch
958+ - d/p/ubuntu/CVE-2019-5008.patch
959+ - d/p/ubuntu/CVE-2019-9824.patch
960+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
961+ avoid misdetection of simplified nesting blocking all migrations
962+ * Dropped further patches
963+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
964+ [upstream deprecated the whole subsystem instead of applying the fix]
965+ * Added Changes
966+ - updated ubuntu machine types for v4.0
967+ - added eoan types
968+ - fixed s390x issue of upstream types having a "v" prefix
969+ - add back dropped machine types to avoid more issues like LP: 1802944
970+ - fix kvm split irqchip default in ubuntu q35 machine type
971+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
972+ adapt updated CamelCase
973+ - -hpb types now need to use GlobalProperties
974+ - pc_compat_2_0 got a _fn suffix and slight changes
975+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
976+ SLOF of qemu 4.0
977+ - Refreshed patches still needed for v4.0 context changes
978+ - d/p/use-fixed-data-path.patch
979+ - d/p/ubuntu/enable-svm-by-default.patch
980+ - d/p/ubuntu/enable-md-clear.patch
981+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
982+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
983+ (LP: #1830243)
984+ - d/control: disable bluetooth being deprecated
985+ - d/control*: remove sdlabi which was removed upstream
986+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
987+ - d/control*: enable docs (now explicit) and provide new build-dep
988+ python3-sphinx
989+ - d/not-installed: ignore new interop docs and extra icons for now
990+ - d/not-installed: do not install elf2dmp until namespaced
991+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
992+ - d/qemu-system-data.install: use new paths for formerly used icons
993+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
994+ fix i386 build error
995+
996+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
997+
998 qemu (1:3.1+dfsg-8) unstable; urgency=high
999
1000 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
1001@@ -591,6 +1555,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
1002
1003 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
1004
1005+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
1006+
1007+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
1008+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
1009+ fix migrations from old machines (LP: #1829868).
1010+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1011+ toleration for future machines (LP: #1830704
1012+
1013+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
1014+
1015+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
1016+
1017+ * SECURITY UPDATE: Add support for exposing md-clear functionality
1018+ to guests
1019+ - d/p/ubuntu/enable-md-clear.patch
1020+ - d/p/ubuntu/enable-md-no.patch
1021+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1022+ * SECURITY UPDATE: heap overflow when loading device tree blob
1023+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1024+ copy the device tree blob into is.
1025+ - CVE-2018-20815
1026+ * SECURITY UPDATE: device driver denial of service via NULL pointer
1027+ dereference
1028+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1029+ routine
1030+ - CVE-2019-5008
1031+ * SECURITY UPDATE: information leak in SLiRP
1032+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1033+ emulating ident.
1034+ - CVE-2019-9824
1035+
1036+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
1037+
1038+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
1039+
1040+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
1041+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
1042+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1043+ mv_conffile since the new path is a directory in the old package
1044+ version which can not be handled by mv_conffile.
1045+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
1046+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
1047+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
1048+ CVE-2019-3812
1049+
1050+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
1051+
1052+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
1053+
1054+ * disable pvrdma - besides several security holes there are many other
1055+ bugs there as well, and the amount of patches applied upstream after
1056+ 3.1 release is large (Closes, or actuallymakes unimportant again)
1057+ - CVE-2018-20123
1058+ - CVE-2018-20124
1059+ - CVE-2018-20125
1060+ - CVE-2018-20126
1061+ - CVE-2018-20191
1062+ - CVE-2018-20216
1063+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1064+ - CVE-2019-6501
1065+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
1066+ - CVE-2019-6778
1067+
1068+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
1069+
1070+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
1071+
1072+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1073+ LP: #1806104 - fix misleading page size error on ppc64el
1074+ LP: #1782205 - SnowRidge enabled new ISAs
1075+ LP: #1786956 - upgrade to qemu >= 3.0
1076+ LP: #1809083 - Backward migration to Xenial on ppc64el
1077+ LP: #1803315 - s390x Huge page enablement
1078+ LP: #1657409 - enable virglrenderer
1079+ Remaining Changes:
1080+ - qemu-kvm to systemd unit
1081+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1082+ hugepages and architecture specifics
1083+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1084+ - d/qemu-system-common.install: install systemd unit and helper script
1085+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1086+ - d/qemu-system-common.qemu-kvm.default: defaults for
1087+ /etc/default/qemu-kvm
1088+ - d/rules: install /etc/default/qemu-kvm
1089+ - Enable nesting by default
1090+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1091+ (is default on amd)
1092+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1093+ without nested=1
1094+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1095+ in qemu64 cpu type.
1096+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1097+ in qemu64 on amd
1098+ - d/qemu-system-x86.README.Debian: document intention of nested being
1099+ default is comfort, not full support
1100+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
1101+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1102+ types
1103+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1104+ for host-phys-bits=true (LP: 1776189)
1105+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1106+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1107+ convenience with all meltdown/spectre workarounds enabled by default.
1108+ (LP: 1761372).
1109+ - improved dependencies
1110+ - Make qemu-system-common depend on qemu-block-extra
1111+ - Make qemu-utils depend on qemu-block-extra
1112+ - let qemu-utils recommend sharutils
1113+ - s390x support
1114+ - Create qemu-system-s390x package
1115+ - Enable numa support for s390x
1116+ - arch aware kvm wrappers
1117+ - d/control: update VCS links (updated to match latest Ubuntu)
1118+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1119+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1120+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1121+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1122+ - enable RDMA config option
1123+ - add libibumad-dev build-dep
1124+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1125+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1126+ reference 256k path
1127+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1128+ handle incoming migrations from former releases.
1129+ - d/control-in: Disable capstone disassembler library support (universe)
1130+ * Added Changes:
1131+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
1132+ for qemu 3.1 in the Ubuntu Disco release
1133+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
1134+ - Move s390x roms to a new qemu-system-data-s390x
1135+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1136+ qemu-system-data
1137+ - d/rules: build s390-ccw.img with upstream Makefile
1138+ - d/rules: build s390x-netboot.img with upstream Makefile
1139+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1140+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1141+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1142+ replace it with a build-indep using the upstream makefiles.
1143+ This is less prone to miss future changes/fixes that are done to the
1144+ makefiles
1145+ - d/control-in: add breaks/replaces for moving s390x roms from
1146+ qemu-system-s390x to qemu-system-data
1147+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1148+ [From not yet uploaded Debian branch]
1149+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1150+ (Closes: #918378)
1151+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1152+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1153+ avoid misdetection of simplified nesting blocking all migrations
1154+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1155+ unimplement.patch: properly return archicture defined exception
1156+ on bad subcodes of diag 308 (LP: #1812384)
1157+ * Dropped Changes:
1158+ - Include s390-ccw.img firmware (old style native build)
1159+ - d/rules enable install s390x-netboot.img (old style native build)
1160+ - libvirt/qemu user/group support
1161+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1162+ trigger.
1163+ [ Droppable since logind properly sets ACLs now ]
1164+ - qemu-system-common.preinst: add kvm group if needed
1165+ [ Droppable because systemd/udev take care of it since 239-6]
1166+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
1167+ freeze-hook fixes (LP: 1484990)
1168+ [upstream]
1169+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
1170+ merged upstream
1171+ [upstream]
1172+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
1173+ computation while concatenating mbuf.
1174+ CVE-2018-11806
1175+ [upstream]
1176+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
1177+ for powerpc64 to speed up translation (LP: 1781526)
1178+ [upstream]
1179+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
1180+ cpu model for z14 ZR1 (LP: 1780773).
1181+ [upstream]
1182+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
1183+ (Closes: 903562)
1184+ [in Debian]
1185+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
1186+ unreleased Debian version)
1187+ [in Debian]
1188+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1189+ by migrations with UI frontends or frequent guest resolution changes
1190+ (LP #1755912)
1191+ [upstream]
1192+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1193+ extend eieio for POWER9 emulation (LP: 1787408).
1194+ [upstream]
1195+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1196+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
1197+ [upstream]
1198+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
1199+ [upstream]
1200+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
1201+ [upstream]
1202+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
1203+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
1204+ [in Debian]
1205+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1206+ Adapters on s390x (LP: 1787405)
1207+ [upstream]
1208+ - enable opengl for vfio-MDEV support (LP: 1804766)
1209+ [in Debian]
1210+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1211+ [upstream]
1212+ - SECURITY UPDATE: integer overflow via crafted QMP command
1213+ [upstream]
1214+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1215+ [upstream]
1216+ - SECURITY UPDATE: buffer overflow in rtl8139
1217+ [upstream]
1218+ - SECURITY UPDATE: buffer overflow in pcnet
1219+ [upstream]
1220+ - SECURITY UPDATE: DoS via large packet sizes
1221+ [upstream]
1222+ - SECURITY UPDATE: DoS in lsi53c895a
1223+ [upstream]
1224+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1225+ [upstream]
1226+ - SECURITY UPDATE: race condition in 9p
1227+ [upstream]
1228+
1229+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
1230+
1231 qemu (1:3.1+dfsg-2) unstable; urgency=medium
1232
1233 * d/rules: split arch and indep builds
1234@@ -670,6 +1860,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
1235
1236 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
1237
1238+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
1239+
1240+ [ Marc Deslauriers ]
1241+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1242+ - debian/patches/CVE-2018-10839.patch: use proper type in
1243+ hw/net/ne2000.c.
1244+ - CVE-2018-10839
1245+ * SECURITY UPDATE: integer overflow via crafted QMP command
1246+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
1247+ guest-file-read in qga/commands-posix.c.
1248+ - CVE-2018-12617
1249+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1250+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
1251+ - CVE-2018-16847
1252+ * SECURITY UPDATE: buffer overflow in rtl8139
1253+ - debian/patches/CVE-2018-17958.patch: use proper type in
1254+ hw/net/rtl8139.c.
1255+ - CVE-2018-17958
1256+ * SECURITY UPDATE: buffer overflow in pcnet
1257+ - debian/patches/CVE-2018-17962.patch: use proper type in
1258+ hw/net/pcnet.c.
1259+ - CVE-2018-17962
1260+ * SECURITY UPDATE: DoS via large packet sizes
1261+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
1262+ - CVE-2018-17963
1263+ * SECURITY UPDATE: DoS in lsi53c895a
1264+ - debian/patches/CVE-2018-18849.patch: check message length value is
1265+ valid in hw/scsi/lsi53c895a.c.
1266+ - CVE-2018-18849
1267+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1268+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
1269+ access in hw/ppc/pnv_lpc.c.
1270+ - CVE-2018-18954
1271+ * SECURITY UPDATE: race condition in 9p
1272+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
1273+ hw/9pfs/cofile.c.
1274+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
1275+ hw/9pfs/9p.c.
1276+ - CVE-2018-19364
1277+
1278+ [ Christian Ehrhardt]
1279+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1280+ Adapters on s390x (LP: #1787405)
1281+ * enable opengl for vfio-MDEV support (LP: #1804766)
1282+ - d/control-in: set --enable-opengl
1283+ - d/control-in: add gl related build-dependencies
1284+
1285+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
1286+
1287+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
1288+
1289+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
1290+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
1291+
1292+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
1293+
1294+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
1295+
1296+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
1297+ The SLOF source pieces in src:qemu are only used for s390x netboot,
1298+ which are independent ROMs (no linking). All other binaries out of this
1299+ are part of src:slof and independent.
1300+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
1301+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
1302+ and related fixes
1303+
1304+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
1305+
1306+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
1307+
1308+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
1309+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
1310+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
1311+
1312+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
1313+
1314+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
1315+
1316+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1317+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
1318+ - CVE-2018-15746
1319+
1320+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
1321+
1322+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
1323+
1324+ [ Murilo Opsfelder Araujo ]
1325+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1326+ extend eieio for POWER9 emulation (LP: #1787408).
1327+
1328+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
1329+
1330+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
1331+
1332+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1333+ by migrations with UI frontends or frequent guest resolution changes
1334+ (LP: #1755912)
1335+
1336+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
1337+
1338+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
1339+
1340+ * Disable capstone disassembler library support (universe dependency)
1341+
1342+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
1343+
1344+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
1345+
1346+ * Merge with Debian testing, Remaining Changes:
1347+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
1348+ - qemu-kvm to systemd unit
1349+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1350+ hugepages and architecture specifics
1351+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1352+ - d/qemu-system-common.install: install systemd unit and helper script
1353+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1354+ - d/qemu-system-common.qemu-kvm.default: defaults for
1355+ /etc/default/qemu-kvm
1356+ - d/rules: install /etc/default/qemu-kvm
1357+ - Enable nesting by default
1358+ - set nested=1 module option on intel. (is default on amd)
1359+ - re-load kvm_intel.ko if it was loaded without nested=1
1360+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1361+ in qemu64 cpu type.
1362+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1363+ in qemu64 on amd
1364+ - d/qemu-system-x86.README.Debian: document intention of nested being
1365+ default is comfort, not full support
1366+ - libvirt/qemu user/group support
1367+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1368+ trigger.
1369+ - qemu-system-common.preinst: add kvm group if needed
1370+ - Distribution specific machine type
1371+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1372+ types to ease future live vm migration.
1373+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1374+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
1375+ for host-phys-bits=true (LP: 1776189)
1376+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1377+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1378+ convenience with all meltdown/spectre workarounds enabled by default.
1379+ (LP: 1761372).
1380+ - improved dependencies
1381+ - Make qemu-system-common depend on qemu-block-extra
1382+ - Make qemu-utils depend on qemu-block-extra
1383+ - let qemu-utils recommend sharutils
1384+ - s390x support
1385+ - Create qemu-system-s390x package
1386+ - Include s390-ccw.img firmware
1387+ - Enable numa support for s390x
1388+ - arch aware kvm wrappers
1389+ - update VCS-git (updated to match cosmic)
1390+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1391+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
1392+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1393+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1394+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
1395+ - d/rules enable install s390x-netboot.img
1396+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1397+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1398+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1399+ reference 256k path
1400+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1401+ handle incoming migrations from former releases.
1402+ - SECURITY UPDATE: Speculative Store Bypass
1403+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
1404+ CPUID feature bit in target/i386/cpu.*.
1405+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
1406+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
1407+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
1408+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
1409+ target/i386/machine.c.
1410+ - CVE-2018-3639
1411+ * Added Changes:
1412+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
1413+ - add cosmic types for base and -hpb
1414+ - drop no more supported types (zesty and yakkety)
1415+ - d/p/series: group machine type changes
1416+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
1417+ merged upstream
1418+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
1419+ computation while concatenating mbuf.
1420+ CVE-2018-11806
1421+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
1422+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
1423+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
1424+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
1425+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
1426+ to POWER8
1427+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
1428+ is no more needed with systemd-detect-virt being more mature and always
1429+ present.
1430+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
1431+ - d/control-in: add libibumad-dev which is now needed for rdma
1432+ - d/rules: update s390x delta to match new Debian packaging
1433+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
1434+ for powerpc64 to speed up translation (LP: #1781526)
1435+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
1436+ cpu model for z14 ZR1 (LP: #1780773).
1437+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
1438+ (Closes: 903562)
1439+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
1440+ unreleased Debian version)
1441+ * Dropped Changes:
1442+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
1443+ (No more removed when building DFSG orig tarball in Debian)
1444+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
1445+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
1446+ so we revert related changes to stick with the proven for now:
1447+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
1448+ depends on it)
1449+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
1450+ (Debian switched to gtk which seems to work better and has all
1451+ dependencies in main.)
1452+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
1453+ - Changes that are now upstream with qemu 2.12
1454+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
1455+ newer versions of glibc >=2.27 (LP: 1753826)
1456+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
1457+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
1458+ SSE/AVX/AVX512 cpu features (LP: 1739665)
1459+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
1460+ space+commpage continuous which avoids long startup times on
1461+ qemu-user-static (LP: 1740219)
1462+ - provide pseries-2.12-sxxm type (LP: 1761372)
1463+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
1464+ filesystem-dax with pmem by backporting align and unarmed options
1465+ (LP: 1704312).
1466+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
1467+ option to slirp's DHCP server (LP: 1762315)
1468+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
1469+ Protection information (LP: 1762854).
1470+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
1471+ migration (LP: 1763468).
1472+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
1473+ CVE-2017-16845
1474+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
1475+ CVE-2018-7550
1476+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
1477+ CVE-2018-7858
1478+
1479+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
1480+
1481 qemu (1:2.12+dfsg-3) unstable; urgency=medium
1482
1483 * make qemu-system-foo depending
1484@@ -758,6 +2191,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
1485
1486 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
1487
1488+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
1489+
1490+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
1491+ for host-phys-bits=true (LP: #1776189)
1492+ - add an info about this change in debian/qemu-system-x86.NEWS
1493+
1494+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
1495+
1496+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
1497+
1498+ * SECURITY UPDATE: Speculative Store Bypass
1499+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
1500+ CPUID feature bit in target/i386/cpu.*.
1501+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
1502+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
1503+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
1504+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
1505+ target/i386/machine.c.
1506+ - CVE-2018-3639
1507+
1508+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
1509+
1510+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
1511+
1512+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
1513+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
1514+ in post_load routine in hw/input/ps2.c.
1515+ - CVE-2017-16845
1516+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
1517+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
1518+ zero in hw/i386/multiboot.c.
1519+ - CVE-2018-7550
1520+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
1521+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
1522+ hw/display/vga.c.
1523+ - CVE-2018-7858
1524+
1525+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
1526+
1527+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
1528+
1529+ * No-change rebuild for ncurses soname changes.
1530+
1531+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
1532+
1533+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
1534+
1535+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
1536+ information (LP: #1762854).
1537+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
1538+ (LP: #1763468).
1539+
1540+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
1541+
1542+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
1543+
1544+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
1545+ The Kernel fixes are preferred and already committed to the kernel.
1546+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
1547+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
1548+ SSE/AVX/AVX512 cpu features (LP: #1739665)
1549+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
1550+ space+commpage continuous which avoids long startup times on
1551+ qemu-user-static (LP: #1740219)
1552+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1553+ convenience with all meltdown/spectre workarounds enabled by default.
1554+ This is not the default type following upstream and x86 on that.
1555+ (LP: #1761372).
1556+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
1557+ with pmem by backporting align and unarmed options (LP: #1704312).
1558+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
1559+ option to slirp's DHCP server (LP: #1762315)
1560+
1561+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
1562+
1563+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
1564+
1565+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
1566+ accepted to be better long term maintainable (LP: #1753938)
1567+
1568+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
1569+
1570+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
1571+
1572+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
1573+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
1574+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
1575+ versions of glibc >=2.27 (LP: #1753826)
1576+
1577+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
1578+
1579+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
1580+
1581+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
1582+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
1583+ Add domainname option and classless static routes support to the user
1584+ networking's DHCP server
1585+
1586+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
1587+
1588+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
1589+
1590+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
1591+ - among other fixes this adds code to:
1592+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
1593+ However, enabling this functionality requires additional configuration
1594+ beyond just updating QEMU. Also migrations need special consideration.
1595+ Details about that can be found at:
1596+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
1597+ - Power9 allocation of max 8 threads per core (LP: #1750526)
1598+ * Drop changes that are part of the upstream stable release
1599+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
1600+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
1601+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
1602+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
1603+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
1604+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
1605+ common compat.h header and add some extra info in the patch header.
1606+
1607+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
1608+
1609+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
1610+
1611+ * Merge with Debian testing, among other fixes this includes
1612+ - fix fatal error on negative maxcpus (LP: #1722495)
1613+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
1614+ - linux user threading issues (LP: #1350435)
1615+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
1616+ Remaining changes:
1617+ - qemu-kvm to systemd unit
1618+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1619+ hugepages and architecture specifics
1620+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1621+ - d/qemu-system-common.install: install systemd unit and helper script
1622+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1623+ - d/qemu-system-common.qemu-kvm.default: defaults for
1624+ /etc/default/qemu-kvm
1625+ - d/rules: install /etc/default/qemu-kvm
1626+ - Enable nesting by default
1627+ - set nested=1 module option on intel. (is default on amd)
1628+ - re-load kvm_intel.ko if it was loaded without nested=1
1629+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1630+ in qemu64 cpu type.
1631+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1632+ in qemu64 on amd
1633+ - libvirt/qemu user/group support
1634+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1635+ trigger.
1636+ - qemu-system-common.preinst: add kvm group if needed
1637+ - Distribution specific machine type
1638+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1639+ types to ease future live vm migration.
1640+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1641+ - improved dependencies
1642+ - Make qemu-system-common depend on qemu-block-extra
1643+ - Make qemu-utils depend on qemu-block-extra
1644+ - let qemu-utils recommend sharutils
1645+ - s390x support
1646+ - Create qemu-system-s390x package
1647+ - Include s390-ccw.img firmware
1648+ - Enable numa support for s390x
1649+ - ppc64[le] support
1650+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
1651+ - arch aware kvm wrappers
1652+ * Added Changes
1653+ - update VCS-git to match the bionic branch
1654+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
1655+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
1656+ so we revert related changes to stick with the proven for now:
1657+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
1658+ depends on it)
1659+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
1660+ - d/qemu-system-x86.README.Debian: document intention of nested being
1661+ default is comfort, not full support
1662+ - update Ubuntu machine types for qemu 2.11
1663+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
1664+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
1665+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1666+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1667+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
1668+ - d/rules enable install s390x-netboot.img
1669+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
1670+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
1671+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
1672+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
1673+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
1674+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
1675+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
1676+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
1677+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1678+ reference 256k path
1679+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1680+ handle incoming migrations from former releases.
1681+ - d/control-in: enable seccomp on s390x
1682+ * Dropped changes (no more needed):
1683+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
1684+ The functionality is retained for upgraders, but is deprecated.
1685+ Post 18.04 the implementation for these configurations will be removed.
1686+ * Dropped changes (in Debian now):
1687+ - ppc64[le] support
1688+ - Enable seccomp for ppc64el
1689+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
1690+ - disable missing x32 architecture
1691+ - d/rules: or32 is now named or1k (since 4a09d0bb)
1692+ - d/qemu-system-common.docs: new paths since (ac06724a)
1693+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
1694+ by qapi-schema.json which is already packaged (since 4d8bb958)
1695+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
1696+ to Debian patch to match qemu 2.10)
1697+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
1698+ since 8508eee7
1699+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
1700+ - make nios2/hppa not installed explicitly until further stablized
1701+ - d/qemu-guest-agent.install: add the new guest agent reference man page
1702+ qemu-ga-ref
1703+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
1704+ along the qapi intro
1705+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
1706+ dh_missing that are already provided in other formats qemu-doc,
1707+ qemu-qmp-ref,qemu-ga-ref
1708+ * Dropped changes (integrated upstream):
1709+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
1710+ on arm64 when doing suspend/resume and reboots due to older kernels not
1711+ supporting ITS (LP 1731051).
1712+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
1713+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
1714+ calls (LP 1726394)
1715+ - update to upstream 2.10.1 point release (LP 1722808)
1716+
1717+
1718+
1719+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
1720+
1721 qemu (1:2.11+dfsg-1) unstable; urgency=medium
1722
1723 [ Michael Tokarev ]
1724@@ -872,6 +2538,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
1725
1726 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
1727
1728+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
1729+
1730+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
1731+ on arm64 when doing suspend/resume and reboots due to older kernels not
1732+ supporting ITS (LP: #1731051).
1733+
1734+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
1735+
1736+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
1737+
1738+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
1739+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
1740+ calls (LP: #1726394)
1741+
1742+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
1743+
1744+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
1745+
1746+ * fix enablement of qemu-kvm service (LP: #1720397)
1747+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
1748+ - d/rules: add proper enablement debhelper calls
1749+ - d/qemu-system-common.install: install covered by dh_installinit
1750+
1751+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
1752+
1753+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
1754+
1755+ * update to upstream 2.10.1 point release (LP: #1722808)
1756+
1757+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
1758+
1759+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
1760+
1761+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
1762+ Remaining changes:
1763+ - qemu-kvm to systemd unit
1764+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1765+ hugepages and architecture specifics
1766+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1767+ - d/qemu-system-common.install: install systemd unit and helper script
1768+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1769+ - d/qemu-system-common.qemu-kvm.default: defaults for
1770+ /etc/default/qemu-kvm
1771+ - d/rules: install /etc/default/qemu-kvm
1772+ - Enable nesting by default
1773+ - set nested=1 module option on intel. (is default on amd)
1774+ - re-load kvm_intel.ko if it was loaded without nested=1
1775+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1776+ in qemu64 cpu type.
1777+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1778+ in qemu64 on amd
1779+ - libvirt/qemu user/group support
1780+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1781+ trigger.
1782+ - qemu-system-common.preinst: add kvm group if needed
1783+ - Distribution specific machine type
1784+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1785+ types to ease future live vm migration.
1786+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1787+ - improved dependencies
1788+ - Make qemu-system-common depend on qemu-block-extra
1789+ - Make qemu-utils depend on qemu-block-extra
1790+ - let qemu-utils recommend sharutils
1791+ - s390x support
1792+ - Create qemu-system-s390x package
1793+ - Include s390-ccw.img firmware
1794+ - Enable numa support for s390x
1795+ - ppc64[le] support
1796+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
1797+ - Enable seccomp for ppc64el
1798+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
1799+ - arch aware kvm wrappers
1800+ - update VCS-git to match the Artful branch
1801+ - disable missing x32 architecture
1802+ - d/rules: or32 is now named or1k (since 4a09d0bb)
1803+ - d/qemu-system-common.docs: new paths since (ac06724a)
1804+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
1805+ by qapi-schema.json which is already packaged (since 4d8bb958)
1806+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
1807+ to Debian patch to match qemu 2.10)
1808+ - s390x package now builds correctly on all architectures (LP 1710695)
1809+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
1810+ since 8508eee7
1811+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
1812+ - make nios2/hppa not installed explicitly until further stablized
1813+ - d/qemu-guest-agent.install: add the new guest agent reference man page
1814+ qemu-ga-ref
1815+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
1816+ along the qapi intro
1817+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
1818+ dh_missing that are already provided in other formats qemu-doc,
1819+ qemu-qmp-ref,qemu-ga-ref
1820+
1821+
1822+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
1823+
1824+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
1825+
1826+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
1827+ Remaining changes:
1828+ - qemu-kvm to systemd unit
1829+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1830+ hugepages and architecture specifics
1831+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1832+ - d/qemu-system-common.install: install systemd unit and helper script
1833+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1834+ - d/qemu-system-common.qemu-kvm.default: defaults for
1835+ /etc/default/qemu-kvm
1836+ - d/rules: install /etc/default/qemu-kvm
1837+ - Enable nesting by default
1838+ - set nested=1 module option on intel. (is default on amd)
1839+ - re-load kvm_intel.ko if it was loaded without nested=1
1840+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1841+ in qemu64 cpu type.
1842+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1843+ in qemu64 on amd
1844+ - libvirt/qemu user/group support
1845+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1846+ trigger.
1847+ - qemu-system-common.preinst: add kvm group if needed
1848+ - Distribution specific machine type
1849+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1850+ types to ease future live vm migration.
1851+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1852+ - improved dependencies
1853+ - Make qemu-system-common depend on qemu-block-extra
1854+ - Make qemu-utils depend on qemu-block-extra
1855+ - let qemu-utils recommend sharutils
1856+ - s390x support
1857+ - Create qemu-system-s390x package
1858+ - Include s390-ccw.img firmware
1859+ - Enable numa support for s390x
1860+ - ppc64[le] support
1861+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
1862+ - Enable seccomp for ppc64el
1863+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
1864+ - arch aware kvm wrappers
1865+ - update VCS-git to match the Artful branch
1866+ - disable missing x32 architecture
1867+ - d/rules: or32 is now named or1k (since 4a09d0bb)
1868+ - d/qemu-system-common.docs: new paths since (ac06724a)
1869+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
1870+ by qapi-schema.json which is already packaged (since 4d8bb958)
1871+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
1872+ to Debian patch to match qemu 2.10)
1873+ - s390x package now builds correctly on all architectures (LP 1710695)
1874+ * Added changes:
1875+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
1876+ since 8508eee7
1877+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
1878+ - make nios2/hppa not installed explicitly until further stablized
1879+ - d/qemu-guest-agent.install: add the new guest agent reference man page
1880+ qemu-ga-ref
1881+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
1882+ along the qapi intro
1883+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
1884+ dh_missing that are already provided in other formats qemu-doc,
1885+ qemu-qmp-ref,qemu-ga-ref
1886+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
1887+ changes in 2.10-rc4
1888+
1889+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
1890+
1891+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
1892+
1893+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
1894+ a set of bugs
1895+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
1896+ - CPU hot unplug fails after migrating a CPU hotplugged guest
1897+ from source (LP: #1677552)
1898+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
1899+ - New KVM 288 Pass Through (LP: #1672447)
1900+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
1901+ * Remaining changes:
1902+ - qemu-kvm to systemd unit
1903+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1904+ hugepages and architecture specifics
1905+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1906+ - d/qemu-system-common.install: install systemd unit and helper script
1907+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1908+ - d/qemu-system-common.qemu-kvm.default: defaults for
1909+ /etc/default/qemu-kvm
1910+ - d/rules: install /etc/default/qemu-kvm
1911+ - Enable nesting by default
1912+ - set nested=1 module option on intel. (is default on amd)
1913+ - re-load kvm_intel.ko if it was loaded without nested=1
1914+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1915+ in qemu64 cpu type.
1916+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1917+ in qemu64 on amd
1918+ - libvirt/qemu user/group support
1919+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1920+ trigger.
1921+ - qemu-system-common.preinst: add kvm group if needed
1922+ - Distribution specific machine type
1923+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1924+ types to ease future live vm migration.
1925+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1926+ - improved dependencies
1927+ - Make qemu-system-common depend on qemu-block-extra
1928+ - Make qemu-utils depend on qemu-block-extra
1929+ - let qemu-utils recommend sharutils
1930+ - s390x support
1931+ - Create qemu-system-s390x package
1932+ - Include s390-ccw.img firmware
1933+ - Enable numa support for s390x
1934+ - ppc64[le] support
1935+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
1936+ - Enable seccomp for ppc64el
1937+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
1938+ - arch aware kvm wrappers
1939+ - disable missing x32 architecture
1940+ - update VCS links
1941+ * Added changes
1942+ - d/rules: or32 is now named or1k (since 4a09d0bb)
1943+ - d/qemu-system-common.docs: new paths since (ac06724a)
1944+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
1945+ by qapi-schema.json which is already packaged (since 4d8bb958)
1946+ - Updates in debian/patches to match qemu 2.10
1947+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
1948+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
1949+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
1950+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
1951+ - update VCS-git to match the Artful branch
1952+ - s390x package now builds correctly on all architectures (LP: #1710695)
1953+ * Dropped changes (integrated upstream):
1954+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
1955+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
1956+ - All CVE fixes formerly applied are upstream and thereby dropped.
1957+
1958+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
1959+
1960 qemu (1:2.8+dfsg-7) unstable; urgency=medium
1961
1962 * uploading to unstable all fixes which went to stretch-security
1963@@ -981,6 +2879,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
1964
1965 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
1966
1967+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
1968+
1969+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
1970+ This was inadvertently dropped on 2.8 merge.
1971+
1972+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
1973+
1974+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
1975+
1976+ * SECURITY UPDATE: denial of service via leak in virtFS
1977+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
1978+ hw/9pfs/9p.c.
1979+ - CVE-2017-7377
1980+ * SECURITY UPDATE: denial of service in cirrus_vga
1981+ - debian/patches/CVE-2017-7718.patch: check parameters in
1982+ hw/display/cirrus_vga_rop.h.
1983+ - CVE-2017-7718
1984+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
1985+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
1986+ hw/display/cirrus_vga.c.
1987+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
1988+ hw/display/cirrus_vga.c.
1989+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
1990+ in hw/display/cirrus_vga.c.
1991+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
1992+ hw/display/cirrus_vga.c.
1993+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
1994+ in hw/display/cirrus_vga.c.
1995+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
1996+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
1997+ hw/display/cirrus_vga_rop2.h.
1998+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
1999+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2000+ hw/display/cirrus_vga_rop2.h.
2001+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
2002+ hw/display/cirrus_vga_rop.h.
2003+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
2004+ hw/display/cirrus_vga.c.
2005+ - CVE-2017-7980
2006+ * SECURITY UPDATE: denial of service via memory leak in virtFS
2007+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
2008+ - CVE-2017-8086
2009+ * SECURITY UPDATE: denial of service via leak in audio
2010+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
2011+ audio/audio.c.
2012+ - CVE-2017-8309
2013+ * SECURITY UPDATE: denial of service via leak in keyboard
2014+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
2015+ ui/input.c.
2016+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
2017+ ui/input.c.
2018+ - CVE-2017-8379
2019+
2020+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
2021+
2022+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
2023+
2024+ * SECURITY UPDATE: DoS in virtio GPU device
2025+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
2026+ max_size in hw/display/virtio-gpu-3d.c.
2027+ - CVE-2016-10028
2028+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
2029+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
2030+ in hw/dma/rc4030.c.
2031+ - CVE-2016-8667
2032+ * SECURITY UPDATE: host filesystem access via virtFS
2033+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
2034+ hw/9pfs/*.
2035+ - CVE-2016-9602
2036+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
2037+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
2038+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
2039+ ui/console.c, ui/vnc.c.
2040+ - CVE-2016-9603
2041+ * SECURITY UPDATE: information leak in virtio GPU device
2042+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
2043+ hw/display/virtio-gpu-3d.c.
2044+ - CVE-2016-9908
2045+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2046+ - debian/patches/CVE-2016-9912.patch: properly free memory in
2047+ hw/display/virtio-gpu.c.
2048+ - CVE-2016-9912
2049+ * SECURITY UPDATE: DoS via virtFS
2050+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
2051+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
2052+ - CVE-2016-9914
2053+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2054+ - debian/patches/CVE-2017-5552.patch: check return value in
2055+ hw/display/virtio-gpu-3d.c.
2056+ - CVE-2017-5552
2057+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2058+ - debian/patches/CVE-2017-5578.patch: check res->iov in
2059+ hw/display/virtio-gpu.c.
2060+ - CVE-2017-5578
2061+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
2062+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
2063+ handling in hw/sd/sdhci.c.
2064+ - CVE-2017-5987
2065+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
2066+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
2067+ hw/usb/hcd-ohci.c.
2068+ - CVE-2017-6505
2069+
2070+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
2071+
2072+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
2073+
2074+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2075+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
2076+
2077+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
2078+
2079+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
2080+
2081+ * Merge with Debian;
2082+ This fixes several CVEs that were reported against qemu 2.8 and also
2083+ includes a few important functional backports (LP: #1667033); remaining
2084+ changes:
2085+ - add qemu-kvm init script and defaults file
2086+ (d/qemu-system-common.qemu-kvm.*)
2087+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2088+ modules and handling /etc/default/qemu-kvm
2089+ - qemu-system-common.preinst: add kvm group if needed
2090+ - Enable nesting by default on intel.
2091+ - set default module option
2092+ - re-load kvm_intel.ko if it was loaded without nested=1
2093+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2094+ default in qemu64 cpu type.
2095+ - Enable svm by default for qemu64 on amd
2096+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
2097+ define distro machine types to ease future live vm migration (includes
2098+ all former follow up fixes).
2099+ - Make qemu-system-common depend on qemu-block-extra
2100+ - Make qemu-utils depend on qemu-block-extra
2101+ - s390x support
2102+ - Create qemu-system-s390x package
2103+ - Include s390-ccw.img firmware
2104+ - qemu-system-common.postinst:
2105+ - change acl placed by udev, and add udevadm trigger.
2106+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2107+ - Several changes were applied but missing in the changelog so far
2108+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2109+ - arch aware kvm wrapper
2110+ - update VCS links
2111+ - let qemu-utils recommend sharutils
2112+ - disable x32 architecture
2113+ - Enable seccomp for ppc64el
2114+ - Enable numa support for s390x
2115+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2116+ init.d-script-missing-dependency-on-remote_fs
2117+ - d/qemu-system-common.postinst: fix lintian error type
2118+ command-with-path-in-maintainer-script
2119+ - Transition qemu-kvm to a systemd unit
2120+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2121+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2122+ that it shows up where the user expects (sytemctl status, kvm stdout)
2123+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2124+ - add arch aware kvm wrapper for s390x
2125+ * Dropped Changes (in Debian now):
2126+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2127+ - d/control-in: change dependencies for fix of wrong acl for newly
2128+ created device node on ubuntu
2129+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2130+ relationship, but qemu-efi is still in universe right now.
2131+ - Disable glusterfs (Universe dependency)
2132+ - no more skip disable libiscsi on Ubuntu
2133+ - d/rules, d/control-in: avoid people editing d/control
2134+ * Added Changes:
2135+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
2136+ power makes 2.3 the minimum level.
2137+
2138+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
2139+
2140 qemu (1:2.8+dfsg-3) unstable; urgency=high
2141
2142 * urgency high due to security fixes
2143@@ -1041,6 +3112,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
2144
2145 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
2146
2147+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
2148+
2149+ * Merge with Debian; remaining changes:
2150+ - add qemu-kvm init script and defaults file
2151+ (d/qemu-system-common.qemu-kvm.*)
2152+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2153+ modules and handling /etc/default/qemu-kvm
2154+ - qemu-system-common.preinst: add kvm group if needed
2155+ - Enable nesting by default on intel.
2156+ - set default module option
2157+ - re-load kvm_intel.ko if it was loaded without nested=1
2158+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2159+ default in qemu64 cpu type.
2160+ - Enable svm by default for qemu64 on amd
2161+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2162+ types to ease future live vm migration.
2163+ - Make qemu-system-common depend on qemu-block-extra
2164+ - Make qemu-utils depend on qemu-block-extra
2165+ - s390x support
2166+ - Create qemu-system-s390x package
2167+ - Include s390-ccw.img firmware
2168+ - qemu-system-common.postinst:
2169+ - change acl placed by udev, and add udevadm trigger.
2170+ - d/control-in: change dependencies for fix of wrong acl for newly
2171+ created device node on ubuntu
2172+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2173+ relationship, but qemu-efi is still in universe right now.
2174+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2175+ - Several changes were applied but missing in the changelog so far
2176+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2177+ - arch aware kvm wrapper
2178+ - update VCS links
2179+ - no more skip disable libiscsi on Ubuntu
2180+ - let qemu-utils recommend sharutils
2181+ - disable x32 architecture
2182+ * Dropped Changes:
2183+ - Several changes were applied but missing in the changelog so far
2184+ but are no more needed
2185+ - no pie for relocatable LD calls, with toolchain defaulting to
2186+ pie (fixed upstream)
2187+ - enable libnuma-dev (now in Debian)
2188+ - transition for moved init scripts (can be dropped after LTS
2189+ containing >=2.5 which is Xenial)
2190+ - --enable-seccomp related whitespace change (had no effect)
2191+ - apport hook for qemu source package (In Debian)
2192+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
2193+ - d/qemu-system-x86.maintscript: transition off of
2194+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
2195+ - Enable pie by default, on ubuntu/s390x. (Is the default since
2196+ >=Xenial, no cloud archive backport <=Xenial to consider)
2197+ - no pie for relocatable LD calls (fixed upstream in commit
2198+ 7ecf44a5)
2199+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
2200+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
2201+ (Improved fix included by upstream)
2202+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
2203+ - Fixed wrong migration blocker when vhost is used (is upstream in
2204+ qemu 2.8)
2205+ * Added Changes:
2206+ - d/rules, d/control-in: avoid people editing d/control by warning
2207+ header and non writable permissions
2208+ - fixed moving trusty machine type definition which made it
2209+ ambiguous (LP: #1641532)
2210+ - d/qemu-system-x86.NEWS describe the issue
2211+ - Enable seccomp for ppc64el (LP: #1644639)
2212+ - Enable numa support for s390x
2213+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2214+ init.d-script-missing-dependency-on-remote_fs
2215+ - d/qemu-system-common.postinst: fix lintian error type
2216+ command-with-path-in-maintainer-script
2217+ - Transition qemu-kvm to a systemd unit
2218+ - Disable glusterfs (Universe dependency)
2219+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2220+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2221+ that it shows up where the user expects (sytemctl status, kvm stdout)
2222+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2223+ - add arch aware kvm wrapper for s390x
2224+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2225+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
2226+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
2227+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
2228+
2229+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
2230+
2231 qemu (1:2.8+dfsg-2) unstable; urgency=medium
2232
2233 * Revert "update binfmt registration for mipsn32"
2234@@ -1159,6 +3314,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
2235
2236 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
2237
2238+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
2239+
2240+ * No-change rebuild to compile against new libxen version.
2241+
2242+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
2243+
2244+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
2245+
2246+ * retain older xenial machine type to avoid issues starting guests
2247+ created on xenial prior to the SRU for bug 1621042. In that regard the old
2248+ broken xenial machine type and the new fixed one have both to be considered
2249+ as valid LTS machine types (LP: #1626070).
2250+
2251+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
2252+
2253+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
2254+
2255+ * fix default ubuntu machine types. (LP: #1621042)
2256+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
2257+ - remove double default and double ubuntu alias
2258+ - drop former devel releases utopic, vivid, wily
2259+ - add xenial and yakkety machine types
2260+ - add q35 based ubuntu machine type starting at xenial
2261+ - add ubuntu machine types on ppc64el and s390x starting at xenial
2262+
2263+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
2264+
2265+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
2266+
2267+ * Enable GPU Passthru for ppc64le (LP: #1541902)
2268+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
2269+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
2270+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
2271+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
2272+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
2273+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
2274+ - 0007-spapr_iommu-Migrate-full-state.patch
2275+ - 0008-spapr_iommu-Add-root-memory-region.patch
2276+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
2277+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
2278+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
2279+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
2280+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
2281+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
2282+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
2283+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
2284+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
2285+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
2286+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
2287+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
2288+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
2289+
2290+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
2291+
2292+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
2293+
2294+ * New upstream release. LP: #1617055.
2295+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
2296+
2297+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
2298+
2299 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
2300
2301 * Non-maintainer upload.
2302@@ -1192,6 +3408,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
2303
2304 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
2305
2306+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
2307+
2308+ * SECURITY UPDATE: DoS via unbounded memory allocation
2309+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
2310+ - CVE-2016-5403
2311+ * SECURITY UPDATE: oob write access while reading ESP command
2312+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
2313+ maximum CDB size and handle migration in hw/scsi/esp.c,
2314+ include/hw/scsi/esp.h, include/migration/vmstate.h.
2315+ - CVE-2016-6351
2316+ * SECURITY UPDATE: infinite loop in virtqueue_pop
2317+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
2318+ length in hw/virtio/virtio.c.
2319+ - CVE-2016-6490
2320+
2321+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
2322+
2323+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
2324+
2325+ * Merge with Debian; remaining changes:
2326+ - debian/rules: do not drop the init scripts loading kvm modules
2327+ (still needed in precise in cloud archive)
2328+ - qemu-system-common.postinst:
2329+ * remove acl placed by udev, and add udevadm trigger.
2330+ * reload kvm_intel if needed to set nested=1
2331+ - qemu-system-common.preinst: add kvm group if needed
2332+ - add qemu-kvm upstart job and defaults file (rules,
2333+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2334+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2335+ do not auto-load the kvm kernel module. Enable nesting by default
2336+ on intel.
2337+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2338+ in qemu64 cpu type.
2339+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2340+ types to ease future live vm migration.
2341+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2342+ d/qemu-system-common.install
2343+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2344+ to fix errors with missing block backends.
2345+ - s390x:
2346+ * Create qemu-system-s390x package
2347+ * Enable pie by default, on ubuntu/s390x.
2348+ * Enable svm by default for qemu64 on amd
2349+ * Include s390-ccw.img firmware
2350+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
2351+ relationship, but qemu-efi is still in universe right now.
2352+
2353+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
2354+
2355 qemu (1:2.6+dfsg-3) unstable; urgency=high
2356
2357 * more security fixes picked from upstream:
2358@@ -1245,6 +3510,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
2359
2360 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
2361
2362+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
2363+
2364+ * Merge with Debian; remaining changes: (LP: #1583775)
2365+ - debian/rules: do not drop the init scripts loading kvm modules
2366+ (still needed in precise in cloud archive)
2367+ - qemu-system-common.postinst:
2368+ * remove acl placed by udev, and add udevadm trigger.
2369+ * reload kvm_intel if needed to set nested=1
2370+ - qemu-system-common.preinst: add kvm group if needed
2371+ - add qemu-kvm upstart job and defaults file (rules,
2372+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2373+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2374+ do not auto-load the kvm kernel module. Enable nesting by default
2375+ on intel.
2376+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2377+ in qemu64 cpu type.
2378+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2379+ types to ease future live vm migration.
2380+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2381+ d/qemu-system-common.install
2382+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2383+ to fix errors with missing block backends. (LP: #1495895)
2384+ - s390x:
2385+ * Create qemu-system-s390x package
2386+ * Enable pie by default, on ubuntu/s390x.
2387+ * Enable svm by default for qemu64 on amd
2388+ * Include s390-ccw.img firmware
2389+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
2390+ relationship, but qemu-efi is still in universe right now.
2391+ * Drop patches which have been applied upstream:
2392+
2393+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
2394+
2395 qemu (1:2.6+dfsg-1) unstable; urgency=medium
2396
2397 * new upstream release
2398@@ -1282,6 +3580,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
2399
2400 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
2401
2402+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
2403+
2404+ * Cherrypick upstream patches to support the query-gic-version QMP command
2405+ (LP: #1566564)
2406+
2407+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
2408+
2409+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
2410+
2411+ [Stefan Bader]
2412+ * Enable svm by default for qemu64 on amd (LP: #1561019)
2413+
2414+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
2415+
2416+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
2417+
2418+ * qemu-system-s390x only available on s390x, so qemu-system should only
2419+ depend on it on this arch.
2420+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
2421+ relationship, but qemu-efi is still in universe right now.
2422+
2423+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
2424+
2425+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
2426+
2427+ * And actually ship the right things in qemu-system-s390x.
2428+
2429+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
2430+
2431+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
2432+
2433+ * Create qemu-system-s390x package on ubuntu only.
2434+
2435+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
2436+
2437+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
2438+
2439+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
2440+
2441+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
2442+
2443+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
2444+
2445+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
2446+ (LP: #1556306)
2447+
2448+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
2449+
2450+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
2451+
2452+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
2453+
2454+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
2455+
2456+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
2457+
2458+ * d/control{-in}: Re-generate and build with libiscsi-dev now
2459+ that its in Ubuntu main (LP: #1271653).
2460+
2461+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
2462+
2463+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
2464+
2465+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
2466+
2467+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
2468+
2469+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
2470+
2471+ * No-change rebuild for gnutls transition.
2472+
2473+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
2474+
2475+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
2476+
2477+ * Merge with Debian; remaining changes:
2478+ - debian/rules: do not drop the init scripts loading kvm modules
2479+ (still needed in precise in cloud archive)
2480+ - qemu-system-common.postinst:
2481+ * remove acl placed by udev, and add udevadm trigger.
2482+ * reload kvm_intel if needed to set nested=1
2483+ - qemu-system-common.preinst: add kvm group if needed
2484+ - add qemu-kvm upstart job and defaults file (rules,
2485+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2486+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2487+ do not auto-load the kvm kernel module. Enable nesting by default
2488+ on intel.
2489+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2490+ in qemu64 cpu type.
2491+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2492+ types to ease future live vm migration.
2493+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2494+ d/qemu-system-common.install
2495+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2496+ to fix errors with missing block backends. (LP: #1495895)
2497+ - Enable pie by default, on ubuntu/s390x.
2498+ - Include s390-ccw.img firmware.
2499+
2500+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
2501+
2502 qemu (1:2.5+dfsg-5) unstable; urgency=medium
2503
2504 * fix misspellings in previous debian/changelog entry
2505@@ -1339,6 +3737,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
2506
2507 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
2508
2509+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
2510+
2511+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
2512+ contents
2513+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
2514+ hw/block/xen_blkif.h.
2515+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
2516+ hw/display/xenfb.c.
2517+ - CVE-2015-8550
2518+ * SECURITY UPDATE: infinite loop in ehci_advance_state
2519+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
2520+ in hw/usb/hcd-ehci.c.
2521+ - CVE-2015-8558
2522+ * SECURITY UPDATE: host memory leakage in vmxnet3
2523+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
2524+ hw/net/vmxnet3.c.
2525+ - CVE-2015-8567
2526+ - CVE-2015-8568
2527+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
2528+ - debian/patches/CVE-2015-8613.patch: initialise info object with
2529+ appropriate size in hw/scsi/megasas.c.
2530+ - CVE-2015-8613
2531+ * SECURITY UPDATE: DoS via Human Monitor Interface
2532+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
2533+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
2534+ - CVE-2015-8619
2535+ * SECURITY UPDATE: incorrect array bounds check in rocker
2536+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
2537+ check in hw/net/rocker/rocker.c.
2538+ - CVE-2015-8701
2539+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
2540+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
2541+ operations in hw/net/ne2000.c.
2542+ - CVE-2015-8743
2543+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
2544+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
2545+ error in hw/ide/ahci.c.
2546+ - CVE-2016-1568
2547+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
2548+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
2549+ hw/i386/kvmvapic.c.
2550+ - CVE-2016-1922
2551+ * SECURITY UPDATE: e1000 infinite loop
2552+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
2553+ out-of-bounds transfer start in hw/net/e1000.c
2554+ - CVE-2016-1981
2555+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
2556+ engines
2557+ - debian/patches/CVE-2016-2197.patch: add check before calling
2558+ dma_memory_unmap in hw/ide/ahci.c.
2559+ - CVE-2016-2197
2560+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
2561+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
2562+ function in hw/usb/hcd-ehci.c.
2563+ - CVE-2016-2198
2564+
2565+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
2566+
2567+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
2568+
2569+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
2570+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
2571+
2572+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
2573+
2574+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
2575+
2576+ * Include s390-ccw.img firmware.
2577+
2578+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
2579+
2580+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
2581+
2582+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
2583+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
2584+ Thanks Simon. (LP: #1531191)
2585+
2586+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
2587+
2588+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
2589+
2590+ * Merge with Debian; remaining changes:
2591+ - debian/rules: do not drop the init scripts loading kvm modules
2592+ (still needed in precise in cloud archive)
2593+ - qemu-system-common.postinst:
2594+ * remove acl placed by udev, and add udevadm trigger.
2595+ * reload kvm_intel if needed to set nested=1
2596+ - qemu-system-common.preinst: add kvm group if needed
2597+ - add qemu-kvm upstart job and defaults file (rules,
2598+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2599+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2600+ do not auto-load the kvm kernel module. Enable nesting by default
2601+ on intel.
2602+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2603+ in qemu64 cpu type.
2604+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2605+ types to ease future live vm migration.
2606+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2607+ d/qemu-system-common.install
2608+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2609+ to fix errors with missing block backends. (LP: #1495895)
2610+ - Enable pie by default, on ubuntu/s390x.
2611+ * Drop vGICv3 support patches - all is now upstream
2612+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
2613+
2614+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
2615+
2616 qemu (1:2.5+dfsg-1) unstable; urgency=medium
2617
2618 * new upstream release
2619@@ -1365,6 +3870,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
2620
2621 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
2622
2623+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
2624+
2625+ * Enable pie by default, on ubuntu/s390x.
2626+
2627+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
2628+
2629+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
2630+
2631+ * undo the libseccomp delta from debian. libseccomp is indeed available
2632+ on other arches, but we need qemu's configure script to be fixed before
2633+ we can use it on anything other than amd64|i386. Fixes FTBFS.
2634+ (LP: #1522531)
2635+
2636+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
2637+
2638+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
2639+
2640+ * Merge with Debian; remaining changes:
2641+ - Update the ubuntu machine types patch to reflect upstream churn
2642+ - debian/rules: do not drop the init scripts loading kvm modules
2643+ (still needed in precise in cloud archive)
2644+ - qemu-system-common.postinst:
2645+ * remove acl placed by udev, and add udevadm trigger.
2646+ * reload kvm_intel if needed to set nested=1
2647+ - qemu-system-common.preinst: add kvm group if needed
2648+ - add qemu-kvm upstart job and defaults file (rules,
2649+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2650+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2651+ do not auto-load the kvm kernel module. Enable nesting by default
2652+ on intel.
2653+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2654+ in qemu64 cpu type.
2655+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2656+ machine type to ease future live vm migration.
2657+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2658+ d/qemu-system-common.install
2659+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2660+ to fix errors with missing block backends. (LP: #1495895)
2661+ - control-in: build with libseccomp an all architectures
2662+ - Add vGICv3 support
2663+
2664+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
2665+
2666 qemu (1:2.4+dfsg-5) unstable; urgency=medium
2667
2668 * trace-remove-malloc-tracing.patch from upstream.
2669@@ -1377,6 +3925,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
2670
2671 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
2672
2673+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
2674+
2675+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
2676+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
2677+ hw/net/pcnet.c.
2678+ - CVE-2015-7504
2679+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
2680+ - debian/patches/CVE-2015-7512.patch: check packet length in
2681+ hw/net/pcnet.c.
2682+ - CVE-2015-7512
2683+ * SECURITY UPDATE: infinite loop in eepro100
2684+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
2685+ hw/net/eepro100.c.
2686+ - CVE-2015-8345
2687+
2688+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
2689+
2690+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
2691+
2692+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
2693+
2694+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
2695+
2696+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
2697+
2698+ * Merge 2.4 from unstable. Remaining changes:
2699+ - Update the ubuntu machine types patch to reflect upstream churn
2700+ - debian/rules: do not drop the init scripts loading kvm modules
2701+ (still needed in precise in cloud archive)
2702+ - qemu-system-common.postinst:
2703+ * remove acl placed by udev, and add udevadm trigger.
2704+ * reload kvm_intel if needed to set nested=1
2705+ - qemu-system-common.preinst: add kvm group if needed
2706+ - add qemu-kvm upstart job and defaults file (rules,
2707+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2708+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2709+ do not auto-load the kvm kernel module. Enable nesting by default
2710+ on intel.
2711+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2712+ in qemu64 cpu type.
2713+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2714+ machine type to ease future live vm migration.
2715+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2716+ d/qemu-system-common.install
2717+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2718+ to fix errors with missing block backends. (LP: #1495895)
2719+ - control-in: build with libseccomp an all architectures.
2720+ * Add vGICv3 support
2721+
2722+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
2723+
2724 qemu (1:2.4+dfsg-4) unstable; urgency=medium
2725
2726 * applied 3 patches from upstream to fix virtio-net
2727@@ -1391,7 +3990,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
2728 fix for Heap overflow vulnerability in ne2000_receive() function
2729 (Closes: #799074 CVE-2015-5279)
2730 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
2731- (Closes: #799073 CVE-2015-5278)
2732+ (Closes: #799073 CVE-2015-5278)
2733 * some binfmt reorg:
2734 - extend aarch64 to include one more byte as other arches do
2735 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
2736@@ -1443,6 +4042,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
2737
2738 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
2739
2740+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
2741+
2742+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
2743+
2744+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
2745+
2746+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
2747+
2748+ * debian/patches/upstream-fix-irq-route-entries.patch
2749+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
2750+ (LP: #1465935)
2751+
2752+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
2753+
2754+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
2755+
2756+ * Build using libseccomp on all architectures.
2757+
2758+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
2759+
2760+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
2761+
2762+ * SECURITY UPDATE: denial of service via NE2000 driver
2763+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
2764+ hw/net/ne2000.c.
2765+ - CVE-2015-5278
2766+ * SECURITY UPDATE: denial of service and possible code execution via
2767+ heap overflow in NE2000 driver
2768+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
2769+ hw/net/ne2000.c.
2770+ - CVE-2015-5279
2771+ * SECURITY UPDATE: denial of service via e1000 infinite loop
2772+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
2773+ - CVE-2015-6815
2774+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
2775+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
2776+ hw/ide/core.c.
2777+ - CVE-2015-6855
2778+
2779+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
2780+
2781+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
2782+
2783+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
2784+ to fix errors with missing block backends. (LP: #1495895)
2785+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
2786+ * Apply fix for memory corruption during live-migration in tcg mode
2787+ (LP: #1493049)
2788+ * Apply tracing patch to remove use of custom vtable in newer glibc
2789+ (LP: #1491972)
2790+
2791+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
2792+
2793+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
2794+
2795+ * Import qcow2-handle-eagain-from-update_refcount from upstream
2796+ to fix errors when using qemu-img convert -c. (LP: #1491050)
2797+
2798+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
2799+
2800+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
2801+
2802+ * SECURITY UPDATE: process heap memory disclosure
2803+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
2804+ - CVE-2015-5165
2805+ * SECURITY UPDATE: privilege escalation via block device unplugging
2806+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
2807+ in hw/ide/piix.c.
2808+ - CVE-2015-5166
2809+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
2810+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
2811+ limits in ui/vnc.c.
2812+ - CVE-2015-5225
2813+ * SECURITY UPDATE: denial of service via virtio-serial
2814+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
2815+ for control messages in hw/char/virtio-serial-bus.c.
2816+ - CVE-2015-5745
2817+
2818+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
2819+
2820+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
2821+
2822+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
2823+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
2824+ - CVE-2015-3214
2825+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
2826+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
2827+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
2828+ - CVE-2015-5154
2829+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
2830+ - debian/patches/CVE-2015-5158.patch: check length in
2831+ hw/scsi/scsi-bus.c.
2832+ - CVE-2015-5158
2833+
2834+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
2835+
2836+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
2837+
2838+ * SECURITY UPDATE: heap overflow in PCNET controller
2839+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
2840+ - CVE-2015-3209
2841+
2842+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
2843+
2844+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
2845+
2846+ * Merge 1:2.3+dfsg-5 from Debian.
2847+ * Remaining changes:
2848+ - debian/rules: do not drop the init scripts loading kvm modules
2849+ (still needed in precise in cloud archive)
2850+ - qemu-system-common.postinst:
2851+ * remove acl placed by udev, and add udevadm trigger.
2852+ * reload kvm_intel if needed to set nested=1
2853+ - qemu-system-common.preinst: add kvm group if needed
2854+ - add qemu-kvm upstart job and defaults file (rules,
2855+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2856+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2857+ do not auto-load the kvm kernel module. Enable nesting by default
2858+ on intel.
2859+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2860+ in qemu64 cpu type.
2861+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2862+ machine type to ease future live vm migration.
2863+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2864+ d/qemu-system-common.install
2865+ * Refreshed patches:
2866+ - ubuntu/expose-vmx_qemu64cpu.patch
2867+ - ubuntu/define-ubuntu-machine-types.patch
2868+
2869+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
2870+
2871 qemu (1:2.3+dfsg-5) unstable; urgency=high
2872
2873 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
2874@@ -1454,6 +4184,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
2875
2876 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
2877
2878+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
2879+
2880+ * Merge 1:2.3+dfsg-4 from Debian.
2881+ * Remaining changes:
2882+ - debian/rules: do not drop the init scripts loading kvm modules
2883+ (still needed in precise in cloud archive)
2884+ - qemu-system-common.postinst:
2885+ * remove acl placed by udev, and add udevadm trigger.
2886+ * reload kvm_intel if needed to set nested=1
2887+ - qemu-system-common.preinst: add kvm group if needed
2888+ - add qemu-kvm upstart job and defaults file (rules,
2889+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2890+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2891+ do not auto-load the kvm kernel module. Enable nesting by default
2892+ on intel.
2893+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2894+ in qemu64 cpu type.
2895+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2896+ machine type to ease future live vm migration.
2897+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2898+ d/qemu-system-common.install
2899+ * Dropped all patches which are applied upstream
2900+ * Move the upstart jobs to a generic script
2901+ - add new qemu-kvm-init script
2902+ - call that from upstart and sysvrc qemu-kvm scripts
2903+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
2904+
2905+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
2906+
2907 qemu (1:2.3+dfsg-4) unstable; urgency=medium
2908
2909 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
2910@@ -1515,6 +4274,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
2911
2912 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
2913
2914+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
2915+
2916+ * SECURITY UPDATE: denial of service in vnc web
2917+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
2918+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
2919+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
2920+ websockets clients in ui/vnc-ws.c.
2921+ - CVE-2015-1779
2922+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
2923+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
2924+ bounds of the allocated buffer in hw/block/fdc.c.
2925+ - CVE-2015-3456
2926+
2927+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
2928+
2929+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
2930+
2931+ * CVE-2015-2756 / XSA-126
2932+ - xen: limit guest control of PCI command register
2933+
2934+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
2935+
2936+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
2937+
2938+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
2939+ accidentally create /1
2940+
2941+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
2942+
2943+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
2944+
2945+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
2946+
2947+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
2948+
2949+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
2950+
2951+ * No-change rebuild to pull in libxl-4.5.
2952+
2953+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
2954+
2955+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
2956+
2957+ * debian/control-in: enable numa on architectures where numa is built
2958+ (LP: #1417937)
2959+
2960+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
2961+
2962+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
2963+
2964+ [Scott Moser]
2965+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
2966+ profile when started by libvirt.
2967+
2968+ [Serge Hallyn]
2969+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
2970+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
2971+ (LP: #1419855)
2972+
2973+ [Chris J Arges]
2974+ * Determine if we are running inside a virtual environment. If running inside
2975+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
2976+
2977+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
2978+
2979+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
2980+
2981+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
2982+ - debian/rules: do not drop the init scripts loading kvm modules
2983+ (still needed in precise in cloud archive)
2984+ * Remaining changes:
2985+ - qemu-system-common.postinst:
2986+ * remove acl placed by udev, and add udevadm trigger.
2987+ * reload kvm_intel if needed to set nested=1
2988+ - qemu-system-common.preinst: add kvm group if needed
2989+ - add qemu-kvm upstart job and defaults file (rules,
2990+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2991+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2992+ do not auto-load the kvm kernel module. Enable nesting by default
2993+ on intel.
2994+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2995+ in qemu64 cpu type.
2996+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2997+ machine type to ease future live vm migration.
2998+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2999+ d/qemu-system-common.install
3000+ * Dropped all patches which are applied upstream
3001+ * Update ubuntu-vivid machine type to default to std graphics (following
3002+ upstream's lead for pc-i440fx-2.2 machine type)
3003+
3004+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
3005+
3006 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
3007
3008 * fix initscript removal once again
3009@@ -1564,6 +4415,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
3010
3011 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
3012
3013+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
3014+
3015+ * Cherrypick upstream patch needed to allow ESx hosts to run under
3016+ kvm (LP: #1411575)
3017+
3018+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
3019+
3020+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
3021+
3022+ * Merge 2.1+dfsg-11. Remaining changes:
3023+ - qemu-system-common.postinst:
3024+ * remove acl placed by udev, and add udevadm trigger.
3025+ * reload kvm_intel if needed to set nested=1
3026+ - qemu-system-common.preinst: add kvm group if needed
3027+ - add qemu-kvm upstart job and defaults file (rules,
3028+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3029+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3030+ do not auto-load the kvm kernel module. Enable nesting by default
3031+ on intel.
3032+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3033+ removed the alternatives bit later.
3034+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3035+ in qemu64 cpu type.
3036+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3037+ machine type to ease future live vm migration.
3038+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3039+ d/qemu-system-common.install
3040+ - debian/binfmt-update-in: support ppcle
3041+ * debian/binfmt-update-in
3042+ * Support-ppcle.patch
3043+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
3044+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3045+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3046+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3047+ * Dropped patches (upstream or now in debian's tree):
3048+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
3049+ - CVE-2014-7840.patch
3050+ - CVE-2014-8106.patch
3051+
3052+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
3053+
3054 qemu (1:2.1+dfsg-11) unstable; urgency=medium
3055
3056 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
3057@@ -1633,6 +4525,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
3058
3059 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
3060
3061+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
3062+
3063+ * SECURITY UPDATE: code execution via savevm data
3064+ - debian/patches/CVE-2014-7840.patch: validate parameters in
3065+ arch_init.c.
3066+ - CVE-2014-7840
3067+ * SECURITY UPDATE: code execution via cirrus vga blit regions
3068+ (LP: #1400775)
3069+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
3070+ hw/display/cirrus_vga.c.
3071+ - CVE-2014-8106
3072+
3073+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
3074+
3075+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
3076+
3077+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
3078+ dropped and VENDOR now will be all capital UBUNTU).
3079+
3080+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
3081+
3082+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
3083+
3084+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3085+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3086+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3087+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
3088+ SPSel=0 in certain conditions. (LP: #1349277)
3089+
3090+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
3091+
3092+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
3093+
3094+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
3095+ Cherry-pick of qemu-upstream patch to fix issues with persistent
3096+ grants and the PV backend (Qdisk) (LP: #1394327).
3097+
3098+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
3099+
3100+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
3101+
3102+ * Merge 2.1+dfsg-7. Remaining changes:
3103+ - qemu-system-common.postinst:
3104+ * remove acl placed by udev, and add udevadm trigger.
3105+ * reload kvm_intel if needed to set nested=1
3106+ - qemu-system-common.preinst: add kvm group if needed
3107+ - add qemu-kvm upstart job and defaults file (rules,
3108+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3109+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3110+ do not auto-load the kvm kernel module. Enable nesting by default
3111+ on intel.
3112+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3113+ removed the alternatives bit later.
3114+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3115+ in qemu64 cpu type.
3116+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3117+ machine type to ease future live vm migration.
3118+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3119+ d/qemu-system-common.install
3120+ - debian/binfmt-update-in: support ppcle
3121+ * debian/binfmt-update-in
3122+ * Support-ppcle.patch
3123+ * Dropped patches (upstream or now in debian's tree):
3124+ - pc-reserve-more-memory-for-acpi.patch
3125+ - CVE-2014-5388.patch
3126+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
3127+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
3128+ in debian)
3129+ - CVE-2014-3615.patch
3130+ - CVE-2014-3640.patch
3131+ - CVE-2014-3689.patch
3132+ - CVE-2014-7815.patch
3133+
3134+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
3135+
3136 qemu (2.1+dfsg-7) unstable; urgency=high
3137
3138 * urgency is high due to 2 security fixes
3139@@ -1684,6 +4651,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
3140
3141 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
3142
3143+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
3144+
3145+ * SECURITY UPDATE: information disclosure via vga driver
3146+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
3147+ sanity check register writes, and don't use fixed buffer sizes in
3148+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
3149+ ui/spice-display.c.
3150+ - CVE-2014-3615
3151+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
3152+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
3153+ stub in slirp/udp.c.
3154+ - CVE-2014-3640
3155+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
3156+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
3157+ hw/display/vmware_vga.c.
3158+ - CVE-2014-3689
3159+ * SECURITY UPDATE: denial of service via VNC console
3160+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
3161+ ui/vnc.c.
3162+ - CVE-2014-7815
3163+
3164+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
3165+
3166+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
3167+
3168+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
3169+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
3170+
3171+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
3172+
3173+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
3174+
3175+ * Apply two patches to fix intermittent qemu-img corruption
3176+ (LP: #1368815)
3177+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
3178+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
3179+
3180+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
3181+
3182+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
3183+
3184+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
3185+ debian does.
3186+
3187+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
3188+
3189+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
3190+
3191+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
3192+ versa.
3193+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
3194+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
3195+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
3196+ machine type for that.
3197+
3198+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
3199+
3200+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
3201+
3202+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
3203+ container. (LP: #1370199)
3204+ * load kvm module on ppc64le at boot (LP: #1369785)
3205+ - debian/rules: install qemu-kvm on ppc64el
3206+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
3207+ kvm-hv module if available
3208+ * qemu-system-x86.maintscript: remove accidentally installed
3209+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
3210+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
3211+ ubuntu.
3212+
3213+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
3214+
3215+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
3216+
3217+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
3218+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
3219+
3220+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
3221+
3222+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
3223+
3224+ * move kvm_intel nested setting to qemu-system-x86.postinst.
3225+
3226+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
3227+
3228+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
3229+
3230+ * Merge new debian release
3231+ * Remaining changes:
3232+ - qemu-system-common.postinst:
3233+ * remove acl placed by udev, and add udevadm trigger.
3234+ * reload kvm_intel if needed to set nested=1
3235+ - qemu-system-common.preinst: add kvm group if needed
3236+ - add qemu-kvm upstart job and defaults file (rules,
3237+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3238+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3239+ do not auto-load the kvm kernel module. Enable nesting by default
3240+ on intel.
3241+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3242+ removed the alternatives bit later.
3243+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3244+ in qemu64 cpu type.
3245+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3246+ machine type to ease future live vm migration.
3247+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3248+ d/qemu-system-common.install
3249+ - debian/binfmt-update-in: support ppcle
3250+ * debian/binfmt-update-in
3251+ * Support-ppcle.patch
3252+ - d/p/CVE-2014-5388.patch
3253+
3254+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
3255+
3256 qemu (2.1+dfsg-4) unstable; urgency=medium
3257
3258 * mention libnuma-dev but not enable for now
3259@@ -1701,6 +4781,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
3260
3261 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
3262
3263+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
3264+
3265+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
3266+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
3267+ - CVE-2014-5388
3268+
3269+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
3270+
3271+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
3272+
3273+ * replace d/p/revert-acpi-table-size-bump with
3274+ pc-reserve-more-memory-for-acpi.patch from upstream
3275+ * debian/binfmt-update-in
3276+ - don't run in a container
3277+ - add ppc64le as target (LP: #1358268)
3278+ * Add experimental ppcle support (LP: #1358268)
3279+
3280+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
3281+
3282+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
3283+
3284+ * revert-acpi-table-size-bump - get qemu -kernel working again.
3285+
3286+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
3287+
3288+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
3289+
3290+ * Merge new debian release
3291+ * Remaining changes:
3292+ - control-in: stick to libsdl1.2-dev.
3293+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3294+ qemu-bridge-helper
3295+ - qemu-system-common.postinst: remove acl placed by udev,
3296+ and add udevadm trigger.
3297+ - qemu-system-common.preinst: add kvm group if needed
3298+ - add qemu-kvm upstart job and defaults file (rules,
3299+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3300+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3301+ do not auto-load the kvm kernel module. Enable nesting by default
3302+ on intel.
3303+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3304+ removed the alternatives bit later.
3305+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3306+ in qemu64 cpu type.
3307+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3308+ machine type to ease future live vm migration.
3309+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3310+ d/qemu-system-common.install
3311+ * Upstart job: use getent group to check for kvm group
3312+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
3313+
3314+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
3315+
3316 qemu (2.1+dfsg-3) unstable; urgency=medium
3317
3318 * set SHELL = /bin/sh -e, so that more complex shell constructs
3319@@ -1727,6 +4860,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
3320
3321 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
3322
3323+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
3324+
3325+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
3326+
3327+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
3328+
3329+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
3330+
3331+ * Merge new debian release
3332+ * Remaining changes:
3333+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3334+ have in ipxe-qemu package.
3335+ - control-in: stick to libsdl1.2-dev.
3336+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3337+ qemu-bridge-helper
3338+ - qemu-system-common.postinst: remove acl placed by udev,
3339+ and add udevadm trigger.
3340+ - qemu-system-common.preinst: add kvm group if needed
3341+ - add qemu-kvm upstart job and defaults file (rules,
3342+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3343+ - debian/rules: add qemu-kvm-spice
3344+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3345+ do not auto-load the kvm kernel module. Enable nesting by default
3346+ on intel.
3347+ - binfmt-update-in: make sure to filter out compat arches.
3348+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3349+ removed the alternatives bit later.
3350+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3351+ in qemu64 cpu type.
3352+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3353+ machine type to ease future live vm migration.
3354+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3355+ d/qemu-system-common.install
3356+
3357+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
3358+
3359 qemu (2.1+dfsg-2) unstable; urgency=medium
3360
3361 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
3362@@ -1761,7 +4930,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
3363
3364 qemu (2.0.0+dfsg-7) unstable; urgency=medium
3365
3366- * clarify description of qemu-user-binfmt a bit
3367+ * clarify description of qemu-user-binfmt a bit
3368 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
3369 * remove qemu-keymaps package, since it is not used by other tools
3370 anymore, and ship keymaps in qemu-system-common.
3371@@ -1778,6 +4947,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
3372
3373 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
3374
3375+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
3376+
3377+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
3378+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
3379+
3380+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
3381+
3382+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
3383+
3384+ * Merge 2.0.0+dfsg-6. Remaining changes:
3385+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3386+ have in ipxe-qemu package.
3387+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
3388+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3389+ qemu-bridge-helper
3390+ - qemu-system-common.postinst: remove acl placed by udev,
3391+ and add udevadm trigger.
3392+ - qemu-system-common.preinst: add kvm group if needed
3393+ - add qemu-kvm upstart job and defaults file (rules,
3394+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3395+ - debian/rules: add qemu-kvm-spice
3396+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3397+ do not auto-load the kvm kernel module. Enable nesting by default
3398+ on intel.
3399+ - binfmt-update-in: make sure to filter out compat arches.
3400+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3401+ removed the alternatives bit later.
3402+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3403+ in qemu64 cpu type.
3404+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3405+ machine type to ease future live vm migration.
3406+ - re-introduce apport hook for qemu source package:
3407+ d/source_qemu-kvm.py, d/qemu-system-common.install
3408+ * enable-build-dep on libjpeg8-dev - which is now in main
3409+
3410+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
3411+
3412 qemu (2.0.0+dfsg-6) unstable; urgency=medium
3413
3414 * build-depend on libgnutls28-dev not libgnutls-dev
3415@@ -1821,6 +5027,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
3416
3417 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
3418
3419+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
3420+
3421+ * remove alternatives for qemu: different architectures
3422+ aren't really alternatives and never had been (LP: #1316829)
3423+
3424+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
3425+
3426+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
3427+
3428+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
3429+ * debian/control: drop the versioning requirement from libfdt-dev
3430+ build-dependency, as it is longer needed (LP: #1295072)
3431+
3432+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
3433+
3434+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
3435+
3436+ * Merge 2.0.0+dfsg-2
3437+ * Incorporates a fix for spice users (LP: #1309452)
3438+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
3439+ the regression requiring it was reverted for 2.0 upstream.
3440+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
3441+ * debian/qemu-debootstrap: add arm64
3442+ * Remaining changes from debian:
3443+ - keep qemu 'alternative' (not something to change in SRU)
3444+ - debian/control and debian/control-in:
3445+ * versioned libfdt-dev check, until libfdt is fixed in precise
3446+ * enable rbd
3447+ * remove ovmf Recommends, as it is in multiverse
3448+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
3449+ * add a qemu-system-aarch64 metapackage for transitions from trusty
3450+ development version. This can be removed after trusty.
3451+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3452+ qemu-bridge-helper
3453+ - qemu-system-common.postinst: fix /dev/kvm acls
3454+ - qemu-system-common.preinst: add kvm group if needed
3455+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3456+ have in ipxe-qemu package.
3457+ - qemu-system-x86.modprobe: set module options for older releases
3458+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
3459+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
3460+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
3461+ - debian/rules
3462+ * add legacy kvm-spice link
3463+ * fix ppc and arm slections
3464+ * add aarch64 to user_targets
3465+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
3466+ pc-i440fx-trusty machine type as the default.
3467+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
3468+ default in qemu64 cpu time.
3469+
3470+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
3471+
3472 qemu (2.0.0+dfsg-2) unstable; urgency=medium
3473
3474 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
3475@@ -1846,7 +5105,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
3476 * kmod dependency is linux-any
3477 * doc-grammify-allows-to.patch: fix some lintian warnings
3478 * remove alternatives for qemu: different architectures
3479- aren't really alternatives and never had been
3480+ aren't really alternatives and never had been
3481 * update Standards-Version to 3.9.5 (no changes needed)
3482 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
3483 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
3484@@ -1880,6 +5139,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
3485
3486 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
3487
3488+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
3489+
3490+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
3491+ don't abort() just because the kernel has no dirty bitmap.
3492+ (LP: #1303926)
3493+
3494+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
3495+
3496+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
3497+
3498+ * define-trusty-machine-type.patch: update the trusty machine type name to
3499+ pc-i440fx-trusty (LP: #1304107)
3500+
3501+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
3502+
3503+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
3504+
3505+ * Merge 2.0.0-rc1
3506+ * debian/rules: consolidate ppc filter entries.
3507+ * Move qemu-system-arch64 into qemu-system-arm
3508+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
3509+ type, currently the same as pc-i440fx-2.0, to put is in a better position
3510+ to enable live migrations from trusty onward. (LP: #1294823)
3511+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
3512+ * Merge latest upstream git to commit dc9528f
3513+ * Debian/rules:
3514+ - remove -enable-uname-release=2.6.32
3515+ - don't make the aarch64 target Ubuntu-specific.
3516+ * Remove patches which are now upstream:
3517+ - fix-smb-security-share.patch
3518+ - slirp-smb-redirect-port-445-too.patch
3519+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
3520+ - signal-added-a-wrapper-for-sigprocmask-function.patch
3521+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
3522+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
3523+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
3524+ * add link for /usr/share/qemu/bios-256k.bin
3525+ * Remove all linaro patches.
3526+ * Remove all arm64/ patches. Many but not all are upstream.
3527+ * Remove CVE-2013-4377.patch which is upstream.
3528+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
3529+
3530+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
3531+
3532 qemu (1.7.0+dfsg-9) unstable; urgency=medium
3533
3534 * remove rbd/rados/ceph support *again*, till they'll actually provide
3535@@ -1944,6 +5247,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
3536
3537 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
3538
3539+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
3540+
3541+ * No-change rebuild to build with libxen-4.4.
3542+
3543+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
3544+
3545+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
3546+
3547+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
3548+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
3549+
3550+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
3551+
3552+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
3553+
3554+ [ dann frazier ]
3555+ * Add patches from the susematz tree to avoid intermittent segfaults:
3556+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
3557+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
3558+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
3559+
3560+ [ Serge Hallyn ]
3561+ * Modify do_sigprocmask to only change behavior for aarch64.
3562+ (LP: #1285363)
3563+
3564+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
3565+
3566+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
3567+
3568+ [ Steve Langasek ]
3569+ * Merge debian/control with unreleased Debian branch: our architecture
3570+ lists should now be in sync.
3571+
3572+ [ Dann Frazier ]
3573+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
3574+ on arm64 and maybe others. (LP: #1284344)
3575+
3576+ [ Serge Hallyn ]
3577+ * Move the OVMF.fd link to the ovmf package.
3578+
3579+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
3580+
3581+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
3582+
3583+ * Add ppc64el to the architecture list (supposedly added in the previous
3584+ upload, but really wasn't).
3585+
3586+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
3587+
3588+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
3589+
3590+ * Backport changes to enable qemu-user-static support for aarch64
3591+ * debian/control: add ppc64el to Architectures
3592+ * debian/rules: only install qemu-system-aarch64 on arm64.
3593+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
3594+ debian/qemu-system-aarch64 directory
3595+
3596+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
3597+
3598+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
3599+
3600+ * Fix broken filter_binfmts
3601+ * Remove use of dpkg-version in postinsts, as we're not Depending on
3602+ dpkg-dev.
3603+
3604+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
3605+
3606+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
3607+
3608+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
3609+ - debian/patches/ubuntu:
3610+ * expose-vmx_qemu64cpu.patch
3611+ * linaro (omap3) and arm64 patches
3612+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
3613+ on ppc
3614+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
3615+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
3616+ - debian/control:
3617+ * add arm64 to Architectures
3618+ * add qemu-common and qemu-system-aarch64 packages
3619+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
3620+ - debian/qemu-system-common.preinst: add kvm group
3621+ - debian/qemu-system-common.postinst: remove acl placed by udev,
3622+ and add udevadm trigger.
3623+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
3624+ pxe-e1000 and pxe-rtl8139.
3625+ - add qemu-system-x86.qemu-kvm.upstart and .default
3626+ - qemu-user-static.postinst-in: remove arm64 binfmt
3627+ - debian/rules:
3628+ * allow parallel build
3629+ * add aarch64 to system_targets and sys_systems
3630+ * add qemu-kvm-spice links
3631+ * install qemu-system-x86.modprobe
3632+ - add debian/qemu-system-common.links for OVMF.fd link
3633+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
3634+
3635+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
3636+
3637 qemu (1.7.0+dfsg-3) unstable; urgency=low
3638
3639 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
3640@@ -1969,6 +5370,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
3641
3642 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
3643
3644+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
3645+
3646+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
3647+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
3648+
3649+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
3650+
3651+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
3652+
3653+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
3654+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
3655+ virtio device unplugging.
3656+ - CVE-2013-4377
3657+
3658+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
3659+
3660+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
3661+
3662+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
3663+ powerpc.
3664+
3665+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
3666+
3667+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
3668+
3669+ [ Serge Hallyn ]
3670+ * add arm64 patchset from upstream. The three arm virt patches previously
3671+ pushed are in that set, so drop them.
3672+
3673+ [ dann frazier ]
3674+ * Add packaging for qemu-system-aarch64. This package is currently only
3675+ available for arm64, as full software emulation is not yet supported.
3676+
3677+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
3678+
3679+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
3680+
3681+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
3682+ supported any longer.
3683+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
3684+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
3685+ churn caused by linaro patchset.
3686+ * debian/rules: enable parallel builds.
3687+
3688+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
3689+
3690+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
3691+
3692+ * d/control: enable usbredir (LP: 1126390)
3693+
3694+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
3695+
3696+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
3697+
3698+ * add missing arm virt patches from the mach-virt-v7 branch of
3699+ git://git.linaro.org/people/cdall/qemu-arm.git
3700+
3701+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
3702+
3703+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
3704+
3705+ * debian/control: add arm64 to list of architectures.
3706+
3707+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
3708+
3709+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
3710+
3711+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
3712+ - debian/control
3713+ * update maintainer
3714+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
3715+ from build-deps
3716+ * enable rbd
3717+ * add qemu-system and qemu-common B/R to qemu-keymaps
3718+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
3719+ qemu-system-common
3720+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
3721+ - add qemu-common, qemu-kvm, kvm to B/R
3722+ - remove openbios-sparc from qemu-system-sparc D
3723+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
3724+ * qemu-system-x86:
3725+ - add qemu-common to Breaks/Replaces.
3726+ - add cpu-checker to Recommends.
3727+ * qemu-user: add B/R:qemu-kvm
3728+ * qemu-kvm:
3729+ - add armhf armel powerpc sparc to Architecture
3730+ - C/R/P: qemu-kvm-spice
3731+ * add qemu-common package
3732+ * drop qemu-slof which is not packaged in ubuntu
3733+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
3734+ - qemu-system-x86.links:
3735+ * remove pxe rom links which are in kvm-ipxe
3736+ - debian/rules
3737+ * add kvm-spice symlink to qemu-kvm
3738+ * call dh_installmodules for qemu-system-x86
3739+ * update dh_installinit to install upstart script
3740+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
3741+ - Add qemu-utils.links for kvm-* symlinks.
3742+ - Add qemu-system-x86.qemu-kvm.upstart and .default
3743+ - Add qemu-system-x86.modprobe to set nesting=1
3744+ - Add qemu-system-common.preinst to add kvm group
3745+ - qemu-system-common.postinst: remove bad group acl if there, then have
3746+ udev relabel /dev/kvm.
3747+ - New linaro patches from qemu-linaro rebasing branch
3748+ - Dropped patches:
3749+ * linaro patchset
3750+ * mach-virt patchset
3751+ - Kept patches:
3752+ * expose_vms_qemu64cpu.patch
3753+ * fix-pci-add
3754+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
3755+ qemu-bridge-helper
3756+
3757+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 07 Dec 2013 06:08:11 +0000
3758+
3759 qemu (1.7.0+dfsg-2) unstable; urgency=low
3760
3761 * switch from vgabios to seavgabios
3762@@ -1998,6 +5514,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
3763
3764 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Nov 2013 03:14:21 +0400
3765
3766+qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
3767+
3768+ * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
3769+ to prevent lts-to-lts updates from breaking. (LP: #1243403)
3770+
3771+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:31:05 -0500
3772+
3773+qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
3774+
3775+ * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
3776+ - debian/control
3777+ * update maintainer
3778+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
3779+ from build-deps
3780+ * enable rbd
3781+ * add qemu-system and qemu-common B/R to qemu-keymaps
3782+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
3783+ qemu-system-common
3784+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
3785+ - add qemu-kvm to Provides
3786+ - add qemu-common, qemu-kvm, kvm to B/R
3787+ - remove openbios-sparc from qemu-system-sparc D
3788+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
3789+ * qemu-system-x86:
3790+ - add qemu-common to Breaks/Replaces.
3791+ - add cpu-checker to Recommends.
3792+ * qemu-user: add B/R:qemu-kvm
3793+ * qemu-kvm:
3794+ - add armhf armel powerpc sparc to Architecture
3795+ - C/R/P: qemu-kvm-spice
3796+ * add qemu-common package
3797+ * drop qemu-slof which is not packaged in ubuntu
3798+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
3799+ - qemu-system-x86.links:
3800+ * remove pxe rom links which are in kvm-ipxe
3801+ * add symlink for kvm.1 manpage
3802+ - debian/rules
3803+ * add kvm-spice symlink to qemu-kvm
3804+ * call dh_installmodules for qemu-system-x86
3805+ * update dh_installinit to install upstart script
3806+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
3807+ - Add qemu-utils.links for kvm-* symlinks.
3808+ - Add qemu-system-x86.qemu-kvm.upstart and .default
3809+ - Add qemu-system-x86.modprobe to set nesting=1
3810+ - Add qemu-system-common.preinst to add kvm group
3811+ - qemu-system-common.postinst: remove bad group acl if there, then have
3812+ udev relabel /dev/kvm.
3813+ - New linaro patches from qemu-linaro rebasing branch
3814+ - Dropped patches:
3815+ * xen-simplify-xen_enabled.patch
3816+ * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
3817+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
3818+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
3819+ * virtio-rng-fix-crash
3820+ - Kept patches:
3821+ * expose_vms_qemu64cpu.patch - updated
3822+ * linaro arm patches from qemu-linaro rebasing branch
3823+ - New patches:
3824+ * fix-pci-add: change CONFIG variable in ifdef to make sure that
3825+ pci_add is defined.
3826+ * Add linaro patches
3827+ * Add experimental mach-virt patches for arm virtualization.
3828+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
3829+ qemu-bridge-helper
3830+
3831+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 22 Oct 2013 22:47:07 -0500
3832+
3833 qemu (1.6.0+dfsg-2) unstable; urgency=low
3834
3835 * Build-depend in seccomp again once it is in -testing
3836@@ -2068,6 +5651,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium
3837
3838 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 06 Jun 2013 01:50:32 +0400
3839
3840+qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
3841+
3842+ * No change rebuild for new seccomp.
3843+
3844+ -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 18:34:50 -0400
3845+
3846+qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
3847+
3848+ * Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
3849+ - virtio-rng-fix-crash
3850+
3851+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Oct 2013 17:46:49 -0500
3852+
3853+qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low
3854+
3855+ * Re-introduce snippet in upstart job to load kvm modules if needed.
3856+ (LP: #1218459)
3857+
3858+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Sep 2013 22:43:52 +0000
3859+
3860+qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low
3861+
3862+ * Cherry-picking three Xen related patches targetted for qemu-stable:
3863+ * xen-simplify-xen_enabled.patch
3864+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
3865+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
3866+
3867+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 26 Jul 2013 15:01:44 +0200
3868+
3869+qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low
3870+
3871+ * Drop openbios-ppc and openhackware Depends to Suggests for now.
3872+
3873+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Jun 2013 03:23:56 -0600
3874+
3875+qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low
3876+
3877+ * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes:
3878+ - debian/control
3879+ * update maintainer
3880+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
3881+ from build-deps
3882+ * enable rbd
3883+ * add qemu-system and qemu-common B/R to qemu-keymaps
3884+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
3885+ qemu-system-common
3886+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
3887+ - add qemu-kvm to Provides
3888+ - add qemu-common, qemu-kvm, kvm to B/R
3889+ - remove openbios-sparc from qemu-system-sparc D
3890+ * qemu-system-x86:
3891+ - add qemu-common to Breaks/Replaces.
3892+ - add cpu-checker to Recommends.
3893+ * qemu-user: add B/R:qemu-kvm
3894+ * qemu-kvm:
3895+ - add armhf armel powerpc sparc to Architecture
3896+ - C/R/P: qemu-kvm-spice
3897+ * add qemu-common package
3898+ * drop qemu-slof which is not packaged in ubuntu
3899+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
3900+ - qemu-system-x86.links:
3901+ * remove pxe rom links which are in kvm-ipxe
3902+ * add symlink for kvm.1 manpage
3903+ - debian/rules
3904+ * add kvm-spice symlink to qemu-kvm
3905+ * call dh_installmodules for qemu-system-x86
3906+ * update dh_installinit to install upstart script
3907+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
3908+ - Add qemu-utils.links for kvm-* symlinks.
3909+ - Add qemu-system-x86.qemu-kvm.upstart and .default
3910+ - Add qemu-system-x86.modprobe to set nesting=1
3911+ - Add qemu-system-common.preinst to add kvm group
3912+ - qemu-system-common.postinst: remove bad group acl if there, then have
3913+ udev relabel /dev/kvm.
3914+ - Dropped patches:
3915+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
3916+ - Kept patches:
3917+ * expose_vms_qemu64cpu.patch - updated
3918+ * gridcentric patch - updated
3919+ * linaro arm patches from qemu-linaro rebasing branch
3920+
3921+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Jun 2013 22:56:43 +0200
3922+
3923 qemu (1.5.0+dfsg-3) unstable; urgency=low
3924
3925 * fix sections: misc => otherosfs
3926@@ -2087,6 +5753,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low
3927
3928 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Jun 2013 01:49:47 +0400
3929
3930+qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low
3931+
3932+ * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes:
3933+ - debian/control
3934+ * update maintainer
3935+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
3936+ from build-deps
3937+ * enable rbd
3938+ * add qemu-system and qemu-common B/R to qemu-keymaps
3939+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
3940+ qemu-system-common
3941+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
3942+ - add qemu-kvm to Provides
3943+ - add qemu-common, qemu-kvm, kvm to B/R
3944+ - remove openbios-sparc from qemu-system-sparc D
3945+ * qemu-system-x86:
3946+ - add qemu-common to Breaks/Replaces.
3947+ - add cpu-checker to Recommends.
3948+ * qemu-user: add B/R:qemu-kvm
3949+ * qemu-kvm:
3950+ - add armhf armel powerpc sparc to Architecture
3951+ - C/R/P: qemu-kvm-spice
3952+ * add qemu-common package
3953+ * drop qemu-slof which is not packaged in ubuntu
3954+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
3955+ - qemu-system-x86.links:
3956+ * remove pxe rom links which are in kvm-ipxe
3957+ * add symlink for kvm.1 manpage
3958+ - debian/rules
3959+ * add kvm-spice symlink to qemu-kvm
3960+ * call dh_installmodules for qemu-system-x86
3961+ * update dh_installinit to install upstart script
3962+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
3963+ - Add qemu-utils.links for kvm-* symlinks.
3964+ - Add qemu-system-x86.qemu-kvm.upstart and .default
3965+ - Add qemu-system-x86.modprobe to set nesting=1
3966+ - Add qemu-system-common.preinst to add kvm group
3967+ - qemu-system-common.postinst: remove bad group acl if there, then have
3968+ udev relabel /dev/kvm.
3969+ - Dropped patches:
3970+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
3971+ - Kept patches:
3972+ * expose_vms_qemu64cpu.patch - updated
3973+ * gridcentric patch - updated
3974+ * linaro arm patches from qemu-linaro rebasing branch
3975+
3976+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 May 2013 08:18:30 -0500
3977+
3978 qemu (1.5.0+dfsg-2) unstable; urgency=low
3979
3980 * merged development history of wheezy and experimental branches.
3981@@ -2154,6 +5868,76 @@ qemu (1.4.0+dfsg-2exp) experimental; urgency=low
3982
3983 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 18 Apr 2013 14:45:30 +0400
3984
3985+qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low
3986+
3987+ * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177)
3988+ * qemu-system-x86.qemu-kvm.upstart:
3989+ - remove NESTED workarounds from upstart file.
3990+ - remove loading of modules which is now always done
3991+ - remove TAPR define which is no longer used
3992+ * move customizable defines back to qemu-kvm.default
3993+ * copy creation of group kvm to preinst - the group must exist when the
3994+ kvm udev rule is installed (LP: #1103022) (LP: #1092715)
3995+ * add adduser to qemu-system-common Pre-Depends for use by preinst.
3996+
3997+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Mar 2013 14:21:53 -0500
3998+
3999+qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low
4000+
4001+ * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on
4002+ i386/amd64 targets. (LP: #1126258)
4003+
4004+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 28 Feb 2013 15:17:16 -0600
4005+
4006+qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low
4007+
4008+ * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing
4009+ tree.
4010+ * add qemu-common to qemu-system-common B/R (was accidentally dropped from
4011+ 1.3.0 in 1.4.0 merge).
4012+ * debian/control: fix kvm P/C/B/R:
4013+ - make all C/B/R against kvm versioned
4014+ - don't have any qemu-system-* other than x86 Provides: kvm
4015+
4016+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Feb 2013 13:34:07 -0600
4017+
4018+qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low
4019+
4020+ * Merge 1.4.0+dfsg-1exp from debian. Remaining changes:
4021+ - debian/control:
4022+ * update maintainer
4023+ * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps
4024+ * enable rbd
4025+ * add qemu-system and qemu-common B/R to qemu-keymaps
4026+ * add D:udev and R:qemu to qemu-system-common
4027+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4028+ - add qemu-kvm and kvm to Provides
4029+ - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc,
4030+ qemu-system-sparc:
4031+ - remove openbios-$arch from Depends
4032+ * qemu-system-x86:
4033+ - add qemu-common to Breaks/Replaces.
4034+ - add cpu-checker to Recommends.
4035+ * qemu-user:
4036+ - add B/R qemu-kvm
4037+ * qemu-utils:
4038+ - add B/R qemu-user and qemu-kvm
4039+ * qemu-kvm: add armhf armel powerpc sparc to Architecture
4040+ * add qemu-common package
4041+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4042+ - qemu-system-x86.links:
4043+ * remove pxe rom links which are in kvm-ipxe
4044+ * add symlink for kvm.1 manpage
4045+ - Add qemu-utils.links for kvm-* symlinks.
4046+ - Add qemu-kvm.conf upstart job to qemu-system
4047+ - Clear /dev/kvm acls on install
4048+ - Add linaro arm patches.
4049+ - Add gridcentric patches.
4050+ - Re-add expose_vms_qemu64cpu.patch (from Daviey)
4051+ * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4052+
4053+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 11:58:27 -0600
4054+
4055 qemu (1.4.0+dfsg-1exp) experimental; urgency=low
4056
4057 [ Michael Tokarev ]
4058@@ -2209,6 +5993,116 @@ qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low
4059
4060 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 02 Feb 2013 21:05:28 +0400
4061
4062+qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low
4063+
4064+ * qemu-system-common.postinst: only run setfacl when /dev/kvm exists.
4065+ (LP: #1130591)
4066+
4067+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 08:58:53 -0600
4068+
4069+qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low
4070+
4071+ * Update workarounds for udev/inotify: (LP: #1092715)
4072+ - qemu-system-common.udev: go back to original, simple rule
4073+ - qemu-system-common.postinst: manually run setfacl
4074+ - (keep Depends: on acl as well)
4075+ - this can be removed once bug 1092715 is fixed.
4076+
4077+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 19 Feb 2013 12:41:22 -0600
4078+
4079+qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low
4080+
4081+ * Now that qemu provides spice support, and qemu-kvm-spice is removed from
4082+ the archive, have qemu-kvm (which qemu-kvm-spice always depended on)
4083+ P/C/R qemu-kvm-spice.
4084+
4085+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Feb 2013 13:43:27 -0600
4086+
4087+qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low
4088+
4089+ * Enable spice.
4090+ * Address lintian warning by adding ${misc:Depends} to qemu-common and
4091+ qemu-kvm.
4092+
4093+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 12 Feb 2013 16:07:04 -0600
4094+
4095+qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low
4096+
4097+ [ Serge Hallyn ]
4098+ * Merge 1.3.0+dfsg-5exp from Debian.
4099+ * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1:
4100+ - debian/control:
4101+ * update maintainer
4102+ * remove vde2 recommends
4103+ * build-deps: remove libusbredir, libvdeplug2-dev,
4104+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev
4105+ * qemu-system:
4106+ - break/replace qemu-common
4107+ - depend on udev
4108+ - remove openbios-ppc, openbios-sparc, and openhackware from
4109+ Depends. (Intend to add them back once we can build them.)
4110+ * qemu-utils: break/replace qemu-kvm
4111+ - qemu-kvm.upstart:
4112+ - add qemu-system.qemu-kvm.upstart
4113+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4114+ - take the defaults from the old qemu-kvm.defaults, and move them into
4115+ the upstart job
4116+ - debian/patches:
4117+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4118+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4119+ - add links for qemu-ifup/down in qemu-system-common.links
4120+ - debian/qemu-system-common.postinst
4121+ - udevadm trigger to fix up /dev/kvm perms
4122+ - debian/qemu-system.links:
4123+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4124+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4125+ back to qemu-system at some point.
4126+ * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1:
4127+ - qemu-system-common.links: add link for OVMF
4128+ - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages.
4129+ - qemu-system.links:
4130+ * Add link to usr/share/ovmf/OVMF.fd
4131+ * Fix target of /etc/kvm/kvm-if{up,down} links
4132+ - debian/control: qemu-system should Recommend cpu-checker
4133+ - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4134+ (i.e.) qemu-x86_64.
4135+ - add qemu-kvm, and qemu-common transitional packages.
4136+ - Add breaks/replaces to qemu-keymaps for qemu-system.
4137+ - Add provides: qemu-kvm and kvm to qemu-system-ppc.
4138+ - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common.
4139+ - Add breaks/replaces to qemu-kvm for qemu-common.
4140+ - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm.
4141+ - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional
4142+ package.
4143+ - Add qemu-common package.
4144+ - Make sure /dev/kvm gets its acls cleared:
4145+ * Add acl to qemu-system.depends
4146+ * update qemu-system.udev to run setfacl to set g::rw acl
4147+ - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4148+ * dropped debian/patches/CVE-2012-6075.patch (duplicate of
4149+ e1000-discard-oversize-packets-based-on-SBP_LPE.patch)
4150+ * debian/{control,configure-opts}: enable rbd (LP: #1118406)
4151+ * add symlink for kvm.1 -> qemu.1 manpage (LP: #1117636)
4152+ * add replaces to qemu-system-common for qemu - we briefly moved conflicting
4153+ docs to qemu, which debian moved to qemu-system-common. This can be
4154+ dropped after raring.
4155+ * move qemu-kvm.upstart from qemu-system to qemu-system-x86.
4156+ * Support upgrade from qemu-kvm on non-x86 arches:
4157+ - Add Provides: qemu-kvm, kvm to qemu-system-{arm,ppc,sparc,x86}
4158+ - Add Breaks/Replaces for qemu-{common,system,kvm} and kvm.
4159+ * Re-add expose_vms_qemu64cpu.patch (from Daviey) from quantal.
4160+
4161+ [ Steve Langasek ]
4162+ * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that
4163+ we have a sensible baseline kernel value regardless of what the
4164+ underlying host kernel is. This makes eglibc happier when running under
4165+ emulation on a very old kernel for instance (whose host syscall ABI has
4166+ nothing to do with what emulated syscalls are supported), and probably
4167+ also lets us steer clear for the moment of code that has problem with
4168+ the new kernel upstream versioning convention. LP: #921078.
4169+
4170+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Feb 2013 14:15:26 -0600
4171+
4172 qemu (1.3.0+dfsg-5exp) experimental; urgency=low
4173
4174 * qemu-system-split: split qemu-system into several target-specific packages:
4175@@ -2288,6 +6182,106 @@ qemu (1.3.0+dfsg-2exp) experimental; urgency=low
4176
4177 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 20 Jan 2013 22:12:11 +0400
4178
4179+qemu (1.3.0+dfsg-1~exp3ubuntu8) raring; urgency=low
4180+
4181+ * qemu-system.links:
4182+ - Add link to usr/share/ovmf/OVMF.fd (LP: #1074207)
4183+ - Fix target of /etc/kvm/kvm-if{up,down} links
4184+
4185+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Jan 2013 10:52:22 -0600
4186+
4187+qemu (1.3.0+dfsg-1~exp3ubuntu7) raring; urgency=low
4188+
4189+ * debian/control: qemu-system should Recommend cpu-checker (LP: #1103982)
4190+
4191+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 28 Jan 2013 11:52:10 -0600
4192+
4193+qemu (1.3.0+dfsg-1~exp3ubuntu6) raring; urgency=low
4194+
4195+ * configure-opts: add audio-cards list (LP: #1102487)
4196+ * configure-opts: change order of audio-drv-list for ubuntu, putting pa
4197+ first.
4198+
4199+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 12:02:09 -0600
4200+
4201+qemu (1.3.0+dfsg-1~exp3ubuntu5) raring; urgency=low
4202+
4203+ * Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4204+ (i.e.) qemu-x86_64. (LP: #1102332)
4205+
4206+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 08:58:07 -0600
4207+
4208+qemu (1.3.0+dfsg-1~exp3ubuntu4) raring; urgency=low
4209+
4210+ * Move three docs from qemu-system.install to qemu.docs (LP: #1101798)
4211+
4212+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 20:12:48 -0700
4213+
4214+qemu (1.3.0+dfsg-1~exp3ubuntu3) raring; urgency=low
4215+
4216+ * debian/patches/CVE-2012-6075.patch: Fix guest denial of service and
4217+ possible code execution in hw/e1000.c by dropping oversize packets.
4218+
4219+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 07:31:50 -0700
4220+
4221+qemu (1.3.0+dfsg-1~exp3ubuntu2) raring; urgency=low
4222+
4223+ * debian/rules: empty MAKEFLAGS when building spapr-rtas.bin on powerpc, to
4224+ fix FTBFS due to parallel compile.
4225+
4226+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Jan 2013 15:51:09 -0600
4227+
4228+qemu (1.3.0+dfsg-1~exp3ubuntu1) raring; urgency=low
4229+
4230+ * Merge 1.3.0+dfsg-1~exp3. Remaining ubuntu delta:
4231+ - debian/control:
4232+ * update maintainer
4233+ * remove vde2 recommends
4234+ * build-deps: remove libusbredir, libvdeplug2-dev,
4235+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
4236+ and libxen-dev.
4237+ * qemu-keymaps: break/replace qemu-common
4238+ * qemu-system:
4239+ - break/replace qemu-common
4240+ - depend on udev
4241+ - remove openbios-ppc, openbios-sparc, and openhackware from
4242+ Depends. (Intend to add them back once we can build them.)
4243+ - provides: qemu-kvm
4244+ * qemu-utils: break/replace qemu-kvm
4245+ * set up transitional packages for qemu-kvm, qemu-common, and kvm.
4246+ - qemu-kvm.upstart:
4247+ - add qemu-system.qemu-kvm.upstart
4248+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4249+ - take the defaults from the old qemu-kvm.defaults, and move them into
4250+ the upstart job
4251+ - debian/patches:
4252+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4253+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4254+ - ifup/down:
4255+ - copy Debian qemu-kvm's kvm-ifup/down into debian/
4256+ - fix dh_install for kvm-ifup/down in debian/rules
4257+ - add links for qemu-ifup/down in qemu-system.links
4258+ - remove (debian's original) qemu-ifup from qemu-system.install
4259+ - debian/qemu-system.postinst
4260+ - udevadm trigger to fix up /dev/kvm perms
4261+ - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
4262+ - debian/qemu-system.links:
4263+ - point 'kvm' to qemu-system-x86_64
4264+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4265+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4266+ back to qemu-system at some point.
4267+ * Add note about kvm to qemu-system.README.debian.
4268+ * Copy kvm-ifup and kvm-ifdown from debian's qemu-kvm
4269+ * Remove TAPBR from qemu-kvm.conf.
4270+ * Make sure /dev/kvm gets its acls cleared:
4271+ - Add acl to qemu-system.depends
4272+ - update qemu-system.udev to run setfacl to set g::rw acl
4273+ * qemu-system.qemu-kvm.conf: don't rmmod at stop
4274+ * Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4275+ * Remove hugepages sysctl file - qemu now supports transparent hugepages.
4276+
4277+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Jan 2013 23:22:51 -0600
4278+
4279 qemu (1.3.0+dfsg-1~exp3) experimental; urgency=low
4280
4281 * enable vde on kFreebsd too (no idea why it was disabled)
4282@@ -2372,6 +6366,107 @@ qemu (1.3.0+dfsg-1~exp1) experimental; urgency=low
4283
4284 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 30 Dec 2012 01:52:21 +0400
4285
4286+qemu (1.2.0.dfsg-1~exp1-0ubuntu2) raring; urgency=low
4287+
4288+ * Remove kvm package
4289+ - make qemu-system P/C/B: kvm.
4290+
4291+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Jan 2013 12:03:19 -0600
4292+
4293+qemu (1.2.0.dfsg-1~exp1-0ubuntu1) raring; urgency=low
4294+
4295+ [ Serge Hallyn ]
4296+ * debian/control:
4297+ - update maintainer
4298+ - remove vde2 recommends
4299+ - build-deps: remove libusbredir, libvdeplug2-dev,
4300+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
4301+ and libxen-dev.
4302+ - qemu-keymaps: break/replace qemu-common
4303+ - qemu-system:
4304+ - break/replace qemu-common
4305+ - depend on udev
4306+ - remove openbios-ppc, openbios-sparc, and openhackware from
4307+ Depends. (Intend to add them back once we can build them.)
4308+ - provides: qemu-kvm
4309+ - qemu-utils: break/replace qemu-kvm
4310+ - set up transitional packages for qemu-kvm, qemu-common, and kvm.
4311+ * debian/rules:
4312+ - install kvm-ifup and kvm-ifdown
4313+ - dh_installinit the qemu-kvm upstart job
4314+ * install a 30-qemu-kvm.conf into /etc/sysctl.c for nr_hugepages.
4315+ * qemu-kvm.upstart:
4316+ - add qemu-system.qemu-kvm.upstart
4317+ - add mv_confile to qemu-system.preinst, postinst, and .postrm to rename
4318+ /etc/init/qemu-kvm.conf to qemu-system.conf
4319+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4320+ - take the defaults from the old qemu-kvm.defaults, and move them into
4321+ the upstart job
4322+ * debian/patches:
4323+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4324+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4325+ - apply nbd-fixes-to-read-only-handling.patch from upstream to
4326+ make read-write mount after read-only mount work. (LP: #1077838)
4327+ * ifup/down:
4328+ - copy Ubuntu qemu-kvm's kvm-ifup/down into debian/
4329+ - fix dh_install for kvm-ifup/down in debian/rules
4330+ - add links for qemu-ifup/down in qemu-system.links
4331+ - remove (debian's original) qemu-ifup from qemu-system.install
4332+ * debian/qemu-system.postinst
4333+ - udevadm trigger to fix up /dev/kvm perms
4334+ - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
4335+ * debian/qemu-system.links:
4336+ - point 'kvm' to qemu-system-x86_64
4337+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4338+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4339+ back to qemu-system at some point.
4340+ - add qemu-ifdown and qemu-ifup links
4341+ * debian/qemu-system.install:
4342+ - remove /etc/qemu-ifup link
4343+ - add /etc/sysctl.d/30-qemu-kvm.conf
4344+
4345+ [ Adam Conrad ]
4346+ * Appease apt-get's dist-upgrade resolver by creating a qemu-common
4347+ transitional package to upgrade more gracefully to qemu-keymaps.
4348+ * Move all the empty transitional packages to the oldlibs section.
4349+ * Restore the versioned dep from qemu-kvm (and kvm) to qemu-system.
4350+
4351+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Jan 2013 08:50:24 -0600
4352+
4353+qemu (1.2.0+dfsg-1~exp1) UNRELEASED; urgency=low
4354+
4355+ [ Michael Tokarev ]
4356+ * new upstream version (1.3.0)
4357+ (Closes: #676374, #622319, #597527, #593547, #660154)
4358+ - Removed patches included upstream:
4359+ do-not-include-libutil.h.patch
4360+ configure-nss-usbredir.patch
4361+ tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch
4362+ net-add--netdev-options-to-man-page.patch
4363+ - update 02_kfreebsd.patch
4364+ - do not build mpc8544ds.dtb
4365+ - include new targets
4366+ * Cleaned up the build system ALOT. Larger changes:
4367+ - used explicit lists of emulated targets in debian/rules
4368+ and generate everything else from there, instead of repeating
4369+ these lists in lots of places.
4370+ - stop using debian/$pkg.manpages and other auxilary files like this,
4371+ moving eveything to debian/$pkg.install, because with the number
4372+ of packages growing, amount of these small files becomes very
4373+ large and the result is difficult to maintain.
4374+ * ship forgotten target-x86_64.conf in qemu-system.
4375+ * ship virtfs-proxy-helper in qemu-utils.
4376+ * stop shipping tundev.c, since it does not reflect the reality for
4377+ a long time now (Closes: #325761, #325754).
4378+ * re-introduce support parallel build using DEB_BUILD_OPTIONS=parallel=N,
4379+ this time by adding to $MAKEFLAGS instead of passing down to submakes
4380+ * build-depend on libcap-ng-dev (for virtfs-proxy-helper)
4381+
4382+ [ Vagrant Cascadian ]
4383+ * Add libcap-dev to Build-Depends to support virtfs-proxy-helper.
4384+
4385+ -- Michael Tokarev <mjt@tls.msk.ru> Sun, 30 Dec 2012 01:52:21 +0400
4386+
4387 qemu (1.1.2+dfsg-6a) unstable; urgency=low
4388
4389 * reupload to remove two unrelated files slipped in debian/
4390diff --git a/debian/control b/debian/control
4391index 2517aa7..ddd92ba 100644
4392--- a/debian/control
4393+++ b/debian/control
4394@@ -2,7 +2,8 @@
4395 Source: qemu
4396 Section: otherosfs
4397 Priority: optional
4398-Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
4399+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
4400+XSBC-Original-Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
4401 Uploaders: Riku Voipio <riku.voipio@iki.fi>,
4402 Michael Tokarev <mjt@tls.msk.ru>
4403 Build-Depends: debhelper-compat (= 12),
4404@@ -16,8 +17,6 @@ Build-Depends: debhelper-compat (= 12),
4405 texinfo, python3-sphinx,
4406 # iasl (from acpica-tools) is used only in a single test these days, not for building
4407 # acpica-tools,
4408-# --enable-capstone=system
4409- libcapstone-dev,
4410 # --enable-linux-aio linux-*
4411 libaio-dev [linux-any],
4412 # --audio-drv-list=pa,alsa,oss linux-*
4413@@ -49,8 +48,6 @@ Build-Depends: debhelper-compat (= 12),
4414 libvirglrenderer-dev [linux-any],
4415 # --enable-opengl linux-*
4416 libepoxy-dev [linux-any], libdrm-dev [linux-any], libgbm-dev [linux-any],
4417-# --enable-libnfs
4418- libnfs-dev (>> 1.9.3),
4419 # --enable-numa i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc|s390x|riscv64
4420 libnuma-dev [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc s390x riscv64],
4421 # --enable-smartcard
4422@@ -60,8 +57,6 @@ Build-Depends: debhelper-compat (= 12),
4423 librbd-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x ppc64 sparc64],
4424 # glusterfs is debian-only since ubuntu/glusterfs is in universe (MIR LP: #1274247)
4425 # before buster it was glusterfs-common so keep it for now for bpo
4426-# --enable-glusterfs linux-any
4427- libglusterfs-dev [linux-any] | glusterfs-common [linux-any],
4428 # --enable-vnc-sasl
4429 libsasl2-dev,
4430 # --disable-sdl
4431@@ -82,9 +77,6 @@ Build-Depends: debhelper-compat (= 12),
4432 # --enable-libssh
4433 libssh-dev,
4434 # vde is debian-only since ubuntu/vde2 is in universe
4435-# --enable-vde
4436- libvdeplug-dev,
4437-# --enable-xen linux-amd64|linux-i386
4438 libxen-dev [linux-amd64 linux-i386],
4439 # --enable-nettle
4440 nettle-dev,
4441@@ -112,6 +104,9 @@ Build-Depends: debhelper-compat (= 12),
4442 ##--with-iconv (libiconv for curses wide char support)
4443 ## auth-pam - for auth for vnc&Co using PAM
4444 ## gio-2.0 - for -display=spice-app
4445+## armhf workaround for bug 1890435 until resolved in gcc-10
4446+ gcc-9 [armhf],
4447+ g++-9 [armhf],
4448 Build-Depends-Indep:
4449 gcc-s390x-linux-gnu,
4450 # libc6.1-dev-alpha-cross isn't really needed but the code,
4451@@ -128,8 +123,10 @@ Build-Depends-Indep:
4452 Build-Conflicts: oss4-dev
4453 Standards-Version: 3.9.8
4454 Homepage: http://www.qemu.org/
4455-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
4456-Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
4457+XS-Debian-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
4458+XS-Debian-Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
4459+Vcs-Browser: https://git.launchpad.net/ubuntu/+source/qemu
4460+Vcs-Git: https://git.launchpad.net/ubuntu/+source/qemu
4461
4462 Package: qemu
4463 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4464@@ -160,6 +157,7 @@ Depends: ${misc:Depends},
4465 qemu-system-ppc,
4466 qemu-system-sparc,
4467 qemu-system-x86,
4468+ qemu-system-s390x,
4469 qemu-system-misc
4470 Description: QEMU full system emulation binaries
4471 QEMU is a fast processor emulator: currently the package supports
4472@@ -193,6 +191,8 @@ Multi-Arch: foreign
4473 Conflicts: sgabios, qemu-skiboot, openbios-sparc, openbios-ppc, qemu-slof,
4474 Replaces: qemu-system-common (<< 1:2.12+dfsg-2~), sgabios,
4475 openbios-sparc, openbios-ppc, qemu-slof, qemu-system-sparc (<< 1:4.2-4~), qemu-system-ppc (<< 1:4.2-4~),
4476+ qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
4477+Breaks: qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
4478 Provides: qemu-keymaps, sgabios, qemu-skiboot, openbios-sparc, openbios-ppc, qemu-slof,
4479 Depends: ${misc:Depends}
4480 Description: QEMU full system emulation (data files)
4481@@ -206,7 +206,9 @@ Multi-Arch: no
4482 Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
4483 Breaks: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
4484 Depends: ${misc:Depends}, ${shlibs:Depends},
4485+ qemu-block-extra (= ${binary:Version}),
4486 # to fix wrong acl for newly created device node on ubuntu:
4487+ acl
4488 Description: QEMU full system emulation binaries (common files)
4489 QEMU is a fast processor emulator: currently the package supports
4490 ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
4491@@ -257,6 +259,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Vers
4492 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4493 # aarch64 arm uses bootroms
4494 ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~),
4495+ ipxe-qemu-256k-compat-efi-roms,
4496 qemu-efi-aarch64, qemu-efi-arm
4497 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4498 Provides: qemu-kvm [linux-arm64 linux-armhf linux-armel], ${sysprovides:arm}
4499@@ -303,6 +306,7 @@ Multi-Arch: foreign
4500 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4501 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4502 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4503+ ipxe-qemu-256k-compat-efi-roms,
4504 # ppc targets use vgabios-stdvga and bootroms
4505 seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4506 Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc}
4507@@ -347,14 +351,16 @@ Package: qemu-system-x86
4508 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4509 Multi-Arch: foreign
4510 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4511+ ipxe-qemu-256k-compat-efi-roms,
4512 seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4513 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4514 ovmf,
4515+ cpu-checker
4516 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4517 sgabios,
4518-Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}
4519-Breaks: qemu-kvm [linux-amd64 linux-i386]
4520-Replaces: qemu-kvm [linux-amd64 linux-i386]
4521+Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}, qemu-system-x86-microvm
4522+Breaks: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4523+Replaces: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4524 Description: QEMU full system emulation binaries (x86)
4525 QEMU is a fast processor emulator: currently the package supports
4526 i386 and x86-64 emulation. By using dynamic translation it achieves
4527@@ -371,6 +377,16 @@ Description: QEMU full system emulation binaries (x86)
4528 On x86 host hardware this package also enables KVM kernel virtual machine
4529 usage on systems which supports it.
4530
4531+Package: qemu-system-x86-microvm
4532+Architecture: amd64
4533+Multi-Arch: foreign
4534+Section: oldlibs
4535+Depends: qemu-system-x86 (>= 1:5.0-5ubuntu1~), ${misc:Depends}
4536+Description: QEMU full system emulation binaries (x86)
4537+ The microvm binaries are now part of qemu-system-x86.
4538+ .
4539+ This is a transitional package. You can safely remove it.
4540+
4541 Package: qemu-user
4542 Architecture: amd64 arm arm64 armel armhf i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4543 Multi-Arch: foreign
4544@@ -438,8 +454,10 @@ Package: qemu-utils
4545 Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4546 Multi-Arch: foreign
4547 Breaks: qemu-system-common (<< 1:3.1+dfsg-3~)
4548-Depends: ${shlibs:Depends}, ${misc:Depends}
4549-Suggests: debootstrap, qemu-block-extra (= ${binary:Version}),
4550+Depends: ${shlibs:Depends}, ${misc:Depends},
4551+ qemu-block-extra (= ${binary:Version})
4552+Recommends: sharutils
4553+Suggests: debootstrap,
4554 Description: QEMU utilities
4555 QEMU is a fast processor emulator: currently the package supports
4556 ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
4557@@ -476,3 +494,58 @@ Description: Guest-side qemu-system agent
4558 Install this package on a system which is running as guest inside
4559 qemu virtual machine. It is not used on the host.
4560
4561+Package: qemu-system-s390x
4562+Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64
4563+Multi-Arch: foreign
4564+Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4565+Recommends: qemu-utils,
4566+Suggests: qemu-block-extra (= ${binary:Version}),
4567+Provides: qemu-kvm [linux-s390x], ${sysprovides:s390x}
4568+Breaks: qemu-kvm [linux-s390x], qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
4569+Replaces: qemu-kvm [linux-s390x], qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
4570+Description: QEMU full system emulation binaries (s390x)
4571+ QEMU is a fast processor emulator: currently the package supports
4572+ s390x emulation. By using dynamic translation it achieves reasonable
4573+ speed while being easy to port on new host CPUs.
4574+ .
4575+ This package provides the full system emulation binaries to emulate
4576+ the following s390x hardware: ${sysarch:s390x}.
4577+ .
4578+ In system emulation mode QEMU emulates a full system, including a processor
4579+ and various peripherals. It enables easier testing and debugging of system
4580+ code. It can also be used to provide virtual hosting of several virtual
4581+ machines on a single server.
4582+
4583+# xen support generally is disabled, this is an extra build with xen enabled
4584+# as needed by xen-utils-4.11 [amd64 arm64 armhf i386]
4585+# Xen will depend on this; this package and the main qemu-system-x86 are
4586+# mutually exclusive
4587+Package: qemu-system-x86-xen
4588+Architecture: amd64 i386
4589+Multi-Arch: foreign
4590+Depends:
4591+ ${shlibs:Depends},
4592+ ${misc:Depends},
4593+ qemu-system-common (>> ${source:Version}~),
4594+ qemu-system-data (>> ${source:Version}~),
4595+ ipxe-qemu,
4596+Recommends:
4597+ qemu-system-gui (= ${binary:Version}),
4598+ qemu-utils,
4599+ seabios,
4600+Suggests:
4601+ qemu-block-extra (= ${binary:Version}),
4602+ ovmf,
4603+Conflicts: qemu-system-x86
4604+Description: QEMU full system emulation binaries (x86)
4605+ QEMU is a fast processor emulator: currently the package supports
4606+ i386 and x86-64 emulation. By using dynamic translation it achieves
4607+ reasonable speed while being easy to port on new host CPUs.
4608+ .
4609+ This package provides the full system emulation binaries to emulate
4610+ the following x86 hardware: ${sysarch:x86-xen}.
4611+ .
4612+ In comparison to the main qemu-system-x86 this package has xen support
4613+ enabled, but is only maintained as universe package. Qemu with xen support
4614+ is needed to run Xen in HVM mode. For any other use case you should install
4615+ and use qemu-system-x86 instead.
4616diff --git a/debian/control-in b/debian/control-in
4617index b773017..b7bf671 100644
4618--- a/debian/control-in
4619+++ b/debian/control-in
4620@@ -17,8 +17,8 @@ Build-Depends: debhelper-compat (= 12),
4621 texinfo, python3-sphinx,
4622 # iasl (from acpica-tools) is used only in a single test these days, not for building
4623 # acpica-tools,
4624-# --enable-capstone=system
4625- libcapstone-dev,
4626+:debian:# --enable-capstone=system
4627+:debian: libcapstone-dev,
4628 # --enable-linux-aio linux-*
4629 libaio-dev [linux-any],
4630 # --audio-drv-list=pa,alsa,oss linux-*
4631@@ -85,7 +85,7 @@ Build-Depends: debhelper-compat (= 12),
4632 # vde is debian-only since ubuntu/vde2 is in universe
4633 :debian:# --enable-vde
4634 :debian: libvdeplug-dev,
4635-# --enable-xen linux-amd64|linux-i386
4636+:debian:# --enable-xen linux-amd64|linux-i386
4637 libxen-dev [linux-amd64 linux-i386],
4638 # --enable-nettle
4639 nettle-dev,
4640@@ -214,6 +214,7 @@ Multi-Arch: no
4641 Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
4642 Breaks: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
4643 Depends: ${misc:Depends}, ${shlibs:Depends},
4644+:ubuntu: qemu-block-extra (= ${binary:Version}),
4645 # to fix wrong acl for newly created device node on ubuntu:
4646 :ubuntu: acl
4647 Description: QEMU full system emulation binaries (common files)
4648@@ -266,6 +267,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Vers
4649 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4650 # aarch64 arm uses bootroms
4651 ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~),
4652+:ubuntu: ipxe-qemu-256k-compat-efi-roms,
4653 qemu-efi-aarch64, qemu-efi-arm
4654 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4655 Provides: qemu-kvm [linux-arm64 linux-armhf linux-armel], ${sysprovides:arm}
4656@@ -312,6 +314,7 @@ Multi-Arch: foreign
4657 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4658 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4659 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4660+:ubuntu: ipxe-qemu-256k-compat-efi-roms,
4661 # ppc targets use vgabios-stdvga and bootroms
4662 seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4663 Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc}
4664@@ -356,15 +359,16 @@ Package: qemu-system-x86
4665 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4666 Multi-Arch: foreign
4667 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4668+:ubuntu: ipxe-qemu-256k-compat-efi-roms,
4669 seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4670 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4671 ovmf,
4672 :ubuntu: cpu-checker
4673 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4674 sgabios,
4675-Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}
4676-Breaks: qemu-kvm [linux-amd64 linux-i386]
4677-Replaces: qemu-kvm [linux-amd64 linux-i386]
4678+Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}, qemu-system-x86-microvm
4679+Breaks: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4680+Replaces: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4681 Description: QEMU full system emulation binaries (x86)
4682 QEMU is a fast processor emulator: currently the package supports
4683 i386 and x86-64 emulation. By using dynamic translation it achieves
4684@@ -381,6 +385,16 @@ Description: QEMU full system emulation binaries (x86)
4685 On x86 host hardware this package also enables KVM kernel virtual machine
4686 usage on systems which supports it.
4687
4688+Package: qemu-system-x86-microvm
4689+Architecture: amd64
4690+Multi-Arch: foreign
4691+Section: oldlibs
4692+Depends: qemu-system-x86 (>= 1:5.0-5ubuntu1~), ${misc:Depends}
4693+Description: QEMU full system emulation binaries (x86)
4694+ The microvm binaries are now part of qemu-system-x86.
4695+ .
4696+ This is a transitional package. You can safely remove it.
4697+
4698 Package: qemu-user
4699 Architecture: amd64 arm arm64 armel armhf i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4700 Multi-Arch: foreign
4701@@ -448,8 +462,11 @@ Package: qemu-utils
4702 Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4703 Multi-Arch: foreign
4704 Breaks: qemu-system-common (<< 1:3.1+dfsg-3~)
4705-Depends: ${shlibs:Depends}, ${misc:Depends}
4706-Suggests: debootstrap, qemu-block-extra (= ${binary:Version}),
4707+Depends: ${shlibs:Depends}, ${misc:Depends},
4708+:ubuntu: qemu-block-extra (= ${binary:Version})
4709+:ubuntu:Recommends: sharutils
4710+Suggests: debootstrap,
4711+:debian: qemu-block-extra (= ${binary:Version}),
4712 Description: QEMU utilities
4713 QEMU is a fast processor emulator: currently the package supports
4714 ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
4715@@ -507,3 +524,37 @@ Description: Guest-side qemu-system agent
4716 :ubuntu: and various peripherals. It enables easier testing and debugging of system
4717 :ubuntu: code. It can also be used to provide virtual hosting of several virtual
4718 :ubuntu: machines on a single server.
4719+
4720+:ubuntu:# xen support generally is disabled, this is an extra build with xen enabled
4721+:ubuntu:# as needed by xen-utils-4.11 [amd64 arm64 armhf i386]
4722+:ubuntu:# Xen will depend on this; this package and the main qemu-system-x86 are
4723+:ubuntu:# mutually exclusive
4724+:ubuntu:Package: qemu-system-x86-xen
4725+:ubuntu:Architecture: amd64 i386
4726+:ubuntu:Multi-Arch: foreign
4727+:ubuntu:Depends:
4728+:ubuntu: ${shlibs:Depends},
4729+:ubuntu: ${misc:Depends},
4730+:ubuntu: qemu-system-common (>> ${source:Version}~),
4731+:ubuntu: qemu-system-data (>> ${source:Version}~),
4732+:ubuntu: ipxe-qemu,
4733+:ubuntu:Recommends:
4734+:ubuntu: qemu-system-gui (= ${binary:Version}),
4735+:ubuntu: qemu-utils,
4736+:ubuntu: seabios,
4737+:ubuntu:Suggests:
4738+:ubuntu: qemu-block-extra (= ${binary:Version}),
4739+:ubuntu: ovmf,
4740+:ubuntu:Conflicts: qemu-system-x86
4741+:ubuntu:Description: QEMU full system emulation binaries (x86)
4742+:ubuntu: QEMU is a fast processor emulator: currently the package supports
4743+:ubuntu: i386 and x86-64 emulation. By using dynamic translation it achieves
4744+:ubuntu: reasonable speed while being easy to port on new host CPUs.
4745+:ubuntu: .
4746+:ubuntu: This package provides the full system emulation binaries to emulate
4747+:ubuntu: the following x86 hardware: ${sysarch:x86-xen}.
4748+:ubuntu: .
4749+:ubuntu: In comparison to the main qemu-system-x86 this package has xen support
4750+:ubuntu: enabled, but is only maintained as universe package. Qemu with xen support
4751+:ubuntu: is needed to run Xen in HVM mode. For any other use case you should install
4752+:ubuntu: and use qemu-system-x86 instead.
4753diff --git a/debian/patches/series b/debian/patches/series
4754index ae0924c..e895ab0 100644
4755--- a/debian/patches/series
4756+++ b/debian/patches/series
4757@@ -9,3 +9,8 @@ seabios-hppa-fno-ipa-sra.patch
4758 slof-remove-user-and-host-from-release-version.patch
4759 slof-ensure-ld-is-called-with-C-locale.patch
4760 usb-fix-setup_len-init-CVE-2020-14364.patch
4761+
4762+# ubuntu patches
4763+ubuntu/enable-svm-by-default.patch
4764+ubuntu/define-ubuntu-machine-types.patch
4765+ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
4766diff --git a/debian/patches/ubuntu/define-ubuntu-machine-types.patch b/debian/patches/ubuntu/define-ubuntu-machine-types.patch
4767new file mode 100644
4768index 0000000..16ccc0f
4769--- /dev/null
4770+++ b/debian/patches/ubuntu/define-ubuntu-machine-types.patch
4771@@ -0,0 +1,784 @@
4772+Description: Carry Ubuntu specific machine types
4773+
4774+Since Ubuntu is a downstream of qemu carrying patches it needs custom machine
4775+types to be able to identify and manage the delta that might affect machine
4776+types.
4777+
4778+This is an important piece to keep cross release migration supported for any
4779+downstream.
4780+
4781+Since the p->t transition these types are mostly stable copies of the upstream
4782+type (in the past this was more unstable upstream, so there was more delta),
4783+but they need to stay specific to reflect the delta we have. And even more so
4784+to have something to base off for affecting SRU changes.
4785+
4786+Also add a hint if instantiating fails due to now unsupported old guest
4787+types (LP: #1637936).
4788+
4789+Package maintainers please see https://wiki.ubuntu.com/QemuKVMMigration when
4790+maintaining this patch on SRU, merge or other packaging activity.
4791+While support on a type is dropped with the Release going EOL we never drop the
4792+type itself as long as it is maintainable. This will give people an extra
4793+chance to migrate and avoid issues like LP: 1802944.
4794+
4795+##
4796+
4797+This later on got extended by further ubuntu specific machine type changes:
4798+LP 1776189: Add a -hpb Ubuntu specific machine type suffix
4799+
4800+This works already fine on commandline, but Libvirt and other stacks above
4801+have no exploitation yet. Using a machine type has the benefit of being already
4802+controllable by most upper layer software like Libvirt (type= in os tag) but
4803+even up to Openstack (nova.conf or per image metadata on hw_machine_type).
4804+
4805+This is based on a discussion:
4806+ https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1769053
4807+
4808+A similar change is in CentOS/RH (there the default is switched, without
4809+even a way to go back.
4810+But since this can cause issues e.g. when migrating
4811+across hosts with different characteristics, it is not set as the default
4812+in Ubuntu with this change.
4813+
4814+Further we want to avoid "machine type proliferation", so we certainly won't
4815+add a type for every feature. But using a huge guest is more common and
4816+otherwise not yet achievable.
4817+
4818+This can be dropped when:
4819+ - libvirt exposes phys-bits/host-phys-bits natively
4820+ - at least the important stacks above exploit that config
4821+As an alternative we might decide at some point to make it the default without
4822+a way to switch back in following releases, but for now we don't want to do so.
4823+
4824+##
4825+
4826+This later on got extended by further ubuntu specific machine type changes:
4827+LP 1761372: special type for ppc64 meltdown/spectre defaults
4828+
4829+Upstresm 2.12 is not yet set in stone (almost but not full), and we ship 2.11
4830+with backports. SO we don't want to make a 2.12 machine type fully recommended
4831+yet.
4832+PPC was following x86 in providing a non default convenience type that has the
4833+spectre/meltdown flags toggled - in bug 1761372 we were requested to carry the
4834+same - but we agreed to do so as a 2.11 based type.
4835+
4836+Note I: x86 changes CPU types with -IBRS suffix, power chose to change machine
4837+types.
4838+
4839+Note II: this change can be squashed into ubuntu-machine-types.patch >=2.12
4840+where the base content will exist in the upstream source instead of
4841+patches on top.
4842+
4843+##
4844+
4845+[1] introduced a major regression into the 4.0 types by setting split
4846+irqchip to be the default. This was corrected by [2] and the fix further
4847+modified by [3] which overall adds a 4.0.1 machine type in qemu 4.1 (not
4848+yet released) and probably eventually stable branches.
4849+We will follow upstream with the upstream types, but the Ubuntu types so
4850+far didn't release a 4.0 type yet so for us we can fix it on the initial
4851+release right away.
4852+
4853+[1]: https://git.qemu.org/?p=qemu.git;a=commit;h=b2fc91db
4854+[2]: https://git.qemu.org/?p=qemu.git;a=commit;h=c87759ce
4855+[3]: https://git.qemu.org/?p=qemu.git;a=commit;h=8e8cbed0
4856+
4857+##
4858+
4859+Original-Author: Serge Hallyn <serge.hallyn@ubuntu.com>
4860+Original-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1304107
4861+Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
4862+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1621042
4863+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1776189
4864+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1761372
4865+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1829868
4866+Forwarded: not-needed
4867+Forward-info: downstream decision
4868+
4869+--- a/hw/i386/pc_piix.c
4870++++ b/hw/i386/pc_piix.c
4871+@@ -430,12 +430,7 @@ static void pc_i440fx_5_1_machine_option
4872+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
4873+ pc_i440fx_machine_options(m);
4874+ m->alias = "pc";
4875+- m->is_default = true;
4876+-#ifdef CONFIG_MICROVM_DEFAULT
4877+ m->is_default = false;
4878+-#else
4879+- m->is_default = true;
4880+-#endif
4881+ pcmc->default_cpu_version = 1;
4882+ }
4883+
4884+@@ -996,3 +991,225 @@ static void xenfv_3_1_machine_options(Ma
4885+ DEFINE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init,
4886+ xenfv_3_1_machine_options);
4887+ #endif
4888++
4889++/* Ubuntu machine types */
4890++static void pc_trusty_machine_options(MachineClass *m)
4891++{
4892++ pc_i440fx_2_0_machine_options(m);
4893++ m->desc = "Ubuntu 14.04 PC (i440FX + PIIX, 1996)";
4894++}
4895++DEFINE_I440FX_MACHINE(trusty, "pc-i440fx-trusty", pc_compat_2_0_fn,
4896++ pc_trusty_machine_options)
4897++
4898++static void pc_xenial_machine_options(MachineClass *m)
4899++{
4900++ pc_i440fx_2_5_machine_options(m);
4901++ m->desc = "Ubuntu 16.04 PC (i440FX + PIIX, 1996)";
4902++}
4903++DEFINE_I440FX_MACHINE(xenial, "pc-i440fx-xenial", NULL,
4904++ pc_xenial_machine_options);
4905++
4906++static void pc_yakkety_machine_options(MachineClass *m)
4907++{
4908++ pc_i440fx_2_6_machine_options(m);
4909++ m->desc = "Ubuntu 16.10 PC (i440FX + PIIX, 1996)";
4910++}
4911++DEFINE_I440FX_MACHINE(yakkety, "pc-i440fx-yakkety", NULL,
4912++ pc_yakkety_machine_options);
4913++
4914++static void pc_zesty_machine_options(MachineClass *m)
4915++{
4916++ pc_i440fx_2_8_machine_options(m);
4917++ m->desc = "Ubuntu 17.04 PC (i440FX + PIIX, 1996)";
4918++}
4919++DEFINE_I440FX_MACHINE(zesty, "pc-i440fx-zesty", NULL,
4920++ pc_zesty_machine_options);
4921++
4922++static void pc_artful_machine_options(MachineClass *m)
4923++{
4924++ pc_i440fx_2_10_machine_options(m);
4925++ m->desc = "Ubuntu 17.10 PC (i440FX + PIIX, 1996)";
4926++}
4927++DEFINE_I440FX_MACHINE(artful, "pc-i440fx-artful", NULL,
4928++ pc_artful_machine_options);
4929++
4930++static void pc_bionic_machine_options(MachineClass *m)
4931++{
4932++ pc_i440fx_2_11_machine_options(m);
4933++ m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, 1996)";
4934++}
4935++DEFINE_I440FX_MACHINE(bionic, "pc-i440fx-bionic", NULL,
4936++ pc_bionic_machine_options);
4937++
4938++static void pc_bionic_hpb_machine_options(MachineClass *m)
4939++{
4940++ pc_i440fx_2_11_machine_options(m);
4941++ m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, +host-phys-bits=true, 1996)";
4942++ compat_props_add(m->compat_props,
4943++ host_phys_bits_compat, host_phys_bits_compat_len);
4944++}
4945++DEFINE_I440FX_MACHINE(bionic_hpb, "pc-i440fx-bionic-hpb", NULL,
4946++ pc_bionic_hpb_machine_options);
4947++
4948++static void pc_cosmic_machine_options(MachineClass *m)
4949++{
4950++ pc_i440fx_2_12_machine_options(m);
4951++ m->desc = "Ubuntu 18.10 PC (i440FX + PIIX, 1996)";
4952++}
4953++DEFINE_I440FX_MACHINE(cosmic, "pc-i440fx-cosmic", NULL,
4954++ pc_cosmic_machine_options);
4955++
4956++static void pc_cosmic_hpb_machine_options(MachineClass *m)
4957++{
4958++ pc_i440fx_2_12_machine_options(m);
4959++ m->desc = "Ubuntu 18.10 PC (i440FX + PIIX +host-phys-bits=true, 1996)";
4960++ compat_props_add(m->compat_props,
4961++ host_phys_bits_compat, host_phys_bits_compat_len);
4962++}
4963++DEFINE_I440FX_MACHINE(cosmic_hpb, "pc-i440fx-cosmic-hpb", NULL,
4964++ pc_cosmic_hpb_machine_options);
4965++
4966++static void pc_disco_machine_options(MachineClass *m)
4967++{
4968++ pc_i440fx_3_1_machine_options(m);
4969++ m->desc = "Ubuntu 19.04 PC (i440FX + PIIX, 1996)";
4970++}
4971++DEFINE_I440FX_MACHINE(disco, "pc-i440fx-disco", NULL,
4972++ pc_disco_machine_options);
4973++
4974++static void pc_disco_hpb_machine_options(MachineClass *m)
4975++{
4976++ pc_i440fx_3_1_machine_options(m);
4977++ m->desc = "Ubuntu 19.04 PC (i440FX + PIIX +host-phys-bits=true, 1996)";
4978++ m->alias = NULL;
4979++ compat_props_add(m->compat_props,
4980++ host_phys_bits_compat, host_phys_bits_compat_len);
4981++}
4982++DEFINE_I440FX_MACHINE(disco_hpb, "pc-i440fx-disco-hpb", NULL,
4983++ pc_disco_hpb_machine_options);
4984++
4985++static void pc_eoan_machine_options(MachineClass *m)
4986++{
4987++ pc_i440fx_4_0_machine_options(m);
4988++ m->desc = "Ubuntu 19.10 PC (i440FX + PIIX, 1996)";
4989++ m->alias = NULL;
4990++}
4991++DEFINE_I440FX_MACHINE(eoan, "pc-i440fx-eoan", NULL,
4992++ pc_eoan_machine_options);
4993++
4994++static void pc_eoan_hpb_machine_options(MachineClass *m)
4995++{
4996++ pc_i440fx_4_0_machine_options(m);
4997++ m->desc = "Ubuntu 19.10 PC (i440FX + PIIX +host-phys-bits=true, 1996)";
4998++ m->alias = NULL;
4999++ compat_props_add(m->compat_props,
5000++ host_phys_bits_compat, host_phys_bits_compat_len);
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches