Merge ~paelzer/ubuntu/+source/qemu:merge-5.2-1-Hirsute into ubuntu/+source/qemu:debian/sid

Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: d28562035b0bae43cf3f3254c752745c2126ce80
Merge reported by: Christian Ehrhardt 
Merged at revision: d28562035b0bae43cf3f3254c752745c2126ce80
Proposed branch: ~paelzer/ubuntu/+source/qemu:merge-5.2-1-Hirsute
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 6221 lines (+5555/-30)
15 files modified
debian/changelog (+4173/-4)
debian/control (+91/-17)
debian/control-in (+62/-8)
debian/patches/series (+5/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+784/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-gui.prerm (+42/-0)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/rules (+61/-1)
Reviewer Review Type Date Requested Status
Robie Basak Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+395093@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

No PPA yet (as PPAs are in maintenance),
but consider build&tests on me - yet a review of this (for qemu rather simple) merge for Packaging POV would be great.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Existing tag upload/1%5.1+dfsg-4ubuntu3 == split.
Logical is in the tag merge-5.2-1-Hirsute-logical-of-5.1+dfsg-4ubuntu3

Revision history for this message
Robie Basak (racb) wrote :

> Logical is in the tag merge-5.2-1-Hirsute-logical-of-5.1+dfsg-4ubuntu3

I don't see this. Did you remember to push it?

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Indeed I didn't :-/ sorry
But here it is now:
To git+ssh://git.launchpad.net/~paelzer/ubuntu/+source/qemu
 * [new tag] merge-5.2-1-Hirsute-logical-of-5.1+dfsg-4ubuntu3 -> merge-5.2-1-Hirsute-logical-of-5.1+dfsg-4ubuntu3

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI - I won't upload this way as we will need ui-opengl.so to go into qemu-system-common
Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976996

But that does not invalidate the rest of the MP, it just is a note that we want this fixed (as Delta or a rebase to a coming 5.2-2) before a hirsute upload.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI - 5.2-2 appeared in Debian, but not yet in LP/Git-Ubuntu - I'll rebase as soon as it is there.
The changes look like it will be a no-change-rebase in regard to our Delta.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I've found and fixed the armhf gcc-9 fix that needs to go to d/control-in instead of d/control.
Otherwise the "regenerate d/control" will undo the former fix.
This is done, but I can only push it once 5.2-2 is in git-ubuntu (right now I rebased onto salsa until it is in git-ubuntu).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Now that today PPAs work again
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4373/+packages
got the first test build

Revision history for this message
Robie Basak (racb) wrote :

lgtm!

I didn't try to understand the entire qemu delta, but it appears carried forward correctly, and I couldn't spot anything in it that should change that you haven't already changed.

review: Approve
e29b23c... by Christian Ehrhardt 

d/control: regenerated from d/control-in

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks,
I'm working on the remaining x86 build issue (others are good) and then will go into regression tests.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI: Dependency issues on s390x tests are due to the arch-all builds not being completed by the x86 build fail.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tests all LGTM,

prep (x86_64) : Pass 25 F/S/N 0/0/0 - RC 0 (19 min 44787 lin)
migrate (x86_64) : Pass 288 F/S/N 0/0/0 - RC 0 (64 min 215785 lin)
cross (x86_64) : Pass 58 F/S/N 0/1/2 - RC 0 (88 min 100117 lin)
misc (x86_64) : Pass 73 F/S/N 0/0/0 - RC 0 (29 min 40725 lin)

prep (s390x) : Pass 25 F/S/N 0/0/0 - RC 0 (11 min 31443 lin)
migrate (s390x) : Pass 268 F/S/N 0/5/0 - RC 0 (71 min 156841 lin)
cross (s390x) : Pass 62 F/S/N 0/1/1 - RC 0 (77 min 92616 lin)
misc (s390x) : Pass 48 F/S/N 0/0/0 - RC 999 (19 min 28651 lin)

One issue related to my s390x test host setup, but that resolved on a retry after fixing the config.

In regard to the armhf build, that seems to work fine (enough) for now.
3/3 builds are ok, so I'm keeping this as-is.

The workaround for bug 1907789 is the last bit that needs to be a real fix before this is ready to upload

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI - the build bug 1907789 is fixed and suggested upstream in https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg03684.html.
Test builds worked fine with that.
Uploading with that change until upstream settled on a final solution.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Blocks on ppc64 test of systemd - which I'll check.
But this MP can be considered merged.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 9393425..a34d3fc 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,57 @@
6+qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
7+
8+ * Merge with Debian unstable
9+ - includes fix for CVE-2020-17380
10+ - includes a fix for s390x PCI device reset (LP: #1907656)
11+ Remaining changes:
12+ - qemu-kvm to systemd unit
13+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
14+ hugepages and architecture specifics
15+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
16+ qemu-kvm-init
17+ - d/qemu-system-common.install: install helper script
18+ - d/qemu-system-common.qemu-kvm.default: defaults for
19+ /etc/default/qemu-kvm
20+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
21+ - Distribution specific machine type (LP: 1304107 1621042)
22+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
23+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
24+ for host-phys-bits=true (LP: 1776189)
25+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
26+ - provide pseries-bionic-2.11-sxxm type as convenience with all
27+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
28+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
29+ - Enable nesting by default
30+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
31+ in qemu64 on amd
32+ [ No more strictly needed, but required for backward compatibility ]
33+ - improved dependencies
34+ - Make qemu-system-common depend on qemu-block-extra
35+ - Make qemu-utils depend on qemu-block-extra
36+ - let qemu-utils recommend sharutils
37+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
38+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
39+ reference 256k path
40+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
41+ handle incoming migrations from former releases.
42+ - d/control-in: Disable capstone disassembler library support (universe)
43+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
44+ - d/control*, d/rules: disable xen by default, but provide universe
45+ package qemu-system-x86-xen as alternative
46+ [includes compat links changes of 5.0-5ubuntu4]
47+ - allow qemu to load old modules post upgrade (LP 1847361)
48+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
49+ - d/rules: Drop generating package version into maintainer scripts
50+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
51+ the bad old prerm (LP 1906245 1905377)
52+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
53+ resolved in gcc-10 (LP: 1890435)
54+ * Added Changes:
55+ - Refreshed ubuntu machine types for hirsute@5.2
56+ - d/control: regenerated from d/control-in
57+
58+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
59+
60 qemu (1:5.2+dfsg-2) unstable; urgency=medium
61
62 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
63@@ -43,6 +97,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
64
65 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
66
67+qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
68+
69+ * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
70+ the bad old prerm (LP: #1906245)
71+
72+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
73+
74+qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
75+
76+ * Fix upgrade module handling (LP: #1905377)
77+ This was accetped in a slightly different form in qemu_5.0-6 and therefore
78+ allows to drop some former delta that is now conflicting.
79+ Ubuntu still keeps enabling --enable-module-upgrades, but only for
80+ qemu-xen which doesn't exist in Debian
81+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
82+ - d/rules: Drop generating package version into maintainer scripts
83+
84+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
85+
86+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
87+
88+ * Merge with Debian testing, remaining changes:
89+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
90+ - qemu-kvm to systemd unit
91+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
92+ hugepages and architecture specifics
93+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
94+ qemu-kvm-init
95+ - d/qemu-system-common.install: install helper script
96+ - d/qemu-system-common.qemu-kvm.default: defaults for
97+ /etc/default/qemu-kvm
98+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
99+ - Distribution specific machine type (LP: 1304107 1621042)
100+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
101+ types
102+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
103+ for host-phys-bits=true (LP: 1776189)
104+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
105+ - provide pseries-bionic-2.11-sxxm type as convenience with all
106+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
107+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
108+ - Enable nesting by default
109+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
110+ in qemu64 on amd
111+ [ No more strictly needed, but required for backward compatibility ]
112+ - improved dependencies
113+ - Make qemu-system-common depend on qemu-block-extra
114+ - Make qemu-utils depend on qemu-block-extra
115+ - let qemu-utils recommend sharutils
116+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
117+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
118+ reference 256k path
119+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
120+ handle incoming migrations from former releases.
121+ - d/control-in: Disable capstone disassembler library support (universe)
122+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
123+ - d/control*, d/rules: disable xen by default, but provide universe
124+ package qemu-system-x86-xen as alternative
125+ [includes compat links changes of 5.0-5ubuntu4]
126+ - allow qemu to load old modules post upgrade (LP 1847361)
127+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
128+ upgrade
129+ - d/rules: generate maintainer scripts matching package version on build
130+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
131+ - d/control: regenerate debian/control out of control-in
132+ * Dropped changes [in Debian or no more needed]
133+ - d/control-in: disable pmem on ppc64 as it is currently considered
134+ experimental on that architecture (pmdk v1.8-1)
135+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
136+ - d/rules: report config log from the correct subdir
137+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
138+ - Pick further changes for groovy from debian/master since 5.0-5
139+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
140+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
141+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
142+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
143+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
144+ - megasas-fix-possible-out-of-bounds-array-access.patch
145+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
146+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
147+ - a few patches from the stable series:
148+ - fix-tulip-breakage.patch
149+ - 9p-lock-directory-streams-with-a-CoMutex.patch
150+ Prevent deadlocks in 9pfs readdir code
151+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
152+ Fix newline accidentally sneaked into id string of a nic
153+ - qemu-nbd-close-inherited-stderr.patch
154+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
155+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
156+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
157+ - acpi-tmr-allow-2-byte-reads.patch
158+ - reapply CVE-2020-13253 fixes from upstream
159+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
160+ - linux-user-add-netlink-RTM_SETLINK-command.patch
161+ - d/control: since qemu-system-data now contains module(s),
162+ it can't be multi-arch. Ditto for qemu-block-extra.
163+ - qemu-system-foo: depend on exact version of qemu-system-data,
164+ due to the latter having modules
165+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
166+ This is another incarnation of the recent bugfix which actually enabled
167+ memory access constraints, like #964247
168+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
169+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
170+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
171+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
172+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
173+ - do not install outdated (0.12 and before) Changelog
174+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
175+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
176+ Closes: CVE-2020-15863
177+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
178+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
179+ another fix for revert-memory-accept-.. CVE-2020-13754
180+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
181+ - d/control-in: build-dep libcap is no more needed
182+ - arch aware kvm wrappers
183+ [upstream now automatically enables KVM if available and called with
184+ kvm* name, provides KVM as before but with auto-fallback to tcg.
185+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
186+ * Dropped changes [upstream now]
187+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
188+ setup_len
189+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
190+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
191+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
192+ from vfio-ccw (LP 1887935)
193+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
194+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
195+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
196+ SQXBR (LP 1883984)
197+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
198+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
199+ environments (LP 1887763)
200+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
201+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
202+ crashes it on shutdown (LP 1878973)
203+ - update d/p/ubuntu/lp-1835546-* to the final versions
204+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
205+ FTBFS in groovy
206+ * Added Changes:
207+ - update ubuntu machine types for hirsute@5.1
208+ - d/control: regenerated from d/control-in
209+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
210+ resolved in gcc-10 (LP: 1890435)
211+
212+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
213+
214 qemu (1:5.1+dfsg-4) unstable; urgency=high
215
216 * mention closing of CVE-2020-16092 by 5.1
217@@ -61,7 +262,7 @@ qemu (1:5.1+dfsg-3) unstable; urgency=medium
218
219 qemu (1:5.1+dfsg-2) unstable; urgency=medium
220
221- * fix brown-paper bag bug in last upload
222+ * fix brown-paper bag bug in last upload
223
224 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 17 Aug 2020 20:58:52 +0300
225
226@@ -284,6 +485,298 @@ qemu (1:5.0-6) unstable; urgency=medium
227
228 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
229
230+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
231+
232+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
233+ machine type to match how it originally was released (LP: #1902654)
234+
235+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
236+
237+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
238+
239+ * No-change rebuild for brltty soname change.
240+
241+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
242+
243+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
244+
245+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
246+ setup_len
247+ CVE-2020-14364
248+
249+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
250+
251+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
252+
253+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
254+
255+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
256+
257+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
258+
259+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
260+
261+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
262+
263+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
264+
265+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
266+ from vfio-ccw (LP: #1887935)
267+
268+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
269+
270+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
271+
272+ * fix qemu-user-static initialization to allow executing systemd
273+ (LP: #1890881)
274+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
275+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
276+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
277+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
278+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
279+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
280+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
281+ CVE-2020-16092
282+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
283+
284+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
285+
286+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
287+
288+ * xen: provide compat links to what libxen-dev reports where to find
289+ the binaries (LP: #1890005)
290+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
291+ SQXBR (LP: #1883984)
292+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
293+
294+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
295+
296+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
297+
298+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
299+ environments (LP: #1887763)
300+ * Pick further changes for groovy from debian/master since 5.0-5
301+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
302+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
303+ infinite recursion via a crafted mm_index value during
304+ ati_mm_read or ati_mm_write call.
305+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
306+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
307+ devices which uses min_access_size and max_access_size Memory API fields.
308+ Also closes: CVE-2020-13791
309+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
310+ CVE-2020-13659: address_space_map in exec.c can trigger
311+ a NULL pointer dereference related to BounceBuffer
312+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
313+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
314+ has an OOB read via a crafted reply_queue_head field from a guest OS user
315+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
316+ fix other possible cases like in CVE-2020-13362 (#961887)
317+ - megasas-fix-possible-out-of-bounds-array-access.patch
318+ Some tracepoints use a guest-controlled value as an index into the
319+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
320+ impact OOB errors here
321+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
322+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
323+ This flaw occurs when an nbd-client sends a spec-compliant request that is
324+ near the boundary of maximum permitted request length. A remote nbd-client
325+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
326+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
327+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
328+ properly validate the frame count, which allows guest OS users to trigger
329+ an out-of-bounds access during an es1370_write() operation
330+ - a few patches from the stable series:
331+ - fix-tulip-breakage.patch
332+ The tulip network driver in a qemu-system-hppa emulation is broken in
333+ the sense that bigger network packages aren't received any longer and
334+ thus even running e.g. "apt update" inside the VM fails. Fix this.
335+ - 9p-lock-directory-streams-with-a-CoMutex.patch
336+ Prevent deadlocks in 9pfs readdir code
337+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
338+ Fix newline accidentally sneaked into id string of a nic
339+ - qemu-nbd-close-inherited-stderr.patch
340+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
341+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
342+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
343+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
344+ - reapply CVE-2020-13253 fixed from upstream:
345+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
346+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
347+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
348+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
349+ Closes: #961297, CVE-2020-13253
350+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
351+ (Closes: #965109)
352+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
353+ - d/control: since qemu-system-data now contains module(s),
354+ it can't be multi-arch. Ditto for qemu-block-extra.
355+ - qemu-system-foo: depend on exact version of qemu-system-data,
356+ due to the latter having modules
357+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
358+ This is another incarnation of the recent bugfix which actually enabled
359+ memory access constraints, like #964247
360+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
361+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
362+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
363+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
364+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
365+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
366+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
367+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
368+ Closes: CVE-2020-15863
369+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
370+ List of patches:
371+ sm501-convert-printf-abort-to-qemu_log_mask.patch
372+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
373+ sm501-use-BIT-macro-to-shorten-constant.patch
374+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
375+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
376+ Closes: #961451, CVE-2020-12829
377+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
378+ another fix for revert-memory-accept-.. CVE-2020-13754
379+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
380+
381+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
382+
383+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
384+
385+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
386+
387+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
388+
389+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
390+
391+ * Merge with Debian testing (LP: #1749393), remaining changes:
392+ - qemu-kvm to systemd unit
393+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
394+ hugepages and architecture specifics
395+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
396+ qemu-kvm-init
397+ - d/qemu-system-common.install: install helper script
398+ - d/qemu-system-common.qemu-kvm.default: defaults for
399+ /etc/default/qemu-kvm
400+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
401+ - Distribution specific machine type (LP: 1304107 1621042)
402+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
403+ types
404+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
405+ for host-phys-bits=true (LP: 1776189)
406+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
407+ - provide pseries-bionic-2.11-sxxm type as convenience with all
408+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
409+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
410+ - Enable nesting by default
411+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
412+ in qemu64 on amd
413+ [ No more strictly needed, but required for backward compatibility ]
414+ - improved dependencies
415+ - Make qemu-system-common depend on qemu-block-extra
416+ - Make qemu-utils depend on qemu-block-extra
417+ - let qemu-utils recommend sharutils
418+ - arch aware kvm wrappers
419+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
420+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
421+ reference 256k path
422+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
423+ handle incoming migrations from former releases.
424+ - d/control-in: Disable capstone disassembler library support (universe)
425+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
426+ - d/control*, d/rules: disable xen by default, but provide universe
427+ package qemu-system-x86-xen as alternative
428+ [includes --disable-xen for user-static builds]
429+ - d/control-in: disable pmem on ppc64 as it is currently considered
430+ experimental on that architecture (pmdk v1.8-1)
431+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
432+ - d/rules: report config log from the correct subdir
433+ - allow qemu to load old modules post upgrade (LP 1847361)
434+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
435+ upgrade
436+ - d/rules: generate maintainer scripts matching package version on build
437+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
438+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
439+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
440+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
441+ crashes it on shutdown (LP 1878973)
442+ * Dropped changes (no more needed)
443+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
444+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
445+ in qemu64 cpu type.
446+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
447+ Debian. Fixed by bumping the related Breaks/Replaces to the
448+ Version Ubuntu introduced the change (LP 1862287)
449+ * Dropped changes (in Debian)
450+ - improved s390x support
451+ - d/binfmt-update-in: fix binfmt being called in some containers
452+ (LP 1840956)
453+ - qemu-system-x86-microvm package
454+ In addition to the generic multi-purpose qemu also provide a minimal
455+ feature binary that is loading faster for use cases with microvm machine
456+ type and qboot bios
457+ - d/control-in: add a new qemu-system-x86-microvm package
458+ - d/rules: add an extra config/build step to get the minimal qemu
459+ - Security and packaging fixes (LP 1872937)
460+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
461+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
462+ CVE-2020-10702
463+ CVE-2020-11102
464+ - fix external spice UI
465+ + install ui-spice-app.so in qemu-system-common
466+ + install ui-spice-app.so only if built, spice is optional
467+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
468+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
469+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
470+ - enable riscv build (LP 1872931)
471+ [ changes picked from Debian ]
472+ - enable support for riscv64 hosts
473+ - only enable librbd on architectures where it is built
474+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
475+ depends on the former
476+ - seccomp grew up, no need in versioned build-dep
477+ - enable seccomp only on architectures where it can be built
478+ * Dropped changes (upstream)
479+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
480+ (LP 1857033)
481+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
482+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
483+ vhost-user-gpu
484+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
485+ avoid unnecessary IOTLB transactions (LP 1866207)
486+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
487+ patches @qemu-stable (LP 1867519)
488+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
489+ to avoid broken nesting (LP 1868692)
490+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
491+ (LP 1871830)
492+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
493+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
494+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
495+ and clobbered doubles (LP 1872945)
496+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
497+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
498+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
499+ - CVE-2020-11869
500+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
501+ - async: use explicit memory barriers (LP 1805256)
502+ - aio-wait: delegate polling of main AioContext if BQL not held
503+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
504+ supporting to set them (LP 1882774)
505+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
506+ load to a versioned path
507+ * Added Changes:
508+ - d/control: regenerate debian/control out of control-in
509+ - update d/p/ubuntu/lp-1835546-* to the final versions
510+ - 11 patches dropped as they are in 5.0
511+ - 20 patches updated to how they will be in 5.1
512+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
513+ FTBFS in groovy
514+ - Make qemu-system-x86-microvm a transitional package as the binary is now
515+ in qemu-system-x86 itself.
516+ - d/control-in: build-dep libcap is no more needed
517+ - d/rules: update arch aware kvm wrappers
518+ - d/qemu-system-x86.README.Debian: fix typo
519+
520+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
521+
522 qemu (1:5.0-5) unstable; urgency=medium
523
524 * more binfmt-install updates
525@@ -416,6 +909,188 @@ qemu (1:4.2-4) unstable; urgency=medium
526
527 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
528
529+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
530+
531+ * No-change rebuild against libnettle8
532+
533+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
534+
535+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
536+
537+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
538+ crashes it on shutdown (LP: #1878973)
539+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
540+ supporting to set them (LP: #1882774)
541+
542+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
543+
544+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
545+
546+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
547+ - async: use explicit memory barriers (LP: #1805256)
548+ - aio-wait: delegate polling of main AioContext if BQL not held
549+
550+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
551+
552+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
553+
554+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
555+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
556+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
557+ - CVE-2020-11869
558+
559+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
560+
561+qemu (1:4.2-3ubuntu6) focal; urgency=medium
562+
563+ [ Christian Ehrhardt ]
564+ * enable riscv build (LP: #1872931)
565+ [ changes picked from Debian ]
566+ - enable support for riscv64 hosts
567+ - only enable librbd on architectures where it is built
568+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
569+ depends on the former
570+ - seccomp grew up, no need in versioned build-dep
571+ - enable seccomp only on architectures where it can be built
572+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
573+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
574+ and clobbered doubles (LP: #1872945)
575+
576+ [ William Grant ]
577+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
578+
579+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
580+
581+qemu (1:4.2-3ubuntu5) focal; urgency=medium
582+
583+ [ Christian Ehrhardt ]
584+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
585+ (LP: #1871830)
586+ * Security and packaging fixes (LP: #1872937)
587+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
588+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
589+ CVE-2020-10702
590+ CVE-2020-11102
591+ - fix external spice UI
592+ + install ui-spice-app.so in qemu-system-common
593+ + install ui-spice-app.so only if built, spice is optional
594+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
595+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
596+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
597+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
598+
599+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
600+
601+qemu (1:4.2-3ubuntu4) focal; urgency=medium
602+
603+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
604+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
605+ to avoid broken nesting (LP: #1868692)
606+
607+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
608+
609+qemu (1:4.2-3ubuntu3) focal; urgency=medium
610+
611+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
612+ patches @qemu-stable (LP: #1867519)
613+
614+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
615+
616+qemu (1:4.2-3ubuntu2) focal; urgency=medium
617+
618+ * allow qemu to load old modules post upgrade (LP: #1847361)
619+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
620+ load to a versioned path
621+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
622+ upgrade
623+ - d/rules: generate maintainer scripts matching package version on build
624+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
625+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
626+ avoid unnecessary IOTLB transactions (LP: #1866207)
627+
628+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
629+
630+qemu (1:4.2-3ubuntu1) focal; urgency=medium
631+
632+ * Merge with Debian testing, remaining changes:
633+ - qemu-kvm to systemd unit
634+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
635+ hugepages and architecture specifics
636+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
637+ qemu-kvm-init
638+ - d/qemu-system-common.install: install helper script
639+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
640+ - d/qemu-system-common.qemu-kvm.default: defaults for
641+ /etc/default/qemu-kvm
642+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
643+ - Distribution specific machine type (LP: 1304107 1621042)
644+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
645+ types
646+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
647+ for host-phys-bits=true (LP: 1776189)
648+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
649+ - provide pseries-bionic-2.11-sxxm type as convenience with all
650+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
651+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
652+ - Enable nesting by default
653+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
654+ in qemu64 cpu type.
655+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
656+ in qemu64 on amd
657+ [ No more strictly needed, but required for backward compatibility ]
658+ - improved dependencies
659+ - Make qemu-system-common depend on qemu-block-extra
660+ - Make qemu-utils depend on qemu-block-extra
661+ - let qemu-utils recommend sharutils
662+ - improved s390x support
663+ - d/rules: build s390-ccw.img with upstream Makefile
664+ - d/rules: build s390-netboot.img with upstream Makefile
665+ - arch aware kvm wrappers
666+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
667+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
668+ reference 256k path
669+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
670+ handle incoming migrations from former releases.
671+ - d/control-in: Disable capstone disassembler library support (universe)
672+ - d/binfmt-update-in: fix binfmt being called in some containers
673+ (LP 1840956)
674+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
675+ (LP 1857033)
676+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
677+ - d/control*, d/rules: disable xen by default, but provide universe
678+ package qemu-system-x86-xen as alternative
679+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
680+ - Dropped changes [ in Debian ]
681+ - d/control: update VCS links
682+ - d/control-in: bump debhelper build-dep for compat 12
683+ - d/control: disable bluetooth being deprecated
684+ - d/not-installed: ignore new interop docs and extra icons for now
685+ - d/not-installed: do not install elf2dmp until namespaced
686+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
687+ [ not needed ]
688+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
689+ - s390x support
690+ - Create qemu-system-s390x package
691+ - Enable numa support for s390x
692+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
693+ * Added changes
694+ - d/control: regenerate debian/control out of control-in
695+ - qemu-system-x86-microvm package
696+ In addition to the generic multi-purpose qemu also provide a minimal
697+ feature binary that is loading faster for use cases with microvm machine
698+ type and qboot bios
699+ - d/control-in: add a new qemu-system-x86-microvm package
700+ - d/rules: add an extra config/build step to get the minimal qemu
701+ - d/control-in: disable pmem on ppc64 as it is currently considered
702+ experimental on that architecture (pmdk v1.8-1)
703+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
704+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
705+ vhost-user-gpu
706+ - d/rules: report config log from the correct subdir
707+ - d/rules: --disable-xen for user-static builds
708+
709+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
710+
711 qemu (1:4.2-3) unstable; urgency=medium
712
713 * mention closing of #909743 in previous changelog (Closes: #909743)
714@@ -458,6 +1133,169 @@ qemu (1:4.2-2) unstable; urgency=medium
715
716 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
717
718+qemu (1:4.2-1ubuntu2) focal; urgency=medium
719+
720+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
721+ Debian. Fixed by by bumping the related Breaks/Replaces to the
722+ Version Ubuntu introduced the change (LP: #1862287)
723+
724+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
725+
726+qemu (1:4.2-1ubuntu1) focal; urgency=medium
727+
728+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
729+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
730+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
731+ LP: #1852744 - Crypto Passthrough Interrupt Support
732+ LP: #1853316 - CCW IPL Support
733+ Remaining changes:
734+ - qemu-kvm to systemd unit
735+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
736+ hugepages and architecture specifics
737+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
738+ qemu-kvm-init
739+ - d/qemu-system-common.install: install helper script
740+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
741+ - d/qemu-system-common.qemu-kvm.default: defaults for
742+ /etc/default/qemu-kvm
743+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
744+ - Distribution specific machine type (LP: 1304107 1621042)
745+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
746+ types
747+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
748+ for host-phys-bits=true (LP: 1776189)
749+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
750+ - provide pseries-bionic-2.11-sxxm type as convenience with all
751+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
752+ - Enable nesting by default
753+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
754+ in qemu64 cpu type.
755+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
756+ in qemu64 on amd
757+ [ No more strictly needed, but required for backward compatibility ]
758+ - improved dependencies
759+ - Make qemu-system-common depend on qemu-block-extra
760+ - Make qemu-utils depend on qemu-block-extra
761+ - let qemu-utils recommend sharutils
762+ - s390x support
763+ - Create qemu-system-s390x package
764+ - Enable numa support for s390x
765+ - d/rules: build s390-ccw.img with upstream Makefile
766+ - d/rules: build s390-netboot.img with upstream Makefile
767+ - arch aware kvm wrappers
768+ - d/control: update VCS links
769+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
770+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
771+ reference 256k path
772+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
773+ handle incoming migrations from former releases.
774+ - d/control-in: Disable capstone disassembler library support (universe)
775+ - d/control: disable bluetooth being deprecated
776+ - d/not-installed: ignore new interop docs and extra icons for now
777+ - d/not-installed: do not install elf2dmp until namespaced
778+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
779+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
780+ - d/binfmt-update-in: fix binfmt being called in some containers
781+ (LP 1840956)
782+ - Dropped changes (in Debian)
783+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
784+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
785+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
786+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
787+ - enable RDMA config option
788+ - add libibumad-dev build-dep
789+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
790+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
791+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
792+ replace it with a build-indep using the upstream makefiles.
793+ This is less prone to miss future changes/fixes that are done to the
794+ makefiles
795+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
796+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
797+ - d/rules: fix qemu-kvm service for debhelper compat >=12
798+ - Refreshed patches for v4.0 context changes
799+ - d/control*: remove sdlabi which was removed upstream
800+ - d/control*: enable docs (now explicit) and provide new build-dep
801+ python3-sphinx
802+ - d/qemu-system-data.install: use new paths for formerly used icons
803+ - Merge with Upstream release of qemu 4.0
804+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
805+ - Dropped changes (Upstream)
806+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
807+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
808+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
809+ fix i386 build error
810+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
811+ fix naming of the new vector facitlity (LP 1836066)
812+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
813+ for missing SIOCGSTAMP definition; final fix is still in discussion
814+ upstream (LP: 1836159)
815+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
816+ s390x machines (LP 1836154)
817+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
818+ (LP 1841066)
819+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
820+ update the z15 model name (LP 1842774)
821+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
822+ fix a potential hang when qemu or qemu-img where accessing http backed
823+ disks via libcurl (LP 1848556)
824+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
825+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
826+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
827+ toleration for future machines (LP 1830704)
828+ - SECURITY UPDATE: Add support for exposing md-clear functionality
829+ to guests
830+ - d/p/ubuntu/enable-md-clear.patch
831+ - d/p/ubuntu/enable-md-no.patch
832+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
833+ - SECURITY UPDATE: heap overflow when loading device tree blob
834+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
835+ copy the device tree blob into is.
836+ - CVE-2018-20815
837+ - SECURITY UPDATE: device driver denial of service via NULL pointer
838+ dereference
839+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
840+ routine
841+ - CVE-2019-5008
842+ - SECURITY UPDATE: information leak in SLiRP
843+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
844+ emulating ident.
845+ - CVE-2019-9824
846+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
847+ unimplement.patch: properly return architecture defined exception
848+ on bad subcodes of diag 308 (LP 1812384)
849+ * Dropped changes (no more needed)
850+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
851+ mv_conffile since the new path is a directory in the old package
852+ version which can not be handled by mv_conffile.
853+ [ only needed between disco and eoan ]
854+ - disable pvrdma
855+ [ CVEs all fixed now ]
856+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
857+ avoid misdetection of simplified nesting blocking all migrations
858+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
859+ - Enable nesting by default
860+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
861+ (is default on amd)
862+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
863+ without nested=1
864+ [ nesting is default in kernel modules and default selected cpu types ]
865+ * Added changes
866+ - d/control: regenerate debian/control out of control-in
867+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
868+ - added ubuntu focal types for qemu 4.2
869+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
870+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
871+ (LP: #1857033)
872+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
873+ - d/control*, d/rules: disable xen by default, but provide universe
874+ package qemu-system-x86-xen as alternative
875+ - fix typos in changelog and d/qemu-system-x86.NEWS
876+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
877+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
878+
879+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
880+
881 qemu (1:4.2-1) unstable; urgency=medium
882
883 * new upstream release (4.2.0)
884@@ -534,6 +1372,205 @@ qemu (1:4.1-1) unstable; urgency=medium
885
886 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
887
888+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
889+
890+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
891+ fix a potential hang when qemu or qemu-img where accessing http backed
892+ disks via libcurl (LP: #1848556)
893+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
894+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
895+
896+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
897+
898+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
899+
900+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
901+ update the z15 model name (LP: #1842774)
902+
903+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
904+
905+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
906+
907+ * d/binfmt-update-in: fix binfmt being called in some containers
908+ (LP: #1840956)
909+
910+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
911+
912+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
913+
914+ * No-change upload with strops.h and sys/strops.h removed in glibc.
915+
916+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
917+
918+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
919+
920+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
921+ (LP: #1841066)
922+
923+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
924+
925+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
926+
927+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
928+ s390x machines (LP: #1836154)
929+
930+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
931+
932+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
933+
934+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
935+ - pick Debian change for (#889885)
936+ move ovmf to recommends on debian and update aarch ovmf refs
937+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
938+
939+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
940+
941+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
942+
943+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
944+ for missing SIOCGSTAMP definition; final fix is still in discussion
945+ upstream (LP: 1836159)
946+
947+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
948+
949+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
950+
951+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
952+ fix naming of the new vector facitlity (LP: #1836066)
953+ * d/control-in: update VCS links in control template as well
954+
955+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
956+
957+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
958+
959+ * Merge with Upstream release of qemu 4.0.
960+ Among many other things this fixes LP Bugs:
961+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
962+ LP: #1828038 - Update s390x CPU Model for more HW support
963+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
964+ Remaining Changes:
965+ - qemu-kvm to systemd unit
966+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
967+ hugepages and architecture specifics
968+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
969+ qemu-kvm-init
970+ - d/qemu-system-common.install: install helper script
971+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
972+ - d/qemu-system-common.qemu-kvm.default: defaults for
973+ /etc/default/qemu-kvm
974+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
975+ - Enable nesting by default
976+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
977+ (is default on amd)
978+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
979+ without nested=1
980+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
981+ in qemu64 cpu type.
982+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
983+ in qemu64 on amd
984+ - d/qemu-system-x86.README.Debian: document intention of nested being
985+ default is comfort, not full support
986+ - Distribution specific machine type (LP: 1304107 1621042)
987+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
988+ types
989+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
990+ for host-phys-bits=true (LP: 1776189)
991+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
992+ - provide pseries-bionic-2.11-sxxm type as convenience with all
993+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
994+ - improved dependencies
995+ - Make qemu-system-common depend on qemu-block-extra
996+ - Make qemu-utils depend on qemu-block-extra
997+ - let qemu-utils recommend sharutils
998+ - s390x support
999+ - Create qemu-system-s390x package
1000+ - Enable numa support for s390x
1001+ - arch aware kvm wrappers
1002+ - d/control: update VCS links
1003+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1004+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1005+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1006+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1007+ - enable RDMA config option
1008+ - add libibumad-dev build-dep
1009+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1010+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1011+ reference 256k path
1012+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1013+ handle incoming migrations from former releases.
1014+ - d/control-in: Disable capstone disassembler library support (universe)
1015+ - Move s390x roms to a new qemu-system-data-s390x
1016+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1017+ qemu-system-data
1018+ - d/rules: build s390-ccw.img with upstream Makefile
1019+ - d/rules: build s390-netboot.img with upstream Makefile
1020+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1021+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1022+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1023+ replace it with a build-indep using the upstream makefiles.
1024+ This is less prone to miss future changes/fixes that are done to the
1025+ makefiles
1026+ - d/control-in: add breaks/replaces for moving s390x roms from
1027+ qemu-system-s390x to qemu-system-data
1028+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1029+ [From not yet uploaded Debian branch]
1030+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1031+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1032+ - disable pvrdma - besides several security holes there are many other
1033+ bugs there as well
1034+ * Dropped patches that are upstream in v4.0
1035+ - d/p/do-not-link-everything-with-xen.patch
1036+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
1037+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
1038+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1039+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
1040+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
1041+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
1042+ (LP: 1759509)
1043+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
1044+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
1045+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
1046+ - d/p/ubuntu/CVE-2018-20815.patch
1047+ - d/p/ubuntu/CVE-2019-5008.patch
1048+ - d/p/ubuntu/CVE-2019-9824.patch
1049+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1050+ avoid misdetection of simplified nesting blocking all migrations
1051+ * Dropped further patches
1052+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
1053+ [upstream deprecated the whole subsystem instead of applying the fix]
1054+ * Added Changes
1055+ - updated ubuntu machine types for v4.0
1056+ - added eoan types
1057+ - fixed s390x issue of upstream types having a "v" prefix
1058+ - add back dropped machine types to avoid more issues like LP: 1802944
1059+ - fix kvm split irqchip default in ubuntu q35 machine type
1060+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
1061+ adapt updated CamelCase
1062+ - -hpb types now need to use GlobalProperties
1063+ - pc_compat_2_0 got a _fn suffix and slight changes
1064+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
1065+ SLOF of qemu 4.0
1066+ - Refreshed patches still needed for v4.0 context changes
1067+ - d/p/use-fixed-data-path.patch
1068+ - d/p/ubuntu/enable-svm-by-default.patch
1069+ - d/p/ubuntu/enable-md-clear.patch
1070+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
1071+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
1072+ (LP: #1830243)
1073+ - d/control: disable bluetooth being deprecated
1074+ - d/control*: remove sdlabi which was removed upstream
1075+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
1076+ - d/control*: enable docs (now explicit) and provide new build-dep
1077+ python3-sphinx
1078+ - d/not-installed: ignore new interop docs and extra icons for now
1079+ - d/not-installed: do not install elf2dmp until namespaced
1080+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1081+ - d/qemu-system-data.install: use new paths for formerly used icons
1082+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1083+ fix i386 build error
1084+
1085+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
1086+
1087 qemu (1:3.1+dfsg-8) unstable; urgency=high
1088
1089 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
1090@@ -636,6 +1673,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
1091
1092 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
1093
1094+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
1095+
1096+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
1097+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
1098+ fix migrations from old machines (LP: #1829868).
1099+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1100+ toleration for future machines (LP: #1830704
1101+
1102+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
1103+
1104+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
1105+
1106+ * SECURITY UPDATE: Add support for exposing md-clear functionality
1107+ to guests
1108+ - d/p/ubuntu/enable-md-clear.patch
1109+ - d/p/ubuntu/enable-md-no.patch
1110+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1111+ * SECURITY UPDATE: heap overflow when loading device tree blob
1112+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1113+ copy the device tree blob into is.
1114+ - CVE-2018-20815
1115+ * SECURITY UPDATE: device driver denial of service via NULL pointer
1116+ dereference
1117+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1118+ routine
1119+ - CVE-2019-5008
1120+ * SECURITY UPDATE: information leak in SLiRP
1121+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1122+ emulating ident.
1123+ - CVE-2019-9824
1124+
1125+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
1126+
1127+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
1128+
1129+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
1130+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
1131+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1132+ mv_conffile since the new path is a directory in the old package
1133+ version which can not be handled by mv_conffile.
1134+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
1135+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
1136+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
1137+ CVE-2019-3812
1138+
1139+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
1140+
1141+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
1142+
1143+ * disable pvrdma - besides several security holes there are many other
1144+ bugs there as well, and the amount of patches applied upstream after
1145+ 3.1 release is large (Closes, or actuallymakes unimportant again)
1146+ - CVE-2018-20123
1147+ - CVE-2018-20124
1148+ - CVE-2018-20125
1149+ - CVE-2018-20126
1150+ - CVE-2018-20191
1151+ - CVE-2018-20216
1152+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1153+ - CVE-2019-6501
1154+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
1155+ - CVE-2019-6778
1156+
1157+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
1158+
1159+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
1160+
1161+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1162+ LP: #1806104 - fix misleading page size error on ppc64el
1163+ LP: #1782205 - SnowRidge enabled new ISAs
1164+ LP: #1786956 - upgrade to qemu >= 3.0
1165+ LP: #1809083 - Backward migration to Xenial on ppc64el
1166+ LP: #1803315 - s390x Huge page enablement
1167+ LP: #1657409 - enable virglrenderer
1168+ Remaining Changes:
1169+ - qemu-kvm to systemd unit
1170+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1171+ hugepages and architecture specifics
1172+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1173+ - d/qemu-system-common.install: install systemd unit and helper script
1174+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1175+ - d/qemu-system-common.qemu-kvm.default: defaults for
1176+ /etc/default/qemu-kvm
1177+ - d/rules: install /etc/default/qemu-kvm
1178+ - Enable nesting by default
1179+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1180+ (is default on amd)
1181+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1182+ without nested=1
1183+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1184+ in qemu64 cpu type.
1185+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1186+ in qemu64 on amd
1187+ - d/qemu-system-x86.README.Debian: document intention of nested being
1188+ default is comfort, not full support
1189+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
1190+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1191+ types
1192+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1193+ for host-phys-bits=true (LP: 1776189)
1194+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1195+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1196+ convenience with all meltdown/spectre workarounds enabled by default.
1197+ (LP: 1761372).
1198+ - improved dependencies
1199+ - Make qemu-system-common depend on qemu-block-extra
1200+ - Make qemu-utils depend on qemu-block-extra
1201+ - let qemu-utils recommend sharutils
1202+ - s390x support
1203+ - Create qemu-system-s390x package
1204+ - Enable numa support for s390x
1205+ - arch aware kvm wrappers
1206+ - d/control: update VCS links (updated to match latest Ubuntu)
1207+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1208+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1209+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1210+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1211+ - enable RDMA config option
1212+ - add libibumad-dev build-dep
1213+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1214+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1215+ reference 256k path
1216+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1217+ handle incoming migrations from former releases.
1218+ - d/control-in: Disable capstone disassembler library support (universe)
1219+ * Added Changes:
1220+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
1221+ for qemu 3.1 in the Ubuntu Disco release
1222+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
1223+ - Move s390x roms to a new qemu-system-data-s390x
1224+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1225+ qemu-system-data
1226+ - d/rules: build s390-ccw.img with upstream Makefile
1227+ - d/rules: build s390x-netboot.img with upstream Makefile
1228+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1229+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1230+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1231+ replace it with a build-indep using the upstream makefiles.
1232+ This is less prone to miss future changes/fixes that are done to the
1233+ makefiles
1234+ - d/control-in: add breaks/replaces for moving s390x roms from
1235+ qemu-system-s390x to qemu-system-data
1236+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1237+ [From not yet uploaded Debian branch]
1238+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1239+ (Closes: #918378)
1240+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1241+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1242+ avoid misdetection of simplified nesting blocking all migrations
1243+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1244+ unimplement.patch: properly return archicture defined exception
1245+ on bad subcodes of diag 308 (LP: #1812384)
1246+ * Dropped Changes:
1247+ - Include s390-ccw.img firmware (old style native build)
1248+ - d/rules enable install s390x-netboot.img (old style native build)
1249+ - libvirt/qemu user/group support
1250+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1251+ trigger.
1252+ [ Droppable since logind properly sets ACLs now ]
1253+ - qemu-system-common.preinst: add kvm group if needed
1254+ [ Droppable because systemd/udev take care of it since 239-6]
1255+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
1256+ freeze-hook fixes (LP: 1484990)
1257+ [upstream]
1258+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
1259+ merged upstream
1260+ [upstream]
1261+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
1262+ computation while concatenating mbuf.
1263+ CVE-2018-11806
1264+ [upstream]
1265+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
1266+ for powerpc64 to speed up translation (LP: 1781526)
1267+ [upstream]
1268+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
1269+ cpu model for z14 ZR1 (LP: 1780773).
1270+ [upstream]
1271+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
1272+ (Closes: 903562)
1273+ [in Debian]
1274+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
1275+ unreleased Debian version)
1276+ [in Debian]
1277+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1278+ by migrations with UI frontends or frequent guest resolution changes
1279+ (LP #1755912)
1280+ [upstream]
1281+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1282+ extend eieio for POWER9 emulation (LP: 1787408).
1283+ [upstream]
1284+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1285+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
1286+ [upstream]
1287+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
1288+ [upstream]
1289+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
1290+ [upstream]
1291+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
1292+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
1293+ [in Debian]
1294+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1295+ Adapters on s390x (LP: 1787405)
1296+ [upstream]
1297+ - enable opengl for vfio-MDEV support (LP: 1804766)
1298+ [in Debian]
1299+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1300+ [upstream]
1301+ - SECURITY UPDATE: integer overflow via crafted QMP command
1302+ [upstream]
1303+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1304+ [upstream]
1305+ - SECURITY UPDATE: buffer overflow in rtl8139
1306+ [upstream]
1307+ - SECURITY UPDATE: buffer overflow in pcnet
1308+ [upstream]
1309+ - SECURITY UPDATE: DoS via large packet sizes
1310+ [upstream]
1311+ - SECURITY UPDATE: DoS in lsi53c895a
1312+ [upstream]
1313+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1314+ [upstream]
1315+ - SECURITY UPDATE: race condition in 9p
1316+ [upstream]
1317+
1318+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
1319+
1320 qemu (1:3.1+dfsg-2) unstable; urgency=medium
1321
1322 * d/rules: split arch and indep builds
1323@@ -715,6 +1978,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
1324
1325 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
1326
1327+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
1328+
1329+ [ Marc Deslauriers ]
1330+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1331+ - debian/patches/CVE-2018-10839.patch: use proper type in
1332+ hw/net/ne2000.c.
1333+ - CVE-2018-10839
1334+ * SECURITY UPDATE: integer overflow via crafted QMP command
1335+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
1336+ guest-file-read in qga/commands-posix.c.
1337+ - CVE-2018-12617
1338+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1339+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
1340+ - CVE-2018-16847
1341+ * SECURITY UPDATE: buffer overflow in rtl8139
1342+ - debian/patches/CVE-2018-17958.patch: use proper type in
1343+ hw/net/rtl8139.c.
1344+ - CVE-2018-17958
1345+ * SECURITY UPDATE: buffer overflow in pcnet
1346+ - debian/patches/CVE-2018-17962.patch: use proper type in
1347+ hw/net/pcnet.c.
1348+ - CVE-2018-17962
1349+ * SECURITY UPDATE: DoS via large packet sizes
1350+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
1351+ - CVE-2018-17963
1352+ * SECURITY UPDATE: DoS in lsi53c895a
1353+ - debian/patches/CVE-2018-18849.patch: check message length value is
1354+ valid in hw/scsi/lsi53c895a.c.
1355+ - CVE-2018-18849
1356+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1357+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
1358+ access in hw/ppc/pnv_lpc.c.
1359+ - CVE-2018-18954
1360+ * SECURITY UPDATE: race condition in 9p
1361+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
1362+ hw/9pfs/cofile.c.
1363+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
1364+ hw/9pfs/9p.c.
1365+ - CVE-2018-19364
1366+
1367+ [ Christian Ehrhardt]
1368+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1369+ Adapters on s390x (LP: #1787405)
1370+ * enable opengl for vfio-MDEV support (LP: #1804766)
1371+ - d/control-in: set --enable-opengl
1372+ - d/control-in: add gl related build-dependencies
1373+
1374+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
1375+
1376+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
1377+
1378+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
1379+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
1380+
1381+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
1382+
1383+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
1384+
1385+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
1386+ The SLOF source pieces in src:qemu are only used for s390x netboot,
1387+ which are independent ROMs (no linking). All other binaries out of this
1388+ are part of src:slof and independent.
1389+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
1390+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
1391+ and related fixes
1392+
1393+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
1394+
1395+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
1396+
1397+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
1398+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
1399+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
1400+
1401+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
1402+
1403+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
1404+
1405+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1406+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
1407+ - CVE-2018-15746
1408+
1409+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
1410+
1411+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
1412+
1413+ [ Murilo Opsfelder Araujo ]
1414+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1415+ extend eieio for POWER9 emulation (LP: #1787408).
1416+
1417+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
1418+
1419+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
1420+
1421+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1422+ by migrations with UI frontends or frequent guest resolution changes
1423+ (LP: #1755912)
1424+
1425+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
1426+
1427+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
1428+
1429+ * Disable capstone disassembler library support (universe dependency)
1430+
1431+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
1432+
1433+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
1434+
1435+ * Merge with Debian testing, Remaining Changes:
1436+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
1437+ - qemu-kvm to systemd unit
1438+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1439+ hugepages and architecture specifics
1440+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1441+ - d/qemu-system-common.install: install systemd unit and helper script
1442+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1443+ - d/qemu-system-common.qemu-kvm.default: defaults for
1444+ /etc/default/qemu-kvm
1445+ - d/rules: install /etc/default/qemu-kvm
1446+ - Enable nesting by default
1447+ - set nested=1 module option on intel. (is default on amd)
1448+ - re-load kvm_intel.ko if it was loaded without nested=1
1449+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1450+ in qemu64 cpu type.
1451+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1452+ in qemu64 on amd
1453+ - d/qemu-system-x86.README.Debian: document intention of nested being
1454+ default is comfort, not full support
1455+ - libvirt/qemu user/group support
1456+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1457+ trigger.
1458+ - qemu-system-common.preinst: add kvm group if needed
1459+ - Distribution specific machine type
1460+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1461+ types to ease future live vm migration.
1462+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1463+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
1464+ for host-phys-bits=true (LP: 1776189)
1465+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1466+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1467+ convenience with all meltdown/spectre workarounds enabled by default.
1468+ (LP: 1761372).
1469+ - improved dependencies
1470+ - Make qemu-system-common depend on qemu-block-extra
1471+ - Make qemu-utils depend on qemu-block-extra
1472+ - let qemu-utils recommend sharutils
1473+ - s390x support
1474+ - Create qemu-system-s390x package
1475+ - Include s390-ccw.img firmware
1476+ - Enable numa support for s390x
1477+ - arch aware kvm wrappers
1478+ - update VCS-git (updated to match cosmic)
1479+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1480+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
1481+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1482+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1483+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
1484+ - d/rules enable install s390x-netboot.img
1485+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1486+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1487+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1488+ reference 256k path
1489+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1490+ handle incoming migrations from former releases.
1491+ - SECURITY UPDATE: Speculative Store Bypass
1492+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
1493+ CPUID feature bit in target/i386/cpu.*.
1494+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
1495+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
1496+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
1497+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
1498+ target/i386/machine.c.
1499+ - CVE-2018-3639
1500+ * Added Changes:
1501+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
1502+ - add cosmic types for base and -hpb
1503+ - drop no more supported types (zesty and yakkety)
1504+ - d/p/series: group machine type changes
1505+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
1506+ merged upstream
1507+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
1508+ computation while concatenating mbuf.
1509+ CVE-2018-11806
1510+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
1511+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
1512+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
1513+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
1514+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
1515+ to POWER8
1516+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
1517+ is no more needed with systemd-detect-virt being more mature and always
1518+ present.
1519+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
1520+ - d/control-in: add libibumad-dev which is now needed for rdma
1521+ - d/rules: update s390x delta to match new Debian packaging
1522+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
1523+ for powerpc64 to speed up translation (LP: #1781526)
1524+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
1525+ cpu model for z14 ZR1 (LP: #1780773).
1526+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
1527+ (Closes: 903562)
1528+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
1529+ unreleased Debian version)
1530+ * Dropped Changes:
1531+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
1532+ (No more removed when building DFSG orig tarball in Debian)
1533+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
1534+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
1535+ so we revert related changes to stick with the proven for now:
1536+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
1537+ depends on it)
1538+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
1539+ (Debian switched to gtk which seems to work better and has all
1540+ dependencies in main.)
1541+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
1542+ - Changes that are now upstream with qemu 2.12
1543+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
1544+ newer versions of glibc >=2.27 (LP: 1753826)
1545+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
1546+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
1547+ SSE/AVX/AVX512 cpu features (LP: 1739665)
1548+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
1549+ space+commpage continuous which avoids long startup times on
1550+ qemu-user-static (LP: 1740219)
1551+ - provide pseries-2.12-sxxm type (LP: 1761372)
1552+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
1553+ filesystem-dax with pmem by backporting align and unarmed options
1554+ (LP: 1704312).
1555+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
1556+ option to slirp's DHCP server (LP: 1762315)
1557+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
1558+ Protection information (LP: 1762854).
1559+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
1560+ migration (LP: 1763468).
1561+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
1562+ CVE-2017-16845
1563+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
1564+ CVE-2018-7550
1565+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
1566+ CVE-2018-7858
1567+
1568+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
1569+
1570 qemu (1:2.12+dfsg-3) unstable; urgency=medium
1571
1572 * make qemu-system-foo depending
1573@@ -803,6 +2309,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
1574
1575 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
1576
1577+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
1578+
1579+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
1580+ for host-phys-bits=true (LP: #1776189)
1581+ - add an info about this change in debian/qemu-system-x86.NEWS
1582+
1583+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
1584+
1585+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
1586+
1587+ * SECURITY UPDATE: Speculative Store Bypass
1588+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
1589+ CPUID feature bit in target/i386/cpu.*.
1590+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
1591+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
1592+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
1593+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
1594+ target/i386/machine.c.
1595+ - CVE-2018-3639
1596+
1597+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
1598+
1599+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
1600+
1601+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
1602+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
1603+ in post_load routine in hw/input/ps2.c.
1604+ - CVE-2017-16845
1605+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
1606+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
1607+ zero in hw/i386/multiboot.c.
1608+ - CVE-2018-7550
1609+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
1610+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
1611+ hw/display/vga.c.
1612+ - CVE-2018-7858
1613+
1614+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
1615+
1616+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
1617+
1618+ * No-change rebuild for ncurses soname changes.
1619+
1620+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
1621+
1622+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
1623+
1624+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
1625+ information (LP: #1762854).
1626+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
1627+ (LP: #1763468).
1628+
1629+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
1630+
1631+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
1632+
1633+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
1634+ The Kernel fixes are preferred and already committed to the kernel.
1635+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
1636+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
1637+ SSE/AVX/AVX512 cpu features (LP: #1739665)
1638+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
1639+ space+commpage continuous which avoids long startup times on
1640+ qemu-user-static (LP: #1740219)
1641+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1642+ convenience with all meltdown/spectre workarounds enabled by default.
1643+ This is not the default type following upstream and x86 on that.
1644+ (LP: #1761372).
1645+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
1646+ with pmem by backporting align and unarmed options (LP: #1704312).
1647+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
1648+ option to slirp's DHCP server (LP: #1762315)
1649+
1650+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
1651+
1652+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
1653+
1654+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
1655+ accepted to be better long term maintainable (LP: #1753938)
1656+
1657+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
1658+
1659+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
1660+
1661+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
1662+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
1663+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
1664+ versions of glibc >=2.27 (LP: #1753826)
1665+
1666+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
1667+
1668+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
1669+
1670+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
1671+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
1672+ Add domainname option and classless static routes support to the user
1673+ networking's DHCP server
1674+
1675+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
1676+
1677+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
1678+
1679+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
1680+ - among other fixes this adds code to:
1681+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
1682+ However, enabling this functionality requires additional configuration
1683+ beyond just updating QEMU. Also migrations need special consideration.
1684+ Details about that can be found at:
1685+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
1686+ - Power9 allocation of max 8 threads per core (LP: #1750526)
1687+ * Drop changes that are part of the upstream stable release
1688+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
1689+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
1690+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
1691+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
1692+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
1693+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
1694+ common compat.h header and add some extra info in the patch header.
1695+
1696+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
1697+
1698+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
1699+
1700+ * Merge with Debian testing, among other fixes this includes
1701+ - fix fatal error on negative maxcpus (LP: #1722495)
1702+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
1703+ - linux user threading issues (LP: #1350435)
1704+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
1705+ Remaining changes:
1706+ - qemu-kvm to systemd unit
1707+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1708+ hugepages and architecture specifics
1709+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1710+ - d/qemu-system-common.install: install systemd unit and helper script
1711+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1712+ - d/qemu-system-common.qemu-kvm.default: defaults for
1713+ /etc/default/qemu-kvm
1714+ - d/rules: install /etc/default/qemu-kvm
1715+ - Enable nesting by default
1716+ - set nested=1 module option on intel. (is default on amd)
1717+ - re-load kvm_intel.ko if it was loaded without nested=1
1718+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1719+ in qemu64 cpu type.
1720+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1721+ in qemu64 on amd
1722+ - libvirt/qemu user/group support
1723+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1724+ trigger.
1725+ - qemu-system-common.preinst: add kvm group if needed
1726+ - Distribution specific machine type
1727+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1728+ types to ease future live vm migration.
1729+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1730+ - improved dependencies
1731+ - Make qemu-system-common depend on qemu-block-extra
1732+ - Make qemu-utils depend on qemu-block-extra
1733+ - let qemu-utils recommend sharutils
1734+ - s390x support
1735+ - Create qemu-system-s390x package
1736+ - Include s390-ccw.img firmware
1737+ - Enable numa support for s390x
1738+ - ppc64[le] support
1739+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
1740+ - arch aware kvm wrappers
1741+ * Added Changes
1742+ - update VCS-git to match the bionic branch
1743+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
1744+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
1745+ so we revert related changes to stick with the proven for now:
1746+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
1747+ depends on it)
1748+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
1749+ - d/qemu-system-x86.README.Debian: document intention of nested being
1750+ default is comfort, not full support
1751+ - update Ubuntu machine types for qemu 2.11
1752+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
1753+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
1754+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1755+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1756+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
1757+ - d/rules enable install s390x-netboot.img
1758+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
1759+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
1760+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
1761+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
1762+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
1763+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
1764+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
1765+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
1766+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1767+ reference 256k path
1768+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1769+ handle incoming migrations from former releases.
1770+ - d/control-in: enable seccomp on s390x
1771+ * Dropped changes (no more needed):
1772+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
1773+ The functionality is retained for upgraders, but is deprecated.
1774+ Post 18.04 the implementation for these configurations will be removed.
1775+ * Dropped changes (in Debian now):
1776+ - ppc64[le] support
1777+ - Enable seccomp for ppc64el
1778+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
1779+ - disable missing x32 architecture
1780+ - d/rules: or32 is now named or1k (since 4a09d0bb)
1781+ - d/qemu-system-common.docs: new paths since (ac06724a)
1782+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
1783+ by qapi-schema.json which is already packaged (since 4d8bb958)
1784+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
1785+ to Debian patch to match qemu 2.10)
1786+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
1787+ since 8508eee7
1788+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
1789+ - make nios2/hppa not installed explicitly until further stablized
1790+ - d/qemu-guest-agent.install: add the new guest agent reference man page
1791+ qemu-ga-ref
1792+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
1793+ along the qapi intro
1794+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
1795+ dh_missing that are already provided in other formats qemu-doc,
1796+ qemu-qmp-ref,qemu-ga-ref
1797+ * Dropped changes (integrated upstream):
1798+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
1799+ on arm64 when doing suspend/resume and reboots due to older kernels not
1800+ supporting ITS (LP 1731051).
1801+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
1802+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
1803+ calls (LP 1726394)
1804+ - update to upstream 2.10.1 point release (LP 1722808)
1805+
1806+
1807+
1808+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
1809+
1810 qemu (1:2.11+dfsg-1) unstable; urgency=medium
1811
1812 [ Michael Tokarev ]
1813@@ -917,6 +2656,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
1814
1815 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
1816
1817+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
1818+
1819+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
1820+ on arm64 when doing suspend/resume and reboots due to older kernels not
1821+ supporting ITS (LP: #1731051).
1822+
1823+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
1824+
1825+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
1826+
1827+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
1828+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
1829+ calls (LP: #1726394)
1830+
1831+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
1832+
1833+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
1834+
1835+ * fix enablement of qemu-kvm service (LP: #1720397)
1836+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
1837+ - d/rules: add proper enablement debhelper calls
1838+ - d/qemu-system-common.install: install covered by dh_installinit
1839+
1840+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
1841+
1842+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
1843+
1844+ * update to upstream 2.10.1 point release (LP: #1722808)
1845+
1846+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
1847+
1848+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
1849+
1850+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
1851+ Remaining changes:
1852+ - qemu-kvm to systemd unit
1853+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1854+ hugepages and architecture specifics
1855+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1856+ - d/qemu-system-common.install: install systemd unit and helper script
1857+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1858+ - d/qemu-system-common.qemu-kvm.default: defaults for
1859+ /etc/default/qemu-kvm
1860+ - d/rules: install /etc/default/qemu-kvm
1861+ - Enable nesting by default
1862+ - set nested=1 module option on intel. (is default on amd)
1863+ - re-load kvm_intel.ko if it was loaded without nested=1
1864+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1865+ in qemu64 cpu type.
1866+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1867+ in qemu64 on amd
1868+ - libvirt/qemu user/group support
1869+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1870+ trigger.
1871+ - qemu-system-common.preinst: add kvm group if needed
1872+ - Distribution specific machine type
1873+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1874+ types to ease future live vm migration.
1875+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1876+ - improved dependencies
1877+ - Make qemu-system-common depend on qemu-block-extra
1878+ - Make qemu-utils depend on qemu-block-extra
1879+ - let qemu-utils recommend sharutils
1880+ - s390x support
1881+ - Create qemu-system-s390x package
1882+ - Include s390-ccw.img firmware
1883+ - Enable numa support for s390x
1884+ - ppc64[le] support
1885+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
1886+ - Enable seccomp for ppc64el
1887+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
1888+ - arch aware kvm wrappers
1889+ - update VCS-git to match the Artful branch
1890+ - disable missing x32 architecture
1891+ - d/rules: or32 is now named or1k (since 4a09d0bb)
1892+ - d/qemu-system-common.docs: new paths since (ac06724a)
1893+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
1894+ by qapi-schema.json which is already packaged (since 4d8bb958)
1895+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
1896+ to Debian patch to match qemu 2.10)
1897+ - s390x package now builds correctly on all architectures (LP 1710695)
1898+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
1899+ since 8508eee7
1900+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
1901+ - make nios2/hppa not installed explicitly until further stablized
1902+ - d/qemu-guest-agent.install: add the new guest agent reference man page
1903+ qemu-ga-ref
1904+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
1905+ along the qapi intro
1906+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
1907+ dh_missing that are already provided in other formats qemu-doc,
1908+ qemu-qmp-ref,qemu-ga-ref
1909+
1910+
1911+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
1912+
1913+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
1914+
1915+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
1916+ Remaining changes:
1917+ - qemu-kvm to systemd unit
1918+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1919+ hugepages and architecture specifics
1920+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1921+ - d/qemu-system-common.install: install systemd unit and helper script
1922+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1923+ - d/qemu-system-common.qemu-kvm.default: defaults for
1924+ /etc/default/qemu-kvm
1925+ - d/rules: install /etc/default/qemu-kvm
1926+ - Enable nesting by default
1927+ - set nested=1 module option on intel. (is default on amd)
1928+ - re-load kvm_intel.ko if it was loaded without nested=1
1929+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1930+ in qemu64 cpu type.
1931+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1932+ in qemu64 on amd
1933+ - libvirt/qemu user/group support
1934+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1935+ trigger.
1936+ - qemu-system-common.preinst: add kvm group if needed
1937+ - Distribution specific machine type
1938+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1939+ types to ease future live vm migration.
1940+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1941+ - improved dependencies
1942+ - Make qemu-system-common depend on qemu-block-extra
1943+ - Make qemu-utils depend on qemu-block-extra
1944+ - let qemu-utils recommend sharutils
1945+ - s390x support
1946+ - Create qemu-system-s390x package
1947+ - Include s390-ccw.img firmware
1948+ - Enable numa support for s390x
1949+ - ppc64[le] support
1950+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
1951+ - Enable seccomp for ppc64el
1952+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
1953+ - arch aware kvm wrappers
1954+ - update VCS-git to match the Artful branch
1955+ - disable missing x32 architecture
1956+ - d/rules: or32 is now named or1k (since 4a09d0bb)
1957+ - d/qemu-system-common.docs: new paths since (ac06724a)
1958+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
1959+ by qapi-schema.json which is already packaged (since 4d8bb958)
1960+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
1961+ to Debian patch to match qemu 2.10)
1962+ - s390x package now builds correctly on all architectures (LP 1710695)
1963+ * Added changes:
1964+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
1965+ since 8508eee7
1966+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
1967+ - make nios2/hppa not installed explicitly until further stablized
1968+ - d/qemu-guest-agent.install: add the new guest agent reference man page
1969+ qemu-ga-ref
1970+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
1971+ along the qapi intro
1972+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
1973+ dh_missing that are already provided in other formats qemu-doc,
1974+ qemu-qmp-ref,qemu-ga-ref
1975+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
1976+ changes in 2.10-rc4
1977+
1978+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
1979+
1980+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
1981+
1982+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
1983+ a set of bugs
1984+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
1985+ - CPU hot unplug fails after migrating a CPU hotplugged guest
1986+ from source (LP: #1677552)
1987+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
1988+ - New KVM 288 Pass Through (LP: #1672447)
1989+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
1990+ * Remaining changes:
1991+ - qemu-kvm to systemd unit
1992+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1993+ hugepages and architecture specifics
1994+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1995+ - d/qemu-system-common.install: install systemd unit and helper script
1996+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1997+ - d/qemu-system-common.qemu-kvm.default: defaults for
1998+ /etc/default/qemu-kvm
1999+ - d/rules: install /etc/default/qemu-kvm
2000+ - Enable nesting by default
2001+ - set nested=1 module option on intel. (is default on amd)
2002+ - re-load kvm_intel.ko if it was loaded without nested=1
2003+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2004+ in qemu64 cpu type.
2005+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2006+ in qemu64 on amd
2007+ - libvirt/qemu user/group support
2008+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2009+ trigger.
2010+ - qemu-system-common.preinst: add kvm group if needed
2011+ - Distribution specific machine type
2012+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2013+ types to ease future live vm migration.
2014+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2015+ - improved dependencies
2016+ - Make qemu-system-common depend on qemu-block-extra
2017+ - Make qemu-utils depend on qemu-block-extra
2018+ - let qemu-utils recommend sharutils
2019+ - s390x support
2020+ - Create qemu-system-s390x package
2021+ - Include s390-ccw.img firmware
2022+ - Enable numa support for s390x
2023+ - ppc64[le] support
2024+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2025+ - Enable seccomp for ppc64el
2026+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2027+ - arch aware kvm wrappers
2028+ - disable missing x32 architecture
2029+ - update VCS links
2030+ * Added changes
2031+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2032+ - d/qemu-system-common.docs: new paths since (ac06724a)
2033+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2034+ by qapi-schema.json which is already packaged (since 4d8bb958)
2035+ - Updates in debian/patches to match qemu 2.10
2036+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
2037+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
2038+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
2039+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
2040+ - update VCS-git to match the Artful branch
2041+ - s390x package now builds correctly on all architectures (LP: #1710695)
2042+ * Dropped changes (integrated upstream):
2043+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2044+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
2045+ - All CVE fixes formerly applied are upstream and thereby dropped.
2046+
2047+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
2048+
2049 qemu (1:2.8+dfsg-7) unstable; urgency=medium
2050
2051 * uploading to unstable all fixes which went to stretch-security
2052@@ -1026,6 +2997,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
2053
2054 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
2055
2056+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
2057+
2058+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
2059+ This was inadvertently dropped on 2.8 merge.
2060+
2061+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
2062+
2063+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
2064+
2065+ * SECURITY UPDATE: denial of service via leak in virtFS
2066+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
2067+ hw/9pfs/9p.c.
2068+ - CVE-2017-7377
2069+ * SECURITY UPDATE: denial of service in cirrus_vga
2070+ - debian/patches/CVE-2017-7718.patch: check parameters in
2071+ hw/display/cirrus_vga_rop.h.
2072+ - CVE-2017-7718
2073+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
2074+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
2075+ hw/display/cirrus_vga.c.
2076+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
2077+ hw/display/cirrus_vga.c.
2078+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
2079+ in hw/display/cirrus_vga.c.
2080+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
2081+ hw/display/cirrus_vga.c.
2082+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
2083+ in hw/display/cirrus_vga.c.
2084+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
2085+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2086+ hw/display/cirrus_vga_rop2.h.
2087+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
2088+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2089+ hw/display/cirrus_vga_rop2.h.
2090+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
2091+ hw/display/cirrus_vga_rop.h.
2092+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
2093+ hw/display/cirrus_vga.c.
2094+ - CVE-2017-7980
2095+ * SECURITY UPDATE: denial of service via memory leak in virtFS
2096+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
2097+ - CVE-2017-8086
2098+ * SECURITY UPDATE: denial of service via leak in audio
2099+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
2100+ audio/audio.c.
2101+ - CVE-2017-8309
2102+ * SECURITY UPDATE: denial of service via leak in keyboard
2103+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
2104+ ui/input.c.
2105+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
2106+ ui/input.c.
2107+ - CVE-2017-8379
2108+
2109+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
2110+
2111+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
2112+
2113+ * SECURITY UPDATE: DoS in virtio GPU device
2114+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
2115+ max_size in hw/display/virtio-gpu-3d.c.
2116+ - CVE-2016-10028
2117+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
2118+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
2119+ in hw/dma/rc4030.c.
2120+ - CVE-2016-8667
2121+ * SECURITY UPDATE: host filesystem access via virtFS
2122+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
2123+ hw/9pfs/*.
2124+ - CVE-2016-9602
2125+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
2126+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
2127+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
2128+ ui/console.c, ui/vnc.c.
2129+ - CVE-2016-9603
2130+ * SECURITY UPDATE: information leak in virtio GPU device
2131+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
2132+ hw/display/virtio-gpu-3d.c.
2133+ - CVE-2016-9908
2134+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2135+ - debian/patches/CVE-2016-9912.patch: properly free memory in
2136+ hw/display/virtio-gpu.c.
2137+ - CVE-2016-9912
2138+ * SECURITY UPDATE: DoS via virtFS
2139+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
2140+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
2141+ - CVE-2016-9914
2142+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2143+ - debian/patches/CVE-2017-5552.patch: check return value in
2144+ hw/display/virtio-gpu-3d.c.
2145+ - CVE-2017-5552
2146+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2147+ - debian/patches/CVE-2017-5578.patch: check res->iov in
2148+ hw/display/virtio-gpu.c.
2149+ - CVE-2017-5578
2150+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
2151+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
2152+ handling in hw/sd/sdhci.c.
2153+ - CVE-2017-5987
2154+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
2155+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
2156+ hw/usb/hcd-ohci.c.
2157+ - CVE-2017-6505
2158+
2159+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
2160+
2161+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
2162+
2163+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2164+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
2165+
2166+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
2167+
2168+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
2169+
2170+ * Merge with Debian;
2171+ This fixes several CVEs that were reported against qemu 2.8 and also
2172+ includes a few important functional backports (LP: #1667033); remaining
2173+ changes:
2174+ - add qemu-kvm init script and defaults file
2175+ (d/qemu-system-common.qemu-kvm.*)
2176+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2177+ modules and handling /etc/default/qemu-kvm
2178+ - qemu-system-common.preinst: add kvm group if needed
2179+ - Enable nesting by default on intel.
2180+ - set default module option
2181+ - re-load kvm_intel.ko if it was loaded without nested=1
2182+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2183+ default in qemu64 cpu type.
2184+ - Enable svm by default for qemu64 on amd
2185+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
2186+ define distro machine types to ease future live vm migration (includes
2187+ all former follow up fixes).
2188+ - Make qemu-system-common depend on qemu-block-extra
2189+ - Make qemu-utils depend on qemu-block-extra
2190+ - s390x support
2191+ - Create qemu-system-s390x package
2192+ - Include s390-ccw.img firmware
2193+ - qemu-system-common.postinst:
2194+ - change acl placed by udev, and add udevadm trigger.
2195+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2196+ - Several changes were applied but missing in the changelog so far
2197+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2198+ - arch aware kvm wrapper
2199+ - update VCS links
2200+ - let qemu-utils recommend sharutils
2201+ - disable x32 architecture
2202+ - Enable seccomp for ppc64el
2203+ - Enable numa support for s390x
2204+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2205+ init.d-script-missing-dependency-on-remote_fs
2206+ - d/qemu-system-common.postinst: fix lintian error type
2207+ command-with-path-in-maintainer-script
2208+ - Transition qemu-kvm to a systemd unit
2209+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2210+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2211+ that it shows up where the user expects (sytemctl status, kvm stdout)
2212+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2213+ - add arch aware kvm wrapper for s390x
2214+ * Dropped Changes (in Debian now):
2215+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2216+ - d/control-in: change dependencies for fix of wrong acl for newly
2217+ created device node on ubuntu
2218+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2219+ relationship, but qemu-efi is still in universe right now.
2220+ - Disable glusterfs (Universe dependency)
2221+ - no more skip disable libiscsi on Ubuntu
2222+ - d/rules, d/control-in: avoid people editing d/control
2223+ * Added Changes:
2224+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
2225+ power makes 2.3 the minimum level.
2226+
2227+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
2228+
2229 qemu (1:2.8+dfsg-3) unstable; urgency=high
2230
2231 * urgency high due to security fixes
2232@@ -1086,6 +3230,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
2233
2234 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
2235
2236+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
2237+
2238+ * Merge with Debian; remaining changes:
2239+ - add qemu-kvm init script and defaults file
2240+ (d/qemu-system-common.qemu-kvm.*)
2241+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2242+ modules and handling /etc/default/qemu-kvm
2243+ - qemu-system-common.preinst: add kvm group if needed
2244+ - Enable nesting by default on intel.
2245+ - set default module option
2246+ - re-load kvm_intel.ko if it was loaded without nested=1
2247+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2248+ default in qemu64 cpu type.
2249+ - Enable svm by default for qemu64 on amd
2250+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2251+ types to ease future live vm migration.
2252+ - Make qemu-system-common depend on qemu-block-extra
2253+ - Make qemu-utils depend on qemu-block-extra
2254+ - s390x support
2255+ - Create qemu-system-s390x package
2256+ - Include s390-ccw.img firmware
2257+ - qemu-system-common.postinst:
2258+ - change acl placed by udev, and add udevadm trigger.
2259+ - d/control-in: change dependencies for fix of wrong acl for newly
2260+ created device node on ubuntu
2261+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2262+ relationship, but qemu-efi is still in universe right now.
2263+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2264+ - Several changes were applied but missing in the changelog so far
2265+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2266+ - arch aware kvm wrapper
2267+ - update VCS links
2268+ - no more skip disable libiscsi on Ubuntu
2269+ - let qemu-utils recommend sharutils
2270+ - disable x32 architecture
2271+ * Dropped Changes:
2272+ - Several changes were applied but missing in the changelog so far
2273+ but are no more needed
2274+ - no pie for relocatable LD calls, with toolchain defaulting to
2275+ pie (fixed upstream)
2276+ - enable libnuma-dev (now in Debian)
2277+ - transition for moved init scripts (can be dropped after LTS
2278+ containing >=2.5 which is Xenial)
2279+ - --enable-seccomp related whitespace change (had no effect)
2280+ - apport hook for qemu source package (In Debian)
2281+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
2282+ - d/qemu-system-x86.maintscript: transition off of
2283+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
2284+ - Enable pie by default, on ubuntu/s390x. (Is the default since
2285+ >=Xenial, no cloud archive backport <=Xenial to consider)
2286+ - no pie for relocatable LD calls (fixed upstream in commit
2287+ 7ecf44a5)
2288+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
2289+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
2290+ (Improved fix included by upstream)
2291+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
2292+ - Fixed wrong migration blocker when vhost is used (is upstream in
2293+ qemu 2.8)
2294+ * Added Changes:
2295+ - d/rules, d/control-in: avoid people editing d/control by warning
2296+ header and non writable permissions
2297+ - fixed moving trusty machine type definition which made it
2298+ ambiguous (LP: #1641532)
2299+ - d/qemu-system-x86.NEWS describe the issue
2300+ - Enable seccomp for ppc64el (LP: #1644639)
2301+ - Enable numa support for s390x
2302+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2303+ init.d-script-missing-dependency-on-remote_fs
2304+ - d/qemu-system-common.postinst: fix lintian error type
2305+ command-with-path-in-maintainer-script
2306+ - Transition qemu-kvm to a systemd unit
2307+ - Disable glusterfs (Universe dependency)
2308+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2309+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2310+ that it shows up where the user expects (sytemctl status, kvm stdout)
2311+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2312+ - add arch aware kvm wrapper for s390x
2313+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2314+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
2315+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
2316+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
2317+
2318+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
2319+
2320 qemu (1:2.8+dfsg-2) unstable; urgency=medium
2321
2322 * Revert "update binfmt registration for mipsn32"
2323@@ -1204,6 +3432,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
2324
2325 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
2326
2327+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
2328+
2329+ * No-change rebuild to compile against new libxen version.
2330+
2331+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
2332+
2333+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
2334+
2335+ * retain older xenial machine type to avoid issues starting guests
2336+ created on xenial prior to the SRU for bug 1621042. In that regard the old
2337+ broken xenial machine type and the new fixed one have both to be considered
2338+ as valid LTS machine types (LP: #1626070).
2339+
2340+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
2341+
2342+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
2343+
2344+ * fix default ubuntu machine types. (LP: #1621042)
2345+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
2346+ - remove double default and double ubuntu alias
2347+ - drop former devel releases utopic, vivid, wily
2348+ - add xenial and yakkety machine types
2349+ - add q35 based ubuntu machine type starting at xenial
2350+ - add ubuntu machine types on ppc64el and s390x starting at xenial
2351+
2352+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
2353+
2354+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
2355+
2356+ * Enable GPU Passthru for ppc64le (LP: #1541902)
2357+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
2358+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
2359+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
2360+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
2361+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
2362+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
2363+ - 0007-spapr_iommu-Migrate-full-state.patch
2364+ - 0008-spapr_iommu-Add-root-memory-region.patch
2365+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
2366+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
2367+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
2368+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
2369+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
2370+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
2371+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
2372+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
2373+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
2374+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
2375+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
2376+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
2377+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
2378+
2379+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
2380+
2381+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
2382+
2383+ * New upstream release. LP: #1617055.
2384+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
2385+
2386+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
2387+
2388 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
2389
2390 * Non-maintainer upload.
2391@@ -1237,6 +3526,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
2392
2393 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
2394
2395+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
2396+
2397+ * SECURITY UPDATE: DoS via unbounded memory allocation
2398+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
2399+ - CVE-2016-5403
2400+ * SECURITY UPDATE: oob write access while reading ESP command
2401+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
2402+ maximum CDB size and handle migration in hw/scsi/esp.c,
2403+ include/hw/scsi/esp.h, include/migration/vmstate.h.
2404+ - CVE-2016-6351
2405+ * SECURITY UPDATE: infinite loop in virtqueue_pop
2406+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
2407+ length in hw/virtio/virtio.c.
2408+ - CVE-2016-6490
2409+
2410+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
2411+
2412+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
2413+
2414+ * Merge with Debian; remaining changes:
2415+ - debian/rules: do not drop the init scripts loading kvm modules
2416+ (still needed in precise in cloud archive)
2417+ - qemu-system-common.postinst:
2418+ * remove acl placed by udev, and add udevadm trigger.
2419+ * reload kvm_intel if needed to set nested=1
2420+ - qemu-system-common.preinst: add kvm group if needed
2421+ - add qemu-kvm upstart job and defaults file (rules,
2422+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2423+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2424+ do not auto-load the kvm kernel module. Enable nesting by default
2425+ on intel.
2426+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2427+ in qemu64 cpu type.
2428+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2429+ types to ease future live vm migration.
2430+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2431+ d/qemu-system-common.install
2432+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2433+ to fix errors with missing block backends.
2434+ - s390x:
2435+ * Create qemu-system-s390x package
2436+ * Enable pie by default, on ubuntu/s390x.
2437+ * Enable svm by default for qemu64 on amd
2438+ * Include s390-ccw.img firmware
2439+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
2440+ relationship, but qemu-efi is still in universe right now.
2441+
2442+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
2443+
2444 qemu (1:2.6+dfsg-3) unstable; urgency=high
2445
2446 * more security fixes picked from upstream:
2447@@ -1290,6 +3628,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
2448
2449 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
2450
2451+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
2452+
2453+ * Merge with Debian; remaining changes: (LP: #1583775)
2454+ - debian/rules: do not drop the init scripts loading kvm modules
2455+ (still needed in precise in cloud archive)
2456+ - qemu-system-common.postinst:
2457+ * remove acl placed by udev, and add udevadm trigger.
2458+ * reload kvm_intel if needed to set nested=1
2459+ - qemu-system-common.preinst: add kvm group if needed
2460+ - add qemu-kvm upstart job and defaults file (rules,
2461+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2462+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2463+ do not auto-load the kvm kernel module. Enable nesting by default
2464+ on intel.
2465+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2466+ in qemu64 cpu type.
2467+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2468+ types to ease future live vm migration.
2469+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2470+ d/qemu-system-common.install
2471+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2472+ to fix errors with missing block backends. (LP: #1495895)
2473+ - s390x:
2474+ * Create qemu-system-s390x package
2475+ * Enable pie by default, on ubuntu/s390x.
2476+ * Enable svm by default for qemu64 on amd
2477+ * Include s390-ccw.img firmware
2478+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
2479+ relationship, but qemu-efi is still in universe right now.
2480+ * Drop patches which have been applied upstream:
2481+
2482+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
2483+
2484 qemu (1:2.6+dfsg-1) unstable; urgency=medium
2485
2486 * new upstream release
2487@@ -1327,6 +3698,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
2488
2489 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
2490
2491+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
2492+
2493+ * Cherrypick upstream patches to support the query-gic-version QMP command
2494+ (LP: #1566564)
2495+
2496+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
2497+
2498+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
2499+
2500+ [Stefan Bader]
2501+ * Enable svm by default for qemu64 on amd (LP: #1561019)
2502+
2503+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
2504+
2505+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
2506+
2507+ * qemu-system-s390x only available on s390x, so qemu-system should only
2508+ depend on it on this arch.
2509+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
2510+ relationship, but qemu-efi is still in universe right now.
2511+
2512+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
2513+
2514+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
2515+
2516+ * And actually ship the right things in qemu-system-s390x.
2517+
2518+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
2519+
2520+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
2521+
2522+ * Create qemu-system-s390x package on ubuntu only.
2523+
2524+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
2525+
2526+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
2527+
2528+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
2529+
2530+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
2531+
2532+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
2533+
2534+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
2535+ (LP: #1556306)
2536+
2537+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
2538+
2539+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
2540+
2541+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
2542+
2543+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
2544+
2545+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
2546+
2547+ * d/control{-in}: Re-generate and build with libiscsi-dev now
2548+ that its in Ubuntu main (LP: #1271653).
2549+
2550+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
2551+
2552+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
2553+
2554+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
2555+
2556+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
2557+
2558+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
2559+
2560+ * No-change rebuild for gnutls transition.
2561+
2562+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
2563+
2564+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
2565+
2566+ * Merge with Debian; remaining changes:
2567+ - debian/rules: do not drop the init scripts loading kvm modules
2568+ (still needed in precise in cloud archive)
2569+ - qemu-system-common.postinst:
2570+ * remove acl placed by udev, and add udevadm trigger.
2571+ * reload kvm_intel if needed to set nested=1
2572+ - qemu-system-common.preinst: add kvm group if needed
2573+ - add qemu-kvm upstart job and defaults file (rules,
2574+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2575+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2576+ do not auto-load the kvm kernel module. Enable nesting by default
2577+ on intel.
2578+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2579+ in qemu64 cpu type.
2580+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2581+ types to ease future live vm migration.
2582+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2583+ d/qemu-system-common.install
2584+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2585+ to fix errors with missing block backends. (LP: #1495895)
2586+ - Enable pie by default, on ubuntu/s390x.
2587+ - Include s390-ccw.img firmware.
2588+
2589+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
2590+
2591 qemu (1:2.5+dfsg-5) unstable; urgency=medium
2592
2593 * fix misspellings in previous debian/changelog entry
2594@@ -1384,6 +3855,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
2595
2596 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
2597
2598+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
2599+
2600+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
2601+ contents
2602+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
2603+ hw/block/xen_blkif.h.
2604+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
2605+ hw/display/xenfb.c.
2606+ - CVE-2015-8550
2607+ * SECURITY UPDATE: infinite loop in ehci_advance_state
2608+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
2609+ in hw/usb/hcd-ehci.c.
2610+ - CVE-2015-8558
2611+ * SECURITY UPDATE: host memory leakage in vmxnet3
2612+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
2613+ hw/net/vmxnet3.c.
2614+ - CVE-2015-8567
2615+ - CVE-2015-8568
2616+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
2617+ - debian/patches/CVE-2015-8613.patch: initialise info object with
2618+ appropriate size in hw/scsi/megasas.c.
2619+ - CVE-2015-8613
2620+ * SECURITY UPDATE: DoS via Human Monitor Interface
2621+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
2622+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
2623+ - CVE-2015-8619
2624+ * SECURITY UPDATE: incorrect array bounds check in rocker
2625+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
2626+ check in hw/net/rocker/rocker.c.
2627+ - CVE-2015-8701
2628+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
2629+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
2630+ operations in hw/net/ne2000.c.
2631+ - CVE-2015-8743
2632+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
2633+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
2634+ error in hw/ide/ahci.c.
2635+ - CVE-2016-1568
2636+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
2637+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
2638+ hw/i386/kvmvapic.c.
2639+ - CVE-2016-1922
2640+ * SECURITY UPDATE: e1000 infinite loop
2641+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
2642+ out-of-bounds transfer start in hw/net/e1000.c
2643+ - CVE-2016-1981
2644+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
2645+ engines
2646+ - debian/patches/CVE-2016-2197.patch: add check before calling
2647+ dma_memory_unmap in hw/ide/ahci.c.
2648+ - CVE-2016-2197
2649+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
2650+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
2651+ function in hw/usb/hcd-ehci.c.
2652+ - CVE-2016-2198
2653+
2654+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
2655+
2656+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
2657+
2658+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
2659+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
2660+
2661+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
2662+
2663+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
2664+
2665+ * Include s390-ccw.img firmware.
2666+
2667+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
2668+
2669+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
2670+
2671+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
2672+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
2673+ Thanks Simon. (LP: #1531191)
2674+
2675+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
2676+
2677+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
2678+
2679+ * Merge with Debian; remaining changes:
2680+ - debian/rules: do not drop the init scripts loading kvm modules
2681+ (still needed in precise in cloud archive)
2682+ - qemu-system-common.postinst:
2683+ * remove acl placed by udev, and add udevadm trigger.
2684+ * reload kvm_intel if needed to set nested=1
2685+ - qemu-system-common.preinst: add kvm group if needed
2686+ - add qemu-kvm upstart job and defaults file (rules,
2687+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2688+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2689+ do not auto-load the kvm kernel module. Enable nesting by default
2690+ on intel.
2691+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2692+ in qemu64 cpu type.
2693+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2694+ types to ease future live vm migration.
2695+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2696+ d/qemu-system-common.install
2697+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2698+ to fix errors with missing block backends. (LP: #1495895)
2699+ - Enable pie by default, on ubuntu/s390x.
2700+ * Drop vGICv3 support patches - all is now upstream
2701+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
2702+
2703+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
2704+
2705 qemu (1:2.5+dfsg-1) unstable; urgency=medium
2706
2707 * new upstream release
2708@@ -1410,6 +3988,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
2709
2710 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
2711
2712+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
2713+
2714+ * Enable pie by default, on ubuntu/s390x.
2715+
2716+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
2717+
2718+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
2719+
2720+ * undo the libseccomp delta from debian. libseccomp is indeed available
2721+ on other arches, but we need qemu's configure script to be fixed before
2722+ we can use it on anything other than amd64|i386. Fixes FTBFS.
2723+ (LP: #1522531)
2724+
2725+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
2726+
2727+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
2728+
2729+ * Merge with Debian; remaining changes:
2730+ - Update the ubuntu machine types patch to reflect upstream churn
2731+ - debian/rules: do not drop the init scripts loading kvm modules
2732+ (still needed in precise in cloud archive)
2733+ - qemu-system-common.postinst:
2734+ * remove acl placed by udev, and add udevadm trigger.
2735+ * reload kvm_intel if needed to set nested=1
2736+ - qemu-system-common.preinst: add kvm group if needed
2737+ - add qemu-kvm upstart job and defaults file (rules,
2738+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2739+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2740+ do not auto-load the kvm kernel module. Enable nesting by default
2741+ on intel.
2742+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2743+ in qemu64 cpu type.
2744+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2745+ machine type to ease future live vm migration.
2746+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2747+ d/qemu-system-common.install
2748+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2749+ to fix errors with missing block backends. (LP: #1495895)
2750+ - control-in: build with libseccomp an all architectures
2751+ - Add vGICv3 support
2752+
2753+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
2754+
2755 qemu (1:2.4+dfsg-5) unstable; urgency=medium
2756
2757 * trace-remove-malloc-tracing.patch from upstream.
2758@@ -1422,6 +4043,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
2759
2760 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
2761
2762+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
2763+
2764+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
2765+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
2766+ hw/net/pcnet.c.
2767+ - CVE-2015-7504
2768+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
2769+ - debian/patches/CVE-2015-7512.patch: check packet length in
2770+ hw/net/pcnet.c.
2771+ - CVE-2015-7512
2772+ * SECURITY UPDATE: infinite loop in eepro100
2773+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
2774+ hw/net/eepro100.c.
2775+ - CVE-2015-8345
2776+
2777+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
2778+
2779+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
2780+
2781+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
2782+
2783+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
2784+
2785+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
2786+
2787+ * Merge 2.4 from unstable. Remaining changes:
2788+ - Update the ubuntu machine types patch to reflect upstream churn
2789+ - debian/rules: do not drop the init scripts loading kvm modules
2790+ (still needed in precise in cloud archive)
2791+ - qemu-system-common.postinst:
2792+ * remove acl placed by udev, and add udevadm trigger.
2793+ * reload kvm_intel if needed to set nested=1
2794+ - qemu-system-common.preinst: add kvm group if needed
2795+ - add qemu-kvm upstart job and defaults file (rules,
2796+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2797+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2798+ do not auto-load the kvm kernel module. Enable nesting by default
2799+ on intel.
2800+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2801+ in qemu64 cpu type.
2802+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2803+ machine type to ease future live vm migration.
2804+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2805+ d/qemu-system-common.install
2806+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2807+ to fix errors with missing block backends. (LP: #1495895)
2808+ - control-in: build with libseccomp an all architectures.
2809+ * Add vGICv3 support
2810+
2811+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
2812+
2813 qemu (1:2.4+dfsg-4) unstable; urgency=medium
2814
2815 * applied 3 patches from upstream to fix virtio-net
2816@@ -1436,7 +4108,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
2817 fix for Heap overflow vulnerability in ne2000_receive() function
2818 (Closes: #799074 CVE-2015-5279)
2819 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
2820- (Closes: #799073 CVE-2015-5278)
2821+ (Closes: #799073 CVE-2015-5278)
2822 * some binfmt reorg:
2823 - extend aarch64 to include one more byte as other arches do
2824 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
2825@@ -1488,6 +4160,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
2826
2827 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
2828
2829+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
2830+
2831+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
2832+
2833+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
2834+
2835+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
2836+
2837+ * debian/patches/upstream-fix-irq-route-entries.patch
2838+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
2839+ (LP: #1465935)
2840+
2841+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
2842+
2843+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
2844+
2845+ * Build using libseccomp on all architectures.
2846+
2847+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
2848+
2849+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
2850+
2851+ * SECURITY UPDATE: denial of service via NE2000 driver
2852+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
2853+ hw/net/ne2000.c.
2854+ - CVE-2015-5278
2855+ * SECURITY UPDATE: denial of service and possible code execution via
2856+ heap overflow in NE2000 driver
2857+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
2858+ hw/net/ne2000.c.
2859+ - CVE-2015-5279
2860+ * SECURITY UPDATE: denial of service via e1000 infinite loop
2861+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
2862+ - CVE-2015-6815
2863+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
2864+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
2865+ hw/ide/core.c.
2866+ - CVE-2015-6855
2867+
2868+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
2869+
2870+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
2871+
2872+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
2873+ to fix errors with missing block backends. (LP: #1495895)
2874+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
2875+ * Apply fix for memory corruption during live-migration in tcg mode
2876+ (LP: #1493049)
2877+ * Apply tracing patch to remove use of custom vtable in newer glibc
2878+ (LP: #1491972)
2879+
2880+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
2881+
2882+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
2883+
2884+ * Import qcow2-handle-eagain-from-update_refcount from upstream
2885+ to fix errors when using qemu-img convert -c. (LP: #1491050)
2886+
2887+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
2888+
2889+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
2890+
2891+ * SECURITY UPDATE: process heap memory disclosure
2892+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
2893+ - CVE-2015-5165
2894+ * SECURITY UPDATE: privilege escalation via block device unplugging
2895+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
2896+ in hw/ide/piix.c.
2897+ - CVE-2015-5166
2898+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
2899+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
2900+ limits in ui/vnc.c.
2901+ - CVE-2015-5225
2902+ * SECURITY UPDATE: denial of service via virtio-serial
2903+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
2904+ for control messages in hw/char/virtio-serial-bus.c.
2905+ - CVE-2015-5745
2906+
2907+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
2908+
2909+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
2910+
2911+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
2912+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
2913+ - CVE-2015-3214
2914+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
2915+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
2916+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
2917+ - CVE-2015-5154
2918+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
2919+ - debian/patches/CVE-2015-5158.patch: check length in
2920+ hw/scsi/scsi-bus.c.
2921+ - CVE-2015-5158
2922+
2923+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
2924+
2925+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
2926+
2927+ * SECURITY UPDATE: heap overflow in PCNET controller
2928+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
2929+ - CVE-2015-3209
2930+
2931+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
2932+
2933+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
2934+
2935+ * Merge 1:2.3+dfsg-5 from Debian.
2936+ * Remaining changes:
2937+ - debian/rules: do not drop the init scripts loading kvm modules
2938+ (still needed in precise in cloud archive)
2939+ - qemu-system-common.postinst:
2940+ * remove acl placed by udev, and add udevadm trigger.
2941+ * reload kvm_intel if needed to set nested=1
2942+ - qemu-system-common.preinst: add kvm group if needed
2943+ - add qemu-kvm upstart job and defaults file (rules,
2944+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2945+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2946+ do not auto-load the kvm kernel module. Enable nesting by default
2947+ on intel.
2948+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2949+ in qemu64 cpu type.
2950+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2951+ machine type to ease future live vm migration.
2952+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2953+ d/qemu-system-common.install
2954+ * Refreshed patches:
2955+ - ubuntu/expose-vmx_qemu64cpu.patch
2956+ - ubuntu/define-ubuntu-machine-types.patch
2957+
2958+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
2959+
2960 qemu (1:2.3+dfsg-5) unstable; urgency=high
2961
2962 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
2963@@ -1499,6 +4302,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
2964
2965 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
2966
2967+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
2968+
2969+ * Merge 1:2.3+dfsg-4 from Debian.
2970+ * Remaining changes:
2971+ - debian/rules: do not drop the init scripts loading kvm modules
2972+ (still needed in precise in cloud archive)
2973+ - qemu-system-common.postinst:
2974+ * remove acl placed by udev, and add udevadm trigger.
2975+ * reload kvm_intel if needed to set nested=1
2976+ - qemu-system-common.preinst: add kvm group if needed
2977+ - add qemu-kvm upstart job and defaults file (rules,
2978+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2979+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2980+ do not auto-load the kvm kernel module. Enable nesting by default
2981+ on intel.
2982+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2983+ in qemu64 cpu type.
2984+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
2985+ machine type to ease future live vm migration.
2986+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2987+ d/qemu-system-common.install
2988+ * Dropped all patches which are applied upstream
2989+ * Move the upstart jobs to a generic script
2990+ - add new qemu-kvm-init script
2991+ - call that from upstart and sysvrc qemu-kvm scripts
2992+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
2993+
2994+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
2995+
2996 qemu (1:2.3+dfsg-4) unstable; urgency=medium
2997
2998 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
2999@@ -1560,6 +4392,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
3000
3001 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
3002
3003+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
3004+
3005+ * SECURITY UPDATE: denial of service in vnc web
3006+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
3007+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
3008+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
3009+ websockets clients in ui/vnc-ws.c.
3010+ - CVE-2015-1779
3011+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
3012+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
3013+ bounds of the allocated buffer in hw/block/fdc.c.
3014+ - CVE-2015-3456
3015+
3016+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
3017+
3018+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
3019+
3020+ * CVE-2015-2756 / XSA-126
3021+ - xen: limit guest control of PCI command register
3022+
3023+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
3024+
3025+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
3026+
3027+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
3028+ accidentally create /1
3029+
3030+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
3031+
3032+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
3033+
3034+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
3035+
3036+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
3037+
3038+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
3039+
3040+ * No-change rebuild to pull in libxl-4.5.
3041+
3042+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
3043+
3044+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
3045+
3046+ * debian/control-in: enable numa on architectures where numa is built
3047+ (LP: #1417937)
3048+
3049+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
3050+
3051+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
3052+
3053+ [Scott Moser]
3054+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
3055+ profile when started by libvirt.
3056+
3057+ [Serge Hallyn]
3058+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
3059+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
3060+ (LP: #1419855)
3061+
3062+ [Chris J Arges]
3063+ * Determine if we are running inside a virtual environment. If running inside
3064+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
3065+
3066+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
3067+
3068+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
3069+
3070+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
3071+ - debian/rules: do not drop the init scripts loading kvm modules
3072+ (still needed in precise in cloud archive)
3073+ * Remaining changes:
3074+ - qemu-system-common.postinst:
3075+ * remove acl placed by udev, and add udevadm trigger.
3076+ * reload kvm_intel if needed to set nested=1
3077+ - qemu-system-common.preinst: add kvm group if needed
3078+ - add qemu-kvm upstart job and defaults file (rules,
3079+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3080+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3081+ do not auto-load the kvm kernel module. Enable nesting by default
3082+ on intel.
3083+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3084+ in qemu64 cpu type.
3085+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3086+ machine type to ease future live vm migration.
3087+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3088+ d/qemu-system-common.install
3089+ * Dropped all patches which are applied upstream
3090+ * Update ubuntu-vivid machine type to default to std graphics (following
3091+ upstream's lead for pc-i440fx-2.2 machine type)
3092+
3093+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
3094+
3095 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
3096
3097 * fix initscript removal once again
3098@@ -1609,6 +4533,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
3099
3100 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
3101
3102+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
3103+
3104+ * Cherrypick upstream patch needed to allow ESx hosts to run under
3105+ kvm (LP: #1411575)
3106+
3107+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
3108+
3109+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
3110+
3111+ * Merge 2.1+dfsg-11. Remaining changes:
3112+ - qemu-system-common.postinst:
3113+ * remove acl placed by udev, and add udevadm trigger.
3114+ * reload kvm_intel if needed to set nested=1
3115+ - qemu-system-common.preinst: add kvm group if needed
3116+ - add qemu-kvm upstart job and defaults file (rules,
3117+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3118+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3119+ do not auto-load the kvm kernel module. Enable nesting by default
3120+ on intel.
3121+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3122+ removed the alternatives bit later.
3123+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3124+ in qemu64 cpu type.
3125+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3126+ machine type to ease future live vm migration.
3127+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3128+ d/qemu-system-common.install
3129+ - debian/binfmt-update-in: support ppcle
3130+ * debian/binfmt-update-in
3131+ * Support-ppcle.patch
3132+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
3133+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3134+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3135+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3136+ * Dropped patches (upstream or now in debian's tree):
3137+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
3138+ - CVE-2014-7840.patch
3139+ - CVE-2014-8106.patch
3140+
3141+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
3142+
3143 qemu (1:2.1+dfsg-11) unstable; urgency=medium
3144
3145 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
3146@@ -1678,6 +4643,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
3147
3148 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
3149
3150+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
3151+
3152+ * SECURITY UPDATE: code execution via savevm data
3153+ - debian/patches/CVE-2014-7840.patch: validate parameters in
3154+ arch_init.c.
3155+ - CVE-2014-7840
3156+ * SECURITY UPDATE: code execution via cirrus vga blit regions
3157+ (LP: #1400775)
3158+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
3159+ hw/display/cirrus_vga.c.
3160+ - CVE-2014-8106
3161+
3162+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
3163+
3164+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
3165+
3166+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
3167+ dropped and VENDOR now will be all capital UBUNTU).
3168+
3169+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
3170+
3171+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
3172+
3173+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3174+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3175+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3176+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
3177+ SPSel=0 in certain conditions. (LP: #1349277)
3178+
3179+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
3180+
3181+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
3182+
3183+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
3184+ Cherry-pick of qemu-upstream patch to fix issues with persistent
3185+ grants and the PV backend (Qdisk) (LP: #1394327).
3186+
3187+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
3188+
3189+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
3190+
3191+ * Merge 2.1+dfsg-7. Remaining changes:
3192+ - qemu-system-common.postinst:
3193+ * remove acl placed by udev, and add udevadm trigger.
3194+ * reload kvm_intel if needed to set nested=1
3195+ - qemu-system-common.preinst: add kvm group if needed
3196+ - add qemu-kvm upstart job and defaults file (rules,
3197+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3198+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3199+ do not auto-load the kvm kernel module. Enable nesting by default
3200+ on intel.
3201+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3202+ removed the alternatives bit later.
3203+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3204+ in qemu64 cpu type.
3205+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3206+ machine type to ease future live vm migration.
3207+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3208+ d/qemu-system-common.install
3209+ - debian/binfmt-update-in: support ppcle
3210+ * debian/binfmt-update-in
3211+ * Support-ppcle.patch
3212+ * Dropped patches (upstream or now in debian's tree):
3213+ - pc-reserve-more-memory-for-acpi.patch
3214+ - CVE-2014-5388.patch
3215+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
3216+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
3217+ in debian)
3218+ - CVE-2014-3615.patch
3219+ - CVE-2014-3640.patch
3220+ - CVE-2014-3689.patch
3221+ - CVE-2014-7815.patch
3222+
3223+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
3224+
3225 qemu (2.1+dfsg-7) unstable; urgency=high
3226
3227 * urgency is high due to 2 security fixes
3228@@ -1729,6 +4769,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
3229
3230 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
3231
3232+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
3233+
3234+ * SECURITY UPDATE: information disclosure via vga driver
3235+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
3236+ sanity check register writes, and don't use fixed buffer sizes in
3237+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
3238+ ui/spice-display.c.
3239+ - CVE-2014-3615
3240+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
3241+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
3242+ stub in slirp/udp.c.
3243+ - CVE-2014-3640
3244+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
3245+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
3246+ hw/display/vmware_vga.c.
3247+ - CVE-2014-3689
3248+ * SECURITY UPDATE: denial of service via VNC console
3249+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
3250+ ui/vnc.c.
3251+ - CVE-2014-7815
3252+
3253+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
3254+
3255+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
3256+
3257+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
3258+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
3259+
3260+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
3261+
3262+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
3263+
3264+ * Apply two patches to fix intermittent qemu-img corruption
3265+ (LP: #1368815)
3266+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
3267+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
3268+
3269+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
3270+
3271+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
3272+
3273+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
3274+ debian does.
3275+
3276+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
3277+
3278+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
3279+
3280+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
3281+ versa.
3282+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
3283+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
3284+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
3285+ machine type for that.
3286+
3287+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
3288+
3289+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
3290+
3291+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
3292+ container. (LP: #1370199)
3293+ * load kvm module on ppc64le at boot (LP: #1369785)
3294+ - debian/rules: install qemu-kvm on ppc64el
3295+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
3296+ kvm-hv module if available
3297+ * qemu-system-x86.maintscript: remove accidentally installed
3298+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
3299+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
3300+ ubuntu.
3301+
3302+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
3303+
3304+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
3305+
3306+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
3307+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
3308+
3309+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
3310+
3311+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
3312+
3313+ * move kvm_intel nested setting to qemu-system-x86.postinst.
3314+
3315+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
3316+
3317+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
3318+
3319+ * Merge new debian release
3320+ * Remaining changes:
3321+ - qemu-system-common.postinst:
3322+ * remove acl placed by udev, and add udevadm trigger.
3323+ * reload kvm_intel if needed to set nested=1
3324+ - qemu-system-common.preinst: add kvm group if needed
3325+ - add qemu-kvm upstart job and defaults file (rules,
3326+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3327+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3328+ do not auto-load the kvm kernel module. Enable nesting by default
3329+ on intel.
3330+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3331+ removed the alternatives bit later.
3332+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3333+ in qemu64 cpu type.
3334+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3335+ machine type to ease future live vm migration.
3336+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3337+ d/qemu-system-common.install
3338+ - debian/binfmt-update-in: support ppcle
3339+ * debian/binfmt-update-in
3340+ * Support-ppcle.patch
3341+ - d/p/CVE-2014-5388.patch
3342+
3343+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
3344+
3345 qemu (2.1+dfsg-4) unstable; urgency=medium
3346
3347 * mention libnuma-dev but not enable for now
3348@@ -1746,6 +4899,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
3349
3350 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
3351
3352+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
3353+
3354+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
3355+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
3356+ - CVE-2014-5388
3357+
3358+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
3359+
3360+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
3361+
3362+ * replace d/p/revert-acpi-table-size-bump with
3363+ pc-reserve-more-memory-for-acpi.patch from upstream
3364+ * debian/binfmt-update-in
3365+ - don't run in a container
3366+ - add ppc64le as target (LP: #1358268)
3367+ * Add experimental ppcle support (LP: #1358268)
3368+
3369+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
3370+
3371+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
3372+
3373+ * revert-acpi-table-size-bump - get qemu -kernel working again.
3374+
3375+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
3376+
3377+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
3378+
3379+ * Merge new debian release
3380+ * Remaining changes:
3381+ - control-in: stick to libsdl1.2-dev.
3382+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3383+ qemu-bridge-helper
3384+ - qemu-system-common.postinst: remove acl placed by udev,
3385+ and add udevadm trigger.
3386+ - qemu-system-common.preinst: add kvm group if needed
3387+ - add qemu-kvm upstart job and defaults file (rules,
3388+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3389+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3390+ do not auto-load the kvm kernel module. Enable nesting by default
3391+ on intel.
3392+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3393+ removed the alternatives bit later.
3394+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3395+ in qemu64 cpu type.
3396+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3397+ machine type to ease future live vm migration.
3398+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3399+ d/qemu-system-common.install
3400+ * Upstart job: use getent group to check for kvm group
3401+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
3402+
3403+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
3404+
3405 qemu (2.1+dfsg-3) unstable; urgency=medium
3406
3407 * set SHELL = /bin/sh -e, so that more complex shell constructs
3408@@ -1772,6 +4978,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
3409
3410 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
3411
3412+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
3413+
3414+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
3415+
3416+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
3417+
3418+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
3419+
3420+ * Merge new debian release
3421+ * Remaining changes:
3422+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3423+ have in ipxe-qemu package.
3424+ - control-in: stick to libsdl1.2-dev.
3425+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3426+ qemu-bridge-helper
3427+ - qemu-system-common.postinst: remove acl placed by udev,
3428+ and add udevadm trigger.
3429+ - qemu-system-common.preinst: add kvm group if needed
3430+ - add qemu-kvm upstart job and defaults file (rules,
3431+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3432+ - debian/rules: add qemu-kvm-spice
3433+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3434+ do not auto-load the kvm kernel module. Enable nesting by default
3435+ on intel.
3436+ - binfmt-update-in: make sure to filter out compat arches.
3437+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3438+ removed the alternatives bit later.
3439+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3440+ in qemu64 cpu type.
3441+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3442+ machine type to ease future live vm migration.
3443+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3444+ d/qemu-system-common.install
3445+
3446+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
3447+
3448 qemu (2.1+dfsg-2) unstable; urgency=medium
3449
3450 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
3451@@ -1806,7 +5048,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
3452
3453 qemu (2.0.0+dfsg-7) unstable; urgency=medium
3454
3455- * clarify description of qemu-user-binfmt a bit
3456+ * clarify description of qemu-user-binfmt a bit
3457 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
3458 * remove qemu-keymaps package, since it is not used by other tools
3459 anymore, and ship keymaps in qemu-system-common.
3460@@ -1823,6 +5065,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
3461
3462 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
3463
3464+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
3465+
3466+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
3467+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
3468+
3469+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
3470+
3471+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
3472+
3473+ * Merge 2.0.0+dfsg-6. Remaining changes:
3474+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3475+ have in ipxe-qemu package.
3476+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
3477+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3478+ qemu-bridge-helper
3479+ - qemu-system-common.postinst: remove acl placed by udev,
3480+ and add udevadm trigger.
3481+ - qemu-system-common.preinst: add kvm group if needed
3482+ - add qemu-kvm upstart job and defaults file (rules,
3483+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3484+ - debian/rules: add qemu-kvm-spice
3485+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3486+ do not auto-load the kvm kernel module. Enable nesting by default
3487+ on intel.
3488+ - binfmt-update-in: make sure to filter out compat arches.
3489+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3490+ removed the alternatives bit later.
3491+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3492+ in qemu64 cpu type.
3493+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3494+ machine type to ease future live vm migration.
3495+ - re-introduce apport hook for qemu source package:
3496+ d/source_qemu-kvm.py, d/qemu-system-common.install
3497+ * enable-build-dep on libjpeg8-dev - which is now in main
3498+
3499+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
3500+
3501 qemu (2.0.0+dfsg-6) unstable; urgency=medium
3502
3503 * build-depend on libgnutls28-dev not libgnutls-dev
3504@@ -1866,6 +5145,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
3505
3506 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
3507
3508+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
3509+
3510+ * remove alternatives for qemu: different architectures
3511+ aren't really alternatives and never had been (LP: #1316829)
3512+
3513+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
3514+
3515+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
3516+
3517+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
3518+ * debian/control: drop the versioning requirement from libfdt-dev
3519+ build-dependency, as it is longer needed (LP: #1295072)
3520+
3521+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
3522+
3523+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
3524+
3525+ * Merge 2.0.0+dfsg-2
3526+ * Incorporates a fix for spice users (LP: #1309452)
3527+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
3528+ the regression requiring it was reverted for 2.0 upstream.
3529+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
3530+ * debian/qemu-debootstrap: add arm64
3531+ * Remaining changes from debian:
3532+ - keep qemu 'alternative' (not something to change in SRU)
3533+ - debian/control and debian/control-in:
3534+ * versioned libfdt-dev check, until libfdt is fixed in precise
3535+ * enable rbd
3536+ * remove ovmf Recommends, as it is in multiverse
3537+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
3538+ * add a qemu-system-aarch64 metapackage for transitions from trusty
3539+ development version. This can be removed after trusty.
3540+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3541+ qemu-bridge-helper
3542+ - qemu-system-common.postinst: fix /dev/kvm acls
3543+ - qemu-system-common.preinst: add kvm group if needed
3544+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3545+ have in ipxe-qemu package.
3546+ - qemu-system-x86.modprobe: set module options for older releases
3547+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
3548+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
3549+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
3550+ - debian/rules
3551+ * add legacy kvm-spice link
3552+ * fix ppc and arm slections
3553+ * add aarch64 to user_targets
3554+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
3555+ pc-i440fx-trusty machine type as the default.
3556+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
3557+ default in qemu64 cpu time.
3558+
3559+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
3560+
3561 qemu (2.0.0+dfsg-2) unstable; urgency=medium
3562
3563 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
3564@@ -1891,7 +5223,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
3565 * kmod dependency is linux-any
3566 * doc-grammify-allows-to.patch: fix some lintian warnings
3567 * remove alternatives for qemu: different architectures
3568- aren't really alternatives and never had been
3569+ aren't really alternatives and never had been
3570 * update Standards-Version to 3.9.5 (no changes needed)
3571 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
3572 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
3573@@ -1925,6 +5257,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
3574
3575 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
3576
3577+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
3578+
3579+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
3580+ don't abort() just because the kernel has no dirty bitmap.
3581+ (LP: #1303926)
3582+
3583+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
3584+
3585+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
3586+
3587+ * define-trusty-machine-type.patch: update the trusty machine type name to
3588+ pc-i440fx-trusty (LP: #1304107)
3589+
3590+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
3591+
3592+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
3593+
3594+ * Merge 2.0.0-rc1
3595+ * debian/rules: consolidate ppc filter entries.
3596+ * Move qemu-system-arch64 into qemu-system-arm
3597+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
3598+ type, currently the same as pc-i440fx-2.0, to put is in a better position
3599+ to enable live migrations from trusty onward. (LP: #1294823)
3600+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
3601+ * Merge latest upstream git to commit dc9528f
3602+ * Debian/rules:
3603+ - remove -enable-uname-release=2.6.32
3604+ - don't make the aarch64 target Ubuntu-specific.
3605+ * Remove patches which are now upstream:
3606+ - fix-smb-security-share.patch
3607+ - slirp-smb-redirect-port-445-too.patch
3608+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
3609+ - signal-added-a-wrapper-for-sigprocmask-function.patch
3610+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
3611+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
3612+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
3613+ * add link for /usr/share/qemu/bios-256k.bin
3614+ * Remove all linaro patches.
3615+ * Remove all arm64/ patches. Many but not all are upstream.
3616+ * Remove CVE-2013-4377.patch which is upstream.
3617+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
3618+
3619+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
3620+
3621 qemu (1.7.0+dfsg-9) unstable; urgency=medium
3622
3623 * remove rbd/rados/ceph support *again*, till they'll actually provide
3624@@ -1989,6 +5365,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
3625
3626 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
3627
3628+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
3629+
3630+ * No-change rebuild to build with libxen-4.4.
3631+
3632+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
3633+
3634+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
3635+
3636+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
3637+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
3638+
3639+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
3640+
3641+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
3642+
3643+ [ dann frazier ]
3644+ * Add patches from the susematz tree to avoid intermittent segfaults:
3645+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
3646+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
3647+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
3648+
3649+ [ Serge Hallyn ]
3650+ * Modify do_sigprocmask to only change behavior for aarch64.
3651+ (LP: #1285363)
3652+
3653+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
3654+
3655+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
3656+
3657+ [ Steve Langasek ]
3658+ * Merge debian/control with unreleased Debian branch: our architecture
3659+ lists should now be in sync.
3660+
3661+ [ Dann Frazier ]
3662+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
3663+ on arm64 and maybe others. (LP: #1284344)
3664+
3665+ [ Serge Hallyn ]
3666+ * Move the OVMF.fd link to the ovmf package.
3667+
3668+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
3669+
3670+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
3671+
3672+ * Add ppc64el to the architecture list (supposedly added in the previous
3673+ upload, but really wasn't).
3674+
3675+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
3676+
3677+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
3678+
3679+ * Backport changes to enable qemu-user-static support for aarch64
3680+ * debian/control: add ppc64el to Architectures
3681+ * debian/rules: only install qemu-system-aarch64 on arm64.
3682+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
3683+ debian/qemu-system-aarch64 directory
3684+
3685+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
3686+
3687+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
3688+
3689+ * Fix broken filter_binfmts
3690+ * Remove use of dpkg-version in postinsts, as we're not Depending on
3691+ dpkg-dev.
3692+
3693+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
3694+
3695+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
3696+
3697+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
3698+ - debian/patches/ubuntu:
3699+ * expose-vmx_qemu64cpu.patch
3700+ * linaro (omap3) and arm64 patches
3701+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
3702+ on ppc
3703+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
3704+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
3705+ - debian/control:
3706+ * add arm64 to Architectures
3707+ * add qemu-common and qemu-system-aarch64 packages
3708+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
3709+ - debian/qemu-system-common.preinst: add kvm group
3710+ - debian/qemu-system-common.postinst: remove acl placed by udev,
3711+ and add udevadm trigger.
3712+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
3713+ pxe-e1000 and pxe-rtl8139.
3714+ - add qemu-system-x86.qemu-kvm.upstart and .default
3715+ - qemu-user-static.postinst-in: remove arm64 binfmt
3716+ - debian/rules:
3717+ * allow parallel build
3718+ * add aarch64 to system_targets and sys_systems
3719+ * add qemu-kvm-spice links
3720+ * install qemu-system-x86.modprobe
3721+ - add debian/qemu-system-common.links for OVMF.fd link
3722+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
3723+
3724+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
3725+
3726 qemu (1.7.0+dfsg-3) unstable; urgency=low
3727
3728 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
3729@@ -2014,6 +5488,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
3730
3731 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
3732
3733+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
3734+
3735+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
3736+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
3737+
3738+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
3739+
3740+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
3741+
3742+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
3743+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
3744+ virtio device unplugging.
3745+ - CVE-2013-4377
3746+
3747+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
3748+
3749+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
3750+
3751+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
3752+ powerpc.
3753+
3754+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
3755+
3756+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
3757+
3758+ [ Serge Hallyn ]
3759+ * add arm64 patchset from upstream. The three arm virt patches previously
3760+ pushed are in that set, so drop them.
3761+
3762+ [ dann frazier ]
3763+ * Add packaging for qemu-system-aarch64. This package is currently only
3764+ available for arm64, as full software emulation is not yet supported.
3765+
3766+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
3767+
3768+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
3769+
3770+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
3771+ supported any longer.
3772+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
3773+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
3774+ churn caused by linaro patchset.
3775+ * debian/rules: enable parallel builds.
3776+
3777+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
3778+
3779+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
3780+
3781+ * d/control: enable usbredir (LP: 1126390)
3782+
3783+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
3784+
3785+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
3786+
3787+ * add missing arm virt patches from the mach-virt-v7 branch of
3788+ git://git.linaro.org/people/cdall/qemu-arm.git
3789+
3790+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
3791+
3792+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
3793+
3794+ * debian/control: add arm64 to list of architectures.
3795+
3796+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
3797+
3798+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
3799+
3800+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
3801+ - debian/control
3802+ * update maintainer
3803+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
3804+ from build-deps
3805+ * enable rbd
3806+ * add qemu-system and qemu-common B/R to qemu-keymaps
3807+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
3808+ qemu-system-common
3809+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
3810+ - add qemu-common, qemu-kvm, kvm to B/R
3811+ - remove openbios-sparc from qemu-system-sparc D
3812+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
3813+ * qemu-system-x86:
3814+ - add qemu-common to Breaks/Replaces.
3815+ - add cpu-checker to Recommends.
3816+ * qemu-user: add B/R:qemu-kvm
3817+ * qemu-kvm:
3818+ - add armhf armel powerpc sparc to Architecture
3819+ - C/R/P: qemu-kvm-spice
3820+ * add qemu-common package
3821+ * drop qemu-slof which is not packaged in ubuntu
3822+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
3823+ - qemu-system-x86.links:
3824+ * remove pxe rom links which are in kvm-ipxe
3825+ - debian/rules
3826+ * add kvm-spice symlink to qemu-kvm
3827+ * call dh_installmodules for qemu-system-x86
3828+ * update dh_installinit to install upstart script
3829+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
3830+ - Add qemu-utils.links for kvm-* symlinks.
3831+ - Add qemu-system-x86.qemu-kvm.upstart and .default
3832+ - Add qemu-system-x86.modprobe to set nesting=1
3833+ - Add qemu-system-common.preinst to add kvm group
3834+ - qemu-system-common.postinst: remove bad group acl if there, then have
3835+ udev relabel /dev/kvm.
3836+ - New linaro patches from qemu-linaro rebasing branch
3837+ - Dropped patches:
3838+ * linaro patchset
3839+ * mach-virt patchset
3840+ - Kept patches:
3841+ * expose_vms_qemu64cpu.patch
3842+ * fix-pci-add
3843+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
3844+ qemu-bridge-helper
3845+
3846+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 07 Dec 2013 06:08:11 +0000
3847+
3848 qemu (1.7.0+dfsg-2) unstable; urgency=low
3849
3850 * switch from vgabios to seavgabios
3851@@ -2043,6 +5632,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
3852
3853 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Nov 2013 03:14:21 +0400
3854
3855+qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
3856+
3857+ * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
3858+ to prevent lts-to-lts updates from breaking. (LP: #1243403)
3859+
3860+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:31:05 -0500
3861+
3862+qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
3863+
3864+ * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
3865+ - debian/control
3866+ * update maintainer
3867+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
3868+ from build-deps
3869+ * enable rbd
3870+ * add qemu-system and qemu-common B/R to qemu-keymaps
3871+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
3872+ qemu-system-common
3873+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
3874+ - add qemu-kvm to Provides
3875+ - add qemu-common, qemu-kvm, kvm to B/R
3876+ - remove openbios-sparc from qemu-system-sparc D
3877+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
3878+ * qemu-system-x86:
3879+ - add qemu-common to Breaks/Replaces.
3880+ - add cpu-checker to Recommends.
3881+ * qemu-user: add B/R:qemu-kvm
3882+ * qemu-kvm:
3883+ - add armhf armel powerpc sparc to Architecture
3884+ - C/R/P: qemu-kvm-spice
3885+ * add qemu-common package
3886+ * drop qemu-slof which is not packaged in ubuntu
3887+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
3888+ - qemu-system-x86.links:
3889+ * remove pxe rom links which are in kvm-ipxe
3890+ * add symlink for kvm.1 manpage
3891+ - debian/rules
3892+ * add kvm-spice symlink to qemu-kvm
3893+ * call dh_installmodules for qemu-system-x86
3894+ * update dh_installinit to install upstart script
3895+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
3896+ - Add qemu-utils.links for kvm-* symlinks.
3897+ - Add qemu-system-x86.qemu-kvm.upstart and .default
3898+ - Add qemu-system-x86.modprobe to set nesting=1
3899+ - Add qemu-system-common.preinst to add kvm group
3900+ - qemu-system-common.postinst: remove bad group acl if there, then have
3901+ udev relabel /dev/kvm.
3902+ - New linaro patches from qemu-linaro rebasing branch
3903+ - Dropped patches:
3904+ * xen-simplify-xen_enabled.patch
3905+ * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
3906+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
3907+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
3908+ * virtio-rng-fix-crash
3909+ - Kept patches:
3910+ * expose_vms_qemu64cpu.patch - updated
3911+ * linaro arm patches from qemu-linaro rebasing branch
3912+ - New patches:
3913+ * fix-pci-add: change CONFIG variable in ifdef to make sure that
3914+ pci_add is defined.
3915+ * Add linaro patches
3916+ * Add experimental mach-virt patches for arm virtualization.
3917+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
3918+ qemu-bridge-helper
3919+
3920+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 22 Oct 2013 22:47:07 -0500
3921+
3922 qemu (1.6.0+dfsg-2) unstable; urgency=low
3923
3924 * Build-depend in seccomp again once it is in -testing
3925@@ -2113,6 +5769,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium
3926
3927 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 06 Jun 2013 01:50:32 +0400
3928
3929+qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
3930+
3931+ * No change rebuild for new seccomp.
3932+
3933+ -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 18:34:50 -0400
3934+
3935+qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
3936+
3937+ * Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
3938+ - virtio-rng-fix-crash
3939+
3940+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Oct 2013 17:46:49 -0500
3941+
3942+qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low
3943+
3944+ * Re-introduce snippet in upstart job to load kvm modules if needed.
3945+ (LP: #1218459)
3946+
3947+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Sep 2013 22:43:52 +0000
3948+
3949+qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low
3950+
3951+ * Cherry-picking three Xen related patches targetted for qemu-stable:
3952+ * xen-simplify-xen_enabled.patch
3953+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
3954+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
3955+
3956+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 26 Jul 2013 15:01:44 +0200
3957+
3958+qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low
3959+
3960+ * Drop openbios-ppc and openhackware Depends to Suggests for now.
3961+
3962+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Jun 2013 03:23:56 -0600
3963+
3964+qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low
3965+
3966+ * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes:
3967+ - debian/control
3968+ * update maintainer
3969+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
3970+ from build-deps
3971+ * enable rbd
3972+ * add qemu-system and qemu-common B/R to qemu-keymaps
3973+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
3974+ qemu-system-common
3975+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
3976+ - add qemu-kvm to Provides
3977+ - add qemu-common, qemu-kvm, kvm to B/R
3978+ - remove openbios-sparc from qemu-system-sparc D
3979+ * qemu-system-x86:
3980+ - add qemu-common to Breaks/Replaces.
3981+ - add cpu-checker to Recommends.
3982+ * qemu-user: add B/R:qemu-kvm
3983+ * qemu-kvm:
3984+ - add armhf armel powerpc sparc to Architecture
3985+ - C/R/P: qemu-kvm-spice
3986+ * add qemu-common package
3987+ * drop qemu-slof which is not packaged in ubuntu
3988+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
3989+ - qemu-system-x86.links:
3990+ * remove pxe rom links which are in kvm-ipxe
3991+ * add symlink for kvm.1 manpage
3992+ - debian/rules
3993+ * add kvm-spice symlink to qemu-kvm
3994+ * call dh_installmodules for qemu-system-x86
3995+ * update dh_installinit to install upstart script
3996+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
3997+ - Add qemu-utils.links for kvm-* symlinks.
3998+ - Add qemu-system-x86.qemu-kvm.upstart and .default
3999+ - Add qemu-system-x86.modprobe to set nesting=1
4000+ - Add qemu-system-common.preinst to add kvm group
4001+ - qemu-system-common.postinst: remove bad group acl if there, then have
4002+ udev relabel /dev/kvm.
4003+ - Dropped patches:
4004+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4005+ - Kept patches:
4006+ * expose_vms_qemu64cpu.patch - updated
4007+ * gridcentric patch - updated
4008+ * linaro arm patches from qemu-linaro rebasing branch
4009+
4010+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Jun 2013 22:56:43 +0200
4011+
4012 qemu (1.5.0+dfsg-3) unstable; urgency=low
4013
4014 * fix sections: misc => otherosfs
4015@@ -2132,6 +5871,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low
4016
4017 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Jun 2013 01:49:47 +0400
4018
4019+qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low
4020+
4021+ * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes:
4022+ - debian/control
4023+ * update maintainer
4024+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4025+ from build-deps
4026+ * enable rbd
4027+ * add qemu-system and qemu-common B/R to qemu-keymaps
4028+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4029+ qemu-system-common
4030+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4031+ - add qemu-kvm to Provides
4032+ - add qemu-common, qemu-kvm, kvm to B/R
4033+ - remove openbios-sparc from qemu-system-sparc D
4034+ * qemu-system-x86:
4035+ - add qemu-common to Breaks/Replaces.
4036+ - add cpu-checker to Recommends.
4037+ * qemu-user: add B/R:qemu-kvm
4038+ * qemu-kvm:
4039+ - add armhf armel powerpc sparc to Architecture
4040+ - C/R/P: qemu-kvm-spice
4041+ * add qemu-common package
4042+ * drop qemu-slof which is not packaged in ubuntu
4043+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4044+ - qemu-system-x86.links:
4045+ * remove pxe rom links which are in kvm-ipxe
4046+ * add symlink for kvm.1 manpage
4047+ - debian/rules
4048+ * add kvm-spice symlink to qemu-kvm
4049+ * call dh_installmodules for qemu-system-x86
4050+ * update dh_installinit to install upstart script
4051+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4052+ - Add qemu-utils.links for kvm-* symlinks.
4053+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4054+ - Add qemu-system-x86.modprobe to set nesting=1
4055+ - Add qemu-system-common.preinst to add kvm group
4056+ - qemu-system-common.postinst: remove bad group acl if there, then have
4057+ udev relabel /dev/kvm.
4058+ - Dropped patches:
4059+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4060+ - Kept patches:
4061+ * expose_vms_qemu64cpu.patch - updated
4062+ * gridcentric patch - updated
4063+ * linaro arm patches from qemu-linaro rebasing branch
4064+
4065+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 May 2013 08:18:30 -0500
4066+
4067 qemu (1.5.0+dfsg-2) unstable; urgency=low
4068
4069 * merged development history of wheezy and experimental branches.
4070@@ -2199,6 +5986,76 @@ qemu (1.4.0+dfsg-2exp) experimental; urgency=low
4071
4072 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 18 Apr 2013 14:45:30 +0400
4073
4074+qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low
4075+
4076+ * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177)
4077+ * qemu-system-x86.qemu-kvm.upstart:
4078+ - remove NESTED workarounds from upstart file.
4079+ - remove loading of modules which is now always done
4080+ - remove TAPR define which is no longer used
4081+ * move customizable defines back to qemu-kvm.default
4082+ * copy creation of group kvm to preinst - the group must exist when the
4083+ kvm udev rule is installed (LP: #1103022) (LP: #1092715)
4084+ * add adduser to qemu-system-common Pre-Depends for use by preinst.
4085+
4086+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Mar 2013 14:21:53 -0500
4087+
4088+qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low
4089+
4090+ * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on
4091+ i386/amd64 targets. (LP: #1126258)
4092+
4093+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 28 Feb 2013 15:17:16 -0600
4094+
4095+qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low
4096+
4097+ * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing
4098+ tree.
4099+ * add qemu-common to qemu-system-common B/R (was accidentally dropped from
4100+ 1.3.0 in 1.4.0 merge).
4101+ * debian/control: fix kvm P/C/B/R:
4102+ - make all C/B/R against kvm versioned
4103+ - don't have any qemu-system-* other than x86 Provides: kvm
4104+
4105+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Feb 2013 13:34:07 -0600
4106+
4107+qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low
4108+
4109+ * Merge 1.4.0+dfsg-1exp from debian. Remaining changes:
4110+ - debian/control:
4111+ * update maintainer
4112+ * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps
4113+ * enable rbd
4114+ * add qemu-system and qemu-common B/R to qemu-keymaps
4115+ * add D:udev and R:qemu to qemu-system-common
4116+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4117+ - add qemu-kvm and kvm to Provides
4118+ - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc,
4119+ qemu-system-sparc:
4120+ - remove openbios-$arch from Depends
4121+ * qemu-system-x86:
4122+ - add qemu-common to Breaks/Replaces.
4123+ - add cpu-checker to Recommends.
4124+ * qemu-user:
4125+ - add B/R qemu-kvm
4126+ * qemu-utils:
4127+ - add B/R qemu-user and qemu-kvm
4128+ * qemu-kvm: add armhf armel powerpc sparc to Architecture
4129+ * add qemu-common package
4130+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4131+ - qemu-system-x86.links:
4132+ * remove pxe rom links which are in kvm-ipxe
4133+ * add symlink for kvm.1 manpage
4134+ - Add qemu-utils.links for kvm-* symlinks.
4135+ - Add qemu-kvm.conf upstart job to qemu-system
4136+ - Clear /dev/kvm acls on install
4137+ - Add linaro arm patches.
4138+ - Add gridcentric patches.
4139+ - Re-add expose_vms_qemu64cpu.patch (from Daviey)
4140+ * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4141+
4142+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 11:58:27 -0600
4143+
4144 qemu (1.4.0+dfsg-1exp) experimental; urgency=low
4145
4146 [ Michael Tokarev ]
4147@@ -2254,6 +6111,116 @@ qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low
4148
4149 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 02 Feb 2013 21:05:28 +0400
4150
4151+qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low
4152+
4153+ * qemu-system-common.postinst: only run setfacl when /dev/kvm exists.
4154+ (LP: #1130591)
4155+
4156+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 08:58:53 -0600
4157+
4158+qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low
4159+
4160+ * Update workarounds for udev/inotify: (LP: #1092715)
4161+ - qemu-system-common.udev: go back to original, simple rule
4162+ - qemu-system-common.postinst: manually run setfacl
4163+ - (keep Depends: on acl as well)
4164+ - this can be removed once bug 1092715 is fixed.
4165+
4166+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 19 Feb 2013 12:41:22 -0600
4167+
4168+qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low
4169+
4170+ * Now that qemu provides spice support, and qemu-kvm-spice is removed from
4171+ the archive, have qemu-kvm (which qemu-kvm-spice always depended on)
4172+ P/C/R qemu-kvm-spice.
4173+
4174+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Feb 2013 13:43:27 -0600
4175+
4176+qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low
4177+
4178+ * Enable spice.
4179+ * Address lintian warning by adding ${misc:Depends} to qemu-common and
4180+ qemu-kvm.
4181+
4182+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 12 Feb 2013 16:07:04 -0600
4183+
4184+qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low
4185+
4186+ [ Serge Hallyn ]
4187+ * Merge 1.3.0+dfsg-5exp from Debian.
4188+ * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1:
4189+ - debian/control:
4190+ * update maintainer
4191+ * remove vde2 recommends
4192+ * build-deps: remove libusbredir, libvdeplug2-dev,
4193+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev
4194+ * qemu-system:
4195+ - break/replace qemu-common
4196+ - depend on udev
4197+ - remove openbios-ppc, openbios-sparc, and openhackware from
4198+ Depends. (Intend to add them back once we can build them.)
4199+ * qemu-utils: break/replace qemu-kvm
4200+ - qemu-kvm.upstart:
4201+ - add qemu-system.qemu-kvm.upstart
4202+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4203+ - take the defaults from the old qemu-kvm.defaults, and move them into
4204+ the upstart job
4205+ - debian/patches:
4206+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4207+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4208+ - add links for qemu-ifup/down in qemu-system-common.links
4209+ - debian/qemu-system-common.postinst
4210+ - udevadm trigger to fix up /dev/kvm perms
4211+ - debian/qemu-system.links:
4212+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4213+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4214+ back to qemu-system at some point.
4215+ * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1:
4216+ - qemu-system-common.links: add link for OVMF
4217+ - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages.
4218+ - qemu-system.links:
4219+ * Add link to usr/share/ovmf/OVMF.fd
4220+ * Fix target of /etc/kvm/kvm-if{up,down} links
4221+ - debian/control: qemu-system should Recommend cpu-checker
4222+ - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4223+ (i.e.) qemu-x86_64.
4224+ - add qemu-kvm, and qemu-common transitional packages.
4225+ - Add breaks/replaces to qemu-keymaps for qemu-system.
4226+ - Add provides: qemu-kvm and kvm to qemu-system-ppc.
4227+ - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common.
4228+ - Add breaks/replaces to qemu-kvm for qemu-common.
4229+ - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm.
4230+ - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional
4231+ package.
4232+ - Add qemu-common package.
4233+ - Make sure /dev/kvm gets its acls cleared:
4234+ * Add acl to qemu-system.depends
4235+ * update qemu-system.udev to run setfacl to set g::rw acl
4236+ - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4237+ * dropped debian/patches/CVE-2012-6075.patch (duplicate of
4238+ e1000-discard-oversize-packets-based-on-SBP_LPE.patch)
4239+ * debian/{control,configure-opts}: enable rbd (LP: #1118406)
4240+ * add symlink for kvm.1 -> qemu.1 manpage (LP: #1117636)
4241+ * add replaces to qemu-system-common for qemu - we briefly moved conflicting
4242+ docs to qemu, which debian moved to qemu-system-common. This can be
4243+ dropped after raring.
4244+ * move qemu-kvm.upstart from qemu-system to qemu-system-x86.
4245+ * Support upgrade from qemu-kvm on non-x86 arches:
4246+ - Add Provides: qemu-kvm, kvm to qemu-system-{arm,ppc,sparc,x86}
4247+ - Add Breaks/Replaces for qemu-{common,system,kvm} and kvm.
4248+ * Re-add expose_vms_qemu64cpu.patch (from Daviey) from quantal.
4249+
4250+ [ Steve Langasek ]
4251+ * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that
4252+ we have a sensible baseline kernel value regardless of what the
4253+ underlying host kernel is. This makes eglibc happier when running under
4254+ emulation on a very old kernel for instance (whose host syscall ABI has
4255+ nothing to do with what emulated syscalls are supported), and probably
4256+ also lets us steer clear for the moment of code that has problem with
4257+ the new kernel upstream versioning convention. LP: #921078.
4258+
4259+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Feb 2013 14:15:26 -0600
4260+
4261 qemu (1.3.0+dfsg-5exp) experimental; urgency=low
4262
4263 * qemu-system-split: split qemu-system into several target-specific packages:
4264@@ -2333,6 +6300,106 @@ qemu (1.3.0+dfsg-2exp) experimental; urgency=low
4265
4266 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 20 Jan 2013 22:12:11 +0400
4267
4268+qemu (1.3.0+dfsg-1~exp3ubuntu8) raring; urgency=low
4269+
4270+ * qemu-system.links:
4271+ - Add link to usr/share/ovmf/OVMF.fd (LP: #1074207)
4272+ - Fix target of /etc/kvm/kvm-if{up,down} links
4273+
4274+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Jan 2013 10:52:22 -0600
4275+
4276+qemu (1.3.0+dfsg-1~exp3ubuntu7) raring; urgency=low
4277+
4278+ * debian/control: qemu-system should Recommend cpu-checker (LP: #1103982)
4279+
4280+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 28 Jan 2013 11:52:10 -0600
4281+
4282+qemu (1.3.0+dfsg-1~exp3ubuntu6) raring; urgency=low
4283+
4284+ * configure-opts: add audio-cards list (LP: #1102487)
4285+ * configure-opts: change order of audio-drv-list for ubuntu, putting pa
4286+ first.
4287+
4288+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 12:02:09 -0600
4289+
4290+qemu (1.3.0+dfsg-1~exp3ubuntu5) raring; urgency=low
4291+
4292+ * Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4293+ (i.e.) qemu-x86_64. (LP: #1102332)
4294+
4295+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 08:58:07 -0600
4296+
4297+qemu (1.3.0+dfsg-1~exp3ubuntu4) raring; urgency=low
4298+
4299+ * Move three docs from qemu-system.install to qemu.docs (LP: #1101798)
4300+
4301+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 20:12:48 -0700
4302+
4303+qemu (1.3.0+dfsg-1~exp3ubuntu3) raring; urgency=low
4304+
4305+ * debian/patches/CVE-2012-6075.patch: Fix guest denial of service and
4306+ possible code execution in hw/e1000.c by dropping oversize packets.
4307+
4308+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 07:31:50 -0700
4309+
4310+qemu (1.3.0+dfsg-1~exp3ubuntu2) raring; urgency=low
4311+
4312+ * debian/rules: empty MAKEFLAGS when building spapr-rtas.bin on powerpc, to
4313+ fix FTBFS due to parallel compile.
4314+
4315+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Jan 2013 15:51:09 -0600
4316+
4317+qemu (1.3.0+dfsg-1~exp3ubuntu1) raring; urgency=low
4318+
4319+ * Merge 1.3.0+dfsg-1~exp3. Remaining ubuntu delta:
4320+ - debian/control:
4321+ * update maintainer
4322+ * remove vde2 recommends
4323+ * build-deps: remove libusbredir, libvdeplug2-dev,
4324+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
4325+ and libxen-dev.
4326+ * qemu-keymaps: break/replace qemu-common
4327+ * qemu-system:
4328+ - break/replace qemu-common
4329+ - depend on udev
4330+ - remove openbios-ppc, openbios-sparc, and openhackware from
4331+ Depends. (Intend to add them back once we can build them.)
4332+ - provides: qemu-kvm
4333+ * qemu-utils: break/replace qemu-kvm
4334+ * set up transitional packages for qemu-kvm, qemu-common, and kvm.
4335+ - qemu-kvm.upstart:
4336+ - add qemu-system.qemu-kvm.upstart
4337+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4338+ - take the defaults from the old qemu-kvm.defaults, and move them into
4339+ the upstart job
4340+ - debian/patches:
4341+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4342+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4343+ - ifup/down:
4344+ - copy Debian qemu-kvm's kvm-ifup/down into debian/
4345+ - fix dh_install for kvm-ifup/down in debian/rules
4346+ - add links for qemu-ifup/down in qemu-system.links
4347+ - remove (debian's original) qemu-ifup from qemu-system.install
4348+ - debian/qemu-system.postinst
4349+ - udevadm trigger to fix up /dev/kvm perms
4350+ - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
4351+ - debian/qemu-system.links:
4352+ - point 'kvm' to qemu-system-x86_64
4353+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4354+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4355+ back to qemu-system at some point.
4356+ * Add note about kvm to qemu-system.README.debian.
4357+ * Copy kvm-ifup and kvm-ifdown from debian's qemu-kvm
4358+ * Remove TAPBR from qemu-kvm.conf.
4359+ * Make sure /dev/kvm gets its acls cleared:
4360+ - Add acl to qemu-system.depends
4361+ - update qemu-system.udev to run setfacl to set g::rw acl
4362+ * qemu-system.qemu-kvm.conf: don't rmmod at stop
4363+ * Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4364+ * Remove hugepages sysctl file - qemu now supports transparent hugepages.
4365+
4366+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Jan 2013 23:22:51 -0600
4367+
4368 qemu (1.3.0+dfsg-1~exp3) experimental; urgency=low
4369
4370 * enable vde on kFreebsd too (no idea why it was disabled)
4371@@ -2417,6 +6484,107 @@ qemu (1.3.0+dfsg-1~exp1) experimental; urgency=low
4372
4373 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 30 Dec 2012 01:52:21 +0400
4374
4375+qemu (1.2.0.dfsg-1~exp1-0ubuntu2) raring; urgency=low
4376+
4377+ * Remove kvm package
4378+ - make qemu-system P/C/B: kvm.
4379+
4380+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Jan 2013 12:03:19 -0600
4381+
4382+qemu (1.2.0.dfsg-1~exp1-0ubuntu1) raring; urgency=low
4383+
4384+ [ Serge Hallyn ]
4385+ * debian/control:
4386+ - update maintainer
4387+ - remove vde2 recommends
4388+ - build-deps: remove libusbredir, libvdeplug2-dev,
4389+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
4390+ and libxen-dev.
4391+ - qemu-keymaps: break/replace qemu-common
4392+ - qemu-system:
4393+ - break/replace qemu-common
4394+ - depend on udev
4395+ - remove openbios-ppc, openbios-sparc, and openhackware from
4396+ Depends. (Intend to add them back once we can build them.)
4397+ - provides: qemu-kvm
4398+ - qemu-utils: break/replace qemu-kvm
4399+ - set up transitional packages for qemu-kvm, qemu-common, and kvm.
4400+ * debian/rules:
4401+ - install kvm-ifup and kvm-ifdown
4402+ - dh_installinit the qemu-kvm upstart job
4403+ * install a 30-qemu-kvm.conf into /etc/sysctl.c for nr_hugepages.
4404+ * qemu-kvm.upstart:
4405+ - add qemu-system.qemu-kvm.upstart
4406+ - add mv_confile to qemu-system.preinst, postinst, and .postrm to rename
4407+ /etc/init/qemu-kvm.conf to qemu-system.conf
4408+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4409+ - take the defaults from the old qemu-kvm.defaults, and move them into
4410+ the upstart job
4411+ * debian/patches:
4412+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4413+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4414+ - apply nbd-fixes-to-read-only-handling.patch from upstream to
4415+ make read-write mount after read-only mount work. (LP: #1077838)
4416+ * ifup/down:
4417+ - copy Ubuntu qemu-kvm's kvm-ifup/down into debian/
4418+ - fix dh_install for kvm-ifup/down in debian/rules
4419+ - add links for qemu-ifup/down in qemu-system.links
4420+ - remove (debian's original) qemu-ifup from qemu-system.install
4421+ * debian/qemu-system.postinst
4422+ - udevadm trigger to fix up /dev/kvm perms
4423+ - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
4424+ * debian/qemu-system.links:
4425+ - point 'kvm' to qemu-system-x86_64
4426+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4427+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4428+ back to qemu-system at some point.
4429+ - add qemu-ifdown and qemu-ifup links
4430+ * debian/qemu-system.install:
4431+ - remove /etc/qemu-ifup link
4432+ - add /etc/sysctl.d/30-qemu-kvm.conf
4433+
4434+ [ Adam Conrad ]
4435+ * Appease apt-get's dist-upgrade resolver by creating a qemu-common
4436+ transitional package to upgrade more gracefully to qemu-keymaps.
4437+ * Move all the empty transitional packages to the oldlibs section.
4438+ * Restore the versioned dep from qemu-kvm (and kvm) to qemu-system.
4439+
4440+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Jan 2013 08:50:24 -0600
4441+
4442+qemu (1.2.0+dfsg-1~exp1) UNRELEASED; urgency=low
4443+
4444+ [ Michael Tokarev ]
4445+ * new upstream version (1.3.0)
4446+ (Closes: #676374, #622319, #597527, #593547, #660154)
4447+ - Removed patches included upstream:
4448+ do-not-include-libutil.h.patch
4449+ configure-nss-usbredir.patch
4450+ tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch
4451+ net-add--netdev-options-to-man-page.patch
4452+ - update 02_kfreebsd.patch
4453+ - do not build mpc8544ds.dtb
4454+ - include new targets
4455+ * Cleaned up the build system ALOT. Larger changes:
4456+ - used explicit lists of emulated targets in debian/rules
4457+ and generate everything else from there, instead of repeating
4458+ these lists in lots of places.
4459+ - stop using debian/$pkg.manpages and other auxilary files like this,
4460+ moving eveything to debian/$pkg.install, because with the number
4461+ of packages growing, amount of these small files becomes very
4462+ large and the result is difficult to maintain.
4463+ * ship forgotten target-x86_64.conf in qemu-system.
4464+ * ship virtfs-proxy-helper in qemu-utils.
4465+ * stop shipping tundev.c, since it does not reflect the reality for
4466+ a long time now (Closes: #325761, #325754).
4467+ * re-introduce support parallel build using DEB_BUILD_OPTIONS=parallel=N,
4468+ this time by adding to $MAKEFLAGS instead of passing down to submakes
4469+ * build-depend on libcap-ng-dev (for virtfs-proxy-helper)
4470+
4471+ [ Vagrant Cascadian ]
4472+ * Add libcap-dev to Build-Depends to support virtfs-proxy-helper.
4473+
4474+ -- Michael Tokarev <mjt@tls.msk.ru> Sun, 30 Dec 2012 01:52:21 +0400
4475+
4476 qemu (1.1.2+dfsg-6a) unstable; urgency=low
4477
4478 * reupload to remove two unrelated files slipped in debian/
4479@@ -4350,3 +8518,4 @@ qemu (0.5.2-1) unstable; urgency=low
4480 * Initial Release. (Closes: #187407)
4481
4482 -- Paul Russell <prussell@debian.org> Wed, 3 Mar 2004 02:18:54 +0100
4483+
4484diff --git a/debian/control b/debian/control
4485index db4e0e4..3b62a34 100644
4486--- a/debian/control
4487+++ b/debian/control
4488@@ -2,7 +2,8 @@
4489 Source: qemu
4490 Section: otherosfs
4491 Priority: optional
4492-Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
4493+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
4494+XSBC-Original-Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
4495 Uploaders: Riku Voipio <riku.voipio@iki.fi>,
4496 Michael Tokarev <mjt@tls.msk.ru>
4497 Build-Depends: debhelper-compat (= 12),
4498@@ -17,8 +18,6 @@ Build-Depends: debhelper-compat (= 12),
4499 texinfo, python3-sphinx,
4500 # iasl (from acpica-tools) is used only in a single test these days, not for building
4501 # acpica-tools,
4502-# --enable-capstone=system
4503- libcapstone-dev (>> 4.0.2~),
4504 # --enable-linux-aio linux-*
4505 libaio-dev [linux-any],
4506 # --audio-drv-list=pa,alsa,oss linux-*
4507@@ -50,8 +49,6 @@ Build-Depends: debhelper-compat (= 12),
4508 libvirglrenderer-dev [linux-any],
4509 # --enable-opengl linux-*
4510 libepoxy-dev [linux-any], libdrm-dev [linux-any], libgbm-dev [linux-any],
4511-# --enable-libnfs
4512- libnfs-dev (>> 1.9.3),
4513 # --enable-numa i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc|s390x|riscv64
4514 libnuma-dev [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc s390x riscv64],
4515 # --enable-smartcard
4516@@ -61,8 +58,6 @@ Build-Depends: debhelper-compat (= 12),
4517 librbd-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x ppc64 sparc64],
4518 # glusterfs is debian-only since ubuntu/glusterfs is in universe (MIR LP: #1274247)
4519 # before buster it was glusterfs-common so keep it for now for bpo
4520-# --enable-glusterfs linux-any
4521- libglusterfs-dev [linux-any] | glusterfs-common [linux-any],
4522 # --enable-vnc-sasl
4523 libsasl2-dev,
4524 # --disable-sdl
4525@@ -83,9 +78,6 @@ Build-Depends: debhelper-compat (= 12),
4526 # --enable-libssh
4527 libssh-dev,
4528 # vde is debian-only since ubuntu/vde2 is in universe
4529-# --enable-vde
4530- libvdeplug-dev,
4531-# --enable-xen linux-amd64|linux-i386
4532 libxen-dev [linux-amd64 linux-i386],
4533 # --enable-nettle
4534 nettle-dev,
4535@@ -113,6 +105,9 @@ Build-Depends: debhelper-compat (= 12),
4536 ##--with-iconv (libiconv for curses wide char support)
4537 ## auth-pam - for auth for vnc&Co using PAM
4538 ## gio-2.0 - for -display=spice-app
4539+## armhf workaround for bug 1890435 until resolved in gcc-10
4540+ gcc-9 [armhf],
4541+ g++-9 [armhf],
4542 Build-Depends-Indep:
4543 gcc-s390x-linux-gnu,
4544 # libc6.1-dev-alpha-cross isn't really needed but the code,
4545@@ -129,8 +124,10 @@ Build-Depends-Indep:
4546 Build-Conflicts: oss4-dev
4547 Standards-Version: 4.5.1
4548 Homepage: http://www.qemu.org/
4549-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
4550-Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
4551+XS-Debian-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu
4552+XS-Debian-Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git
4553+Vcs-Browser: https://git.launchpad.net/ubuntu/+source/qemu
4554+Vcs-Git: https://git.launchpad.net/ubuntu/+source/qemu
4555
4556 Package: qemu
4557 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4558@@ -161,6 +158,7 @@ Depends: ${misc:Depends},
4559 qemu-system-ppc,
4560 qemu-system-sparc,
4561 qemu-system-x86,
4562+ qemu-system-s390x,
4563 qemu-system-misc
4564 Description: QEMU full system emulation binaries
4565 QEMU is a fast processor emulator: currently the package supports
4566@@ -194,6 +192,8 @@ Multi-Arch: foreign
4567 Conflicts: sgabios, qemu-skiboot, openbios-sparc, openbios-ppc, qemu-slof,
4568 Replaces: qemu-system-common (<< 1:2.12+dfsg-2~), sgabios,
4569 openbios-sparc, openbios-ppc, qemu-slof, qemu-system-sparc (<< 1:4.2-4~), qemu-system-ppc (<< 1:4.2-4~),
4570+ qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
4571+Breaks: qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~)
4572 Provides: qemu-keymaps, sgabios, qemu-skiboot, openbios-sparc, openbios-ppc, qemu-slof,
4573 Depends: ${misc:Depends}
4574 Description: QEMU full system emulation (data files)
4575@@ -207,7 +207,9 @@ Multi-Arch: no
4576 Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~), qemu-system-gui (= 1:5.2+dfsg-1)
4577 Breaks: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
4578 Depends: ${misc:Depends}, ${shlibs:Depends},
4579+ qemu-block-extra (= ${binary:Version}),
4580 # to fix wrong acl for newly created device node on ubuntu:
4581+ acl
4582 Description: QEMU full system emulation binaries (common files)
4583 QEMU is a fast processor emulator: currently the package supports
4584 ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
4585@@ -258,6 +260,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Vers
4586 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4587 # aarch64 arm uses bootroms
4588 ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~),
4589+ ipxe-qemu-256k-compat-efi-roms,
4590 qemu-efi-aarch64, qemu-efi-arm
4591 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4592 Provides: qemu-kvm [linux-arm64 linux-armhf linux-armel], ${sysprovides:arm}
4593@@ -304,6 +307,7 @@ Multi-Arch: foreign
4594 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4595 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4596 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4597+ ipxe-qemu-256k-compat-efi-roms,
4598 # ppc targets use vgabios-stdvga and bootroms
4599 seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4600 Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc}
4601@@ -348,14 +352,16 @@ Package: qemu-system-x86
4602 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4603 Multi-Arch: foreign
4604 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4605+ ipxe-qemu-256k-compat-efi-roms,
4606 seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4607 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4608 ovmf,
4609+ cpu-checker
4610 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4611 sgabios,
4612-Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}
4613-Breaks: qemu-kvm [linux-amd64 linux-i386]
4614-Replaces: qemu-kvm [linux-amd64 linux-i386]
4615+Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}, qemu-system-x86-microvm
4616+Breaks: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4617+Replaces: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4618 Description: QEMU full system emulation binaries (x86)
4619 QEMU is a fast processor emulator: currently the package supports
4620 i386 and x86-64 emulation. By using dynamic translation it achieves
4621@@ -372,6 +378,16 @@ Description: QEMU full system emulation binaries (x86)
4622 On x86 host hardware this package also enables KVM kernel virtual machine
4623 usage on systems which supports it.
4624
4625+Package: qemu-system-x86-microvm
4626+Architecture: amd64
4627+Multi-Arch: foreign
4628+Section: oldlibs
4629+Depends: qemu-system-x86 (>= 1:5.0-5ubuntu1~), ${misc:Depends}
4630+Description: QEMU full system emulation binaries (x86)
4631+ The microvm binaries are now part of qemu-system-x86.
4632+ .
4633+ This is a transitional package. You can safely remove it.
4634+
4635 Package: qemu-user
4636 Architecture: amd64 arm arm64 armel armhf i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4637 Multi-Arch: foreign
4638@@ -438,8 +454,10 @@ Package: qemu-utils
4639 Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4640 Multi-Arch: foreign
4641 Breaks: qemu-system-common (<< 1:3.1+dfsg-3~)
4642-Depends: ${shlibs:Depends}, ${misc:Depends}
4643-Suggests: debootstrap, qemu-block-extra (= ${binary:Version}),
4644+Depends: ${shlibs:Depends}, ${misc:Depends},
4645+ qemu-block-extra (= ${binary:Version})
4646+Recommends: sharutils
4647+Suggests: debootstrap,
4648 Description: QEMU utilities
4649 QEMU is a fast processor emulator: currently the package supports
4650 ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
4651@@ -475,3 +493,59 @@ Description: Guest-side qemu-system agent
4652 .
4653 Install this package on a system which is running as guest inside
4654 qemu virtual machine. It is not used on the host.
4655+
4656+Package: qemu-system-s390x
4657+Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64
4658+Multi-Arch: foreign
4659+Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4660+Recommends: qemu-utils,
4661+Suggests: qemu-block-extra (= ${binary:Version}),
4662+Provides: qemu-kvm [linux-s390x], ${sysprovides:s390x}
4663+Breaks: qemu-kvm [linux-s390x], qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
4664+Replaces: qemu-kvm [linux-s390x], qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~)
4665+Description: QEMU full system emulation binaries (s390x)
4666+ QEMU is a fast processor emulator: currently the package supports
4667+ s390x emulation. By using dynamic translation it achieves reasonable
4668+ speed while being easy to port on new host CPUs.
4669+ .
4670+ This package provides the full system emulation binaries to emulate
4671+ the following s390x hardware: ${sysarch:s390x}.
4672+ .
4673+ In system emulation mode QEMU emulates a full system, including a processor
4674+ and various peripherals. It enables easier testing and debugging of system
4675+ code. It can also be used to provide virtual hosting of several virtual
4676+ machines on a single server.
4677+
4678+# xen support generally is disabled, this is an extra build with xen enabled
4679+# as needed by xen-utils-4.11 [amd64 arm64 armhf i386]
4680+# Xen will depend on this; this package and the main qemu-system-x86 are
4681+# mutually exclusive
4682+Package: qemu-system-x86-xen
4683+Architecture: amd64 i386
4684+Multi-Arch: foreign
4685+Depends:
4686+ ${shlibs:Depends},
4687+ ${misc:Depends},
4688+ qemu-system-common (>> ${source:Version}~),
4689+ qemu-system-data (>> ${source:Version}~),
4690+ ipxe-qemu,
4691+Recommends:
4692+ qemu-system-gui (= ${binary:Version}),
4693+ qemu-utils,
4694+ seabios,
4695+Suggests:
4696+ qemu-block-extra (= ${binary:Version}),
4697+ ovmf,
4698+Conflicts: qemu-system-x86
4699+Description: QEMU full system emulation binaries (x86)
4700+ QEMU is a fast processor emulator: currently the package supports
4701+ i386 and x86-64 emulation. By using dynamic translation it achieves
4702+ reasonable speed while being easy to port on new host CPUs.
4703+ .
4704+ This package provides the full system emulation binaries to emulate
4705+ the following x86 hardware: ${sysarch:x86-xen}.
4706+ .
4707+ In comparison to the main qemu-system-x86 this package has xen support
4708+ enabled, but is only maintained as universe package. Qemu with xen support
4709+ is needed to run Xen in HVM mode. For any other use case you should install
4710+ and use qemu-system-x86 instead.
4711diff --git a/debian/control-in b/debian/control-in
4712index 1860484..5975987 100644
4713--- a/debian/control-in
4714+++ b/debian/control-in
4715@@ -18,8 +18,8 @@ Build-Depends: debhelper-compat (= 12),
4716 texinfo, python3-sphinx,
4717 # iasl (from acpica-tools) is used only in a single test these days, not for building
4718 # acpica-tools,
4719-# --enable-capstone=system
4720- libcapstone-dev (>> 4.0.2~),
4721+:debian:# --enable-capstone=system
4722+:debian: libcapstone-dev (>> 4.0.2~),
4723 # --enable-linux-aio linux-*
4724 libaio-dev [linux-any],
4725 # --audio-drv-list=pa,alsa,oss linux-*
4726@@ -86,7 +86,7 @@ Build-Depends: debhelper-compat (= 12),
4727 # vde is debian-only since ubuntu/vde2 is in universe
4728 :debian:# --enable-vde
4729 :debian: libvdeplug-dev,
4730-# --enable-xen linux-amd64|linux-i386
4731+:debian:# --enable-xen linux-amd64|linux-i386
4732 libxen-dev [linux-amd64 linux-i386],
4733 # --enable-nettle
4734 nettle-dev,
4735@@ -114,6 +114,9 @@ Build-Depends: debhelper-compat (= 12),
4736 ##--with-iconv (libiconv for curses wide char support)
4737 ## auth-pam - for auth for vnc&Co using PAM
4738 ## gio-2.0 - for -display=spice-app
4739+## armhf workaround for bug 1890435 until resolved in gcc-10
4740+ gcc-9 [armhf],
4741+ g++-9 [armhf],
4742 Build-Depends-Indep:
4743 gcc-s390x-linux-gnu,
4744 # libc6.1-dev-alpha-cross isn't really needed but the code,
4745@@ -215,6 +218,7 @@ Multi-Arch: no
4746 Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~), qemu-system-gui (= 1:5.2+dfsg-1)
4747 Breaks: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~)
4748 Depends: ${misc:Depends}, ${shlibs:Depends},
4749+:ubuntu: qemu-block-extra (= ${binary:Version}),
4750 # to fix wrong acl for newly created device node on ubuntu:
4751 :ubuntu: acl
4752 Description: QEMU full system emulation binaries (common files)
4753@@ -267,6 +271,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Vers
4754 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4755 # aarch64 arm uses bootroms
4756 ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~),
4757+:ubuntu: ipxe-qemu-256k-compat-efi-roms,
4758 qemu-efi-aarch64, qemu-efi-arm
4759 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4760 Provides: qemu-kvm [linux-arm64 linux-armhf linux-armel], ${sysprovides:arm}
4761@@ -313,6 +318,7 @@ Multi-Arch: foreign
4762 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4763 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4764 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4765+:ubuntu: ipxe-qemu-256k-compat-efi-roms,
4766 # ppc targets use vgabios-stdvga and bootroms
4767 seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4768 Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc}
4769@@ -357,15 +363,16 @@ Package: qemu-system-x86
4770 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4771 Multi-Arch: foreign
4772 Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Version}~),
4773+:ubuntu: ipxe-qemu-256k-compat-efi-roms,
4774 seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~)
4775 Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils,
4776 ovmf,
4777 :ubuntu: cpu-checker
4778 Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}),
4779 sgabios,
4780-Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}
4781-Breaks: qemu-kvm [linux-amd64 linux-i386]
4782-Replaces: qemu-kvm [linux-amd64 linux-i386]
4783+Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}, qemu-system-x86-microvm
4784+Breaks: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4785+Replaces: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~)
4786 Description: QEMU full system emulation binaries (x86)
4787 QEMU is a fast processor emulator: currently the package supports
4788 i386 and x86-64 emulation. By using dynamic translation it achieves
4789@@ -382,6 +389,16 @@ Description: QEMU full system emulation binaries (x86)
4790 On x86 host hardware this package also enables KVM kernel virtual machine
4791 usage on systems which supports it.
4792
4793+Package: qemu-system-x86-microvm
4794+Architecture: amd64
4795+Multi-Arch: foreign
4796+Section: oldlibs
4797+Depends: qemu-system-x86 (>= 1:5.0-5ubuntu1~), ${misc:Depends}
4798+Description: QEMU full system emulation binaries (x86)
4799+ The microvm binaries are now part of qemu-system-x86.
4800+ .
4801+ This is a transitional package. You can safely remove it.
4802+
4803 Package: qemu-user
4804 Architecture: amd64 arm arm64 armel armhf i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4805 Multi-Arch: foreign
4806@@ -448,8 +465,11 @@ Package: qemu-utils
4807 Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32
4808 Multi-Arch: foreign
4809 Breaks: qemu-system-common (<< 1:3.1+dfsg-3~)
4810-Depends: ${shlibs:Depends}, ${misc:Depends}
4811-Suggests: debootstrap, qemu-block-extra (= ${binary:Version}),
4812+Depends: ${shlibs:Depends}, ${misc:Depends},
4813+:ubuntu: qemu-block-extra (= ${binary:Version})
4814+:ubuntu:Recommends: sharutils
4815+Suggests: debootstrap,
4816+:debian: qemu-block-extra (= ${binary:Version}),
4817 Description: QEMU utilities
4818 QEMU is a fast processor emulator: currently the package supports
4819 ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
4820@@ -507,3 +527,37 @@ Description: Guest-side qemu-system agent
4821 :ubuntu: and various peripherals. It enables easier testing and debugging of system
4822 :ubuntu: code. It can also be used to provide virtual hosting of several virtual
4823 :ubuntu: machines on a single server.
4824+
4825+:ubuntu:# xen support generally is disabled, this is an extra build with xen enabled
4826+:ubuntu:# as needed by xen-utils-4.11 [amd64 arm64 armhf i386]
4827+:ubuntu:# Xen will depend on this; this package and the main qemu-system-x86 are
4828+:ubuntu:# mutually exclusive
4829+:ubuntu:Package: qemu-system-x86-xen
4830+:ubuntu:Architecture: amd64 i386
4831+:ubuntu:Multi-Arch: foreign
4832+:ubuntu:Depends:
4833+:ubuntu: ${shlibs:Depends},
4834+:ubuntu: ${misc:Depends},
4835+:ubuntu: qemu-system-common (>> ${source:Version}~),
4836+:ubuntu: qemu-system-data (>> ${source:Version}~),
4837+:ubuntu: ipxe-qemu,
4838+:ubuntu:Recommends:
4839+:ubuntu: qemu-system-gui (= ${binary:Version}),
4840+:ubuntu: qemu-utils,
4841+:ubuntu: seabios,
4842+:ubuntu:Suggests:
4843+:ubuntu: qemu-block-extra (= ${binary:Version}),
4844+:ubuntu: ovmf,
4845+:ubuntu:Conflicts: qemu-system-x86
4846+:ubuntu:Description: QEMU full system emulation binaries (x86)
4847+:ubuntu: QEMU is a fast processor emulator: currently the package supports
4848+:ubuntu: i386 and x86-64 emulation. By using dynamic translation it achieves
4849+:ubuntu: reasonable speed while being easy to port on new host CPUs.
4850+:ubuntu: .
4851+:ubuntu: This package provides the full system emulation binaries to emulate
4852+:ubuntu: the following x86 hardware: ${sysarch:x86-xen}.
4853+:ubuntu: .
4854+:ubuntu: In comparison to the main qemu-system-x86 this package has xen support
4855+:ubuntu: enabled, but is only maintained as universe package. Qemu with xen support
4856+:ubuntu: is needed to run Xen in HVM mode. For any other use case you should install
4857+:ubuntu: and use qemu-system-x86 instead.
4858diff --git a/debian/patches/series b/debian/patches/series
4859index 5700edf..6eda61e 100644
4860--- a/debian/patches/series
4861+++ b/debian/patches/series
4862@@ -7,3 +7,8 @@ slof-remove-user-and-host-from-release-version.patch
4863 slof-ensure-ld-is-called-with-C-locale.patch
4864 skip-meson-pc-bios.diff
4865 spelling.diff
4866+
4867+# ubuntu patches
4868+ubuntu/enable-svm-by-default.patch
4869+ubuntu/define-ubuntu-machine-types.patch
4870+ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
4871diff --git a/debian/patches/ubuntu/define-ubuntu-machine-types.patch b/debian/patches/ubuntu/define-ubuntu-machine-types.patch
4872new file mode 100644
4873index 0000000..d1f890a
4874--- /dev/null
4875+++ b/debian/patches/ubuntu/define-ubuntu-machine-types.patch
4876@@ -0,0 +1,784 @@
4877+Description: Carry Ubuntu specific machine types
4878+
4879+Since Ubuntu is a downstream of qemu carrying patches it needs custom machine
4880+types to be able to identify and manage the delta that might affect machine
4881+types.
4882+
4883+This is an important piece to keep cross release migration supported for any
4884+downstream.
4885+
4886+Since the p->t transition these types are mostly stable copies of the upstream
4887+type (in the past this was more unstable upstream, so there was more delta),
4888+but they need to stay specific to reflect the delta we have. And even more so
4889+to have something to base off for affecting SRU changes.
4890+
4891+Also add a hint if instantiating fails due to now unsupported old guest
4892+types (LP: #1637936).
4893+
4894+Package maintainers please see https://wiki.ubuntu.com/QemuKVMMigration when
4895+maintaining this patch on SRU, merge or other packaging activity.
4896+While support on a type is dropped with the Release going EOL we never drop the
4897+type itself as long as it is maintainable. This will give people an extra
4898+chance to migrate and avoid issues like LP: 1802944.
4899+
4900+##
4901+
4902+This later on got extended by further ubuntu specific machine type changes:
4903+LP 1776189: Add a -hpb Ubuntu specific machine type suffix
4904+
4905+This works already fine on commandline, but Libvirt and other stacks above
4906+have no exploitation yet. Using a machine type has the benefit of being already
4907+controllable by most upper layer software like Libvirt (type= in os tag) but
4908+even up to Openstack (nova.conf or per image metadata on hw_machine_type).
4909+
4910+This is based on a discussion:
4911+ https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1769053
4912+
4913+A similar change is in CentOS/RH (there the default is switched, without
4914+even a way to go back.
4915+But since this can cause issues e.g. when migrating
4916+across hosts with different characteristics, it is not set as the default
4917+in Ubuntu with this change.
4918+
4919+Further we want to avoid "machine type proliferation", so we certainly won't
4920+add a type for every feature. But using a huge guest is more common and
4921+otherwise not yet achievable.
4922+
4923+This can be dropped when:
4924+ - libvirt exposes phys-bits/host-phys-bits natively
4925+ - at least the important stacks above exploit that config
4926+As an alternative we might decide at some point to make it the default without
4927+a way to switch back in following releases, but for now we don't want to do so.
4928+
4929+##
4930+
4931+This later on got extended by further ubuntu specific machine type changes:
4932+LP 1761372: special type for ppc64 meltdown/spectre defaults
4933+
4934+Upstresm 2.12 is not yet set in stone (almost but not full), and we ship 2.11
4935+with backports. SO we don't want to make a 2.12 machine type fully recommended
4936+yet.
4937+PPC was following x86 in providing a non default convenience type that has the
4938+spectre/meltdown flags toggled - in bug 1761372 we were requested to carry the
4939+same - but we agreed to do so as a 2.11 based type.
4940+
4941+Note I: x86 changes CPU types with -IBRS suffix, power chose to change machine
4942+types.
4943+
4944+Note II: this change can be squashed into ubuntu-machine-types.patch >=2.12
4945+where the base content will exist in the upstream source instead of
4946+patches on top.
4947+
4948+##
4949+
4950+[1] introduced a major regression into the 4.0 types by setting split
4951+irqchip to be the default. This was corrected by [2] and the fix further
4952+modified by [3] which overall adds a 4.0.1 machine type in qemu 4.1 (not
4953+yet released) and probably eventually stable branches.
4954+We will follow upstream with the upstream types, but the Ubuntu types so
4955+far didn't release a 4.0 type yet so for us we can fix it on the initial
4956+release right away.
4957+
4958+[1]: https://git.qemu.org/?p=qemu.git;a=commit;h=b2fc91db
4959+[2]: https://git.qemu.org/?p=qemu.git;a=commit;h=c87759ce
4960+[3]: https://git.qemu.org/?p=qemu.git;a=commit;h=8e8cbed0
4961+
4962+##
4963+
4964+Original-Author: Serge Hallyn <serge.hallyn@ubuntu.com>
4965+Original-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1304107
4966+Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
4967+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1621042
4968+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1776189
4969+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1761372
4970+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1829868
4971+Forwarded: not-needed
4972+Forward-info: downstream decision
4973+
4974+--- a/hw/i386/pc_piix.c
4975++++ b/hw/i386/pc_piix.c
4976+@@ -430,12 +430,7 @@ static void pc_i440fx_5_2_machine_option
4977+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
4978+ pc_i440fx_machine_options(m);
4979+ m->alias = "pc";
4980+- m->is_default = true;
4981+-#ifdef CONFIG_MICROVM_DEFAULT
4982+ m->is_default = false;
4983+-#else
4984+- m->is_default = true;
4985+-#endif
4986+ pcmc->default_cpu_version = 1;
4987+ }
4988+
4989+@@ -1009,3 +1004,225 @@ static void xenfv_3_1_machine_options(Ma
4990+ DEFINE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init,
4991+ xenfv_3_1_machine_options);
4992+ #endif
4993++
4994++/* Ubuntu machine types */
4995++static void pc_trusty_machine_options(MachineClass *m)
4996++{
4997++ pc_i440fx_2_0_machine_options(m);
4998++ m->desc = "Ubuntu 14.04 PC (i440FX + PIIX, 1996)";
4999++}
5000++DEFINE_I440FX_MACHINE(trusty, "pc-i440fx-trusty", pc_compat_2_0_fn,
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches