Merge ~paelzer/ubuntu/+source/qemu:merge-5.2-3 into ubuntu/+source/qemu:debian/sid

Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: c16535e7eb7efe1ee38a82554f7049d352b98379
Merge reported by: Bryce Harrington
Merged at revision: c16535e7eb7efe1ee38a82554f7049d352b98379
Proposed branch: ~paelzer/ubuntu/+source/qemu:merge-5.2-3
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 6336 lines (+5677/-30)
16 files modified
debian/changelog (+4229/-4)
debian/control (+88/-17)
debian/control-in (+59/-8)
debian/patches/series (+6/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+784/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch (+76/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-gui.prerm (+42/-0)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/rules (+56/-1)
Reviewer Review Type Date Requested Status
Paride Legovini (community) Approve
Canonical Server Team Pending
Ubuntu Server Dev import team Pending
Review via email: mp+395776@code.launchpad.net
To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

Logical tag for the old delta => logical-1%5.2+dfsg-2ubuntu1
This time all delta is retained as-is, only the usual regenerate of d/control and the new changelog entries.

Christian Ehrhardt  (paelzer) wrote :

 * [new tag] logical-1%5.2+dfsg-2ubuntu1 -> logical-1%5.2+dfsg-2ubuntu1

c16535e... by Christian Ehrhardt  on 2021-01-05

changelog: lp-1907789-build-no-pie-is-no-functional-liker-flag.patch is still needed until 6.0 is released

Signed-off-by: Christian Ehrhardt <email address hidden>

Christian Ehrhardt  (paelzer) wrote :

Why do things that worked need to break ... sigh.
There is a build error (that wasn't there yesterday) around sys/kcov.h/timer_create/openpty - looks like some lib changes. I'll need to get that fixed before I can fully build & test it.

Christian Ehrhardt  (paelzer) wrote :

Could have been #979322, rebuilding against libcacard (1:2.8.0-1ubuntu1)

Christian Ehrhardt  (paelzer) wrote :

It was indeed that issue, the builds seem to be green now (3 still running)

Paride Legovini (paride) wrote :

* Changelog:
  - [✓] old content and logical tag match as expected
  - [✓] changelog entry correct version and targeted codename
  - [✓] changelog entries correct
  - [✓] update-maintainer has been run

* Actual changes:
  - [✓] no upstream changes to consider
  - [✓] no further upstream version to consider
  - [✓] debian changes look safe

* Old Delta:
  - [ ] dropped changes are ok to be dropped
  - [✓] nothing else to drop
  - [ ] changes forwarded upstream/debian (if appropriate)

* New Delta:
  - [✓] no new patches added
  - [ ] patches match what was proposed upstream
  - [ ] patches correctly included in debian/patches/series
  - [ ] patches have correct DEP3 metadata

* Build/Test:
  - [✓] build is ok
  - [✓] verified PPA package installs/uninstalls
  - [ ] autopkgtest against the PPA package passes
  - [✓] sanity checks test fine

review: Approve
Christian Ehrhardt  (paelzer) wrote :

Thanks!

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading qemu_5.2+dfsg-3ubuntu1.dsc: done.
  Uploading qemu_5.2+dfsg-3ubuntu1.debian.tar.xz: done.
  Uploading qemu_5.2+dfsg-3ubuntu1_source.buildinfo: done.
  Uploading qemu_5.2+dfsg-3ubuntu1_source.changes: done.
Successfully uploaded packages.

 * [new tag] upload/1%5.2+dfsg-3ubuntu1 -> upload/1%5.2+dfsg-3ubuntu1

Bryce Harrington (bryce) wrote :

 qemu | 1:5.2+dfsg-3ubuntu1 | hirsute | source

This has migrated

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 2b6ae16..8b87d5e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,55 @@
1qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
2
3 * Merge with Debian unstable, includes fixes for
4 - qemu-user-static are partially dynamically linked (LP: #1908331)
5 - qemu crashing when using spice without qemu-system-gui being
6 installed (LP: #1908577)
7 Remaining changes:
8 - qemu-kvm to systemd unit
9 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
10 hugepages and architecture specifics
11 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
12 qemu-kvm-init
13 - d/qemu-system-common.install: install helper script
14 - d/qemu-system-common.qemu-kvm.default: defaults for
15 /etc/default/qemu-kvm
16 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
17 - Distribution specific machine type (LP: 1304107 1621042)
18 - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
19 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
20 for host-phys-bits=true (LP: 1776189)
21 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
22 - provide pseries-bionic-2.11-sxxm type as convenience with all
23 meltdown/spectre workarounds enabled by default. (LP: 1761372).
24 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
25 - Enable nesting by default
26 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
27 in qemu64 on amd
28 [ No more strictly needed, but required for backward compatibility ]
29 - improved dependencies
30 - Make qemu-system-common depend on qemu-block-extra
31 - Make qemu-utils depend on qemu-block-extra
32 - let qemu-utils recommend sharutils
33 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
34 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
35 reference 256k path
36 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
37 handle incoming migrations from former releases.
38 - d/control-in: Disable capstone disassembler library support (universe)
39 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
40 - d/control*, d/rules: disable xen by default, but provide universe
41 package qemu-system-x86-xen as alternative
42 [includes compat links changes of 5.0-5ubuntu4]
43 - allow qemu to load old modules post upgrade (LP 1847361)
44 - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
45 - d/rules: Drop generating package version into maintainer scripts
46 - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
47 the bad old prerm (LP 1906245 1905377)
48 - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
49 ld usage of -no-pie (LP 1907789)
50
51 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
52
1qemu (1:5.2+dfsg-3) unstable; urgency=medium53qemu (1:5.2+dfsg-3) unstable; urgency=medium
254
3 [ Christian Ehrhardt ]55 [ Christian Ehrhardt ]
@@ -14,6 +66,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
1466
15 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +030067 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
1668
69qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
70
71 * Merge with Debian unstable
72 - includes fix for CVE-2020-17380
73 - includes a fix for s390x PCI device reset (LP: #1907656)
74 Remaining changes:
75 - qemu-kvm to systemd unit
76 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
77 hugepages and architecture specifics
78 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
79 qemu-kvm-init
80 - d/qemu-system-common.install: install helper script
81 - d/qemu-system-common.qemu-kvm.default: defaults for
82 /etc/default/qemu-kvm
83 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
84 - Distribution specific machine type (LP: 1304107 1621042)
85 - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
86 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
87 for host-phys-bits=true (LP: 1776189)
88 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
89 - provide pseries-bionic-2.11-sxxm type as convenience with all
90 meltdown/spectre workarounds enabled by default. (LP: 1761372).
91 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
92 - Enable nesting by default
93 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
94 in qemu64 on amd
95 [ No more strictly needed, but required for backward compatibility ]
96 - improved dependencies
97 - Make qemu-system-common depend on qemu-block-extra
98 - Make qemu-utils depend on qemu-block-extra
99 - let qemu-utils recommend sharutils
100 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
101 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
102 reference 256k path
103 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
104 handle incoming migrations from former releases.
105 - d/control-in: Disable capstone disassembler library support (universe)
106 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
107 - d/control*, d/rules: disable xen by default, but provide universe
108 package qemu-system-x86-xen as alternative
109 [includes compat links changes of 5.0-5ubuntu4]
110 - allow qemu to load old modules post upgrade (LP 1847361)
111 - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
112 - d/rules: Drop generating package version into maintainer scripts
113 - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
114 the bad old prerm (LP 1906245 1905377)
115 * Dropped Changes:
116 - d/control, d/rules: build with gcc-9 on armhf as workaround until
117 resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
118 fails]
119 * Added Changes:
120 - Refreshed ubuntu machine types for hirsute@5.2
121 - d/control: regenerated from d/control-in
122 - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
123 ld usage of -no-pie (LP: #1907789)
124
125 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
126
17qemu (1:5.2+dfsg-2) unstable; urgency=medium127qemu (1:5.2+dfsg-2) unstable; urgency=medium
18128
19 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,129 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
@@ -59,6 +169,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
59169
60 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300170 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
61171
172qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
173
174 * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
175 the bad old prerm (LP: #1906245)
176
177 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
178
179qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
180
181 * Fix upgrade module handling (LP: #1905377)
182 This was accetped in a slightly different form in qemu_5.0-6 and therefore
183 allows to drop some former delta that is now conflicting.
184 Ubuntu still keeps enabling --enable-module-upgrades, but only for
185 qemu-xen which doesn't exist in Debian
186 - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
187 - d/rules: Drop generating package version into maintainer scripts
188
189 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
190
191qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
192
193 * Merge with Debian testing, remaining changes:
194 Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
195 - qemu-kvm to systemd unit
196 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
197 hugepages and architecture specifics
198 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
199 qemu-kvm-init
200 - d/qemu-system-common.install: install helper script
201 - d/qemu-system-common.qemu-kvm.default: defaults for
202 /etc/default/qemu-kvm
203 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
204 - Distribution specific machine type (LP: 1304107 1621042)
205 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
206 types
207 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
208 for host-phys-bits=true (LP: 1776189)
209 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
210 - provide pseries-bionic-2.11-sxxm type as convenience with all
211 meltdown/spectre workarounds enabled by default. (LP: 1761372).
212 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
213 - Enable nesting by default
214 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
215 in qemu64 on amd
216 [ No more strictly needed, but required for backward compatibility ]
217 - improved dependencies
218 - Make qemu-system-common depend on qemu-block-extra
219 - Make qemu-utils depend on qemu-block-extra
220 - let qemu-utils recommend sharutils
221 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
222 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
223 reference 256k path
224 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
225 handle incoming migrations from former releases.
226 - d/control-in: Disable capstone disassembler library support (universe)
227 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
228 - d/control*, d/rules: disable xen by default, but provide universe
229 package qemu-system-x86-xen as alternative
230 [includes compat links changes of 5.0-5ubuntu4]
231 - allow qemu to load old modules post upgrade (LP 1847361)
232 - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
233 upgrade
234 - d/rules: generate maintainer scripts matching package version on build
235 - d/rules: enable --enable-module-upgrades where --enable-modules is set
236 - d/control: regenerate debian/control out of control-in
237 * Dropped changes [in Debian or no more needed]
238 - d/control-in: disable pmem on ppc64 as it is currently considered
239 experimental on that architecture (pmdk v1.8-1)
240 - d/rules: makefile definitions can't be recursive - sys_systems for s390x
241 - d/rules: report config log from the correct subdir
242 - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
243 - Pick further changes for groovy from debian/master since 5.0-5
244 - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
245 - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
246 - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
247 - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
248 - megasas-use-unsigned-type-for-positive-numeric-fields.patch
249 - megasas-fix-possible-out-of-bounds-array-access.patch
250 - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
251 - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
252 - a few patches from the stable series:
253 - fix-tulip-breakage.patch
254 - 9p-lock-directory-streams-with-a-CoMutex.patch
255 Prevent deadlocks in 9pfs readdir code
256 - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
257 Fix newline accidentally sneaked into id string of a nic
258 - qemu-nbd-close-inherited-stderr.patch
259 - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
260 - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
261 - virtio-balloon-unref-the-iothread-when-unrealizing.patch
262 - acpi-tmr-allow-2-byte-reads.patch
263 - reapply CVE-2020-13253 fixes from upstream
264 - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
265 - linux-user-add-netlink-RTM_SETLINK-command.patch
266 - d/control: since qemu-system-data now contains module(s),
267 it can't be multi-arch. Ditto for qemu-block-extra.
268 - qemu-system-foo: depend on exact version of qemu-system-data,
269 due to the latter having modules
270 - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
271 This is another incarnation of the recent bugfix which actually enabled
272 memory access constraints, like #964247
273 - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
274 this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
275 and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
276 - xhci-fix-valid.max_access_size-to-access-address-registers.patch
277 fix one more incarnation of the breakage after the CVE-2020-13754 fix
278 - do not install outdated (0.12 and before) Changelog
279 - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
280 ARM-only XGMAC NIC, possible buffer overflow during packet transmission
281 Closes: CVE-2020-15863
282 - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
283 - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
284 another fix for revert-memory-accept-.. CVE-2020-13754
285 - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
286 - d/control-in: build-dep libcap is no more needed
287 - arch aware kvm wrappers
288 [upstream now automatically enables KVM if available and called with
289 kvm* name, provides KVM as before but with auto-fallback to tcg.
290 Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
291 * Dropped changes [upstream now]
292 - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
293 setup_len
294 - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
295 - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
296 - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
297 from vfio-ccw (LP 1887935)
298 - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
299 - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
300 - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
301 SQXBR (LP 1883984)
302 - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
303 - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
304 environments (LP 1887763)
305 - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
306 - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
307 crashes it on shutdown (LP 1878973)
308 - update d/p/ubuntu/lp-1835546-* to the final versions
309 - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
310 FTBFS in groovy
311 * Added Changes:
312 - update ubuntu machine types for hirsute@5.1
313 - d/control: regenerated from d/control-in
314 - d/control, d/rules: build with gcc-9 on armhf as workaround until
315 resolved in gcc-10 (LP: 1890435)
316
317 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
318
62qemu (1:5.1+dfsg-4) unstable; urgency=high319qemu (1:5.1+dfsg-4) unstable; urgency=high
63320
64 * mention closing of CVE-2020-16092 by 5.1321 * mention closing of CVE-2020-16092 by 5.1
@@ -77,7 +334,7 @@ qemu (1:5.1+dfsg-3) unstable; urgency=medium
77334
78qemu (1:5.1+dfsg-2) unstable; urgency=medium335qemu (1:5.1+dfsg-2) unstable; urgency=medium
79336
80 * fix brown-paper bag bug in last upload337 * fix brown-paper bag bug in last upload
81338
82 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 17 Aug 2020 20:58:52 +0300339 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 17 Aug 2020 20:58:52 +0300
83340
@@ -300,6 +557,298 @@ qemu (1:5.0-6) unstable; urgency=medium
300557
301 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300558 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
302559
560qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
561
562 * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
563 machine type to match how it originally was released (LP: #1902654)
564
565 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
566
567qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
568
569 * No-change rebuild for brltty soname change.
570
571 -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
572
573qemu (1:5.0-5ubuntu9) groovy; urgency=medium
574
575 * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
576 setup_len
577 CVE-2020-14364
578
579 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
580
581qemu (1:5.0-5ubuntu8) groovy; urgency=medium
582
583 * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
584
585 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
586
587qemu (1:5.0-5ubuntu7) groovy; urgency=medium
588
589 * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
590
591 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
592
593qemu (1:5.0-5ubuntu6) groovy; urgency=medium
594
595 * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
596 from vfio-ccw (LP: #1887935)
597
598 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
599
600qemu (1:5.0-5ubuntu5) groovy; urgency=medium
601
602 * fix qemu-user-static initialization to allow executing systemd
603 (LP: #1890881)
604 - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
605 - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
606 - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
607 - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
608 - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
609 - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
610 * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
611 CVE-2020-16092
612 - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
613
614 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
615
616qemu (1:5.0-5ubuntu4) groovy; urgency=medium
617
618 * xen: provide compat links to what libxen-dev reports where to find
619 the binaries (LP: #1890005)
620 * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
621 SQXBR (LP: #1883984)
622 * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
623
624 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
625
626qemu (1:5.0-5ubuntu3) groovy; urgency=medium
627
628 * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
629 environments (LP: #1887763)
630 * Pick further changes for groovy from debian/master since 5.0-5
631 - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
632 Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
633 infinite recursion via a crafted mm_index value during
634 ati_mm_read or ati_mm_write call.
635 - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
636 Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
637 devices which uses min_access_size and max_access_size Memory API fields.
638 Also closes: CVE-2020-13791
639 - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
640 CVE-2020-13659: address_space_map in exec.c can trigger
641 a NULL pointer dereference related to BounceBuffer
642 - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
643 Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
644 has an OOB read via a crafted reply_queue_head field from a guest OS user
645 - megasas-use-unsigned-type-for-positive-numeric-fields.patch
646 fix other possible cases like in CVE-2020-13362 (#961887)
647 - megasas-fix-possible-out-of-bounds-array-access.patch
648 Some tracepoints use a guest-controlled value as an index into the
649 mfi_frame_desc[] array. Thus a malicious guest could cause a very low
650 impact OOB errors here
651 - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
652 Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
653 This flaw occurs when an nbd-client sends a spec-compliant request that is
654 near the boundary of maximum permitted request length. A remote nbd-client
655 could use this flaw to crash the qemu-nbd server resulting in a DoS.
656 - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
657 Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
658 properly validate the frame count, which allows guest OS users to trigger
659 an out-of-bounds access during an es1370_write() operation
660 - a few patches from the stable series:
661 - fix-tulip-breakage.patch
662 The tulip network driver in a qemu-system-hppa emulation is broken in
663 the sense that bigger network packages aren't received any longer and
664 thus even running e.g. "apt update" inside the VM fails. Fix this.
665 - 9p-lock-directory-streams-with-a-CoMutex.patch
666 Prevent deadlocks in 9pfs readdir code
667 - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
668 Fix newline accidentally sneaked into id string of a nic
669 - qemu-nbd-close-inherited-stderr.patch
670 - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
671 - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
672 - virtio-balloon-unref-the-iothread-when-unrealizing.patch
673 - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
674 - reapply CVE-2020-13253 fixed from upstream:
675 sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
676 sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
677 sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
678 sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
679 Closes: #961297, CVE-2020-13253
680 - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
681 (Closes: #965109)
682 - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
683 - d/control: since qemu-system-data now contains module(s),
684 it can't be multi-arch. Ditto for qemu-block-extra.
685 - qemu-system-foo: depend on exact version of qemu-system-data,
686 due to the latter having modules
687 - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
688 This is another incarnation of the recent bugfix which actually enabled
689 memory access constraints, like #964247
690 - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
691 this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
692 and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
693 - xhci-fix-valid.max_access_size-to-access-address-registers.patch
694 fix one more incarnation of the breakage after the CVE-2020-13754 fix
695 - do not install outdated (0.12 and before) Changelog (Closes: #965381)
696 - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
697 ARM-only XGMAC NIC, possible buffer overflow during packet transmission
698 Closes: CVE-2020-15863
699 - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
700 List of patches:
701 sm501-convert-printf-abort-to-qemu_log_mask.patch
702 sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
703 sm501-use-BIT-macro-to-shorten-constant.patch
704 sm501-clean-up-local-variables-in-sm501_2d_operation.patch
705 sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
706 Closes: #961451, CVE-2020-12829
707 - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
708 another fix for revert-memory-accept-.. CVE-2020-13754
709 - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
710
711 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
712
713qemu (1:5.0-5ubuntu2) groovy; urgency=medium
714
715 * No change rebuild against new libnettle8 and libhogweed6 ABI.
716
717 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
718
719qemu (1:5.0-5ubuntu1) groovy; urgency=medium
720
721 * Merge with Debian testing (LP: #1749393), remaining changes:
722 - qemu-kvm to systemd unit
723 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
724 hugepages and architecture specifics
725 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
726 qemu-kvm-init
727 - d/qemu-system-common.install: install helper script
728 - d/qemu-system-common.qemu-kvm.default: defaults for
729 /etc/default/qemu-kvm
730 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
731 - Distribution specific machine type (LP: 1304107 1621042)
732 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
733 types
734 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
735 for host-phys-bits=true (LP: 1776189)
736 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
737 - provide pseries-bionic-2.11-sxxm type as convenience with all
738 meltdown/spectre workarounds enabled by default. (LP: 1761372).
739 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
740 - Enable nesting by default
741 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
742 in qemu64 on amd
743 [ No more strictly needed, but required for backward compatibility ]
744 - improved dependencies
745 - Make qemu-system-common depend on qemu-block-extra
746 - Make qemu-utils depend on qemu-block-extra
747 - let qemu-utils recommend sharutils
748 - arch aware kvm wrappers
749 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
750 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
751 reference 256k path
752 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
753 handle incoming migrations from former releases.
754 - d/control-in: Disable capstone disassembler library support (universe)
755 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
756 - d/control*, d/rules: disable xen by default, but provide universe
757 package qemu-system-x86-xen as alternative
758 [includes --disable-xen for user-static builds]
759 - d/control-in: disable pmem on ppc64 as it is currently considered
760 experimental on that architecture (pmdk v1.8-1)
761 - d/rules: makefile definitions can't be recursive - sys_systems for s390x
762 - d/rules: report config log from the correct subdir
763 - allow qemu to load old modules post upgrade (LP 1847361)
764 - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
765 upgrade
766 - d/rules: generate maintainer scripts matching package version on build
767 - d/rules: enable --enable-module-upgrades where --enable-modules is set
768 - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
769 - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
770 - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
771 crashes it on shutdown (LP 1878973)
772 * Dropped changes (no more needed)
773 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
774 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
775 in qemu64 cpu type.
776 - d/control: avoid upgrade issues triggered by moving ivshmem tools after
777 Debian. Fixed by bumping the related Breaks/Replaces to the
778 Version Ubuntu introduced the change (LP 1862287)
779 * Dropped changes (in Debian)
780 - improved s390x support
781 - d/binfmt-update-in: fix binfmt being called in some containers
782 (LP 1840956)
783 - qemu-system-x86-microvm package
784 In addition to the generic multi-purpose qemu also provide a minimal
785 feature binary that is loading faster for use cases with microvm machine
786 type and qboot bios
787 - d/control-in: add a new qemu-system-x86-microvm package
788 - d/rules: add an extra config/build step to get the minimal qemu
789 - Security and packaging fixes (LP 1872937)
790 - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
791 - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
792 CVE-2020-10702
793 CVE-2020-11102
794 - fix external spice UI
795 + install ui-spice-app.so in qemu-system-common
796 + install ui-spice-app.so only if built, spice is optional
797 - switch binfmt registration to use update-binfmts --[un]import (#866756)
798 - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
799 - qemu-system-data: s/highcolor/hicolor/ (#955741)
800 - enable riscv build (LP 1872931)
801 [ changes picked from Debian ]
802 - enable support for riscv64 hosts
803 - only enable librbd on architectures where it is built
804 - ceph: do not list librados-dev as we only use librbd-dev and the latter
805 depends on the former
806 - seccomp grew up, no need in versioned build-dep
807 - enable seccomp only on architectures where it can be built
808 * Dropped changes (upstream)
809 - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
810 (LP 1857033)
811 - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
812 - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
813 vhost-user-gpu
814 - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
815 avoid unnecessary IOTLB transactions (LP 1866207)
816 - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
817 patches @qemu-stable (LP 1867519)
818 - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
819 to avoid broken nesting (LP 1868692)
820 - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
821 (LP 1871830)
822 - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
823 - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
824 - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
825 and clobbered doubles (LP 1872945)
826 - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
827 - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
828 ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
829 - CVE-2020-11869
830 - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
831 - async: use explicit memory barriers (LP 1805256)
832 - aio-wait: delegate polling of main AioContext if BQL not held
833 - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
834 supporting to set them (LP 1882774)
835 - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
836 load to a versioned path
837 * Added Changes:
838 - d/control: regenerate debian/control out of control-in
839 - update d/p/ubuntu/lp-1835546-* to the final versions
840 - 11 patches dropped as they are in 5.0
841 - 20 patches updated to how they will be in 5.1
842 - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
843 FTBFS in groovy
844 - Make qemu-system-x86-microvm a transitional package as the binary is now
845 in qemu-system-x86 itself.
846 - d/control-in: build-dep libcap is no more needed
847 - d/rules: update arch aware kvm wrappers
848 - d/qemu-system-x86.README.Debian: fix typo
849
850 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
851
303qemu (1:5.0-5) unstable; urgency=medium852qemu (1:5.0-5) unstable; urgency=medium
304853
305 * more binfmt-install updates854 * more binfmt-install updates
@@ -432,6 +981,188 @@ qemu (1:4.2-4) unstable; urgency=medium
432981
433 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300982 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
434983
984qemu (1:4.2-3ubuntu10) groovy; urgency=medium
985
986 * No-change rebuild against libnettle8
987
988 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
989
990qemu (1:4.2-3ubuntu9) groovy; urgency=medium
991
992 * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
993 crashes it on shutdown (LP: #1878973)
994 * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
995 supporting to set them (LP: #1882774)
996
997 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
998
999qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1000
1001 * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1002 - async: use explicit memory barriers (LP: #1805256)
1003 - aio-wait: delegate polling of main AioContext if BQL not held
1004
1005 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1006
1007qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1008
1009 * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1010 - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1011 ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1012 - CVE-2020-11869
1013
1014 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1015
1016qemu (1:4.2-3ubuntu6) focal; urgency=medium
1017
1018 [ Christian Ehrhardt ]
1019 * enable riscv build (LP: #1872931)
1020 [ changes picked from Debian ]
1021 - enable support for riscv64 hosts
1022 - only enable librbd on architectures where it is built
1023 - ceph: do not list librados-dev as we only use librbd-dev and the latter
1024 depends on the former
1025 - seccomp grew up, no need in versioned build-dep
1026 - enable seccomp only on architectures where it can be built
1027 * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1028 * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1029 and clobbered doubles (LP: #1872945)
1030
1031 [ William Grant ]
1032 * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1033
1034 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1035
1036qemu (1:4.2-3ubuntu5) focal; urgency=medium
1037
1038 [ Christian Ehrhardt ]
1039 * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1040 (LP: #1871830)
1041 * Security and packaging fixes (LP: #1872937)
1042 - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1043 - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1044 CVE-2020-10702
1045 CVE-2020-11102
1046 - fix external spice UI
1047 + install ui-spice-app.so in qemu-system-common
1048 + install ui-spice-app.so only if built, spice is optional
1049 - switch binfmt registration to use update-binfmts --[un]import (#866756)
1050 - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1051 - qemu-system-data: s/highcolor/hicolor/ (#955741)
1052 * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1053
1054 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1055
1056qemu (1:4.2-3ubuntu4) focal; urgency=medium
1057
1058 * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1059 * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1060 to avoid broken nesting (LP: #1868692)
1061
1062 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1063
1064qemu (1:4.2-3ubuntu3) focal; urgency=medium
1065
1066 * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1067 patches @qemu-stable (LP: #1867519)
1068
1069 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1070
1071qemu (1:4.2-3ubuntu2) focal; urgency=medium
1072
1073 * allow qemu to load old modules post upgrade (LP: #1847361)
1074 - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1075 load to a versioned path
1076 - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1077 upgrade
1078 - d/rules: generate maintainer scripts matching package version on build
1079 - d/rules: enable --enable-module-upgrades where --enable-modules is set
1080 * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1081 avoid unnecessary IOTLB transactions (LP: #1866207)
1082
1083 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1084
1085qemu (1:4.2-3ubuntu1) focal; urgency=medium
1086
1087 * Merge with Debian testing, remaining changes:
1088 - qemu-kvm to systemd unit
1089 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1090 hugepages and architecture specifics
1091 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1092 qemu-kvm-init
1093 - d/qemu-system-common.install: install helper script
1094 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1095 - d/qemu-system-common.qemu-kvm.default: defaults for
1096 /etc/default/qemu-kvm
1097 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1098 - Distribution specific machine type (LP: 1304107 1621042)
1099 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1100 types
1101 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1102 for host-phys-bits=true (LP: 1776189)
1103 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1104 - provide pseries-bionic-2.11-sxxm type as convenience with all
1105 meltdown/spectre workarounds enabled by default. (LP: 1761372).
1106 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1107 - Enable nesting by default
1108 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1109 in qemu64 cpu type.
1110 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1111 in qemu64 on amd
1112 [ No more strictly needed, but required for backward compatibility ]
1113 - improved dependencies
1114 - Make qemu-system-common depend on qemu-block-extra
1115 - Make qemu-utils depend on qemu-block-extra
1116 - let qemu-utils recommend sharutils
1117 - improved s390x support
1118 - d/rules: build s390-ccw.img with upstream Makefile
1119 - d/rules: build s390-netboot.img with upstream Makefile
1120 - arch aware kvm wrappers
1121 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1122 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1123 reference 256k path
1124 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1125 handle incoming migrations from former releases.
1126 - d/control-in: Disable capstone disassembler library support (universe)
1127 - d/binfmt-update-in: fix binfmt being called in some containers
1128 (LP 1840956)
1129 - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1130 (LP 1857033)
1131 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1132 - d/control*, d/rules: disable xen by default, but provide universe
1133 package qemu-system-x86-xen as alternative
1134 - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1135 - Dropped changes [ in Debian ]
1136 - d/control: update VCS links
1137 - d/control-in: bump debhelper build-dep for compat 12
1138 - d/control: disable bluetooth being deprecated
1139 - d/not-installed: ignore new interop docs and extra icons for now
1140 - d/not-installed: do not install elf2dmp until namespaced
1141 - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1142 [ not needed ]
1143 - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1144 - s390x support
1145 - Create qemu-system-s390x package
1146 - Enable numa support for s390x
1147 - d/control*: enable libpmem support for nvdimms (LP 1790856)
1148 * Added changes
1149 - d/control: regenerate debian/control out of control-in
1150 - qemu-system-x86-microvm package
1151 In addition to the generic multi-purpose qemu also provide a minimal
1152 feature binary that is loading faster for use cases with microvm machine
1153 type and qboot bios
1154 - d/control-in: add a new qemu-system-x86-microvm package
1155 - d/rules: add an extra config/build step to get the minimal qemu
1156 - d/control-in: disable pmem on ppc64 as it is currently considered
1157 experimental on that architecture (pmdk v1.8-1)
1158 - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1159 - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1160 vhost-user-gpu
1161 - d/rules: report config log from the correct subdir
1162 - d/rules: --disable-xen for user-static builds
1163
1164 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1165
435qemu (1:4.2-3) unstable; urgency=medium1166qemu (1:4.2-3) unstable; urgency=medium
4361167
437 * mention closing of #909743 in previous changelog (Closes: #909743)1168 * mention closing of #909743 in previous changelog (Closes: #909743)
@@ -474,6 +1205,169 @@ qemu (1:4.2-2) unstable; urgency=medium
4741205
475 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +03001206 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
4761207
1208qemu (1:4.2-1ubuntu2) focal; urgency=medium
1209
1210 * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1211 Debian. Fixed by by bumping the related Breaks/Replaces to the
1212 Version Ubuntu introduced the change (LP: #1862287)
1213
1214 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1215
1216qemu (1:4.2-1ubuntu1) focal; urgency=medium
1217
1218 * Merge with Debian testing, Among many other things this fixes LP Bugs:
1219 LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1220 LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1221 LP: #1852744 - Crypto Passthrough Interrupt Support
1222 LP: #1853316 - CCW IPL Support
1223 Remaining changes:
1224 - qemu-kvm to systemd unit
1225 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1226 hugepages and architecture specifics
1227 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1228 qemu-kvm-init
1229 - d/qemu-system-common.install: install helper script
1230 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1231 - d/qemu-system-common.qemu-kvm.default: defaults for
1232 /etc/default/qemu-kvm
1233 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1234 - Distribution specific machine type (LP: 1304107 1621042)
1235 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1236 types
1237 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1238 for host-phys-bits=true (LP: 1776189)
1239 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1240 - provide pseries-bionic-2.11-sxxm type as convenience with all
1241 meltdown/spectre workarounds enabled by default. (LP: 1761372).
1242 - Enable nesting by default
1243 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1244 in qemu64 cpu type.
1245 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1246 in qemu64 on amd
1247 [ No more strictly needed, but required for backward compatibility ]
1248 - improved dependencies
1249 - Make qemu-system-common depend on qemu-block-extra
1250 - Make qemu-utils depend on qemu-block-extra
1251 - let qemu-utils recommend sharutils
1252 - s390x support
1253 - Create qemu-system-s390x package
1254 - Enable numa support for s390x
1255 - d/rules: build s390-ccw.img with upstream Makefile
1256 - d/rules: build s390-netboot.img with upstream Makefile
1257 - arch aware kvm wrappers
1258 - d/control: update VCS links
1259 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1260 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1261 reference 256k path
1262 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1263 handle incoming migrations from former releases.
1264 - d/control-in: Disable capstone disassembler library support (universe)
1265 - d/control: disable bluetooth being deprecated
1266 - d/not-installed: ignore new interop docs and extra icons for now
1267 - d/not-installed: do not install elf2dmp until namespaced
1268 - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1269 - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1270 - d/binfmt-update-in: fix binfmt being called in some containers
1271 (LP 1840956)
1272 - Dropped changes (in Debian)
1273 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1274 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1275 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1276 - d/control-in: enable RDMA support in qemu (LP: 1692476)
1277 - enable RDMA config option
1278 - add libibumad-dev build-dep
1279 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1280 some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1281 As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1282 replace it with a build-indep using the upstream makefiles.
1283 This is less prone to miss future changes/fixes that are done to the
1284 makefiles
1285 - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1286 - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1287 - d/rules: fix qemu-kvm service for debhelper compat >=12
1288 - Refreshed patches for v4.0 context changes
1289 - d/control*: remove sdlabi which was removed upstream
1290 - d/control*: enable docs (now explicit) and provide new build-dep
1291 python3-sphinx
1292 - d/qemu-system-data.install: use new paths for formerly used icons
1293 - Merge with Upstream release of qemu 4.0
1294 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1295 - Dropped changes (Upstream)
1296 - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1297 - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1298 - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1299 fix i386 build error
1300 - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1301 fix naming of the new vector facitlity (LP 1836066)
1302 - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1303 for missing SIOCGSTAMP definition; final fix is still in discussion
1304 upstream (LP: 1836159)
1305 - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1306 s390x machines (LP 1836154)
1307 - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1308 (LP 1841066)
1309 - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1310 update the z15 model name (LP 1842774)
1311 - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1312 fix a potential hang when qemu or qemu-img where accessing http backed
1313 disks via libcurl (LP 1848556)
1314 - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
1315 fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
1316 - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1317 toleration for future machines (LP 1830704)
1318 - SECURITY UPDATE: Add support for exposing md-clear functionality
1319 to guests
1320 - d/p/ubuntu/enable-md-clear.patch
1321 - d/p/ubuntu/enable-md-no.patch
1322 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1323 - SECURITY UPDATE: heap overflow when loading device tree blob
1324 - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1325 copy the device tree blob into is.
1326 - CVE-2018-20815
1327 - SECURITY UPDATE: device driver denial of service via NULL pointer
1328 dereference
1329 - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1330 routine
1331 - CVE-2019-5008
1332 - SECURITY UPDATE: information leak in SLiRP
1333 - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1334 emulating ident.
1335 - CVE-2019-9824
1336 - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1337 unimplement.patch: properly return architecture defined exception
1338 on bad subcodes of diag 308 (LP 1812384)
1339 * Dropped changes (no more needed)
1340 - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1341 mv_conffile since the new path is a directory in the old package
1342 version which can not be handled by mv_conffile.
1343 [ only needed between disco and eoan ]
1344 - disable pvrdma
1345 [ CVEs all fixed now ]
1346 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1347 avoid misdetection of simplified nesting blocking all migrations
1348 [ qemu now detects and handles nesting - needs kernel >=4.20 ]
1349 - Enable nesting by default
1350 - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1351 (is default on amd)
1352 - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1353 without nested=1
1354 [ nesting is default in kernel modules and default selected cpu types ]
1355 * Added changes
1356 - d/control: regenerate debian/control out of control-in
1357 - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
1358 - added ubuntu focal types for qemu 4.2
1359 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1360 - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1361 (LP: #1857033)
1362 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1363 - d/control*, d/rules: disable xen by default, but provide universe
1364 package qemu-system-x86-xen as alternative
1365 - fix typos in changelog and d/qemu-system-x86.NEWS
1366 - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
1367 - d/control*: enable libpmem support for nvdimms (LP: #1790856)
1368
1369 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
1370
477qemu (1:4.2-1) unstable; urgency=medium1371qemu (1:4.2-1) unstable; urgency=medium
4781372
479 * new upstream release (4.2.0)1373 * new upstream release (4.2.0)
@@ -550,6 +1444,205 @@ qemu (1:4.1-1) unstable; urgency=medium
5501444
551 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +03001445 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
5521446
1447qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
1448
1449 * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1450 fix a potential hang when qemu or qemu-img where accessing http backed
1451 disks via libcurl (LP: #1848556)
1452 * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
1453 fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
1454
1455 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
1456
1457qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
1458
1459 * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1460 update the z15 model name (LP: #1842774)
1461
1462 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
1463
1464qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
1465
1466 * d/binfmt-update-in: fix binfmt being called in some containers
1467 (LP: #1840956)
1468
1469 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
1470
1471qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
1472
1473 * No-change upload with strops.h and sys/strops.h removed in glibc.
1474
1475 -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
1476
1477qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
1478
1479 * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1480 (LP: #1841066)
1481
1482 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
1483
1484qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
1485
1486 * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1487 s390x machines (LP: #1836154)
1488
1489 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
1490
1491qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
1492
1493 * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
1494 - pick Debian change for (#889885)
1495 move ovmf to recommends on debian and update aarch ovmf refs
1496 - stop Ubuntu to drop ovmf/qemu-efi to a suggest
1497
1498 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
1499
1500qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
1501
1502 * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1503 for missing SIOCGSTAMP definition; final fix is still in discussion
1504 upstream (LP: 1836159)
1505
1506 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
1507
1508qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
1509
1510 * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1511 fix naming of the new vector facitlity (LP: #1836066)
1512 * d/control-in: update VCS links in control template as well
1513
1514 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
1515
1516qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
1517
1518 * Merge with Upstream release of qemu 4.0.
1519 Among many other things this fixes LP Bugs:
1520 LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
1521 LP: #1828038 - Update s390x CPU Model for more HW support
1522 LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
1523 Remaining Changes:
1524 - qemu-kvm to systemd unit
1525 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1526 hugepages and architecture specifics
1527 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1528 qemu-kvm-init
1529 - d/qemu-system-common.install: install helper script
1530 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1531 - d/qemu-system-common.qemu-kvm.default: defaults for
1532 /etc/default/qemu-kvm
1533 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1534 - Enable nesting by default
1535 - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1536 (is default on amd)
1537 - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1538 without nested=1
1539 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1540 in qemu64 cpu type.
1541 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1542 in qemu64 on amd
1543 - d/qemu-system-x86.README.Debian: document intention of nested being
1544 default is comfort, not full support
1545 - Distribution specific machine type (LP: 1304107 1621042)
1546 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1547 types
1548 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1549 for host-phys-bits=true (LP: 1776189)
1550 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1551 - provide pseries-bionic-2.11-sxxm type as convenience with all
1552 meltdown/spectre workarounds enabled by default. (LP: 1761372).
1553 - improved dependencies
1554 - Make qemu-system-common depend on qemu-block-extra
1555 - Make qemu-utils depend on qemu-block-extra
1556 - let qemu-utils recommend sharutils
1557 - s390x support
1558 - Create qemu-system-s390x package
1559 - Enable numa support for s390x
1560 - arch aware kvm wrappers
1561 - d/control: update VCS links
1562 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1563 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1564 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1565 - d/control-in: enable RDMA support in qemu (LP: 1692476)
1566 - enable RDMA config option
1567 - add libibumad-dev build-dep
1568 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1569 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1570 reference 256k path
1571 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1572 handle incoming migrations from former releases.
1573 - d/control-in: Disable capstone disassembler library support (universe)
1574 - Move s390x roms to a new qemu-system-data-s390x
1575 - d/qemu-system-data.install: install s390x roms as architecture:all in
1576 qemu-system-data
1577 - d/rules: build s390-ccw.img with upstream Makefile
1578 - d/rules: build s390-netboot.img with upstream Makefile
1579 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1580 some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1581 As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1582 replace it with a build-indep using the upstream makefiles.
1583 This is less prone to miss future changes/fixes that are done to the
1584 makefiles
1585 - d/control-in: add breaks/replaces for moving s390x roms from
1586 qemu-system-s390x to qemu-system-data
1587 - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1588 [From not yet uploaded Debian branch]
1589 - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1590 - d/rules: fix qemu-kvm service for debhelper compat >=12
1591 - disable pvrdma - besides several security holes there are many other
1592 bugs there as well
1593 * Dropped patches that are upstream in v4.0
1594 - d/p/do-not-link-everything-with-xen.patch
1595 - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
1596 - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
1597 - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1598 - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
1599 - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
1600 - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
1601 (LP: 1759509)
1602 - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
1603 - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
1604 - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
1605 - d/p/ubuntu/CVE-2018-20815.patch
1606 - d/p/ubuntu/CVE-2019-5008.patch
1607 - d/p/ubuntu/CVE-2019-9824.patch
1608 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1609 avoid misdetection of simplified nesting blocking all migrations
1610 * Dropped further patches
1611 d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
1612 [upstream deprecated the whole subsystem instead of applying the fix]
1613 * Added Changes
1614 - updated ubuntu machine types for v4.0
1615 - added eoan types
1616 - fixed s390x issue of upstream types having a "v" prefix
1617 - add back dropped machine types to avoid more issues like LP: 1802944
1618 - fix kvm split irqchip default in ubuntu q35 machine type
1619 - drop no more needed spapr_machine_2_11_sxxm_instance_options and
1620 adapt updated CamelCase
1621 - -hpb types now need to use GlobalProperties
1622 - pc_compat_2_0 got a _fn suffix and slight changes
1623 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
1624 SLOF of qemu 4.0
1625 - Refreshed patches still needed for v4.0 context changes
1626 - d/p/use-fixed-data-path.patch
1627 - d/p/ubuntu/enable-svm-by-default.patch
1628 - d/p/ubuntu/enable-md-clear.patch
1629 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
1630 - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
1631 (LP: #1830243)
1632 - d/control: disable bluetooth being deprecated
1633 - d/control*: remove sdlabi which was removed upstream
1634 - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
1635 - d/control*: enable docs (now explicit) and provide new build-dep
1636 python3-sphinx
1637 - d/not-installed: ignore new interop docs and extra icons for now
1638 - d/not-installed: do not install elf2dmp until namespaced
1639 - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1640 - d/qemu-system-data.install: use new paths for formerly used icons
1641 - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1642 fix i386 build error
1643
1644 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
1645
553qemu (1:3.1+dfsg-8) unstable; urgency=high1646qemu (1:3.1+dfsg-8) unstable; urgency=high
5541647
555 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch1648 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
@@ -652,6 +1745,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
6521745
653 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +03001746 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
6541747
1748qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
1749
1750 * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
1751 broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
1752 fix migrations from old machines (LP: #1829868).
1753 * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1754 toleration for future machines (LP: #1830704
1755
1756 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
1757
1758qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
1759
1760 * SECURITY UPDATE: Add support for exposing md-clear functionality
1761 to guests
1762 - d/p/ubuntu/enable-md-clear.patch
1763 - d/p/ubuntu/enable-md-no.patch
1764 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1765 * SECURITY UPDATE: heap overflow when loading device tree blob
1766 - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1767 copy the device tree blob into is.
1768 - CVE-2018-20815
1769 * SECURITY UPDATE: device driver denial of service via NULL pointer
1770 dereference
1771 - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1772 routine
1773 - CVE-2019-5008
1774 * SECURITY UPDATE: information leak in SLiRP
1775 - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1776 emulating ident.
1777 - CVE-2019-9824
1778
1779 -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
1780
1781qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
1782
1783 * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
1784 - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
1785 - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1786 mv_conffile since the new path is a directory in the old package
1787 version which can not be handled by mv_conffile.
1788 * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
1789 OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
1790 Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
1791 CVE-2019-3812
1792
1793 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
1794
1795qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
1796
1797 * disable pvrdma - besides several security holes there are many other
1798 bugs there as well, and the amount of patches applied upstream after
1799 3.1 release is large (Closes, or actuallymakes unimportant again)
1800 - CVE-2018-20123
1801 - CVE-2018-20124
1802 - CVE-2018-20125
1803 - CVE-2018-20126
1804 - CVE-2018-20191
1805 - CVE-2018-20216
1806 * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1807 - CVE-2019-6501
1808 * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
1809 - CVE-2019-6778
1810
1811 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
1812
1813qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
1814
1815 * Merge with Debian testing, Among many other things this fixes LP Bugs:
1816 LP: #1806104 - fix misleading page size error on ppc64el
1817 LP: #1782205 - SnowRidge enabled new ISAs
1818 LP: #1786956 - upgrade to qemu >= 3.0
1819 LP: #1809083 - Backward migration to Xenial on ppc64el
1820 LP: #1803315 - s390x Huge page enablement
1821 LP: #1657409 - enable virglrenderer
1822 Remaining Changes:
1823 - qemu-kvm to systemd unit
1824 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1825 hugepages and architecture specifics
1826 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1827 - d/qemu-system-common.install: install systemd unit and helper script
1828 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1829 - d/qemu-system-common.qemu-kvm.default: defaults for
1830 /etc/default/qemu-kvm
1831 - d/rules: install /etc/default/qemu-kvm
1832 - Enable nesting by default
1833 - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1834 (is default on amd)
1835 - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1836 without nested=1
1837 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1838 in qemu64 cpu type.
1839 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1840 in qemu64 on amd
1841 - d/qemu-system-x86.README.Debian: document intention of nested being
1842 default is comfort, not full support
1843 - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
1844 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1845 types
1846 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1847 for host-phys-bits=true (LP: 1776189)
1848 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1849 - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1850 convenience with all meltdown/spectre workarounds enabled by default.
1851 (LP: 1761372).
1852 - improved dependencies
1853 - Make qemu-system-common depend on qemu-block-extra
1854 - Make qemu-utils depend on qemu-block-extra
1855 - let qemu-utils recommend sharutils
1856 - s390x support
1857 - Create qemu-system-s390x package
1858 - Enable numa support for s390x
1859 - arch aware kvm wrappers
1860 - d/control: update VCS links (updated to match latest Ubuntu)
1861 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1862 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1863 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1864 - d/control-in: enable RDMA support in qemu (LP: 1692476)
1865 - enable RDMA config option
1866 - add libibumad-dev build-dep
1867 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1868 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1869 reference 256k path
1870 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1871 handle incoming migrations from former releases.
1872 - d/control-in: Disable capstone disassembler library support (universe)
1873 * Added Changes:
1874 - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
1875 for qemu 3.1 in the Ubuntu Disco release
1876 - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
1877 - Move s390x roms to a new qemu-system-data-s390x
1878 - d/qemu-system-data.install: install s390x roms as architecture:all in
1879 qemu-system-data
1880 - d/rules: build s390-ccw.img with upstream Makefile
1881 - d/rules: build s390x-netboot.img with upstream Makefile
1882 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1883 some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1884 As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1885 replace it with a build-indep using the upstream makefiles.
1886 This is less prone to miss future changes/fixes that are done to the
1887 makefiles
1888 - d/control-in: add breaks/replaces for moving s390x roms from
1889 qemu-system-s390x to qemu-system-data
1890 - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1891 [From not yet uploaded Debian branch]
1892 - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1893 (Closes: #918378)
1894 - d/rules: fix qemu-kvm service for debhelper compat >=12
1895 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1896 avoid misdetection of simplified nesting blocking all migrations
1897 - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1898 unimplement.patch: properly return archicture defined exception
1899 on bad subcodes of diag 308 (LP: #1812384)
1900 * Dropped Changes:
1901 - Include s390-ccw.img firmware (old style native build)
1902 - d/rules enable install s390x-netboot.img (old style native build)
1903 - libvirt/qemu user/group support
1904 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1905 trigger.
1906 [ Droppable since logind properly sets ACLs now ]
1907 - qemu-system-common.preinst: add kvm group if needed
1908 [ Droppable because systemd/udev take care of it since 239-6]
1909 - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
1910 freeze-hook fixes (LP: 1484990)
1911 [upstream]
1912 - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
1913 merged upstream
1914 [upstream]
1915 - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
1916 computation while concatenating mbuf.
1917 CVE-2018-11806
1918 [upstream]
1919 - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
1920 for powerpc64 to speed up translation (LP: 1781526)
1921 [upstream]
1922 - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
1923 cpu model for z14 ZR1 (LP: 1780773).
1924 [upstream]
1925 - Mark qemu-system-data foreign to be able to install it e.g. on i386
1926 (Closes: 903562)
1927 [in Debian]
1928 - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
1929 unreleased Debian version)
1930 [in Debian]
1931 - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1932 by migrations with UI frontends or frequent guest resolution changes
1933 (LP #1755912)
1934 [upstream]
1935 - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1936 extend eieio for POWER9 emulation (LP: 1787408).
1937 [upstream]
1938 - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1939 ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
1940 [upstream]
1941 - improve s390x spectre mitigation with etoken facility (LP: 1790457)
1942 [upstream]
1943 - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
1944 [upstream]
1945 - d/control-in: our addition of a qemu-system-s390x package needs to follow
1946 the split of qemu-system-data by adding a dependency to it (LP: 1798084)
1947 [in Debian]
1948 - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1949 Adapters on s390x (LP: 1787405)
1950 [upstream]
1951 - enable opengl for vfio-MDEV support (LP: 1804766)
1952 [in Debian]
1953 - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1954 [upstream]
1955 - SECURITY UPDATE: integer overflow via crafted QMP command
1956 [upstream]
1957 - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1958 [upstream]
1959 - SECURITY UPDATE: buffer overflow in rtl8139
1960 [upstream]
1961 - SECURITY UPDATE: buffer overflow in pcnet
1962 [upstream]
1963 - SECURITY UPDATE: DoS via large packet sizes
1964 [upstream]
1965 - SECURITY UPDATE: DoS in lsi53c895a
1966 [upstream]
1967 - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1968 [upstream]
1969 - SECURITY UPDATE: race condition in 9p
1970 [upstream]
1971
1972 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
1973
655qemu (1:3.1+dfsg-2) unstable; urgency=medium1974qemu (1:3.1+dfsg-2) unstable; urgency=medium
6561975
657 * d/rules: split arch and indep builds1976 * d/rules: split arch and indep builds
@@ -731,6 +2050,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
7312050
732 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +03002051 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
7332052
2053qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
2054
2055 [ Marc Deslauriers ]
2056 * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2057 - debian/patches/CVE-2018-10839.patch: use proper type in
2058 hw/net/ne2000.c.
2059 - CVE-2018-10839
2060 * SECURITY UPDATE: integer overflow via crafted QMP command
2061 - debian/patches/CVE-2018-12617.patch: check bytes count read by
2062 guest-file-read in qga/commands-posix.c.
2063 - CVE-2018-12617
2064 * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2065 - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
2066 - CVE-2018-16847
2067 * SECURITY UPDATE: buffer overflow in rtl8139
2068 - debian/patches/CVE-2018-17958.patch: use proper type in
2069 hw/net/rtl8139.c.
2070 - CVE-2018-17958
2071 * SECURITY UPDATE: buffer overflow in pcnet
2072 - debian/patches/CVE-2018-17962.patch: use proper type in
2073 hw/net/pcnet.c.
2074 - CVE-2018-17962
2075 * SECURITY UPDATE: DoS via large packet sizes
2076 - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
2077 - CVE-2018-17963
2078 * SECURITY UPDATE: DoS in lsi53c895a
2079 - debian/patches/CVE-2018-18849.patch: check message length value is
2080 valid in hw/scsi/lsi53c895a.c.
2081 - CVE-2018-18849
2082 * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2083 - debian/patches/CVE-2018-18954.patch: check size before data buffer
2084 access in hw/ppc/pnv_lpc.c.
2085 - CVE-2018-18954
2086 * SECURITY UPDATE: race condition in 9p
2087 - debian/patches/CVE-2018-19364-1.patch: use write lock in
2088 hw/9pfs/cofile.c.
2089 - debian/patches/CVE-2018-19364-2.patch: use write lock in
2090 hw/9pfs/9p.c.
2091 - CVE-2018-19364
2092
2093 [ Christian Ehrhardt]
2094 * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2095 Adapters on s390x (LP: #1787405)
2096 * enable opengl for vfio-MDEV support (LP: #1804766)
2097 - d/control-in: set --enable-opengl
2098 - d/control-in: add gl related build-dependencies
2099
2100 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
2101
2102qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
2103
2104 * d/control-in: our addition of a qemu-system-s390x package needs to follow
2105 the split of qemu-system-data by adding a dependency to it (LP: #1798084)
2106
2107 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
2108
2109qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
2110
2111 * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
2112 The SLOF source pieces in src:qemu are only used for s390x netboot,
2113 which are independent ROMs (no linking). All other binaries out of this
2114 are part of src:slof and independent.
2115 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
2116 - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
2117 and related fixes
2118
2119 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
2120
2121qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
2122
2123 * improve s390x spectre mitigation with etoken facility (LP: #1790457)
2124 - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
2125 - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
2126
2127 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
2128
2129qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
2130
2131 * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2132 ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
2133 - CVE-2018-15746
2134
2135 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
2136
2137qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
2138
2139 [ Murilo Opsfelder Araujo ]
2140 * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2141 extend eieio for POWER9 emulation (LP: #1787408).
2142
2143 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
2144
2145qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
2146
2147 * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2148 by migrations with UI frontends or frequent guest resolution changes
2149 (LP: #1755912)
2150
2151 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
2152
2153qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
2154
2155 * Disable capstone disassembler library support (universe dependency)
2156
2157 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
2158
2159qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
2160
2161 * Merge with Debian testing, Remaining Changes:
2162 - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
2163 - qemu-kvm to systemd unit
2164 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2165 hugepages and architecture specifics
2166 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2167 - d/qemu-system-common.install: install systemd unit and helper script
2168 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2169 - d/qemu-system-common.qemu-kvm.default: defaults for
2170 /etc/default/qemu-kvm
2171 - d/rules: install /etc/default/qemu-kvm
2172 - Enable nesting by default
2173 - set nested=1 module option on intel. (is default on amd)
2174 - re-load kvm_intel.ko if it was loaded without nested=1
2175 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2176 in qemu64 cpu type.
2177 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2178 in qemu64 on amd
2179 - d/qemu-system-x86.README.Debian: document intention of nested being
2180 default is comfort, not full support
2181 - libvirt/qemu user/group support
2182 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2183 trigger.
2184 - qemu-system-common.preinst: add kvm group if needed
2185 - Distribution specific machine type
2186 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2187 types to ease future live vm migration.
2188 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2189 - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2190 for host-phys-bits=true (LP: 1776189)
2191 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2192 - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2193 convenience with all meltdown/spectre workarounds enabled by default.
2194 (LP: 1761372).
2195 - improved dependencies
2196 - Make qemu-system-common depend on qemu-block-extra
2197 - Make qemu-utils depend on qemu-block-extra
2198 - let qemu-utils recommend sharutils
2199 - s390x support
2200 - Create qemu-system-s390x package
2201 - Include s390-ccw.img firmware
2202 - Enable numa support for s390x
2203 - arch aware kvm wrappers
2204 - update VCS-git (updated to match cosmic)
2205 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2206 - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2207 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2208 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2209 - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2210 - d/rules enable install s390x-netboot.img
2211 - d/control-in: enable RDMA support in qemu (LP: 1692476)
2212 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2213 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2214 reference 256k path
2215 - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2216 handle incoming migrations from former releases.
2217 - SECURITY UPDATE: Speculative Store Bypass
2218 - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2219 CPUID feature bit in target/i386/cpu.*.
2220 - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2221 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2222 - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2223 MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2224 target/i386/machine.c.
2225 - CVE-2018-3639
2226 * Added Changes:
2227 - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2228 - add cosmic types for base and -hpb
2229 - drop no more supported types (zesty and yakkety)
2230 - d/p/series: group machine type changes
2231 - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2232 merged upstream
2233 - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2234 computation while concatenating mbuf.
2235 CVE-2018-11806
2236 - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2237 deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2238 - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2239 - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2240 - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2241 to POWER8
2242 - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2243 is no more needed with systemd-detect-virt being more mature and always
2244 present.
2245 - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2246 - d/control-in: add libibumad-dev which is now needed for rdma
2247 - d/rules: update s390x delta to match new Debian packaging
2248 - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2249 for powerpc64 to speed up translation (LP: #1781526)
2250 - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2251 cpu model for z14 ZR1 (LP: #1780773).
2252 - Mark qemu-system-data foreign to be able to install it e.g. on i386
2253 (Closes: 903562)
2254 - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2255 unreleased Debian version)
2256 * Dropped Changes:
2257 - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2258 (No more removed when building DFSG orig tarball in Debian)
2259 - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2260 we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2261 so we revert related changes to stick with the proven for now:
2262 - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2263 depends on it)
2264 - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2265 (Debian switched to gtk which seems to work better and has all
2266 dependencies in main.)
2267 - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2268 - Changes that are now upstream with qemu 2.12
2269 - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2270 newer versions of glibc >=2.27 (LP: 1753826)
2271 - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2272 - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2273 SSE/AVX/AVX512 cpu features (LP: 1739665)
2274 - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2275 space+commpage continuous which avoids long startup times on
2276 qemu-user-static (LP: 1740219)
2277 - provide pseries-2.12-sxxm type (LP: 1761372)
2278 - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2279 filesystem-dax with pmem by backporting align and unarmed options
2280 (LP: 1704312).
2281 - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2282 option to slirp's DHCP server (LP: 1762315)
2283 - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2284 Protection information (LP: 1762854).
2285 - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2286 migration (LP: 1763468).
2287 - SECURITY UPDATE: out-of-bounds access during migration via ps2
2288 CVE-2017-16845
2289 - SECURITY UPDATE: arbitrary code execution via load_multiboot
2290 CVE-2018-7550
2291 - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2292 CVE-2018-7858
2293
2294 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2295
734qemu (1:2.12+dfsg-3) unstable; urgency=medium2296qemu (1:2.12+dfsg-3) unstable; urgency=medium
7352297
736 * make qemu-system-foo depending2298 * make qemu-system-foo depending
@@ -819,6 +2381,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
8192381
820 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +03002382 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
8212383
2384qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2385
2386 * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2387 for host-phys-bits=true (LP: #1776189)
2388 - add an info about this change in debian/qemu-system-x86.NEWS
2389
2390 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2391
2392qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2393
2394 * SECURITY UPDATE: Speculative Store Bypass
2395 - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2396 CPUID feature bit in target/i386/cpu.*.
2397 - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2398 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2399 - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2400 MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2401 target/i386/machine.c.
2402 - CVE-2018-3639
2403
2404 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2405
2406qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2407
2408 * SECURITY UPDATE: out-of-bounds access during migration via ps2
2409 - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2410 in post_load routine in hw/input/ps2.c.
2411 - CVE-2017-16845
2412 * SECURITY UPDATE: arbitrary code execution via load_multiboot
2413 - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2414 zero in hw/i386/multiboot.c.
2415 - CVE-2018-7550
2416 * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2417 - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2418 hw/display/vga.c.
2419 - CVE-2018-7858
2420
2421 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2422
2423qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2424
2425 * No-change rebuild for ncurses soname changes.
2426
2427 -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2428
2429qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2430
2431 * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2432 information (LP: #1762854).
2433 * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2434 (LP: #1763468).
2435
2436 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2437
2438qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2439
2440 * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2441 The Kernel fixes are preferred and already committed to the kernel.
2442 Therefore remove the default disabling of the HTM feature (LP: #1761175)
2443 * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2444 SSE/AVX/AVX512 cpu features (LP: #1739665)
2445 * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2446 space+commpage continuous which avoids long startup times on
2447 qemu-user-static (LP: #1740219)
2448 * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2449 convenience with all meltdown/spectre workarounds enabled by default.
2450 This is not the default type following upstream and x86 on that.
2451 (LP: #1761372).
2452 * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2453 with pmem by backporting align and unarmed options (LP: #1704312).
2454 * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2455 option to slirp's DHCP server (LP: #1762315)
2456
2457 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2458
2459qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2460
2461 * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2462 accepted to be better long term maintainable (LP: #1753938)
2463
2464 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2465
2466qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2467
2468 * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2469 ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2470 * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2471 versions of glibc >=2.27 (LP: #1753826)
2472
2473 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2474
2475qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2476
2477 * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2478 d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2479 Add domainname option and classless static routes support to the user
2480 networking's DHCP server
2481
2482 -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2483
2484qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2485
2486 * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2487 - among other fixes this adds code to:
2488 - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2489 However, enabling this functionality requires additional configuration
2490 beyond just updating QEMU. Also migrations need special consideration.
2491 Details about that can be found at:
2492 https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2493 - Power9 allocation of max 8 threads per core (LP: #1750526)
2494 * Drop changes that are part of the upstream stable release
2495 - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2496 - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2497 - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2498 - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2499 * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2500 * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2501 common compat.h header and add some extra info in the patch header.
2502
2503 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2504
2505qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2506
2507 * Merge with Debian testing, among other fixes this includes
2508 - fix fatal error on negative maxcpus (LP: #1722495)
2509 - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2510 - linux user threading issues (LP: #1350435)
2511 - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2512 Remaining changes:
2513 - qemu-kvm to systemd unit
2514 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2515 hugepages and architecture specifics
2516 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2517 - d/qemu-system-common.install: install systemd unit and helper script
2518 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2519 - d/qemu-system-common.qemu-kvm.default: defaults for
2520 /etc/default/qemu-kvm
2521 - d/rules: install /etc/default/qemu-kvm
2522 - Enable nesting by default
2523 - set nested=1 module option on intel. (is default on amd)
2524 - re-load kvm_intel.ko if it was loaded without nested=1
2525 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2526 in qemu64 cpu type.
2527 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2528 in qemu64 on amd
2529 - libvirt/qemu user/group support
2530 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2531 trigger.
2532 - qemu-system-common.preinst: add kvm group if needed
2533 - Distribution specific machine type
2534 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2535 types to ease future live vm migration.
2536 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2537 - improved dependencies
2538 - Make qemu-system-common depend on qemu-block-extra
2539 - Make qemu-utils depend on qemu-block-extra
2540 - let qemu-utils recommend sharutils
2541 - s390x support
2542 - Create qemu-system-s390x package
2543 - Include s390-ccw.img firmware
2544 - Enable numa support for s390x
2545 - ppc64[le] support
2546 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2547 - arch aware kvm wrappers
2548 * Added Changes
2549 - update VCS-git to match the bionic branch
2550 - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2551 we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2552 so we revert related changes to stick with the proven for now:
2553 - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2554 depends on it)
2555 - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2556 - d/qemu-system-x86.README.Debian: document intention of nested being
2557 default is comfort, not full support
2558 - update Ubuntu machine types for qemu 2.11
2559 - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2560 - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2561 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2562 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2563 - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2564 - d/rules enable install s390x-netboot.img
2565 - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2566 - d/control-in: enable RDMA support in qemu (LP: #1692476)
2567 - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2568 - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2569 - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2570 - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2571 - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2572 - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2573 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2574 reference 256k path
2575 - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2576 handle incoming migrations from former releases.
2577 - d/control-in: enable seccomp on s390x
2578 * Dropped changes (no more needed):
2579 - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2580 The functionality is retained for upgraders, but is deprecated.
2581 Post 18.04 the implementation for these configurations will be removed.
2582 * Dropped changes (in Debian now):
2583 - ppc64[le] support
2584 - Enable seccomp for ppc64el
2585 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2586 - disable missing x32 architecture
2587 - d/rules: or32 is now named or1k (since 4a09d0bb)
2588 - d/qemu-system-common.docs: new paths since (ac06724a)
2589 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2590 by qapi-schema.json which is already packaged (since 4d8bb958)
2591 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2592 to Debian patch to match qemu 2.10)
2593 - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2594 since 8508eee7
2595 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2596 - make nios2/hppa not installed explicitly until further stablized
2597 - d/qemu-guest-agent.install: add the new guest agent reference man page
2598 qemu-ga-ref
2599 - d/qemu-system-common.install: add the now generated qapi/qmp reference
2600 along the qapi intro
2601 - d/not-installed: ignore further generated (since 56e8bdd4) files in
2602 dh_missing that are already provided in other formats qemu-doc,
2603 qemu-qmp-ref,qemu-ga-ref
2604 * Dropped changes (integrated upstream):
2605 - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2606 on arm64 when doing suspend/resume and reboots due to older kernels not
2607 supporting ITS (LP 1731051).
2608 - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2609 James Cowgill to prevent qemu-user from forwarding prctl seccomp
2610 calls (LP 1726394)
2611 - update to upstream 2.10.1 point release (LP 1722808)
2612
2613
2614
2615 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2616
822qemu (1:2.11+dfsg-1) unstable; urgency=medium2617qemu (1:2.11+dfsg-1) unstable; urgency=medium
8232618
824 [ Michael Tokarev ]2619 [ Michael Tokarev ]
@@ -933,6 +2728,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
9332728
934 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +03002729 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
9352730
2731qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
2732
2733 * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2734 on arm64 when doing suspend/resume and reboots due to older kernels not
2735 supporting ITS (LP: #1731051).
2736
2737 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
2738
2739qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
2740
2741 * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2742 James Cowgill to prevent qemu-user from forwarding prctl seccomp
2743 calls (LP: #1726394)
2744
2745 -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
2746
2747qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
2748
2749 * fix enablement of qemu-kvm service (LP: #1720397)
2750 - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
2751 - d/rules: add proper enablement debhelper calls
2752 - d/qemu-system-common.install: install covered by dh_installinit
2753
2754 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
2755
2756qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
2757
2758 * update to upstream 2.10.1 point release (LP: #1722808)
2759
2760 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
2761
2762qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
2763
2764 * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
2765 Remaining changes:
2766 - qemu-kvm to systemd unit
2767 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2768 hugepages and architecture specifics
2769 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2770 - d/qemu-system-common.install: install systemd unit and helper script
2771 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2772 - d/qemu-system-common.qemu-kvm.default: defaults for
2773 /etc/default/qemu-kvm
2774 - d/rules: install /etc/default/qemu-kvm
2775 - Enable nesting by default
2776 - set nested=1 module option on intel. (is default on amd)
2777 - re-load kvm_intel.ko if it was loaded without nested=1
2778 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2779 in qemu64 cpu type.
2780 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2781 in qemu64 on amd
2782 - libvirt/qemu user/group support
2783 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2784 trigger.
2785 - qemu-system-common.preinst: add kvm group if needed
2786 - Distribution specific machine type
2787 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2788 types to ease future live vm migration.
2789 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2790 - improved dependencies
2791 - Make qemu-system-common depend on qemu-block-extra
2792 - Make qemu-utils depend on qemu-block-extra
2793 - let qemu-utils recommend sharutils
2794 - s390x support
2795 - Create qemu-system-s390x package
2796 - Include s390-ccw.img firmware
2797 - Enable numa support for s390x
2798 - ppc64[le] support
2799 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2800 - Enable seccomp for ppc64el
2801 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2802 - arch aware kvm wrappers
2803 - update VCS-git to match the Artful branch
2804 - disable missing x32 architecture
2805 - d/rules: or32 is now named or1k (since 4a09d0bb)
2806 - d/qemu-system-common.docs: new paths since (ac06724a)
2807 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2808 by qapi-schema.json which is already packaged (since 4d8bb958)
2809 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2810 to Debian patch to match qemu 2.10)
2811 - s390x package now builds correctly on all architectures (LP 1710695)
2812 - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2813 since 8508eee7
2814 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2815 - make nios2/hppa not installed explicitly until further stablized
2816 - d/qemu-guest-agent.install: add the new guest agent reference man page
2817 qemu-ga-ref
2818 - d/qemu-system-common.install: add the now generated qapi/qmp reference
2819 along the qapi intro
2820 - d/not-installed: ignore further generated (since 56e8bdd4) files in
2821 dh_missing that are already provided in other formats qemu-doc,
2822 qemu-qmp-ref,qemu-ga-ref
2823
2824
2825 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
2826
2827qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
2828
2829 * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
2830 Remaining changes:
2831 - qemu-kvm to systemd unit
2832 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2833 hugepages and architecture specifics
2834 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2835 - d/qemu-system-common.install: install systemd unit and helper script
2836 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2837 - d/qemu-system-common.qemu-kvm.default: defaults for
2838 /etc/default/qemu-kvm
2839 - d/rules: install /etc/default/qemu-kvm
2840 - Enable nesting by default
2841 - set nested=1 module option on intel. (is default on amd)
2842 - re-load kvm_intel.ko if it was loaded without nested=1
2843 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2844 in qemu64 cpu type.
2845 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2846 in qemu64 on amd
2847 - libvirt/qemu user/group support
2848 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2849 trigger.
2850 - qemu-system-common.preinst: add kvm group if needed
2851 - Distribution specific machine type
2852 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2853 types to ease future live vm migration.
2854 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2855 - improved dependencies
2856 - Make qemu-system-common depend on qemu-block-extra
2857 - Make qemu-utils depend on qemu-block-extra
2858 - let qemu-utils recommend sharutils
2859 - s390x support
2860 - Create qemu-system-s390x package
2861 - Include s390-ccw.img firmware
2862 - Enable numa support for s390x
2863 - ppc64[le] support
2864 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2865 - Enable seccomp for ppc64el
2866 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2867 - arch aware kvm wrappers
2868 - update VCS-git to match the Artful branch
2869 - disable missing x32 architecture
2870 - d/rules: or32 is now named or1k (since 4a09d0bb)
2871 - d/qemu-system-common.docs: new paths since (ac06724a)
2872 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2873 by qapi-schema.json which is already packaged (since 4d8bb958)
2874 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2875 to Debian patch to match qemu 2.10)
2876 - s390x package now builds correctly on all architectures (LP 1710695)
2877 * Added changes:
2878 - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2879 since 8508eee7
2880 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2881 - make nios2/hppa not installed explicitly until further stablized
2882 - d/qemu-guest-agent.install: add the new guest agent reference man page
2883 qemu-ga-ref
2884 - d/qemu-system-common.install: add the now generated qapi/qmp reference
2885 along the qapi intro
2886 - d/not-installed: ignore further generated (since 56e8bdd4) files in
2887 dh_missing that are already provided in other formats qemu-doc,
2888 qemu-qmp-ref,qemu-ga-ref
2889 - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
2890 changes in 2.10-rc4
2891
2892 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
2893
2894qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
2895
2896 * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
2897 a set of bugs
2898 - [FFE] Qemu 2.10 in Artful (LP: #1699968)
2899 - CPU hot unplug fails after migrating a CPU hotplugged guest
2900 from source (LP: #1677552)
2901 - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
2902 - New KVM 288 Pass Through (LP: #1672447)
2903 - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
2904 * Remaining changes:
2905 - qemu-kvm to systemd unit
2906 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2907 hugepages and architecture specifics
2908 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2909 - d/qemu-system-common.install: install systemd unit and helper script
2910 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2911 - d/qemu-system-common.qemu-kvm.default: defaults for
2912 /etc/default/qemu-kvm
2913 - d/rules: install /etc/default/qemu-kvm
2914 - Enable nesting by default
2915 - set nested=1 module option on intel. (is default on amd)
2916 - re-load kvm_intel.ko if it was loaded without nested=1
2917 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2918 in qemu64 cpu type.
2919 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2920 in qemu64 on amd
2921 - libvirt/qemu user/group support
2922 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2923 trigger.
2924 - qemu-system-common.preinst: add kvm group if needed
2925 - Distribution specific machine type
2926 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2927 types to ease future live vm migration.
2928 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2929 - improved dependencies
2930 - Make qemu-system-common depend on qemu-block-extra
2931 - Make qemu-utils depend on qemu-block-extra
2932 - let qemu-utils recommend sharutils
2933 - s390x support
2934 - Create qemu-system-s390x package
2935 - Include s390-ccw.img firmware
2936 - Enable numa support for s390x
2937 - ppc64[le] support
2938 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2939 - Enable seccomp for ppc64el
2940 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2941 - arch aware kvm wrappers
2942 - disable missing x32 architecture
2943 - update VCS links
2944 * Added changes
2945 - d/rules: or32 is now named or1k (since 4a09d0bb)
2946 - d/qemu-system-common.docs: new paths since (ac06724a)
2947 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2948 by qapi-schema.json which is already packaged (since 4d8bb958)
2949 - Updates in debian/patches to match qemu 2.10
2950 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
2951 - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
2952 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
2953 - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
2954 - update VCS-git to match the Artful branch
2955 - s390x package now builds correctly on all architectures (LP: #1710695)
2956 * Dropped changes (integrated upstream):
2957 - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2958 "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
2959 - All CVE fixes formerly applied are upstream and thereby dropped.
2960
2961 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
2962
936qemu (1:2.8+dfsg-7) unstable; urgency=medium2963qemu (1:2.8+dfsg-7) unstable; urgency=medium
9372964
938 * uploading to unstable all fixes which went to stretch-security2965 * uploading to unstable all fixes which went to stretch-security
@@ -1042,6 +3069,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
10423069
1043 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +03003070 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
10443071
3072qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
3073
3074 * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
3075 This was inadvertently dropped on 2.8 merge.
3076
3077 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
3078
3079qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
3080
3081 * SECURITY UPDATE: denial of service via leak in virtFS
3082 - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
3083 hw/9pfs/9p.c.
3084 - CVE-2017-7377
3085 * SECURITY UPDATE: denial of service in cirrus_vga
3086 - debian/patches/CVE-2017-7718.patch: check parameters in
3087 hw/display/cirrus_vga_rop.h.
3088 - CVE-2017-7718
3089 * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
3090 - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
3091 hw/display/cirrus_vga.c.
3092 - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
3093 hw/display/cirrus_vga.c.
3094 - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
3095 in hw/display/cirrus_vga.c.
3096 - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
3097 hw/display/cirrus_vga.c.
3098 - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
3099 in hw/display/cirrus_vga.c.
3100 - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
3101 pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3102 hw/display/cirrus_vga_rop2.h.
3103 - debian/patches/CVE-2017-7980-7.patch: stop passing around src
3104 pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3105 hw/display/cirrus_vga_rop2.h.
3106 - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
3107 hw/display/cirrus_vga_rop.h.
3108 - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
3109 hw/display/cirrus_vga.c.
3110 - CVE-2017-7980
3111 * SECURITY UPDATE: denial of service via memory leak in virtFS
3112 - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
3113 - CVE-2017-8086
3114 * SECURITY UPDATE: denial of service via leak in audio
3115 - debian/patches/CVE-2017-8309.patch: release capture buffers in
3116 audio/audio.c.
3117 - CVE-2017-8309
3118 * SECURITY UPDATE: denial of service via leak in keyboard
3119 - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
3120 ui/input.c.
3121 - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
3122 ui/input.c.
3123 - CVE-2017-8379
3124
3125 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
3126
3127qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
3128
3129 * SECURITY UPDATE: DoS in virtio GPU device
3130 - debian/patches/CVE-2016-10028.patch: check virgl capabilities
3131 max_size in hw/display/virtio-gpu-3d.c.
3132 - CVE-2016-10028
3133 * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
3134 - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
3135 in hw/dma/rc4030.c.
3136 - CVE-2016-8667
3137 * SECURITY UPDATE: host filesystem access via virtFS
3138 - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
3139 hw/9pfs/*.
3140 - CVE-2016-9602
3141 * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
3142 - debian/patches/CVE-2016-9603.patch: remove bitblit support from
3143 console code in hw/display/cirrus_vga.c, include/ui/console.h,
3144 ui/console.c, ui/vnc.c.
3145 - CVE-2016-9603
3146 * SECURITY UPDATE: information leak in virtio GPU device
3147 - debian/patches/CVE-2016-9908.patch: properly clear out memory in
3148 hw/display/virtio-gpu-3d.c.
3149 - CVE-2016-9908
3150 * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3151 - debian/patches/CVE-2016-9912.patch: properly free memory in
3152 hw/display/virtio-gpu.c.
3153 - CVE-2016-9912
3154 * SECURITY UPDATE: DoS via virtFS
3155 - debian/patches/CVE-2016-9914.patch: add cleanup operations to
3156 fsdev/file-op-9p.h, hw/9pfs/9p.c.
3157 - CVE-2016-9914
3158 * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3159 - debian/patches/CVE-2017-5552.patch: check return value in
3160 hw/display/virtio-gpu-3d.c.
3161 - CVE-2017-5552
3162 * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3163 - debian/patches/CVE-2017-5578.patch: check res->iov in
3164 hw/display/virtio-gpu.c.
3165 - CVE-2017-5578
3166 * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
3167 - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
3168 handling in hw/sd/sdhci.c.
3169 - CVE-2017-5987
3170 * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
3171 - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
3172 hw/usb/hcd-ohci.c.
3173 - CVE-2017-6505
3174
3175 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
3176
3177qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
3178
3179 * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3180 "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
3181
3182 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
3183
3184qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
3185
3186 * Merge with Debian;
3187 This fixes several CVEs that were reported against qemu 2.8 and also
3188 includes a few important functional backports (LP: #1667033); remaining
3189 changes:
3190 - add qemu-kvm init script and defaults file
3191 (d/qemu-system-common.qemu-kvm.*)
3192 - d/rules, d/qemu-kvm-init: add and install script loading kvm
3193 modules and handling /etc/default/qemu-kvm
3194 - qemu-system-common.preinst: add kvm group if needed
3195 - Enable nesting by default on intel.
3196 - set default module option
3197 - re-load kvm_intel.ko if it was loaded without nested=1
3198 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3199 default in qemu64 cpu type.
3200 - Enable svm by default for qemu64 on amd
3201 - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
3202 define distro machine types to ease future live vm migration (includes
3203 all former follow up fixes).
3204 - Make qemu-system-common depend on qemu-block-extra
3205 - Make qemu-utils depend on qemu-block-extra
3206 - s390x support
3207 - Create qemu-system-s390x package
3208 - Include s390-ccw.img firmware
3209 - qemu-system-common.postinst:
3210 - change acl placed by udev, and add udevadm trigger.
3211 - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3212 - Several changes were applied but missing in the changelog so far
3213 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3214 - arch aware kvm wrapper
3215 - update VCS links
3216 - let qemu-utils recommend sharutils
3217 - disable x32 architecture
3218 - Enable seccomp for ppc64el
3219 - Enable numa support for s390x
3220 - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3221 init.d-script-missing-dependency-on-remote_fs
3222 - d/qemu-system-common.postinst: fix lintian error type
3223 command-with-path-in-maintainer-script
3224 - Transition qemu-kvm to a systemd unit
3225 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3226 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3227 that it shows up where the user expects (sytemctl status, kvm stdout)
3228 - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3229 - add arch aware kvm wrapper for s390x
3230 * Dropped Changes (in Debian now):
3231 - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3232 - d/control-in: change dependencies for fix of wrong acl for newly
3233 created device node on ubuntu
3234 - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3235 relationship, but qemu-efi is still in universe right now.
3236 - Disable glusterfs (Universe dependency)
3237 - no more skip disable libiscsi on Ubuntu
3238 - d/rules, d/control-in: avoid people editing d/control
3239 * Added Changes:
3240 - d/control: bump libseccomp-dev dependency as enabling libseccomp for
3241 power makes 2.3 the minimum level.
3242
3243 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
3244
1045qemu (1:2.8+dfsg-3) unstable; urgency=high3245qemu (1:2.8+dfsg-3) unstable; urgency=high
10463246
1047 * urgency high due to security fixes3247 * urgency high due to security fixes
@@ -1102,6 +3302,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
11023302
1103 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +03003303 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
11043304
3305qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
3306
3307 * Merge with Debian; remaining changes:
3308 - add qemu-kvm init script and defaults file
3309 (d/qemu-system-common.qemu-kvm.*)
3310 - d/rules, d/qemu-kvm-init: add and install script loading kvm
3311 modules and handling /etc/default/qemu-kvm
3312 - qemu-system-common.preinst: add kvm group if needed
3313 - Enable nesting by default on intel.
3314 - set default module option
3315 - re-load kvm_intel.ko if it was loaded without nested=1
3316 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3317 default in qemu64 cpu type.
3318 - Enable svm by default for qemu64 on amd
3319 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3320 types to ease future live vm migration.
3321 - Make qemu-system-common depend on qemu-block-extra
3322 - Make qemu-utils depend on qemu-block-extra
3323 - s390x support
3324 - Create qemu-system-s390x package
3325 - Include s390-ccw.img firmware
3326 - qemu-system-common.postinst:
3327 - change acl placed by udev, and add udevadm trigger.
3328 - d/control-in: change dependencies for fix of wrong acl for newly
3329 created device node on ubuntu
3330 - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3331 relationship, but qemu-efi is still in universe right now.
3332 - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3333 - Several changes were applied but missing in the changelog so far
3334 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3335 - arch aware kvm wrapper
3336 - update VCS links
3337 - no more skip disable libiscsi on Ubuntu
3338 - let qemu-utils recommend sharutils
3339 - disable x32 architecture
3340 * Dropped Changes:
3341 - Several changes were applied but missing in the changelog so far
3342 but are no more needed
3343 - no pie for relocatable LD calls, with toolchain defaulting to
3344 pie (fixed upstream)
3345 - enable libnuma-dev (now in Debian)
3346 - transition for moved init scripts (can be dropped after LTS
3347 containing >=2.5 which is Xenial)
3348 - --enable-seccomp related whitespace change (had no effect)
3349 - apport hook for qemu source package (In Debian)
3350 - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
3351 - d/qemu-system-x86.maintscript: transition off of
3352 /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
3353 - Enable pie by default, on ubuntu/s390x. (Is the default since
3354 >=Xenial, no cloud archive backport <=Xenial to consider)
3355 - no pie for relocatable LD calls (fixed upstream in commit
3356 7ecf44a5)
3357 - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
3358 - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3359 (Improved fix included by upstream)
3360 - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
3361 - Fixed wrong migration blocker when vhost is used (is upstream in
3362 qemu 2.8)
3363 * Added Changes:
3364 - d/rules, d/control-in: avoid people editing d/control by warning
3365 header and non writable permissions
3366 - fixed moving trusty machine type definition which made it
3367 ambiguous (LP: #1641532)
3368 - d/qemu-system-x86.NEWS describe the issue
3369 - Enable seccomp for ppc64el (LP: #1644639)
3370 - Enable numa support for s390x
3371 - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3372 init.d-script-missing-dependency-on-remote_fs
3373 - d/qemu-system-common.postinst: fix lintian error type
3374 command-with-path-in-maintainer-script
3375 - Transition qemu-kvm to a systemd unit
3376 - Disable glusterfs (Universe dependency)
3377 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3378 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3379 that it shows up where the user expects (sytemctl status, kvm stdout)
3380 - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3381 - add arch aware kvm wrapper for s390x
3382 - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3383 - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
3384 ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
3385 merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
3386
3387 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
3388
1105qemu (1:2.8+dfsg-2) unstable; urgency=medium3389qemu (1:2.8+dfsg-2) unstable; urgency=medium
11063390
1107 * Revert "update binfmt registration for mipsn32"3391 * Revert "update binfmt registration for mipsn32"
@@ -1220,6 +3504,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
12203504
1221 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +03003505 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
12223506
3507qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
3508
3509 * No-change rebuild to compile against new libxen version.
3510
3511 -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
3512
3513qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
3514
3515 * retain older xenial machine type to avoid issues starting guests
3516 created on xenial prior to the SRU for bug 1621042. In that regard the old
3517 broken xenial machine type and the new fixed one have both to be considered
3518 as valid LTS machine types (LP: #1626070).
3519
3520 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
3521
3522qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
3523
3524 * fix default ubuntu machine types. (LP: #1621042)
3525 - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
3526 - remove double default and double ubuntu alias
3527 - drop former devel releases utopic, vivid, wily
3528 - add xenial and yakkety machine types
3529 - add q35 based ubuntu machine type starting at xenial
3530 - add ubuntu machine types on ppc64el and s390x starting at xenial
3531
3532 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
3533
3534qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
3535
3536 * Enable GPU Passthru for ppc64le (LP: #1541902)
3537 - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
3538 - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
3539 - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
3540 - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
3541 - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
3542 - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
3543 - 0007-spapr_iommu-Migrate-full-state.patch
3544 - 0008-spapr_iommu-Add-root-memory-region.patch
3545 - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
3546 - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
3547 - 0011-memory-Add-reporting-of-supported-page-sizes.patch
3548 - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
3549 - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
3550 - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
3551 - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
3552 - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
3553 - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
3554 - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
3555 - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
3556 - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
3557 - 0021-memory-Fix-IOMMU-replay-base-address.patch
3558
3559 -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
3560
3561qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
3562
3563 * New upstream release. LP: #1617055.
3564 * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3565
3566 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
3567
1223qemu (1:2.6+dfsg-3.1) unstable; urgency=high3568qemu (1:2.6+dfsg-3.1) unstable; urgency=high
12243569
1225 * Non-maintainer upload.3570 * Non-maintainer upload.
@@ -1253,6 +3598,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
12533598
1254 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -06003599 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
12553600
3601qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
3602
3603 * SECURITY UPDATE: DoS via unbounded memory allocation
3604 - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
3605 - CVE-2016-5403
3606 * SECURITY UPDATE: oob write access while reading ESP command
3607 - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
3608 maximum CDB size and handle migration in hw/scsi/esp.c,
3609 include/hw/scsi/esp.h, include/migration/vmstate.h.
3610 - CVE-2016-6351
3611 * SECURITY UPDATE: infinite loop in virtqueue_pop
3612 - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
3613 length in hw/virtio/virtio.c.
3614 - CVE-2016-6490
3615
3616 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
3617
3618qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
3619
3620 * Merge with Debian; remaining changes:
3621 - debian/rules: do not drop the init scripts loading kvm modules
3622 (still needed in precise in cloud archive)
3623 - qemu-system-common.postinst:
3624 * remove acl placed by udev, and add udevadm trigger.
3625 * reload kvm_intel if needed to set nested=1
3626 - qemu-system-common.preinst: add kvm group if needed
3627 - add qemu-kvm upstart job and defaults file (rules,
3628 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3629 - rules,qemu-system-x86.modprobe: support use under older udevs which
3630 do not auto-load the kvm kernel module. Enable nesting by default
3631 on intel.
3632 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3633 in qemu64 cpu type.
3634 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3635 types to ease future live vm migration.
3636 - apport hook for qemu source package: d/source_qemu-kvm.py,
3637 d/qemu-system-common.install
3638 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3639 to fix errors with missing block backends.
3640 - s390x:
3641 * Create qemu-system-s390x package
3642 * Enable pie by default, on ubuntu/s390x.
3643 * Enable svm by default for qemu64 on amd
3644 * Include s390-ccw.img firmware
3645 * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3646 relationship, but qemu-efi is still in universe right now.
3647
3648 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
3649
1256qemu (1:2.6+dfsg-3) unstable; urgency=high3650qemu (1:2.6+dfsg-3) unstable; urgency=high
12573651
1258 * more security fixes picked from upstream:3652 * more security fixes picked from upstream:
@@ -1306,6 +3700,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
13063700
1307 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +03003701 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
13083702
3703qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
3704
3705 * Merge with Debian; remaining changes: (LP: #1583775)
3706 - debian/rules: do not drop the init scripts loading kvm modules
3707 (still needed in precise in cloud archive)
3708 - qemu-system-common.postinst:
3709 * remove acl placed by udev, and add udevadm trigger.
3710 * reload kvm_intel if needed to set nested=1
3711 - qemu-system-common.preinst: add kvm group if needed
3712 - add qemu-kvm upstart job and defaults file (rules,
3713 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3714 - rules,qemu-system-x86.modprobe: support use under older udevs which
3715 do not auto-load the kvm kernel module. Enable nesting by default
3716 on intel.
3717 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3718 in qemu64 cpu type.
3719 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3720 types to ease future live vm migration.
3721 - apport hook for qemu source package: d/source_qemu-kvm.py,
3722 d/qemu-system-common.install
3723 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3724 to fix errors with missing block backends. (LP: #1495895)
3725 - s390x:
3726 * Create qemu-system-s390x package
3727 * Enable pie by default, on ubuntu/s390x.
3728 * Enable svm by default for qemu64 on amd
3729 * Include s390-ccw.img firmware
3730 * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3731 relationship, but qemu-efi is still in universe right now.
3732 * Drop patches which have been applied upstream:
3733
3734 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3735
1309qemu (1:2.6+dfsg-1) unstable; urgency=medium3736qemu (1:2.6+dfsg-1) unstable; urgency=medium
13103737
1311 * new upstream release3738 * new upstream release
@@ -1343,6 +3770,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
13433770
1344 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +03003771 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
13453772
3773qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3774
3775 * Cherrypick upstream patches to support the query-gic-version QMP command
3776 (LP: #1566564)
3777
3778 -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3779
3780qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3781
3782 [Stefan Bader]
3783 * Enable svm by default for qemu64 on amd (LP: #1561019)
3784
3785 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3786
3787qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3788
3789 * qemu-system-s390x only available on s390x, so qemu-system should only
3790 depend on it on this arch.
3791 * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3792 relationship, but qemu-efi is still in universe right now.
3793
3794 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3795
3796qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3797
3798 * And actually ship the right things in qemu-system-s390x.
3799
3800 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3801
3802qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3803
3804 * Create qemu-system-s390x package on ubuntu only.
3805
3806 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3807
3808qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3809
3810 * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3811
3812 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3813
3814qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3815
3816 * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3817 (LP: #1556306)
3818
3819 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3820
3821qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3822
3823 * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3824
3825 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3826
3827qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3828
3829 * d/control{-in}: Re-generate and build with libiscsi-dev now
3830 that its in Ubuntu main (LP: #1271653).
3831
3832 -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3833
3834qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3835
3836 * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3837
3838 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3839
3840qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3841
3842 * No-change rebuild for gnutls transition.
3843
3844 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3845
3846qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3847
3848 * Merge with Debian; remaining changes:
3849 - debian/rules: do not drop the init scripts loading kvm modules
3850 (still needed in precise in cloud archive)
3851 - qemu-system-common.postinst:
3852 * remove acl placed by udev, and add udevadm trigger.
3853 * reload kvm_intel if needed to set nested=1
3854 - qemu-system-common.preinst: add kvm group if needed
3855 - add qemu-kvm upstart job and defaults file (rules,
3856 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3857 - rules,qemu-system-x86.modprobe: support use under older udevs which
3858 do not auto-load the kvm kernel module. Enable nesting by default
3859 on intel.
3860 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3861 in qemu64 cpu type.
3862 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3863 types to ease future live vm migration.
3864 - apport hook for qemu source package: d/source_qemu-kvm.py,
3865 d/qemu-system-common.install
3866 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3867 to fix errors with missing block backends. (LP: #1495895)
3868 - Enable pie by default, on ubuntu/s390x.
3869 - Include s390-ccw.img firmware.
3870
3871 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3872
1346qemu (1:2.5+dfsg-5) unstable; urgency=medium3873qemu (1:2.5+dfsg-5) unstable; urgency=medium
13473874
1348 * fix misspellings in previous debian/changelog entry3875 * fix misspellings in previous debian/changelog entry
@@ -1400,6 +3927,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
14003927
1401 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +03003928 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
14023929
3930qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
3931
3932 * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
3933 contents
3934 - debian/patches/CVE-2015-8550-1.patch: avoid double access in
3935 hw/block/xen_blkif.h.
3936 - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
3937 hw/display/xenfb.c.
3938 - CVE-2015-8550
3939 * SECURITY UPDATE: infinite loop in ehci_advance_state
3940 - debian/patches/CVE-2015-8558.patch: make idt processing more robust
3941 in hw/usb/hcd-ehci.c.
3942 - CVE-2015-8558
3943 * SECURITY UPDATE: host memory leakage in vmxnet3
3944 - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
3945 hw/net/vmxnet3.c.
3946 - CVE-2015-8567
3947 - CVE-2015-8568
3948 * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
3949 - debian/patches/CVE-2015-8613.patch: initialise info object with
3950 appropriate size in hw/scsi/megasas.c.
3951 - CVE-2015-8613
3952 * SECURITY UPDATE: DoS via Human Monitor Interface
3953 - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
3954 in hmp.c, include/ui/console.h, ui/input-legacy.c.
3955 - CVE-2015-8619
3956 * SECURITY UPDATE: incorrect array bounds check in rocker
3957 - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
3958 check in hw/net/rocker/rocker.c.
3959 - CVE-2015-8701
3960 * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
3961 - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
3962 operations in hw/net/ne2000.c.
3963 - CVE-2015-8743
3964 * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
3965 - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
3966 error in hw/ide/ahci.c.
3967 - CVE-2016-1568
3968 * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
3969 - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
3970 hw/i386/kvmvapic.c.
3971 - CVE-2016-1922
3972 * SECURITY UPDATE: e1000 infinite loop
3973 - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
3974 out-of-bounds transfer start in hw/net/e1000.c
3975 - CVE-2016-1981
3976 * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
3977 engines
3978 - debian/patches/CVE-2016-2197.patch: add check before calling
3979 dma_memory_unmap in hw/ide/ahci.c.
3980 - CVE-2016-2197
3981 * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
3982 - debian/patches/CVE-2016-2198.patch: add capability mmio write
3983 function in hw/usb/hcd-ehci.c.
3984 - CVE-2016-2198
3985
3986 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
3987
3988qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
3989
3990 * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
3991 Ubuntu specific running-in-container wrapper. (LP: #1539016)
3992
3993 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
3994
3995qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
3996
3997 * Include s390-ccw.img firmware.
3998
3999 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
4000
4001qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
4002
4003 * Place qemu-kvm.defaults file in qemu-system-common, next to the init
4004 scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
4005 Thanks Simon. (LP: #1531191)
4006
4007 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
4008
4009qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
4010
4011 * Merge with Debian; remaining changes:
4012 - debian/rules: do not drop the init scripts loading kvm modules
4013 (still needed in precise in cloud archive)
4014 - qemu-system-common.postinst:
4015 * remove acl placed by udev, and add udevadm trigger.
4016 * reload kvm_intel if needed to set nested=1
4017 - qemu-system-common.preinst: add kvm group if needed
4018 - add qemu-kvm upstart job and defaults file (rules,
4019 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4020 - rules,qemu-system-x86.modprobe: support use under older udevs which
4021 do not auto-load the kvm kernel module. Enable nesting by default
4022 on intel.
4023 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4024 in qemu64 cpu type.
4025 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
4026 types to ease future live vm migration.
4027 - apport hook for qemu source package: d/source_qemu-kvm.py,
4028 d/qemu-system-common.install
4029 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
4030 to fix errors with missing block backends. (LP: #1495895)
4031 - Enable pie by default, on ubuntu/s390x.
4032 * Drop vGICv3 support patches - all is now upstream
4033 * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
4034
4035 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
4036
1403qemu (1:2.5+dfsg-1) unstable; urgency=medium4037qemu (1:2.5+dfsg-1) unstable; urgency=medium
14044038
1405 * new upstream release4039 * new upstream release
@@ -1426,6 +4060,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
14264060
1427 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +03004061 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
14284062
4063qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
4064
4065 * Enable pie by default, on ubuntu/s390x.
4066
4067 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
4068
4069qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
4070
4071 * undo the libseccomp delta from debian. libseccomp is indeed available
4072 on other arches, but we need qemu's configure script to be fixed before
4073 we can use it on anything other than amd64|i386. Fixes FTBFS.
4074 (LP: #1522531)
4075
4076 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
4077
4078qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
4079
4080 * Merge with Debian; remaining changes:
4081 - Update the ubuntu machine types patch to reflect upstream churn
4082 - debian/rules: do not drop the init scripts loading kvm modules
4083 (still needed in precise in cloud archive)
4084 - qemu-system-common.postinst:
4085 * remove acl placed by udev, and add udevadm trigger.
4086 * reload kvm_intel if needed to set nested=1
4087 - qemu-system-common.preinst: add kvm group if needed
4088 - add qemu-kvm upstart job and defaults file (rules,
4089 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4090 - rules,qemu-system-x86.modprobe: support use under older udevs which
4091 do not auto-load the kvm kernel module. Enable nesting by default
4092 on intel.
4093 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4094 in qemu64 cpu type.
4095 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4096 machine type to ease future live vm migration.
4097 - apport hook for qemu source package: d/source_qemu-kvm.py,
4098 d/qemu-system-common.install
4099 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
4100 to fix errors with missing block backends. (LP: #1495895)
4101 - control-in: build with libseccomp an all architectures
4102 - Add vGICv3 support
4103
4104 -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
4105
1429qemu (1:2.4+dfsg-5) unstable; urgency=medium4106qemu (1:2.4+dfsg-5) unstable; urgency=medium
14304107
1431 * trace-remove-malloc-tracing.patch from upstream.4108 * trace-remove-malloc-tracing.patch from upstream.
@@ -1438,6 +4115,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
14384115
1439 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +03004116 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
14404117
4118qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
4119
4120 * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
4121 - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
4122 hw/net/pcnet.c.
4123 - CVE-2015-7504
4124 * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
4125 - debian/patches/CVE-2015-7512.patch: check packet length in
4126 hw/net/pcnet.c.
4127 - CVE-2015-7512
4128 * SECURITY UPDATE: infinite loop in eepro100
4129 - debian/patches/CVE-2015-8345.patch: prevent endless loop in
4130 hw/net/eepro100.c.
4131 - CVE-2015-8345
4132
4133 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
4134
4135qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
4136
4137 * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
4138
4139 -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
4140
4141qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
4142
4143 * Merge 2.4 from unstable. Remaining changes:
4144 - Update the ubuntu machine types patch to reflect upstream churn
4145 - debian/rules: do not drop the init scripts loading kvm modules
4146 (still needed in precise in cloud archive)
4147 - qemu-system-common.postinst:
4148 * remove acl placed by udev, and add udevadm trigger.
4149 * reload kvm_intel if needed to set nested=1
4150 - qemu-system-common.preinst: add kvm group if needed
4151 - add qemu-kvm upstart job and defaults file (rules,
4152 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4153 - rules,qemu-system-x86.modprobe: support use under older udevs which
4154 do not auto-load the kvm kernel module. Enable nesting by default
4155 on intel.
4156 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4157 in qemu64 cpu type.
4158 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4159 machine type to ease future live vm migration.
4160 - apport hook for qemu source package: d/source_qemu-kvm.py,
4161 d/qemu-system-common.install
4162 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
4163 to fix errors with missing block backends. (LP: #1495895)
4164 - control-in: build with libseccomp an all architectures.
4165 * Add vGICv3 support
4166
4167 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
4168
1441qemu (1:2.4+dfsg-4) unstable; urgency=medium4169qemu (1:2.4+dfsg-4) unstable; urgency=medium
14424170
1443 * applied 3 patches from upstream to fix virtio-net4171 * applied 3 patches from upstream to fix virtio-net
@@ -1452,7 +4180,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
1452 fix for Heap overflow vulnerability in ne2000_receive() function4180 fix for Heap overflow vulnerability in ne2000_receive() function
1453 (Closes: #799074 CVE-2015-5279)4181 (Closes: #799074 CVE-2015-5279)
1454 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch4182 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
1455 (Closes: #799073 CVE-2015-5278)4183 (Closes: #799073 CVE-2015-5278)
1456 * some binfmt reorg:4184 * some binfmt reorg:
1457 - extend aarch64 to include one more byte as other arches do4185 - extend aarch64 to include one more byte as other arches do
1458 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize4186 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
@@ -1504,6 +4232,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
15044232
1505 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +03004233 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
15064234
4235qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
4236
4237 * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
4238
4239 -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
4240
4241qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
4242
4243 * debian/patches/upstream-fix-irq-route-entries.patch
4244 Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
4245 (LP: #1465935)
4246
4247 -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
4248
4249qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
4250
4251 * Build using libseccomp on all architectures.
4252
4253 -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
4254
4255qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
4256
4257 * SECURITY UPDATE: denial of service via NE2000 driver
4258 - debian/patches/CVE-2015-5278.patch: fix infinite loop in
4259 hw/net/ne2000.c.
4260 - CVE-2015-5278
4261 * SECURITY UPDATE: denial of service and possible code execution via
4262 heap overflow in NE2000 driver
4263 - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
4264 hw/net/ne2000.c.
4265 - CVE-2015-5279
4266 * SECURITY UPDATE: denial of service via e1000 infinite loop
4267 - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
4268 - CVE-2015-6815
4269 * SECURITY UPDATE: denial of service via illegal ATAPI commands
4270 - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
4271 hw/ide/core.c.
4272 - CVE-2015-6855
4273
4274 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
4275
4276qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
4277
4278 * Make qemu-system-common and qemu-utils depend on qemu-block-extra
4279 to fix errors with missing block backends. (LP: #1495895)
4280 * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
4281 * Apply fix for memory corruption during live-migration in tcg mode
4282 (LP: #1493049)
4283 * Apply tracing patch to remove use of custom vtable in newer glibc
4284 (LP: #1491972)
4285
4286 -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
4287
4288qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
4289
4290 * Import qcow2-handle-eagain-from-update_refcount from upstream
4291 to fix errors when using qemu-img convert -c. (LP: #1491050)
4292
4293 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
4294
4295qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
4296
4297 * SECURITY UPDATE: process heap memory disclosure
4298 - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
4299 - CVE-2015-5165
4300 * SECURITY UPDATE: privilege escalation via block device unplugging
4301 - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
4302 in hw/ide/piix.c.
4303 - CVE-2015-5166
4304 * SECURITY UPDATE: privilege escalation via memory corruption in vnc
4305 - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
4306 limits in ui/vnc.c.
4307 - CVE-2015-5225
4308 * SECURITY UPDATE: denial of service via virtio-serial
4309 - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
4310 for control messages in hw/char/virtio-serial-bus.c.
4311 - CVE-2015-5745
4312
4313 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
4314
4315qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
4316
4317 * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
4318 - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
4319 - CVE-2015-3214
4320 * SECURITY UPDATE: heap overflow when processing ATAPI commands
4321 - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
4322 hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
4323 - CVE-2015-5154
4324 * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
4325 - debian/patches/CVE-2015-5158.patch: check length in
4326 hw/scsi/scsi-bus.c.
4327 - CVE-2015-5158
4328
4329 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
4330
4331qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
4332
4333 * SECURITY UPDATE: heap overflow in PCNET controller
4334 - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
4335 - CVE-2015-3209
4336
4337 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
4338
4339qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
4340
4341 * Merge 1:2.3+dfsg-5 from Debian.
4342 * Remaining changes:
4343 - debian/rules: do not drop the init scripts loading kvm modules
4344 (still needed in precise in cloud archive)
4345 - qemu-system-common.postinst:
4346 * remove acl placed by udev, and add udevadm trigger.
4347 * reload kvm_intel if needed to set nested=1
4348 - qemu-system-common.preinst: add kvm group if needed
4349 - add qemu-kvm upstart job and defaults file (rules,
4350 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4351 - rules,qemu-system-x86.modprobe: support use under older udevs which
4352 do not auto-load the kvm kernel module. Enable nesting by default
4353 on intel.
4354 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4355 in qemu64 cpu type.
4356 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4357 machine type to ease future live vm migration.
4358 - apport hook for qemu source package: d/source_qemu-kvm.py,
4359 d/qemu-system-common.install
4360 * Refreshed patches:
4361 - ubuntu/expose-vmx_qemu64cpu.patch
4362 - ubuntu/define-ubuntu-machine-types.patch
4363
4364 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
4365
1507qemu (1:2.3+dfsg-5) unstable; urgency=high4366qemu (1:2.3+dfsg-5) unstable; urgency=high
15084367
1509 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch4368 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
@@ -1515,6 +4374,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
15154374
1516 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +03004375 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
15174376
4377qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
4378
4379 * Merge 1:2.3+dfsg-4 from Debian.
4380 * Remaining changes:
4381 - debian/rules: do not drop the init scripts loading kvm modules
4382 (still needed in precise in cloud archive)
4383 - qemu-system-common.postinst:
4384 * remove acl placed by udev, and add udevadm trigger.
4385 * reload kvm_intel if needed to set nested=1
4386 - qemu-system-common.preinst: add kvm group if needed
4387 - add qemu-kvm upstart job and defaults file (rules,
4388 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4389 - rules,qemu-system-x86.modprobe: support use under older udevs which
4390 do not auto-load the kvm kernel module. Enable nesting by default
4391 on intel.
4392 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4393 in qemu64 cpu type.
4394 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4395 machine type to ease future live vm migration.
4396 - apport hook for qemu source package: d/source_qemu-kvm.py,
4397 d/qemu-system-common.install
4398 * Dropped all patches which are applied upstream
4399 * Move the upstart jobs to a generic script
4400 - add new qemu-kvm-init script
4401 - call that from upstart and sysvrc qemu-kvm scripts
4402 - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
4403
4404 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
4405
1518qemu (1:2.3+dfsg-4) unstable; urgency=medium4406qemu (1:2.3+dfsg-4) unstable; urgency=medium
15194407
1520 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:4408 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
@@ -1576,6 +4464,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
15764464
1577 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +03004465 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
15784466
4467qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
4468
4469 * SECURITY UPDATE: denial of service in vnc web
4470 - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
4471 frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
4472 - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
4473 websockets clients in ui/vnc-ws.c.
4474 - CVE-2015-1779
4475 * SECURITY UPDATE: host code execution via floppy device (VEMON)
4476 - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
4477 bounds of the allocated buffer in hw/block/fdc.c.
4478 - CVE-2015-3456
4479
4480 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
4481
4482qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
4483
4484 * CVE-2015-2756 / XSA-126
4485 - xen: limit guest control of PCI command register
4486
4487 -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
4488
4489qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
4490
4491 * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
4492 accidentally create /1
4493
4494 -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
4495
4496qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
4497
4498 * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
4499
4500 -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
4501
4502qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
4503
4504 * No-change rebuild to pull in libxl-4.5.
4505
4506 -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
4507
4508qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
4509
4510 * debian/control-in: enable numa on architectures where numa is built
4511 (LP: #1417937)
4512
4513 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
4514
4515qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
4516
4517 [Scott Moser]
4518 * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
4519 profile when started by libvirt.
4520
4521 [Serge Hallyn]
4522 * add symlink qemu-system-ppc64le -> qemu-system-ppc64
4523 * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
4524 (LP: #1419855)
4525
4526 [Chris J Arges]
4527 * Determine if we are running inside a virtual environment. If running inside
4528 a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
4529
4530 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
4531
4532qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
4533
4534 * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
4535 - debian/rules: do not drop the init scripts loading kvm modules
4536 (still needed in precise in cloud archive)
4537 * Remaining changes:
4538 - qemu-system-common.postinst:
4539 * remove acl placed by udev, and add udevadm trigger.
4540 * reload kvm_intel if needed to set nested=1
4541 - qemu-system-common.preinst: add kvm group if needed
4542 - add qemu-kvm upstart job and defaults file (rules,
4543 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4544 - rules,qemu-system-x86.modprobe: support use under older udevs which
4545 do not auto-load the kvm kernel module. Enable nesting by default
4546 on intel.
4547 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4548 in qemu64 cpu type.
4549 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4550 machine type to ease future live vm migration.
4551 - apport hook for qemu source package: d/source_qemu-kvm.py,
4552 d/qemu-system-common.install
4553 * Dropped all patches which are applied upstream
4554 * Update ubuntu-vivid machine type to default to std graphics (following
4555 upstream's lead for pc-i440fx-2.2 machine type)
4556
4557 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
4558
1579qemu (1:2.2+dfsg-5exp) experimental; urgency=medium4559qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
15804560
1581 * fix initscript removal once again4561 * fix initscript removal once again
@@ -1625,6 +4605,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
16254605
1626 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +03004606 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
16274607
4608qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
4609
4610 * Cherrypick upstream patch needed to allow ESx hosts to run under
4611 kvm (LP: #1411575)
4612
4613 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
4614
4615qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
4616
4617 * Merge 2.1+dfsg-11. Remaining changes:
4618 - qemu-system-common.postinst:
4619 * remove acl placed by udev, and add udevadm trigger.
4620 * reload kvm_intel if needed to set nested=1
4621 - qemu-system-common.preinst: add kvm group if needed
4622 - add qemu-kvm upstart job and defaults file (rules,
4623 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4624 - rules,qemu-system-x86.modprobe: support use under older udevs which
4625 do not auto-load the kvm kernel module. Enable nesting by default
4626 on intel.
4627 - debian/qemu-system-alternatives.in: use a later version as ubuntu
4628 removed the alternatives bit later.
4629 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4630 in qemu64 cpu type.
4631 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4632 machine type to ease future live vm migration.
4633 - apport hook for qemu source package: d/source_qemu-kvm.py,
4634 d/qemu-system-common.install
4635 - debian/binfmt-update-in: support ppcle
4636 * debian/binfmt-update-in
4637 * Support-ppcle.patch
4638 - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
4639 * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4640 * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4641 * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4642 * Dropped patches (upstream or now in debian's tree):
4643 - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
4644 - CVE-2014-7840.patch
4645 - CVE-2014-8106.patch
4646
4647 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
4648
1628qemu (1:2.1+dfsg-11) unstable; urgency=medium4649qemu (1:2.1+dfsg-11) unstable; urgency=medium
16294650
1630 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload4651 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
@@ -1694,6 +4715,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
16944715
1695 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +03004716 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
16964717
4718qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
4719
4720 * SECURITY UPDATE: code execution via savevm data
4721 - debian/patches/CVE-2014-7840.patch: validate parameters in
4722 arch_init.c.
4723 - CVE-2014-7840
4724 * SECURITY UPDATE: code execution via cirrus vga blit regions
4725 (LP: #1400775)
4726 - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
4727 hw/display/cirrus_vga.c.
4728 - CVE-2014-8106
4729
4730 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
4731
4732qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
4733
4734 * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
4735 dropped and VENDOR now will be all capital UBUNTU).
4736
4737 -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
4738
4739qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
4740
4741 * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4742 d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4743 d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4744 Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
4745 SPSel=0 in certain conditions. (LP: #1349277)
4746
4747 -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
4748
4749qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
4750
4751 * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
4752 Cherry-pick of qemu-upstream patch to fix issues with persistent
4753 grants and the PV backend (Qdisk) (LP: #1394327).
4754
4755 -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
4756
4757qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
4758
4759 * Merge 2.1+dfsg-7. Remaining changes:
4760 - qemu-system-common.postinst:
4761 * remove acl placed by udev, and add udevadm trigger.
4762 * reload kvm_intel if needed to set nested=1
4763 - qemu-system-common.preinst: add kvm group if needed
4764 - add qemu-kvm upstart job and defaults file (rules,
4765 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4766 - rules,qemu-system-x86.modprobe: support use under older udevs which
4767 do not auto-load the kvm kernel module. Enable nesting by default
4768 on intel.
4769 - debian/qemu-system-alternatives.in: use a later version as ubuntu
4770 removed the alternatives bit later.
4771 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4772 in qemu64 cpu type.
4773 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4774 machine type to ease future live vm migration.
4775 - apport hook for qemu source package: d/source_qemu-kvm.py,
4776 d/qemu-system-common.install
4777 - debian/binfmt-update-in: support ppcle
4778 * debian/binfmt-update-in
4779 * Support-ppcle.patch
4780 * Dropped patches (upstream or now in debian's tree):
4781 - pc-reserve-more-memory-for-acpi.patch
4782 - CVE-2014-5388.patch
4783 - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
4784 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
4785 in debian)
4786 - CVE-2014-3615.patch
4787 - CVE-2014-3640.patch
4788 - CVE-2014-3689.patch
4789 - CVE-2014-7815.patch
4790
4791 -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
4792
1697qemu (2.1+dfsg-7) unstable; urgency=high4793qemu (2.1+dfsg-7) unstable; urgency=high
16984794
1699 * urgency is high due to 2 security fixes4795 * urgency is high due to 2 security fixes
@@ -1745,6 +4841,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
17454841
1746 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +04004842 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
17474843
4844qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
4845
4846 * SECURITY UPDATE: information disclosure via vga driver
4847 - debian/patches/CVE-2014-3615.patch: return the correct memory size,
4848 sanity check register writes, and don't use fixed buffer sizes in
4849 hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
4850 ui/spice-display.c.
4851 - CVE-2014-3615
4852 * SECURITY UPDATE: denial of service via slirp NULL pointer deref
4853 - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
4854 stub in slirp/udp.c.
4855 - CVE-2014-3640
4856 * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
4857 - debian/patches/CVE-2014-3689.patch: verify rectangles in
4858 hw/display/vmware_vga.c.
4859 - CVE-2014-3689
4860 * SECURITY UPDATE: denial of service via VNC console
4861 - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
4862 ui/vnc.c.
4863 - CVE-2014-7815
4864
4865 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
4866
4867qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
4868
4869 * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
4870 (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
4871
4872 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
4873
4874qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
4875
4876 * Apply two patches to fix intermittent qemu-img corruption
4877 (LP: #1368815)
4878 - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
4879 - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
4880
4881 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
4882
4883qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
4884
4885 * debian/control: slof is moving into main, so we can depend on qemu-slof as
4886 debian does.
4887
4888 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
4889
4890qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
4891
4892 * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
4893 versa.
4894 * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
4895 * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
4896 to latest upstream machine type, rather than distro one. Add 'ubuntu'
4897 machine type for that.
4898
4899 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
4900
4901qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
4902
4903 * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
4904 container. (LP: #1370199)
4905 * load kvm module on ppc64le at boot (LP: #1369785)
4906 - debian/rules: install qemu-kvm on ppc64el
4907 - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
4908 kvm-hv module if available
4909 * qemu-system-x86.maintscript: remove accidentally installed
4910 /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
4911 * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
4912 ubuntu.
4913
4914 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
4915
4916qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
4917
4918 * Re-stick the trusty machine type to 2.0 (where it must always stay) and
4919 define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
4920
4921 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
4922
4923qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
4924
4925 * move kvm_intel nested setting to qemu-system-x86.postinst.
4926
4927 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
4928
4929qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
4930
4931 * Merge new debian release
4932 * Remaining changes:
4933 - qemu-system-common.postinst:
4934 * remove acl placed by udev, and add udevadm trigger.
4935 * reload kvm_intel if needed to set nested=1
4936 - qemu-system-common.preinst: add kvm group if needed
4937 - add qemu-kvm upstart job and defaults file (rules,
4938 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4939 - rules,qemu-system-x86.modprobe: support use under older udevs which
4940 do not auto-load the kvm kernel module. Enable nesting by default
4941 on intel.
4942 - debian/qemu-system-alternatives.in: use a later version as ubuntu
4943 removed the alternatives bit later.
4944 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4945 in qemu64 cpu type.
4946 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4947 machine type to ease future live vm migration.
4948 - apport hook for qemu source package: d/source_qemu-kvm.py,
4949 d/qemu-system-common.install
4950 - debian/binfmt-update-in: support ppcle
4951 * debian/binfmt-update-in
4952 * Support-ppcle.patch
4953 - d/p/CVE-2014-5388.patch
4954
4955 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
4956
1748qemu (2.1+dfsg-4) unstable; urgency=medium4957qemu (2.1+dfsg-4) unstable; urgency=medium
17494958
1750 * mention libnuma-dev but not enable for now4959 * mention libnuma-dev but not enable for now
@@ -1762,6 +4971,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
17624971
1763 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +04004972 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
17644973
4974qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
4975
4976 * SECURITY UPDATE: memory disclosure via out-of-bounds array access
4977 - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
4978 - CVE-2014-5388
4979
4980 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
4981
4982qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
4983
4984 * replace d/p/revert-acpi-table-size-bump with
4985 pc-reserve-more-memory-for-acpi.patch from upstream
4986 * debian/binfmt-update-in
4987 - don't run in a container
4988 - add ppc64le as target (LP: #1358268)
4989 * Add experimental ppcle support (LP: #1358268)
4990
4991 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
4992
4993qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
4994
4995 * revert-acpi-table-size-bump - get qemu -kernel working again.
4996
4997 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
4998
4999qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
5000
5001 * Merge new debian release
5002 * Remaining changes:
5003 - control-in: stick to libsdl1.2-dev.
5004 - qemu-system-common.install: add debian/tmp/usr/lib to install the
5005 qemu-bridge-helper
5006 - qemu-system-common.postinst: remove acl placed by udev,
5007 and add udevadm trigger.
5008 - qemu-system-common.preinst: add kvm group if needed
5009 - add qemu-kvm upstart job and defaults file (rules,
5010 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
5011 - rules,qemu-system-x86.modprobe: support use under older udevs which
5012 do not auto-load the kvm kernel module. Enable nesting by default
5013 on intel.
5014 - debian/qemu-system-alternatives.in: use a later version as ubuntu
5015 removed the alternatives bit later.
5016 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
5017 in qemu64 cpu type.
5018 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
5019 machine type to ease future live vm migration.
5020 - apport hook for qemu source package: d/source_qemu-kvm.py,
5021 d/qemu-system-common.install
5022 * Upstart job: use getent group to check for kvm group
5023 * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
5024
5025 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
5026
1765qemu (2.1+dfsg-3) unstable; urgency=medium5027qemu (2.1+dfsg-3) unstable; urgency=medium
17665028
1767 * set SHELL = /bin/sh -e, so that more complex shell constructs5029 * set SHELL = /bin/sh -e, so that more complex shell constructs
@@ -1788,6 +5050,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
17885050
1789 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +04005051 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
17905052
5053qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
5054
5055 * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
5056
5057 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
5058
5059qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
5060
5061 * Merge new debian release
5062 * Remaining changes:
5063 - qemu-system-x86.links: add eepro100.rom link, drop links which we
5064 have in ipxe-qemu package.
5065 - control-in: stick to libsdl1.2-dev.
5066 - qemu-system-common.install: add debian/tmp/usr/lib to install the