Merge ~paelzer/ubuntu/+source/qemu:merge-5.2+dfsg-6-hirsute into ubuntu/+source/qemu:debian/sid

Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 9355f8a7b6fc6d04d0f875ebd05af2ba51c6a01c
Merge reported by: Christian Ehrhardt 
Merged at revision: 9355f8a7b6fc6d04d0f875ebd05af2ba51c6a01c
Proposed branch: ~paelzer/ubuntu/+source/qemu:merge-5.2+dfsg-6-hirsute
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 6465 lines (+5793/-30)
17 files modified
debian/changelog (+4288/-4)
debian/control (+88/-17)
debian/control-in (+59/-8)
debian/patches/series (+7/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+784/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch (+76/-0)
debian/patches/ubuntu/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch (+56/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-gui.prerm (+42/-0)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/rules (+56/-1)
Reviewer Review Type Date Requested Status
Lucas Kanashiro Approve
Canonical Server packageset reviewers Pending
Canonical Server Team Pending
Review via email: mp+398447@code.launchpad.net
To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

To help review I've also pushed
 * [new tag] split/1%5.2+dfsg-3ubuntu2 -> split/1%5.2+dfsg-3ubuntu2
 * [new tag] logical/1%5.2+dfsg-3ubuntu2 -> logical/1%5.2+dfsg-3ubuntu2

Christian Ehrhardt  (paelzer) wrote :

back to WIP until I can confirm a successful build in the PPA

Christian Ehrhardt  (paelzer) wrote :

Debian has
libgdk-pixbuf-2.0-0 | 2.42.2+dfsg-1 | testing | amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
libgdk-pixbuf-2.0-0 | 2.42.2+dfsg-1 | unstable | amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x

We have
 libgdk-pixbuf-2.0-0 | 2.42.2+dfsg-1 | hirsute | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 libgdk-pixbuf-2.0-0 | 2.42.2+dfsg-1build1 | hirsute-proposed | arm64, armhf, i386, ppc64el

This is a indirect build dependency, not a change in qemu.
I see:
  Missing build dependencies: libgdk-pixbuf-2.0-0 (>= 2.40.0)

We have build-deps: libgtk-3-dev -> libgdk-pixbuf-2.0-dev (>= 2.40.0) -> libgdk-pixbuf-2.0-0 (= 2.42.2+dfsg-1)

It almost seems that this was just transitioning and therefore breaking builds.

That is resolved - it was indeed just transitioning at the time.

Another minor issue was that the fix for s390x 9p needed a bit of backporting. But that worked on a local build as well now.

Back ready for review.

Lucas Kanashiro (lucaskanashiro) wrote :

I am grabbing this MP to review.

Lucas Kanashiro (lucaskanashiro) wrote :

* Changelog:
  - [√] old content and logical tag match as expected
  - [√] changelog entry correct version and targeted codename
  - [√] changelog entries correct
  - [√] update-maintainer has been run

* Actual changes:
  - [√] no upstream changes to consider
  - [√] no further upstream version to consider
  - [√] debian changes look safe

* Old Delta:
  - [-] dropped changes are ok to be dropped
  - [√] nothing else to drop
  - [√] changes forwarded upstream/debian (if appropriate)

* New Delta:
  - [-] no new patches added
  - [√] patches match what was proposed upstream
  - [√] patches correctly included in debian/patches/series
  - [√] patches have correct DEP3 metadata

* Build/Test:
  - [√] build is ok
  - [√] verified PPA package installs/uninstalls
  - [-] autopkgtest against the PPA package passes
  - [√] sanity checks test fine

LGTM, +1.

The only thing I found was a typo in this commit message (changelog is fine):

commit 17d5c87a13fda8870bb52c37bb7676e65b35b4bd
Author: Christian Ehrhardt <email address hidden>
Date: Wed Jan 8 16:45:41 2020 +0100

    d/qemu-system-x86.README.Debian: add into about nesting changes

    Signed-off-by: Christian Ehrhardt <email address hidden>

s/into/info.

review: Approve
Christian Ehrhardt  (paelzer) wrote :

Thanks Lucas!
I've fixed the typo, once tests are complete I'll upload.

Christian Ehrhardt  (paelzer) wrote :

prep (x86_64) : Pass 25 F/S/N 0/0/0 - RC 0 (15 min 44545 lin)
migrate (x86_64) : Pass 288 F/S/N 0/0/0 - RC 0 (59 min 216531 lin)
cross (x86_64) : Pass 58 F/S/N 0/1/2 - RC 0 (80 min 100104 lin)
misc (x86_64) : Pass 73 F/S/N 0/0/0 - RC 0 (29 min 40852 lin)

prep (s390x) : Pass 25 F/S/N 0/0/0 - RC 0 (13 min 31251 lin)
migrate (s390x) : Pass 268 F/S/N 0/5/0 - RC 0 (72 min 163307 lin)
cross (s390x) : Pass 47 F/S/N 1/1/1 - RC 1 (79 min 89294 lin)
misc (s390x) : Pass 48 F/S/N 0/0/0 ...

I've also included a new libvirt and rerun the tests now before uploading both.

Christian Ehrhardt  (paelzer) wrote :

This is in proposed - set merged

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 7bc0619..18eacd3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,56 @@
1qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
2
3 * Merge with Debian unstable, includes fixes for
4 - build operates differently if source is a git repo (LP: #1887535)
5 Remaining changes:
6 - qemu-kvm to systemd unit
7 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
8 hugepages and architecture specifics
9 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
10 qemu-kvm-init
11 - d/qemu-system-common.install: install helper script
12 - d/qemu-system-common.qemu-kvm.default: defaults for
13 /etc/default/qemu-kvm
14 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
15 - Distribution specific machine type (LP: 1304107 1621042)
16 - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
17 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
18 for host-phys-bits=true (LP: 1776189)
19 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
20 - provide pseries-bionic-2.11-sxxm type as convenience with all
21 meltdown/spectre workarounds enabled by default. (LP: 1761372).
22 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
23 - Enable nesting by default
24 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
25 in qemu64 on amd
26 [ No more strictly needed, but required for backward compatibility ]
27 - improved dependencies
28 - Make qemu-system-common depend on qemu-block-extra
29 - Make qemu-utils depend on qemu-block-extra
30 - let qemu-utils recommend sharutils
31 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
32 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
33 reference 256k path
34 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
35 handle incoming migrations from former releases.
36 - d/control-in: Disable capstone disassembler library support (universe)
37 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
38 - d/control*, d/rules: disable xen by default, but provide universe
39 package qemu-system-x86-xen as alternative
40 [includes compat links changes of 5.0-5ubuntu4]
41 - allow qemu to load old modules post upgrade (LP 1847361)
42 - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
43 - d/rules: Drop generating package version into maintainer scripts
44 - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
45 the bad old prerm (LP 1906245 1905377)
46 - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
47 ld usage of -no-pie (LP 1907789)
48 * Added changes
49 - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
50 virtio-9p-ccw being missing (LP: #1916230)
51
52 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Feb 2021 11:40:36 +0100
53
1qemu (1:5.2+dfsg-6) unstable; urgency=medium54qemu (1:5.2+dfsg-6) unstable; urgency=medium
255
3 * deprecate qemu-debootstrap. It is not needed anymore with56 * deprecate qemu-debootstrap. It is not needed anymore with
@@ -50,6 +103,64 @@ qemu (1:5.2+dfsg-4) unstable; urgency=medium
50103
51 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300104 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300
52105
106qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
107
108 * No change rebuild to pick up liburing. (LP: #1914145)
109
110 -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 19:44:54 -0300
111
112qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
113
114 * Merge with Debian unstable, includes fixes for
115 - qemu-user-static are partially dynamically linked (LP: #1908331)
116 - qemu crashing when using spice without qemu-system-gui being
117 installed (LP: #1908577)
118 Remaining changes:
119 - qemu-kvm to systemd unit
120 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
121 hugepages and architecture specifics
122 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
123 qemu-kvm-init
124 - d/qemu-system-common.install: install helper script
125 - d/qemu-system-common.qemu-kvm.default: defaults for
126 /etc/default/qemu-kvm
127 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
128 - Distribution specific machine type (LP: 1304107 1621042)
129 - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
130 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
131 for host-phys-bits=true (LP: 1776189)
132 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
133 - provide pseries-bionic-2.11-sxxm type as convenience with all
134 meltdown/spectre workarounds enabled by default. (LP: 1761372).
135 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
136 - Enable nesting by default
137 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
138 in qemu64 on amd
139 [ No more strictly needed, but required for backward compatibility ]
140 - improved dependencies
141 - Make qemu-system-common depend on qemu-block-extra
142 - Make qemu-utils depend on qemu-block-extra
143 - let qemu-utils recommend sharutils
144 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
145 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
146 reference 256k path
147 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
148 handle incoming migrations from former releases.
149 - d/control-in: Disable capstone disassembler library support (universe)
150 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
151 - d/control*, d/rules: disable xen by default, but provide universe
152 package qemu-system-x86-xen as alternative
153 [includes compat links changes of 5.0-5ubuntu4]
154 - allow qemu to load old modules post upgrade (LP 1847361)
155 - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
156 - d/rules: Drop generating package version into maintainer scripts
157 - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
158 the bad old prerm (LP 1906245 1905377)
159 - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
160 ld usage of -no-pie (LP 1907789)
161
162 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
163
53qemu (1:5.2+dfsg-3) unstable; urgency=medium164qemu (1:5.2+dfsg-3) unstable; urgency=medium
54165
55 [ Christian Ehrhardt ]166 [ Christian Ehrhardt ]
@@ -66,6 +177,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
66177
67 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300178 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
68179
180qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
181
182 * Merge with Debian unstable
183 - includes fix for CVE-2020-17380
184 - includes a fix for s390x PCI device reset (LP: #1907656)
185 Remaining changes:
186 - qemu-kvm to systemd unit
187 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
188 hugepages and architecture specifics
189 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
190 qemu-kvm-init
191 - d/qemu-system-common.install: install helper script
192 - d/qemu-system-common.qemu-kvm.default: defaults for
193 /etc/default/qemu-kvm
194 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
195 - Distribution specific machine type (LP: 1304107 1621042)
196 - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
197 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
198 for host-phys-bits=true (LP: 1776189)
199 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
200 - provide pseries-bionic-2.11-sxxm type as convenience with all
201 meltdown/spectre workarounds enabled by default. (LP: 1761372).
202 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
203 - Enable nesting by default
204 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
205 in qemu64 on amd
206 [ No more strictly needed, but required for backward compatibility ]
207 - improved dependencies
208 - Make qemu-system-common depend on qemu-block-extra
209 - Make qemu-utils depend on qemu-block-extra
210 - let qemu-utils recommend sharutils
211 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
212 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
213 reference 256k path
214 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
215 handle incoming migrations from former releases.
216 - d/control-in: Disable capstone disassembler library support (universe)
217 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
218 - d/control*, d/rules: disable xen by default, but provide universe
219 package qemu-system-x86-xen as alternative
220 [includes compat links changes of 5.0-5ubuntu4]
221 - allow qemu to load old modules post upgrade (LP 1847361)
222 - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
223 - d/rules: Drop generating package version into maintainer scripts
224 - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
225 the bad old prerm (LP 1906245 1905377)
226 * Dropped Changes:
227 - d/control, d/rules: build with gcc-9 on armhf as workaround until
228 resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
229 fails]
230 * Added Changes:
231 - Refreshed ubuntu machine types for hirsute@5.2
232 - d/control: regenerated from d/control-in
233 - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
234 ld usage of -no-pie (LP: #1907789)
235
236 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
237
69qemu (1:5.2+dfsg-2) unstable; urgency=medium238qemu (1:5.2+dfsg-2) unstable; urgency=medium
70239
71 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,240 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
@@ -111,6 +280,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
111280
112 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300281 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
113282
283qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
284
285 * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
286 the bad old prerm (LP: #1906245)
287
288 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
289
290qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
291
292 * Fix upgrade module handling (LP: #1905377)
293 This was accetped in a slightly different form in qemu_5.0-6 and therefore
294 allows to drop some former delta that is now conflicting.
295 Ubuntu still keeps enabling --enable-module-upgrades, but only for
296 qemu-xen which doesn't exist in Debian
297 - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
298 - d/rules: Drop generating package version into maintainer scripts
299
300 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
301
302qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
303
304 * Merge with Debian testing, remaining changes:
305 Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
306 - qemu-kvm to systemd unit
307 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
308 hugepages and architecture specifics
309 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
310 qemu-kvm-init
311 - d/qemu-system-common.install: install helper script
312 - d/qemu-system-common.qemu-kvm.default: defaults for
313 /etc/default/qemu-kvm
314 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
315 - Distribution specific machine type (LP: 1304107 1621042)
316 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
317 types
318 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
319 for host-phys-bits=true (LP: 1776189)
320 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
321 - provide pseries-bionic-2.11-sxxm type as convenience with all
322 meltdown/spectre workarounds enabled by default. (LP: 1761372).
323 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
324 - Enable nesting by default
325 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
326 in qemu64 on amd
327 [ No more strictly needed, but required for backward compatibility ]
328 - improved dependencies
329 - Make qemu-system-common depend on qemu-block-extra
330 - Make qemu-utils depend on qemu-block-extra
331 - let qemu-utils recommend sharutils
332 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
333 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
334 reference 256k path
335 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
336 handle incoming migrations from former releases.
337 - d/control-in: Disable capstone disassembler library support (universe)
338 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
339 - d/control*, d/rules: disable xen by default, but provide universe
340 package qemu-system-x86-xen as alternative
341 [includes compat links changes of 5.0-5ubuntu4]
342 - allow qemu to load old modules post upgrade (LP 1847361)
343 - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
344 upgrade
345 - d/rules: generate maintainer scripts matching package version on build
346 - d/rules: enable --enable-module-upgrades where --enable-modules is set
347 - d/control: regenerate debian/control out of control-in
348 * Dropped changes [in Debian or no more needed]
349 - d/control-in: disable pmem on ppc64 as it is currently considered
350 experimental on that architecture (pmdk v1.8-1)
351 - d/rules: makefile definitions can't be recursive - sys_systems for s390x
352 - d/rules: report config log from the correct subdir
353 - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
354 - Pick further changes for groovy from debian/master since 5.0-5
355 - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
356 - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
357 - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
358 - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
359 - megasas-use-unsigned-type-for-positive-numeric-fields.patch
360 - megasas-fix-possible-out-of-bounds-array-access.patch
361 - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
362 - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
363 - a few patches from the stable series:
364 - fix-tulip-breakage.patch
365 - 9p-lock-directory-streams-with-a-CoMutex.patch
366 Prevent deadlocks in 9pfs readdir code
367 - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
368 Fix newline accidentally sneaked into id string of a nic
369 - qemu-nbd-close-inherited-stderr.patch
370 - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
371 - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
372 - virtio-balloon-unref-the-iothread-when-unrealizing.patch
373 - acpi-tmr-allow-2-byte-reads.patch
374 - reapply CVE-2020-13253 fixes from upstream
375 - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
376 - linux-user-add-netlink-RTM_SETLINK-command.patch
377 - d/control: since qemu-system-data now contains module(s),
378 it can't be multi-arch. Ditto for qemu-block-extra.
379 - qemu-system-foo: depend on exact version of qemu-system-data,
380 due to the latter having modules
381 - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
382 This is another incarnation of the recent bugfix which actually enabled
383 memory access constraints, like #964247
384 - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
385 this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
386 and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
387 - xhci-fix-valid.max_access_size-to-access-address-registers.patch
388 fix one more incarnation of the breakage after the CVE-2020-13754 fix
389 - do not install outdated (0.12 and before) Changelog
390 - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
391 ARM-only XGMAC NIC, possible buffer overflow during packet transmission
392 Closes: CVE-2020-15863
393 - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
394 - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
395 another fix for revert-memory-accept-.. CVE-2020-13754
396 - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
397 - d/control-in: build-dep libcap is no more needed
398 - arch aware kvm wrappers
399 [upstream now automatically enables KVM if available and called with
400 kvm* name, provides KVM as before but with auto-fallback to tcg.
401 Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
402 * Dropped changes [upstream now]
403 - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
404 setup_len
405 - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
406 - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
407 - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
408 from vfio-ccw (LP 1887935)
409 - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
410 - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
411 - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
412 SQXBR (LP 1883984)
413 - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
414 - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
415 environments (LP 1887763)
416 - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
417 - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
418 crashes it on shutdown (LP 1878973)
419 - update d/p/ubuntu/lp-1835546-* to the final versions
420 - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
421 FTBFS in groovy
422 * Added Changes:
423 - update ubuntu machine types for hirsute@5.1
424 - d/control: regenerated from d/control-in
425 - d/control, d/rules: build with gcc-9 on armhf as workaround until
426 resolved in gcc-10 (LP: 1890435)
427
428 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
429
114qemu (1:5.1+dfsg-4) unstable; urgency=high430qemu (1:5.1+dfsg-4) unstable; urgency=high
115431
116 * mention closing of CVE-2020-16092 by 5.1432 * mention closing of CVE-2020-16092 by 5.1
@@ -129,7 +445,7 @@ qemu (1:5.1+dfsg-3) unstable; urgency=medium
129445
130qemu (1:5.1+dfsg-2) unstable; urgency=medium446qemu (1:5.1+dfsg-2) unstable; urgency=medium
131447
132 * fix brown-paper bag bug in last upload448 * fix brown-paper bag bug in last upload
133449
134 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 17 Aug 2020 20:58:52 +0300450 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 17 Aug 2020 20:58:52 +0300
135451
@@ -352,6 +668,298 @@ qemu (1:5.0-6) unstable; urgency=medium
352668
353 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300669 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
354670
671qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
672
673 * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
674 machine type to match how it originally was released (LP: #1902654)
675
676 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
677
678qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
679
680 * No-change rebuild for brltty soname change.
681
682 -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
683
684qemu (1:5.0-5ubuntu9) groovy; urgency=medium
685
686 * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
687 setup_len
688 CVE-2020-14364
689
690 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
691
692qemu (1:5.0-5ubuntu8) groovy; urgency=medium
693
694 * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
695
696 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
697
698qemu (1:5.0-5ubuntu7) groovy; urgency=medium
699
700 * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
701
702 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
703
704qemu (1:5.0-5ubuntu6) groovy; urgency=medium
705
706 * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
707 from vfio-ccw (LP: #1887935)
708
709 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
710
711qemu (1:5.0-5ubuntu5) groovy; urgency=medium
712
713 * fix qemu-user-static initialization to allow executing systemd
714 (LP: #1890881)
715 - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
716 - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
717 - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
718 - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
719 - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
720 - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
721 * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
722 CVE-2020-16092
723 - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
724
725 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
726
727qemu (1:5.0-5ubuntu4) groovy; urgency=medium
728
729 * xen: provide compat links to what libxen-dev reports where to find
730 the binaries (LP: #1890005)
731 * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
732 SQXBR (LP: #1883984)
733 * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
734
735 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
736
737qemu (1:5.0-5ubuntu3) groovy; urgency=medium
738
739 * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
740 environments (LP: #1887763)
741 * Pick further changes for groovy from debian/master since 5.0-5
742 - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
743 Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
744 infinite recursion via a crafted mm_index value during
745 ati_mm_read or ati_mm_write call.
746 - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
747 Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
748 devices which uses min_access_size and max_access_size Memory API fields.
749 Also closes: CVE-2020-13791
750 - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
751 CVE-2020-13659: address_space_map in exec.c can trigger
752 a NULL pointer dereference related to BounceBuffer
753 - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
754 Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
755 has an OOB read via a crafted reply_queue_head field from a guest OS user
756 - megasas-use-unsigned-type-for-positive-numeric-fields.patch
757 fix other possible cases like in CVE-2020-13362 (#961887)
758 - megasas-fix-possible-out-of-bounds-array-access.patch
759 Some tracepoints use a guest-controlled value as an index into the
760 mfi_frame_desc[] array. Thus a malicious guest could cause a very low
761 impact OOB errors here
762 - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
763 Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
764 This flaw occurs when an nbd-client sends a spec-compliant request that is
765 near the boundary of maximum permitted request length. A remote nbd-client
766 could use this flaw to crash the qemu-nbd server resulting in a DoS.
767 - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
768 Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
769 properly validate the frame count, which allows guest OS users to trigger
770 an out-of-bounds access during an es1370_write() operation
771 - a few patches from the stable series:
772 - fix-tulip-breakage.patch
773 The tulip network driver in a qemu-system-hppa emulation is broken in
774 the sense that bigger network packages aren't received any longer and
775 thus even running e.g. "apt update" inside the VM fails. Fix this.
776 - 9p-lock-directory-streams-with-a-CoMutex.patch
777 Prevent deadlocks in 9pfs readdir code
778 - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
779 Fix newline accidentally sneaked into id string of a nic
780 - qemu-nbd-close-inherited-stderr.patch
781 - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
782 - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
783 - virtio-balloon-unref-the-iothread-when-unrealizing.patch
784 - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
785 - reapply CVE-2020-13253 fixed from upstream:
786 sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
787 sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
788 sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
789 sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
790 Closes: #961297, CVE-2020-13253
791 - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
792 (Closes: #965109)
793 - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
794 - d/control: since qemu-system-data now contains module(s),
795 it can't be multi-arch. Ditto for qemu-block-extra.
796 - qemu-system-foo: depend on exact version of qemu-system-data,
797 due to the latter having modules
798 - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
799 This is another incarnation of the recent bugfix which actually enabled
800 memory access constraints, like #964247
801 - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
802 this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
803 and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
804 - xhci-fix-valid.max_access_size-to-access-address-registers.patch
805 fix one more incarnation of the breakage after the CVE-2020-13754 fix
806 - do not install outdated (0.12 and before) Changelog (Closes: #965381)
807 - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
808 ARM-only XGMAC NIC, possible buffer overflow during packet transmission
809 Closes: CVE-2020-15863
810 - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
811 List of patches:
812 sm501-convert-printf-abort-to-qemu_log_mask.patch
813 sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
814 sm501-use-BIT-macro-to-shorten-constant.patch
815 sm501-clean-up-local-variables-in-sm501_2d_operation.patch
816 sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
817 Closes: #961451, CVE-2020-12829
818 - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
819 another fix for revert-memory-accept-.. CVE-2020-13754
820 - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
821
822 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
823
824qemu (1:5.0-5ubuntu2) groovy; urgency=medium
825
826 * No change rebuild against new libnettle8 and libhogweed6 ABI.
827
828 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
829
830qemu (1:5.0-5ubuntu1) groovy; urgency=medium
831
832 * Merge with Debian testing (LP: #1749393), remaining changes:
833 - qemu-kvm to systemd unit
834 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
835 hugepages and architecture specifics
836 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
837 qemu-kvm-init
838 - d/qemu-system-common.install: install helper script
839 - d/qemu-system-common.qemu-kvm.default: defaults for
840 /etc/default/qemu-kvm
841 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
842 - Distribution specific machine type (LP: 1304107 1621042)
843 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
844 types
845 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
846 for host-phys-bits=true (LP: 1776189)
847 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
848 - provide pseries-bionic-2.11-sxxm type as convenience with all
849 meltdown/spectre workarounds enabled by default. (LP: 1761372).
850 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
851 - Enable nesting by default
852 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
853 in qemu64 on amd
854 [ No more strictly needed, but required for backward compatibility ]
855 - improved dependencies
856 - Make qemu-system-common depend on qemu-block-extra
857 - Make qemu-utils depend on qemu-block-extra
858 - let qemu-utils recommend sharutils
859 - arch aware kvm wrappers
860 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
861 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
862 reference 256k path
863 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
864 handle incoming migrations from former releases.
865 - d/control-in: Disable capstone disassembler library support (universe)
866 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
867 - d/control*, d/rules: disable xen by default, but provide universe
868 package qemu-system-x86-xen as alternative
869 [includes --disable-xen for user-static builds]
870 - d/control-in: disable pmem on ppc64 as it is currently considered
871 experimental on that architecture (pmdk v1.8-1)
872 - d/rules: makefile definitions can't be recursive - sys_systems for s390x
873 - d/rules: report config log from the correct subdir
874 - allow qemu to load old modules post upgrade (LP 1847361)
875 - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
876 upgrade
877 - d/rules: generate maintainer scripts matching package version on build
878 - d/rules: enable --enable-module-upgrades where --enable-modules is set
879 - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
880 - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
881 - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
882 crashes it on shutdown (LP 1878973)
883 * Dropped changes (no more needed)
884 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
885 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
886 in qemu64 cpu type.
887 - d/control: avoid upgrade issues triggered by moving ivshmem tools after
888 Debian. Fixed by bumping the related Breaks/Replaces to the
889 Version Ubuntu introduced the change (LP 1862287)
890 * Dropped changes (in Debian)
891 - improved s390x support
892 - d/binfmt-update-in: fix binfmt being called in some containers
893 (LP 1840956)
894 - qemu-system-x86-microvm package
895 In addition to the generic multi-purpose qemu also provide a minimal
896 feature binary that is loading faster for use cases with microvm machine
897 type and qboot bios
898 - d/control-in: add a new qemu-system-x86-microvm package
899 - d/rules: add an extra config/build step to get the minimal qemu
900 - Security and packaging fixes (LP 1872937)
901 - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
902 - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
903 CVE-2020-10702
904 CVE-2020-11102
905 - fix external spice UI
906 + install ui-spice-app.so in qemu-system-common
907 + install ui-spice-app.so only if built, spice is optional
908 - switch binfmt registration to use update-binfmts --[un]import (#866756)
909 - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
910 - qemu-system-data: s/highcolor/hicolor/ (#955741)
911 - enable riscv build (LP 1872931)
912 [ changes picked from Debian ]
913 - enable support for riscv64 hosts
914 - only enable librbd on architectures where it is built
915 - ceph: do not list librados-dev as we only use librbd-dev and the latter
916 depends on the former
917 - seccomp grew up, no need in versioned build-dep
918 - enable seccomp only on architectures where it can be built
919 * Dropped changes (upstream)
920 - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
921 (LP 1857033)
922 - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
923 - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
924 vhost-user-gpu
925 - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
926 avoid unnecessary IOTLB transactions (LP 1866207)
927 - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
928 patches @qemu-stable (LP 1867519)
929 - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
930 to avoid broken nesting (LP 1868692)
931 - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
932 (LP 1871830)
933 - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
934 - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
935 - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
936 and clobbered doubles (LP 1872945)
937 - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
938 - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
939 ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
940 - CVE-2020-11869
941 - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
942 - async: use explicit memory barriers (LP 1805256)
943 - aio-wait: delegate polling of main AioContext if BQL not held
944 - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
945 supporting to set them (LP 1882774)
946 - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
947 load to a versioned path
948 * Added Changes:
949 - d/control: regenerate debian/control out of control-in
950 - update d/p/ubuntu/lp-1835546-* to the final versions
951 - 11 patches dropped as they are in 5.0
952 - 20 patches updated to how they will be in 5.1
953 - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
954 FTBFS in groovy
955 - Make qemu-system-x86-microvm a transitional package as the binary is now
956 in qemu-system-x86 itself.
957 - d/control-in: build-dep libcap is no more needed
958 - d/rules: update arch aware kvm wrappers
959 - d/qemu-system-x86.README.Debian: fix typo
960
961 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
962
355qemu (1:5.0-5) unstable; urgency=medium963qemu (1:5.0-5) unstable; urgency=medium
356964
357 * more binfmt-install updates965 * more binfmt-install updates
@@ -484,6 +1092,188 @@ qemu (1:4.2-4) unstable; urgency=medium
4841092
485 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +03001093 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
4861094
1095qemu (1:4.2-3ubuntu10) groovy; urgency=medium
1096
1097 * No-change rebuild against libnettle8
1098
1099 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
1100
1101qemu (1:4.2-3ubuntu9) groovy; urgency=medium
1102
1103 * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1104 crashes it on shutdown (LP: #1878973)
1105 * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1106 supporting to set them (LP: #1882774)
1107
1108 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
1109
1110qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1111
1112 * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1113 - async: use explicit memory barriers (LP: #1805256)
1114 - aio-wait: delegate polling of main AioContext if BQL not held
1115
1116 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1117
1118qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1119
1120 * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1121 - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1122 ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1123 - CVE-2020-11869
1124
1125 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1126
1127qemu (1:4.2-3ubuntu6) focal; urgency=medium
1128
1129 [ Christian Ehrhardt ]
1130 * enable riscv build (LP: #1872931)
1131 [ changes picked from Debian ]
1132 - enable support for riscv64 hosts
1133 - only enable librbd on architectures where it is built
1134 - ceph: do not list librados-dev as we only use librbd-dev and the latter
1135 depends on the former
1136 - seccomp grew up, no need in versioned build-dep
1137 - enable seccomp only on architectures where it can be built
1138 * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1139 * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1140 and clobbered doubles (LP: #1872945)
1141
1142 [ William Grant ]
1143 * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1144
1145 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1146
1147qemu (1:4.2-3ubuntu5) focal; urgency=medium
1148
1149 [ Christian Ehrhardt ]
1150 * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1151 (LP: #1871830)
1152 * Security and packaging fixes (LP: #1872937)
1153 - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1154 - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1155 CVE-2020-10702
1156 CVE-2020-11102
1157 - fix external spice UI
1158 + install ui-spice-app.so in qemu-system-common
1159 + install ui-spice-app.so only if built, spice is optional
1160 - switch binfmt registration to use update-binfmts --[un]import (#866756)
1161 - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1162 - qemu-system-data: s/highcolor/hicolor/ (#955741)
1163 * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1164
1165 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1166
1167qemu (1:4.2-3ubuntu4) focal; urgency=medium
1168
1169 * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1170 * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1171 to avoid broken nesting (LP: #1868692)
1172
1173 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1174
1175qemu (1:4.2-3ubuntu3) focal; urgency=medium
1176
1177 * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1178 patches @qemu-stable (LP: #1867519)
1179
1180 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1181
1182qemu (1:4.2-3ubuntu2) focal; urgency=medium
1183
1184 * allow qemu to load old modules post upgrade (LP: #1847361)
1185 - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1186 load to a versioned path
1187 - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1188 upgrade
1189 - d/rules: generate maintainer scripts matching package version on build
1190 - d/rules: enable --enable-module-upgrades where --enable-modules is set
1191 * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1192 avoid unnecessary IOTLB transactions (LP: #1866207)
1193
1194 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1195
1196qemu (1:4.2-3ubuntu1) focal; urgency=medium
1197
1198 * Merge with Debian testing, remaining changes:
1199 - qemu-kvm to systemd unit
1200 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1201 hugepages and architecture specifics
1202 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1203 qemu-kvm-init
1204 - d/qemu-system-common.install: install helper script
1205 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1206 - d/qemu-system-common.qemu-kvm.default: defaults for
1207 /etc/default/qemu-kvm
1208 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1209 - Distribution specific machine type (LP: 1304107 1621042)
1210 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1211 types
1212 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1213 for host-phys-bits=true (LP: 1776189)
1214 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1215 - provide pseries-bionic-2.11-sxxm type as convenience with all
1216 meltdown/spectre workarounds enabled by default. (LP: 1761372).
1217 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1218 - Enable nesting by default
1219 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1220 in qemu64 cpu type.
1221 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1222 in qemu64 on amd
1223 [ No more strictly needed, but required for backward compatibility ]
1224 - improved dependencies
1225 - Make qemu-system-common depend on qemu-block-extra
1226 - Make qemu-utils depend on qemu-block-extra
1227 - let qemu-utils recommend sharutils
1228 - improved s390x support
1229 - d/rules: build s390-ccw.img with upstream Makefile
1230 - d/rules: build s390-netboot.img with upstream Makefile
1231 - arch aware kvm wrappers
1232 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1233 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1234 reference 256k path
1235 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1236 handle incoming migrations from former releases.
1237 - d/control-in: Disable capstone disassembler library support (universe)
1238 - d/binfmt-update-in: fix binfmt being called in some containers
1239 (LP 1840956)
1240 - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1241 (LP 1857033)
1242 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1243 - d/control*, d/rules: disable xen by default, but provide universe
1244 package qemu-system-x86-xen as alternative
1245 - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1246 - Dropped changes [ in Debian ]
1247 - d/control: update VCS links
1248 - d/control-in: bump debhelper build-dep for compat 12
1249 - d/control: disable bluetooth being deprecated
1250 - d/not-installed: ignore new interop docs and extra icons for now
1251 - d/not-installed: do not install elf2dmp until namespaced
1252 - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1253 [ not needed ]
1254 - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1255 - s390x support
1256 - Create qemu-system-s390x package
1257 - Enable numa support for s390x
1258 - d/control*: enable libpmem support for nvdimms (LP 1790856)
1259 * Added changes
1260 - d/control: regenerate debian/control out of control-in
1261 - qemu-system-x86-microvm package
1262 In addition to the generic multi-purpose qemu also provide a minimal
1263 feature binary that is loading faster for use cases with microvm machine
1264 type and qboot bios
1265 - d/control-in: add a new qemu-system-x86-microvm package
1266 - d/rules: add an extra config/build step to get the minimal qemu
1267 - d/control-in: disable pmem on ppc64 as it is currently considered
1268 experimental on that architecture (pmdk v1.8-1)
1269 - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1270 - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1271 vhost-user-gpu
1272 - d/rules: report config log from the correct subdir
1273 - d/rules: --disable-xen for user-static builds
1274
1275 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1276
487qemu (1:4.2-3) unstable; urgency=medium1277qemu (1:4.2-3) unstable; urgency=medium
4881278
489 * mention closing of #909743 in previous changelog (Closes: #909743)1279 * mention closing of #909743 in previous changelog (Closes: #909743)
@@ -526,6 +1316,169 @@ qemu (1:4.2-2) unstable; urgency=medium
5261316
527 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +03001317 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
5281318
1319qemu (1:4.2-1ubuntu2) focal; urgency=medium
1320
1321 * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1322 Debian. Fixed by by bumping the related Breaks/Replaces to the
1323 Version Ubuntu introduced the change (LP: #1862287)
1324
1325 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1326
1327qemu (1:4.2-1ubuntu1) focal; urgency=medium
1328
1329 * Merge with Debian testing, Among many other things this fixes LP Bugs:
1330 LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1331 LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1332 LP: #1852744 - Crypto Passthrough Interrupt Support
1333 LP: #1853316 - CCW IPL Support
1334 Remaining changes:
1335 - qemu-kvm to systemd unit
1336 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1337 hugepages and architecture specifics
1338 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1339 qemu-kvm-init
1340 - d/qemu-system-common.install: install helper script
1341 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1342 - d/qemu-system-common.qemu-kvm.default: defaults for
1343 /etc/default/qemu-kvm
1344 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1345 - Distribution specific machine type (LP: 1304107 1621042)
1346 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1347 types
1348 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1349 for host-phys-bits=true (LP: 1776189)
1350 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1351 - provide pseries-bionic-2.11-sxxm type as convenience with all
1352 meltdown/spectre workarounds enabled by default. (LP: 1761372).
1353 - Enable nesting by default
1354 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1355 in qemu64 cpu type.
1356 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1357 in qemu64 on amd
1358 [ No more strictly needed, but required for backward compatibility ]
1359 - improved dependencies
1360 - Make qemu-system-common depend on qemu-block-extra
1361 - Make qemu-utils depend on qemu-block-extra
1362 - let qemu-utils recommend sharutils
1363 - s390x support
1364 - Create qemu-system-s390x package
1365 - Enable numa support for s390x
1366 - d/rules: build s390-ccw.img with upstream Makefile
1367 - d/rules: build s390-netboot.img with upstream Makefile
1368 - arch aware kvm wrappers
1369 - d/control: update VCS links
1370 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1371 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1372 reference 256k path
1373 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1374 handle incoming migrations from former releases.
1375 - d/control-in: Disable capstone disassembler library support (universe)
1376 - d/control: disable bluetooth being deprecated
1377 - d/not-installed: ignore new interop docs and extra icons for now
1378 - d/not-installed: do not install elf2dmp until namespaced
1379 - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1380 - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1381 - d/binfmt-update-in: fix binfmt being called in some containers
1382 (LP 1840956)
1383 - Dropped changes (in Debian)
1384 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1385 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1386 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1387 - d/control-in: enable RDMA support in qemu (LP: 1692476)
1388 - enable RDMA config option
1389 - add libibumad-dev build-dep
1390 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1391 some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1392 As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1393 replace it with a build-indep using the upstream makefiles.
1394 This is less prone to miss future changes/fixes that are done to the
1395 makefiles
1396 - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1397 - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1398 - d/rules: fix qemu-kvm service for debhelper compat >=12
1399 - Refreshed patches for v4.0 context changes
1400 - d/control*: remove sdlabi which was removed upstream
1401 - d/control*: enable docs (now explicit) and provide new build-dep
1402 python3-sphinx
1403 - d/qemu-system-data.install: use new paths for formerly used icons
1404 - Merge with Upstream release of qemu 4.0
1405 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1406 - Dropped changes (Upstream)
1407 - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1408 - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1409 - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1410 fix i386 build error
1411 - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1412 fix naming of the new vector facitlity (LP 1836066)
1413 - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1414 for missing SIOCGSTAMP definition; final fix is still in discussion
1415 upstream (LP: 1836159)
1416 - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1417 s390x machines (LP 1836154)
1418 - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1419 (LP 1841066)
1420 - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1421 update the z15 model name (LP 1842774)
1422 - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1423 fix a potential hang when qemu or qemu-img where accessing http backed
1424 disks via libcurl (LP 1848556)
1425 - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
1426 fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
1427 - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1428 toleration for future machines (LP 1830704)
1429 - SECURITY UPDATE: Add support for exposing md-clear functionality
1430 to guests
1431 - d/p/ubuntu/enable-md-clear.patch
1432 - d/p/ubuntu/enable-md-no.patch
1433 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1434 - SECURITY UPDATE: heap overflow when loading device tree blob
1435 - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1436 copy the device tree blob into is.
1437 - CVE-2018-20815
1438 - SECURITY UPDATE: device driver denial of service via NULL pointer
1439 dereference
1440 - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1441 routine
1442 - CVE-2019-5008
1443 - SECURITY UPDATE: information leak in SLiRP
1444 - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1445 emulating ident.
1446 - CVE-2019-9824
1447 - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1448 unimplement.patch: properly return architecture defined exception
1449 on bad subcodes of diag 308 (LP 1812384)
1450 * Dropped changes (no more needed)
1451 - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1452 mv_conffile since the new path is a directory in the old package
1453 version which can not be handled by mv_conffile.
1454 [ only needed between disco and eoan ]
1455 - disable pvrdma
1456 [ CVEs all fixed now ]
1457 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1458 avoid misdetection of simplified nesting blocking all migrations
1459 [ qemu now detects and handles nesting - needs kernel >=4.20 ]
1460 - Enable nesting by default
1461 - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1462 (is default on amd)
1463 - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1464 without nested=1
1465 [ nesting is default in kernel modules and default selected cpu types ]
1466 * Added changes
1467 - d/control: regenerate debian/control out of control-in
1468 - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
1469 - added ubuntu focal types for qemu 4.2
1470 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1471 - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1472 (LP: #1857033)
1473 - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1474 - d/control*, d/rules: disable xen by default, but provide universe
1475 package qemu-system-x86-xen as alternative
1476 - fix typos in changelog and d/qemu-system-x86.NEWS
1477 - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
1478 - d/control*: enable libpmem support for nvdimms (LP: #1790856)
1479
1480 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
1481
529qemu (1:4.2-1) unstable; urgency=medium1482qemu (1:4.2-1) unstable; urgency=medium
5301483
531 * new upstream release (4.2.0)1484 * new upstream release (4.2.0)
@@ -602,6 +1555,205 @@ qemu (1:4.1-1) unstable; urgency=medium
6021555
603 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +03001556 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
6041557
1558qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
1559
1560 * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1561 fix a potential hang when qemu or qemu-img where accessing http backed
1562 disks via libcurl (LP: #1848556)
1563 * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
1564 fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
1565
1566 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
1567
1568qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
1569
1570 * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1571 update the z15 model name (LP: #1842774)
1572
1573 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
1574
1575qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
1576
1577 * d/binfmt-update-in: fix binfmt being called in some containers
1578 (LP: #1840956)
1579
1580 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
1581
1582qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
1583
1584 * No-change upload with strops.h and sys/strops.h removed in glibc.
1585
1586 -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
1587
1588qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
1589
1590 * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1591 (LP: #1841066)
1592
1593 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
1594
1595qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
1596
1597 * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1598 s390x machines (LP: #1836154)
1599
1600 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
1601
1602qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
1603
1604 * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
1605 - pick Debian change for (#889885)
1606 move ovmf to recommends on debian and update aarch ovmf refs
1607 - stop Ubuntu to drop ovmf/qemu-efi to a suggest
1608
1609 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
1610
1611qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
1612
1613 * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1614 for missing SIOCGSTAMP definition; final fix is still in discussion
1615 upstream (LP: 1836159)
1616
1617 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
1618
1619qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
1620
1621 * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1622 fix naming of the new vector facitlity (LP: #1836066)
1623 * d/control-in: update VCS links in control template as well
1624
1625 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
1626
1627qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
1628
1629 * Merge with Upstream release of qemu 4.0.
1630 Among many other things this fixes LP Bugs:
1631 LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
1632 LP: #1828038 - Update s390x CPU Model for more HW support
1633 LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
1634 Remaining Changes:
1635 - qemu-kvm to systemd unit
1636 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1637 hugepages and architecture specifics
1638 - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1639 qemu-kvm-init
1640 - d/qemu-system-common.install: install helper script
1641 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1642 - d/qemu-system-common.qemu-kvm.default: defaults for
1643 /etc/default/qemu-kvm
1644 - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1645 - Enable nesting by default
1646 - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1647 (is default on amd)
1648 - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1649 without nested=1
1650 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1651 in qemu64 cpu type.
1652 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1653 in qemu64 on amd
1654 - d/qemu-system-x86.README.Debian: document intention of nested being
1655 default is comfort, not full support
1656 - Distribution specific machine type (LP: 1304107 1621042)
1657 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1658 types
1659 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1660 for host-phys-bits=true (LP: 1776189)
1661 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1662 - provide pseries-bionic-2.11-sxxm type as convenience with all
1663 meltdown/spectre workarounds enabled by default. (LP: 1761372).
1664 - improved dependencies
1665 - Make qemu-system-common depend on qemu-block-extra
1666 - Make qemu-utils depend on qemu-block-extra
1667 - let qemu-utils recommend sharutils
1668 - s390x support
1669 - Create qemu-system-s390x package
1670 - Enable numa support for s390x
1671 - arch aware kvm wrappers
1672 - d/control: update VCS links
1673 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1674 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1675 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1676 - d/control-in: enable RDMA support in qemu (LP: 1692476)
1677 - enable RDMA config option
1678 - add libibumad-dev build-dep
1679 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1680 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1681 reference 256k path
1682 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1683 handle incoming migrations from former releases.
1684 - d/control-in: Disable capstone disassembler library support (universe)
1685 - Move s390x roms to a new qemu-system-data-s390x
1686 - d/qemu-system-data.install: install s390x roms as architecture:all in
1687 qemu-system-data
1688 - d/rules: build s390-ccw.img with upstream Makefile
1689 - d/rules: build s390-netboot.img with upstream Makefile
1690 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1691 some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1692 As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1693 replace it with a build-indep using the upstream makefiles.
1694 This is less prone to miss future changes/fixes that are done to the
1695 makefiles
1696 - d/control-in: add breaks/replaces for moving s390x roms from
1697 qemu-system-s390x to qemu-system-data
1698 - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1699 [From not yet uploaded Debian branch]
1700 - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1701 - d/rules: fix qemu-kvm service for debhelper compat >=12
1702 - disable pvrdma - besides several security holes there are many other
1703 bugs there as well
1704 * Dropped patches that are upstream in v4.0
1705 - d/p/do-not-link-everything-with-xen.patch
1706 - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
1707 - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
1708 - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1709 - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
1710 - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
1711 - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
1712 (LP: 1759509)
1713 - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
1714 - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
1715 - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
1716 - d/p/ubuntu/CVE-2018-20815.patch
1717 - d/p/ubuntu/CVE-2019-5008.patch
1718 - d/p/ubuntu/CVE-2019-9824.patch
1719 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1720 avoid misdetection of simplified nesting blocking all migrations
1721 * Dropped further patches
1722 d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
1723 [upstream deprecated the whole subsystem instead of applying the fix]
1724 * Added Changes
1725 - updated ubuntu machine types for v4.0
1726 - added eoan types
1727 - fixed s390x issue of upstream types having a "v" prefix
1728 - add back dropped machine types to avoid more issues like LP: 1802944
1729 - fix kvm split irqchip default in ubuntu q35 machine type
1730 - drop no more needed spapr_machine_2_11_sxxm_instance_options and
1731 adapt updated CamelCase
1732 - -hpb types now need to use GlobalProperties
1733 - pc_compat_2_0 got a _fn suffix and slight changes
1734 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
1735 SLOF of qemu 4.0
1736 - Refreshed patches still needed for v4.0 context changes
1737 - d/p/use-fixed-data-path.patch
1738 - d/p/ubuntu/enable-svm-by-default.patch
1739 - d/p/ubuntu/enable-md-clear.patch
1740 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
1741 - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
1742 (LP: #1830243)
1743 - d/control: disable bluetooth being deprecated
1744 - d/control*: remove sdlabi which was removed upstream
1745 - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
1746 - d/control*: enable docs (now explicit) and provide new build-dep
1747 python3-sphinx
1748 - d/not-installed: ignore new interop docs and extra icons for now
1749 - d/not-installed: do not install elf2dmp until namespaced
1750 - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1751 - d/qemu-system-data.install: use new paths for formerly used icons
1752 - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1753 fix i386 build error
1754
1755 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
1756
605qemu (1:3.1+dfsg-8) unstable; urgency=high1757qemu (1:3.1+dfsg-8) unstable; urgency=high
6061758
607 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch1759 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
@@ -704,6 +1856,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
7041856
705 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +03001857 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
7061858
1859qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
1860
1861 * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
1862 broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
1863 fix migrations from old machines (LP: #1829868).
1864 * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1865 toleration for future machines (LP: #1830704
1866
1867 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
1868
1869qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
1870
1871 * SECURITY UPDATE: Add support for exposing md-clear functionality
1872 to guests
1873 - d/p/ubuntu/enable-md-clear.patch
1874 - d/p/ubuntu/enable-md-no.patch
1875 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1876 * SECURITY UPDATE: heap overflow when loading device tree blob
1877 - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1878 copy the device tree blob into is.
1879 - CVE-2018-20815
1880 * SECURITY UPDATE: device driver denial of service via NULL pointer
1881 dereference
1882 - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1883 routine
1884 - CVE-2019-5008
1885 * SECURITY UPDATE: information leak in SLiRP
1886 - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1887 emulating ident.
1888 - CVE-2019-9824
1889
1890 -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
1891
1892qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
1893
1894 * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
1895 - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
1896 - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1897 mv_conffile since the new path is a directory in the old package
1898 version which can not be handled by mv_conffile.
1899 * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
1900 OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
1901 Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
1902 CVE-2019-3812
1903
1904 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
1905
1906qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
1907
1908 * disable pvrdma - besides several security holes there are many other
1909 bugs there as well, and the amount of patches applied upstream after
1910 3.1 release is large (Closes, or actuallymakes unimportant again)
1911 - CVE-2018-20123
1912 - CVE-2018-20124
1913 - CVE-2018-20125
1914 - CVE-2018-20126
1915 - CVE-2018-20191
1916 - CVE-2018-20216
1917 * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1918 - CVE-2019-6501
1919 * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
1920 - CVE-2019-6778
1921
1922 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
1923
1924qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
1925
1926 * Merge with Debian testing, Among many other things this fixes LP Bugs:
1927 LP: #1806104 - fix misleading page size error on ppc64el
1928 LP: #1782205 - SnowRidge enabled new ISAs
1929 LP: #1786956 - upgrade to qemu >= 3.0
1930 LP: #1809083 - Backward migration to Xenial on ppc64el
1931 LP: #1803315 - s390x Huge page enablement
1932 LP: #1657409 - enable virglrenderer
1933 Remaining Changes:
1934 - qemu-kvm to systemd unit
1935 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1936 hugepages and architecture specifics
1937 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1938 - d/qemu-system-common.install: install systemd unit and helper script
1939 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1940 - d/qemu-system-common.qemu-kvm.default: defaults for
1941 /etc/default/qemu-kvm
1942 - d/rules: install /etc/default/qemu-kvm
1943 - Enable nesting by default
1944 - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1945 (is default on amd)
1946 - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1947 without nested=1
1948 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1949 in qemu64 cpu type.
1950 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1951 in qemu64 on amd
1952 - d/qemu-system-x86.README.Debian: document intention of nested being
1953 default is comfort, not full support
1954 - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
1955 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1956 types
1957 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1958 for host-phys-bits=true (LP: 1776189)
1959 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1960 - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1961 convenience with all meltdown/spectre workarounds enabled by default.
1962 (LP: 1761372).
1963 - improved dependencies
1964 - Make qemu-system-common depend on qemu-block-extra
1965 - Make qemu-utils depend on qemu-block-extra
1966 - let qemu-utils recommend sharutils
1967 - s390x support
1968 - Create qemu-system-s390x package
1969 - Enable numa support for s390x
1970 - arch aware kvm wrappers
1971 - d/control: update VCS links (updated to match latest Ubuntu)
1972 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1973 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1974 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1975 - d/control-in: enable RDMA support in qemu (LP: 1692476)
1976 - enable RDMA config option
1977 - add libibumad-dev build-dep
1978 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1979 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1980 reference 256k path
1981 - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1982 handle incoming migrations from former releases.
1983 - d/control-in: Disable capstone disassembler library support (universe)
1984 * Added Changes:
1985 - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
1986 for qemu 3.1 in the Ubuntu Disco release
1987 - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
1988 - Move s390x roms to a new qemu-system-data-s390x
1989 - d/qemu-system-data.install: install s390x roms as architecture:all in
1990 qemu-system-data
1991 - d/rules: build s390-ccw.img with upstream Makefile
1992 - d/rules: build s390x-netboot.img with upstream Makefile
1993 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1994 some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1995 As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1996 replace it with a build-indep using the upstream makefiles.
1997 This is less prone to miss future changes/fixes that are done to the
1998 makefiles
1999 - d/control-in: add breaks/replaces for moving s390x roms from
2000 qemu-system-s390x to qemu-system-data
2001 - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
2002 [From not yet uploaded Debian branch]
2003 - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
2004 (Closes: #918378)
2005 - d/rules: fix qemu-kvm service for debhelper compat >=12
2006 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2007 avoid misdetection of simplified nesting blocking all migrations
2008 - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
2009 unimplement.patch: properly return archicture defined exception
2010 on bad subcodes of diag 308 (LP: #1812384)
2011 * Dropped Changes:
2012 - Include s390-ccw.img firmware (old style native build)
2013 - d/rules enable install s390x-netboot.img (old style native build)
2014 - libvirt/qemu user/group support
2015 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2016 trigger.
2017 [ Droppable since logind properly sets ACLs now ]
2018 - qemu-system-common.preinst: add kvm group if needed
2019 [ Droppable because systemd/udev take care of it since 239-6]
2020 - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
2021 freeze-hook fixes (LP: 1484990)
2022 [upstream]
2023 - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2024 merged upstream
2025 [upstream]
2026 - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2027 computation while concatenating mbuf.
2028 CVE-2018-11806
2029 [upstream]
2030 - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2031 for powerpc64 to speed up translation (LP: 1781526)
2032 [upstream]
2033 - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2034 cpu model for z14 ZR1 (LP: 1780773).
2035 [upstream]
2036 - Mark qemu-system-data foreign to be able to install it e.g. on i386
2037 (Closes: 903562)
2038 [in Debian]
2039 - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2040 unreleased Debian version)
2041 [in Debian]
2042 - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2043 by migrations with UI frontends or frequent guest resolution changes
2044 (LP #1755912)
2045 [upstream]
2046 - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2047 extend eieio for POWER9 emulation (LP: 1787408).
2048 [upstream]
2049 - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2050 ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
2051 [upstream]
2052 - improve s390x spectre mitigation with etoken facility (LP: 1790457)
2053 [upstream]
2054 - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
2055 [upstream]
2056 - d/control-in: our addition of a qemu-system-s390x package needs to follow
2057 the split of qemu-system-data by adding a dependency to it (LP: 1798084)
2058 [in Debian]
2059 - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2060 Adapters on s390x (LP: 1787405)
2061 [upstream]
2062 - enable opengl for vfio-MDEV support (LP: 1804766)
2063 [in Debian]
2064 - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2065 [upstream]
2066 - SECURITY UPDATE: integer overflow via crafted QMP command
2067 [upstream]
2068 - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2069 [upstream]
2070 - SECURITY UPDATE: buffer overflow in rtl8139
2071 [upstream]
2072 - SECURITY UPDATE: buffer overflow in pcnet
2073 [upstream]
2074 - SECURITY UPDATE: DoS via large packet sizes
2075 [upstream]
2076 - SECURITY UPDATE: DoS in lsi53c895a
2077 [upstream]
2078 - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2079 [upstream]
2080 - SECURITY UPDATE: race condition in 9p
2081 [upstream]
2082
2083 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
2084
707qemu (1:3.1+dfsg-2) unstable; urgency=medium2085qemu (1:3.1+dfsg-2) unstable; urgency=medium
7082086
709 * d/rules: split arch and indep builds2087 * d/rules: split arch and indep builds
@@ -783,6 +2161,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
7832161
784 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +03002162 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
7852163
2164qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
2165
2166 [ Marc Deslauriers ]
2167 * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2168 - debian/patches/CVE-2018-10839.patch: use proper type in
2169 hw/net/ne2000.c.
2170 - CVE-2018-10839
2171 * SECURITY UPDATE: integer overflow via crafted QMP command
2172 - debian/patches/CVE-2018-12617.patch: check bytes count read by
2173 guest-file-read in qga/commands-posix.c.
2174 - CVE-2018-12617
2175 * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2176 - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
2177 - CVE-2018-16847
2178 * SECURITY UPDATE: buffer overflow in rtl8139
2179 - debian/patches/CVE-2018-17958.patch: use proper type in
2180 hw/net/rtl8139.c.
2181 - CVE-2018-17958
2182 * SECURITY UPDATE: buffer overflow in pcnet
2183 - debian/patches/CVE-2018-17962.patch: use proper type in
2184 hw/net/pcnet.c.
2185 - CVE-2018-17962
2186 * SECURITY UPDATE: DoS via large packet sizes
2187 - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
2188 - CVE-2018-17963
2189 * SECURITY UPDATE: DoS in lsi53c895a
2190 - debian/patches/CVE-2018-18849.patch: check message length value is
2191 valid in hw/scsi/lsi53c895a.c.
2192 - CVE-2018-18849
2193 * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2194 - debian/patches/CVE-2018-18954.patch: check size before data buffer
2195 access in hw/ppc/pnv_lpc.c.
2196 - CVE-2018-18954
2197 * SECURITY UPDATE: race condition in 9p
2198 - debian/patches/CVE-2018-19364-1.patch: use write lock in
2199 hw/9pfs/cofile.c.
2200 - debian/patches/CVE-2018-19364-2.patch: use write lock in
2201 hw/9pfs/9p.c.
2202 - CVE-2018-19364
2203
2204 [ Christian Ehrhardt]
2205 * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2206 Adapters on s390x (LP: #1787405)
2207 * enable opengl for vfio-MDEV support (LP: #1804766)
2208 - d/control-in: set --enable-opengl
2209 - d/control-in: add gl related build-dependencies
2210
2211 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
2212
2213qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
2214
2215 * d/control-in: our addition of a qemu-system-s390x package needs to follow
2216 the split of qemu-system-data by adding a dependency to it (LP: #1798084)
2217
2218 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
2219
2220qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
2221
2222 * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
2223 The SLOF source pieces in src:qemu are only used for s390x netboot,
2224 which are independent ROMs (no linking). All other binaries out of this
2225 are part of src:slof and independent.
2226 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
2227 - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
2228 and related fixes
2229
2230 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
2231
2232qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
2233
2234 * improve s390x spectre mitigation with etoken facility (LP: #1790457)
2235 - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
2236 - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
2237
2238 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
2239
2240qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
2241
2242 * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2243 ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
2244 - CVE-2018-15746
2245
2246 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
2247
2248qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
2249
2250 [ Murilo Opsfelder Araujo ]
2251 * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2252 extend eieio for POWER9 emulation (LP: #1787408).
2253
2254 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
2255
2256qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
2257
2258 * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2259 by migrations with UI frontends or frequent guest resolution changes
2260 (LP: #1755912)
2261
2262 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
2263
2264qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
2265
2266 * Disable capstone disassembler library support (universe dependency)
2267
2268 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
2269
2270qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
2271
2272 * Merge with Debian testing, Remaining Changes:
2273 - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
2274 - qemu-kvm to systemd unit
2275 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2276 hugepages and architecture specifics
2277 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2278 - d/qemu-system-common.install: install systemd unit and helper script
2279 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2280 - d/qemu-system-common.qemu-kvm.default: defaults for
2281 /etc/default/qemu-kvm
2282 - d/rules: install /etc/default/qemu-kvm
2283 - Enable nesting by default
2284 - set nested=1 module option on intel. (is default on amd)
2285 - re-load kvm_intel.ko if it was loaded without nested=1
2286 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2287 in qemu64 cpu type.
2288 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2289 in qemu64 on amd
2290 - d/qemu-system-x86.README.Debian: document intention of nested being
2291 default is comfort, not full support
2292 - libvirt/qemu user/group support
2293 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2294 trigger.
2295 - qemu-system-common.preinst: add kvm group if needed
2296 - Distribution specific machine type
2297 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2298 types to ease future live vm migration.
2299 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2300 - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2301 for host-phys-bits=true (LP: 1776189)
2302 - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2303 - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2304 convenience with all meltdown/spectre workarounds enabled by default.
2305 (LP: 1761372).
2306 - improved dependencies
2307 - Make qemu-system-common depend on qemu-block-extra
2308 - Make qemu-utils depend on qemu-block-extra
2309 - let qemu-utils recommend sharutils
2310 - s390x support
2311 - Create qemu-system-s390x package
2312 - Include s390-ccw.img firmware
2313 - Enable numa support for s390x
2314 - arch aware kvm wrappers
2315 - update VCS-git (updated to match cosmic)
2316 - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2317 - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2318 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2319 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2320 - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2321 - d/rules enable install s390x-netboot.img
2322 - d/control-in: enable RDMA support in qemu (LP: 1692476)
2323 - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2324 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2325 reference 256k path
2326 - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2327 handle incoming migrations from former releases.
2328 - SECURITY UPDATE: Speculative Store Bypass
2329 - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2330 CPUID feature bit in target/i386/cpu.*.
2331 - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2332 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2333 - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2334 MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2335 target/i386/machine.c.
2336 - CVE-2018-3639
2337 * Added Changes:
2338 - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2339 - add cosmic types for base and -hpb
2340 - drop no more supported types (zesty and yakkety)
2341 - d/p/series: group machine type changes
2342 - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2343 merged upstream
2344 - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2345 computation while concatenating mbuf.
2346 CVE-2018-11806
2347 - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2348 deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2349 - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2350 - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2351 - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2352 to POWER8
2353 - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2354 is no more needed with systemd-detect-virt being more mature and always
2355 present.
2356 - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2357 - d/control-in: add libibumad-dev which is now needed for rdma
2358 - d/rules: update s390x delta to match new Debian packaging
2359 - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2360 for powerpc64 to speed up translation (LP: #1781526)
2361 - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2362 cpu model for z14 ZR1 (LP: #1780773).
2363 - Mark qemu-system-data foreign to be able to install it e.g. on i386
2364 (Closes: 903562)
2365 - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2366 unreleased Debian version)
2367 * Dropped Changes:
2368 - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2369 (No more removed when building DFSG orig tarball in Debian)
2370 - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2371 we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2372 so we revert related changes to stick with the proven for now:
2373 - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2374 depends on it)
2375 - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2376 (Debian switched to gtk which seems to work better and has all
2377 dependencies in main.)
2378 - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2379 - Changes that are now upstream with qemu 2.12
2380 - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2381 newer versions of glibc >=2.27 (LP: 1753826)
2382 - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2383 - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2384 SSE/AVX/AVX512 cpu features (LP: 1739665)
2385 - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2386 space+commpage continuous which avoids long startup times on
2387 qemu-user-static (LP: 1740219)
2388 - provide pseries-2.12-sxxm type (LP: 1761372)
2389 - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2390 filesystem-dax with pmem by backporting align and unarmed options
2391 (LP: 1704312).
2392 - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2393 option to slirp's DHCP server (LP: 1762315)
2394 - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2395 Protection information (LP: 1762854).
2396 - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2397 migration (LP: 1763468).
2398 - SECURITY UPDATE: out-of-bounds access during migration via ps2
2399 CVE-2017-16845
2400 - SECURITY UPDATE: arbitrary code execution via load_multiboot
2401 CVE-2018-7550
2402 - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2403 CVE-2018-7858
2404
2405 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2406
786qemu (1:2.12+dfsg-3) unstable; urgency=medium2407qemu (1:2.12+dfsg-3) unstable; urgency=medium
7872408
788 * make qemu-system-foo depending2409 * make qemu-system-foo depending
@@ -871,6 +2492,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
8712492
872 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +03002493 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
8732494
2495qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2496
2497 * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2498 for host-phys-bits=true (LP: #1776189)
2499 - add an info about this change in debian/qemu-system-x86.NEWS
2500
2501 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2502
2503qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2504
2505 * SECURITY UPDATE: Speculative Store Bypass
2506 - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2507 CPUID feature bit in target/i386/cpu.*.
2508 - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2509 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2510 - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2511 MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2512 target/i386/machine.c.
2513 - CVE-2018-3639
2514
2515 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2516
2517qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2518
2519 * SECURITY UPDATE: out-of-bounds access during migration via ps2
2520 - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2521 in post_load routine in hw/input/ps2.c.
2522 - CVE-2017-16845
2523 * SECURITY UPDATE: arbitrary code execution via load_multiboot
2524 - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2525 zero in hw/i386/multiboot.c.
2526 - CVE-2018-7550
2527 * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2528 - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2529 hw/display/vga.c.
2530 - CVE-2018-7858
2531
2532 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2533
2534qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2535
2536 * No-change rebuild for ncurses soname changes.
2537
2538 -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2539
2540qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2541
2542 * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2543 information (LP: #1762854).
2544 * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2545 (LP: #1763468).
2546
2547 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2548
2549qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2550
2551 * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2552 The Kernel fixes are preferred and already committed to the kernel.
2553 Therefore remove the default disabling of the HTM feature (LP: #1761175)
2554 * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2555 SSE/AVX/AVX512 cpu features (LP: #1739665)
2556 * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2557 space+commpage continuous which avoids long startup times on
2558 qemu-user-static (LP: #1740219)
2559 * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2560 convenience with all meltdown/spectre workarounds enabled by default.
2561 This is not the default type following upstream and x86 on that.
2562 (LP: #1761372).
2563 * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2564 with pmem by backporting align and unarmed options (LP: #1704312).
2565 * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2566 option to slirp's DHCP server (LP: #1762315)
2567
2568 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2569
2570qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2571
2572 * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2573 accepted to be better long term maintainable (LP: #1753938)
2574
2575 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2576
2577qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2578
2579 * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2580 ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2581 * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2582 versions of glibc >=2.27 (LP: #1753826)
2583
2584 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2585
2586qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2587
2588 * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2589 d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2590 Add domainname option and classless static routes support to the user
2591 networking's DHCP server
2592
2593 -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2594
2595qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2596
2597 * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2598 - among other fixes this adds code to:
2599 - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2600 However, enabling this functionality requires additional configuration
2601 beyond just updating QEMU. Also migrations need special consideration.
2602 Details about that can be found at:
2603 https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2604 - Power9 allocation of max 8 threads per core (LP: #1750526)
2605 * Drop changes that are part of the upstream stable release
2606 - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2607 - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2608 - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2609 - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2610 * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2611 * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2612 common compat.h header and add some extra info in the patch header.
2613
2614 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2615
2616qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2617
2618 * Merge with Debian testing, among other fixes this includes
2619 - fix fatal error on negative maxcpus (LP: #1722495)
2620 - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2621 - linux user threading issues (LP: #1350435)
2622 - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2623 Remaining changes:
2624 - qemu-kvm to systemd unit
2625 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2626 hugepages and architecture specifics
2627 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2628 - d/qemu-system-common.install: install systemd unit and helper script
2629 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2630 - d/qemu-system-common.qemu-kvm.default: defaults for
2631 /etc/default/qemu-kvm
2632 - d/rules: install /etc/default/qemu-kvm
2633 - Enable nesting by default
2634 - set nested=1 module option on intel. (is default on amd)
2635 - re-load kvm_intel.ko if it was loaded without nested=1
2636 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2637 in qemu64 cpu type.
2638 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2639 in qemu64 on amd
2640 - libvirt/qemu user/group support
2641 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2642 trigger.
2643 - qemu-system-common.preinst: add kvm group if needed
2644 - Distribution specific machine type
2645 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2646 types to ease future live vm migration.
2647 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2648 - improved dependencies
2649 - Make qemu-system-common depend on qemu-block-extra
2650 - Make qemu-utils depend on qemu-block-extra
2651 - let qemu-utils recommend sharutils
2652 - s390x support
2653 - Create qemu-system-s390x package
2654 - Include s390-ccw.img firmware
2655 - Enable numa support for s390x
2656 - ppc64[le] support
2657 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2658 - arch aware kvm wrappers
2659 * Added Changes
2660 - update VCS-git to match the bionic branch
2661 - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2662 we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2663 so we revert related changes to stick with the proven for now:
2664 - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2665 depends on it)
2666 - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2667 - d/qemu-system-x86.README.Debian: document intention of nested being
2668 default is comfort, not full support
2669 - update Ubuntu machine types for qemu 2.11
2670 - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2671 - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2672 - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2673 - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2674 - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2675 - d/rules enable install s390x-netboot.img
2676 - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2677 - d/control-in: enable RDMA support in qemu (LP: #1692476)
2678 - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2679 - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2680 - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2681 - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2682 - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2683 - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2684 - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2685 reference 256k path
2686 - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2687 handle incoming migrations from former releases.
2688 - d/control-in: enable seccomp on s390x
2689 * Dropped changes (no more needed):
2690 - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2691 The functionality is retained for upgraders, but is deprecated.
2692 Post 18.04 the implementation for these configurations will be removed.
2693 * Dropped changes (in Debian now):
2694 - ppc64[le] support
2695 - Enable seccomp for ppc64el
2696 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2697 - disable missing x32 architecture
2698 - d/rules: or32 is now named or1k (since 4a09d0bb)
2699 - d/qemu-system-common.docs: new paths since (ac06724a)
2700 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2701 by qapi-schema.json which is already packaged (since 4d8bb958)
2702 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2703 to Debian patch to match qemu 2.10)
2704 - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2705 since 8508eee7
2706 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2707 - make nios2/hppa not installed explicitly until further stablized
2708 - d/qemu-guest-agent.install: add the new guest agent reference man page
2709 qemu-ga-ref
2710 - d/qemu-system-common.install: add the now generated qapi/qmp reference
2711 along the qapi intro
2712 - d/not-installed: ignore further generated (since 56e8bdd4) files in
2713 dh_missing that are already provided in other formats qemu-doc,
2714 qemu-qmp-ref,qemu-ga-ref
2715 * Dropped changes (integrated upstream):
2716 - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2717 on arm64 when doing suspend/resume and reboots due to older kernels not
2718 supporting ITS (LP 1731051).
2719 - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2720 James Cowgill to prevent qemu-user from forwarding prctl seccomp
2721 calls (LP 1726394)
2722 - update to upstream 2.10.1 point release (LP 1722808)
2723
2724
2725
2726 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2727
874qemu (1:2.11+dfsg-1) unstable; urgency=medium2728qemu (1:2.11+dfsg-1) unstable; urgency=medium
8752729
876 [ Michael Tokarev ]2730 [ Michael Tokarev ]
@@ -985,6 +2839,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
9852839
986 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +03002840 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
9872841
2842qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
2843
2844 * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2845 on arm64 when doing suspend/resume and reboots due to older kernels not
2846 supporting ITS (LP: #1731051).
2847
2848 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
2849
2850qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
2851
2852 * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2853 James Cowgill to prevent qemu-user from forwarding prctl seccomp
2854 calls (LP: #1726394)
2855
2856 -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
2857
2858qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
2859
2860 * fix enablement of qemu-kvm service (LP: #1720397)
2861 - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
2862 - d/rules: add proper enablement debhelper calls
2863 - d/qemu-system-common.install: install covered by dh_installinit
2864
2865 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
2866
2867qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
2868
2869 * update to upstream 2.10.1 point release (LP: #1722808)
2870
2871 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
2872
2873qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
2874
2875 * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
2876 Remaining changes:
2877 - qemu-kvm to systemd unit
2878 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2879 hugepages and architecture specifics
2880 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2881 - d/qemu-system-common.install: install systemd unit and helper script
2882 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2883 - d/qemu-system-common.qemu-kvm.default: defaults for
2884 /etc/default/qemu-kvm
2885 - d/rules: install /etc/default/qemu-kvm
2886 - Enable nesting by default
2887 - set nested=1 module option on intel. (is default on amd)
2888 - re-load kvm_intel.ko if it was loaded without nested=1
2889 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2890 in qemu64 cpu type.
2891 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2892 in qemu64 on amd
2893 - libvirt/qemu user/group support
2894 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2895 trigger.
2896 - qemu-system-common.preinst: add kvm group if needed
2897 - Distribution specific machine type
2898 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2899 types to ease future live vm migration.
2900 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2901 - improved dependencies
2902 - Make qemu-system-common depend on qemu-block-extra
2903 - Make qemu-utils depend on qemu-block-extra
2904 - let qemu-utils recommend sharutils
2905 - s390x support
2906 - Create qemu-system-s390x package
2907 - Include s390-ccw.img firmware
2908 - Enable numa support for s390x
2909 - ppc64[le] support
2910 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2911 - Enable seccomp for ppc64el
2912 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2913 - arch aware kvm wrappers
2914 - update VCS-git to match the Artful branch
2915 - disable missing x32 architecture
2916 - d/rules: or32 is now named or1k (since 4a09d0bb)
2917 - d/qemu-system-common.docs: new paths since (ac06724a)
2918 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2919 by qapi-schema.json which is already packaged (since 4d8bb958)
2920 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2921 to Debian patch to match qemu 2.10)
2922 - s390x package now builds correctly on all architectures (LP 1710695)
2923 - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2924 since 8508eee7
2925 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2926 - make nios2/hppa not installed explicitly until further stablized
2927 - d/qemu-guest-agent.install: add the new guest agent reference man page
2928 qemu-ga-ref
2929 - d/qemu-system-common.install: add the now generated qapi/qmp reference
2930 along the qapi intro
2931 - d/not-installed: ignore further generated (since 56e8bdd4) files in
2932 dh_missing that are already provided in other formats qemu-doc,
2933 qemu-qmp-ref,qemu-ga-ref
2934
2935
2936 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
2937
2938qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
2939
2940 * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
2941 Remaining changes:
2942 - qemu-kvm to systemd unit
2943 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2944 hugepages and architecture specifics
2945 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2946 - d/qemu-system-common.install: install systemd unit and helper script
2947 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2948 - d/qemu-system-common.qemu-kvm.default: defaults for
2949 /etc/default/qemu-kvm
2950 - d/rules: install /etc/default/qemu-kvm
2951 - Enable nesting by default
2952 - set nested=1 module option on intel. (is default on amd)
2953 - re-load kvm_intel.ko if it was loaded without nested=1
2954 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2955 in qemu64 cpu type.
2956 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2957 in qemu64 on amd
2958 - libvirt/qemu user/group support
2959 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2960 trigger.
2961 - qemu-system-common.preinst: add kvm group if needed
2962 - Distribution specific machine type
2963 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2964 types to ease future live vm migration.
2965 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2966 - improved dependencies
2967 - Make qemu-system-common depend on qemu-block-extra
2968 - Make qemu-utils depend on qemu-block-extra
2969 - let qemu-utils recommend sharutils
2970 - s390x support
2971 - Create qemu-system-s390x package
2972 - Include s390-ccw.img firmware
2973 - Enable numa support for s390x
2974 - ppc64[le] support
2975 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2976 - Enable seccomp for ppc64el
2977 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2978 - arch aware kvm wrappers
2979 - update VCS-git to match the Artful branch
2980 - disable missing x32 architecture
2981 - d/rules: or32 is now named or1k (since 4a09d0bb)
2982 - d/qemu-system-common.docs: new paths since (ac06724a)
2983 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2984 by qapi-schema.json which is already packaged (since 4d8bb958)
2985 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2986 to Debian patch to match qemu 2.10)
2987 - s390x package now builds correctly on all architectures (LP 1710695)
2988 * Added changes:
2989 - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2990 since 8508eee7
2991 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2992 - make nios2/hppa not installed explicitly until further stablized
2993 - d/qemu-guest-agent.install: add the new guest agent reference man page
2994 qemu-ga-ref
2995 - d/qemu-system-common.install: add the now generated qapi/qmp reference
2996 along the qapi intro
2997 - d/not-installed: ignore further generated (since 56e8bdd4) files in
2998 dh_missing that are already provided in other formats qemu-doc,
2999 qemu-qmp-ref,qemu-ga-ref
3000 - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
3001 changes in 2.10-rc4
3002
3003 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
3004
3005qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
3006
3007 * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
3008 a set of bugs
3009 - [FFE] Qemu 2.10 in Artful (LP: #1699968)
3010 - CPU hot unplug fails after migrating a CPU hotplugged guest
3011 from source (LP: #1677552)
3012 - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
3013 - New KVM 288 Pass Through (LP: #1672447)
3014 - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
3015 * Remaining changes:
3016 - qemu-kvm to systemd unit
3017 - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
3018 hugepages and architecture specifics
3019 - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
3020 - d/qemu-system-common.install: install systemd unit and helper script
3021 - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
3022 - d/qemu-system-common.qemu-kvm.default: defaults for
3023 /etc/default/qemu-kvm
3024 - d/rules: install /etc/default/qemu-kvm
3025 - Enable nesting by default
3026 - set nested=1 module option on intel. (is default on amd)
3027 - re-load kvm_intel.ko if it was loaded without nested=1
3028 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
3029 in qemu64 cpu type.
3030 - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
3031 in qemu64 on amd
3032 - libvirt/qemu user/group support
3033 - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
3034 trigger.
3035 - qemu-system-common.preinst: add kvm group if needed
3036 - Distribution specific machine type
3037 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3038 types to ease future live vm migration.
3039 - d/qemu-system-x86.NEWS Info on fixed machine type definitions
3040 - improved dependencies
3041 - Make qemu-system-common depend on qemu-block-extra
3042 - Make qemu-utils depend on qemu-block-extra
3043 - let qemu-utils recommend sharutils
3044 - s390x support
3045 - Create qemu-system-s390x package
3046 - Include s390-ccw.img firmware
3047 - Enable numa support for s390x
3048 - ppc64[le] support
3049 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3050 - Enable seccomp for ppc64el
3051 - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
3052 - arch aware kvm wrappers
3053 - disable missing x32 architecture
3054 - update VCS links
3055 * Added changes
3056 - d/rules: or32 is now named or1k (since 4a09d0bb)
3057 - d/qemu-system-common.docs: new paths since (ac06724a)
3058 - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
3059 by qapi-schema.json which is already packaged (since 4d8bb958)
3060 - Updates in debian/patches to match qemu 2.10
3061 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
3062 - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
3063 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
3064 - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
3065 - update VCS-git to match the Artful branch
3066 - s390x package now builds correctly on all architectures (LP: #1710695)
3067 * Dropped changes (integrated upstream):
3068 - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3069 "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
3070 - All CVE fixes formerly applied are upstream and thereby dropped.
3071
3072 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
3073
988qemu (1:2.8+dfsg-7) unstable; urgency=medium3074qemu (1:2.8+dfsg-7) unstable; urgency=medium
9893075
990 * uploading to unstable all fixes which went to stretch-security3076 * uploading to unstable all fixes which went to stretch-security
@@ -1094,6 +3180,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
10943180
1095 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +03003181 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
10963182
3183qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
3184
3185 * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
3186 This was inadvertently dropped on 2.8 merge.
3187
3188 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
3189
3190qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
3191
3192 * SECURITY UPDATE: denial of service via leak in virtFS
3193 - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
3194 hw/9pfs/9p.c.
3195 - CVE-2017-7377
3196 * SECURITY UPDATE: denial of service in cirrus_vga
3197 - debian/patches/CVE-2017-7718.patch: check parameters in
3198 hw/display/cirrus_vga_rop.h.
3199 - CVE-2017-7718
3200 * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
3201 - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
3202 hw/display/cirrus_vga.c.
3203 - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
3204 hw/display/cirrus_vga.c.
3205 - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
3206 in hw/display/cirrus_vga.c.
3207 - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
3208 hw/display/cirrus_vga.c.
3209 - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
3210 in hw/display/cirrus_vga.c.
3211 - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
3212 pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3213 hw/display/cirrus_vga_rop2.h.
3214 - debian/patches/CVE-2017-7980-7.patch: stop passing around src
3215 pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3216 hw/display/cirrus_vga_rop2.h.
3217 - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
3218 hw/display/cirrus_vga_rop.h.
3219 - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
3220 hw/display/cirrus_vga.c.
3221 - CVE-2017-7980
3222 * SECURITY UPDATE: denial of service via memory leak in virtFS
3223 - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
3224 - CVE-2017-8086
3225 * SECURITY UPDATE: denial of service via leak in audio
3226 - debian/patches/CVE-2017-8309.patch: release capture buffers in
3227 audio/audio.c.
3228 - CVE-2017-8309
3229 * SECURITY UPDATE: denial of service via leak in keyboard
3230 - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
3231 ui/input.c.
3232 - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
3233 ui/input.c.
3234 - CVE-2017-8379
3235
3236 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
3237
3238qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
3239
3240 * SECURITY UPDATE: DoS in virtio GPU device
3241 - debian/patches/CVE-2016-10028.patch: check virgl capabilities
3242 max_size in hw/display/virtio-gpu-3d.c.
3243 - CVE-2016-10028
3244 * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
3245 - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
3246 in hw/dma/rc4030.c.
3247 - CVE-2016-8667
3248 * SECURITY UPDATE: host filesystem access via virtFS
3249 - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
3250 hw/9pfs/*.
3251 - CVE-2016-9602
3252 * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
3253 - debian/patches/CVE-2016-9603.patch: remove bitblit support from
3254 console code in hw/display/cirrus_vga.c, include/ui/console.h,
3255 ui/console.c, ui/vnc.c.
3256 - CVE-2016-9603
3257 * SECURITY UPDATE: information leak in virtio GPU device
3258 - debian/patches/CVE-2016-9908.patch: properly clear out memory in
3259 hw/display/virtio-gpu-3d.c.
3260 - CVE-2016-9908
3261 * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3262 - debian/patches/CVE-2016-9912.patch: properly free memory in
3263 hw/display/virtio-gpu.c.
3264 - CVE-2016-9912
3265 * SECURITY UPDATE: DoS via virtFS
3266 - debian/patches/CVE-2016-9914.patch: add cleanup operations to
3267 fsdev/file-op-9p.h, hw/9pfs/9p.c.
3268 - CVE-2016-9914
3269 * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3270 - debian/patches/CVE-2017-5552.patch: check return value in
3271 hw/display/virtio-gpu-3d.c.
3272 - CVE-2017-5552
3273 * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3274 - debian/patches/CVE-2017-5578.patch: check res->iov in
3275 hw/display/virtio-gpu.c.
3276 - CVE-2017-5578
3277 * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
3278 - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
3279 handling in hw/sd/sdhci.c.
3280 - CVE-2017-5987
3281 * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
3282 - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
3283 hw/usb/hcd-ohci.c.
3284 - CVE-2017-6505
3285
3286 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
3287
3288qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
3289
3290 * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3291 "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
3292
3293 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
3294
3295qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
3296
3297 * Merge with Debian;
3298 This fixes several CVEs that were reported against qemu 2.8 and also
3299 includes a few important functional backports (LP: #1667033); remaining
3300 changes:
3301 - add qemu-kvm init script and defaults file
3302 (d/qemu-system-common.qemu-kvm.*)
3303 - d/rules, d/qemu-kvm-init: add and install script loading kvm
3304 modules and handling /etc/default/qemu-kvm
3305 - qemu-system-common.preinst: add kvm group if needed
3306 - Enable nesting by default on intel.
3307 - set default module option
3308 - re-load kvm_intel.ko if it was loaded without nested=1
3309 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3310 default in qemu64 cpu type.
3311 - Enable svm by default for qemu64 on amd
3312 - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
3313 define distro machine types to ease future live vm migration (includes
3314 all former follow up fixes).
3315 - Make qemu-system-common depend on qemu-block-extra
3316 - Make qemu-utils depend on qemu-block-extra
3317 - s390x support
3318 - Create qemu-system-s390x package
3319 - Include s390-ccw.img firmware
3320 - qemu-system-common.postinst:
3321 - change acl placed by udev, and add udevadm trigger.
3322 - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3323 - Several changes were applied but missing in the changelog so far
3324 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3325 - arch aware kvm wrapper
3326 - update VCS links
3327 - let qemu-utils recommend sharutils
3328 - disable x32 architecture
3329 - Enable seccomp for ppc64el
3330 - Enable numa support for s390x
3331 - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3332 init.d-script-missing-dependency-on-remote_fs
3333 - d/qemu-system-common.postinst: fix lintian error type
3334 command-with-path-in-maintainer-script
3335 - Transition qemu-kvm to a systemd unit
3336 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3337 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3338 that it shows up where the user expects (sytemctl status, kvm stdout)
3339 - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3340 - add arch aware kvm wrapper for s390x
3341 * Dropped Changes (in Debian now):
3342 - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3343 - d/control-in: change dependencies for fix of wrong acl for newly
3344 created device node on ubuntu
3345 - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3346 relationship, but qemu-efi is still in universe right now.
3347 - Disable glusterfs (Universe dependency)
3348 - no more skip disable libiscsi on Ubuntu
3349 - d/rules, d/control-in: avoid people editing d/control
3350 * Added Changes:
3351 - d/control: bump libseccomp-dev dependency as enabling libseccomp for
3352 power makes 2.3 the minimum level.
3353
3354 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
3355
1097qemu (1:2.8+dfsg-3) unstable; urgency=high3356qemu (1:2.8+dfsg-3) unstable; urgency=high
10983357
1099 * urgency high due to security fixes3358 * urgency high due to security fixes
@@ -1154,6 +3413,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
11543413
1155 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +03003414 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
11563415
3416qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
3417
3418 * Merge with Debian; remaining changes:
3419 - add qemu-kvm init script and defaults file
3420 (d/qemu-system-common.qemu-kvm.*)
3421 - d/rules, d/qemu-kvm-init: add and install script loading kvm
3422 modules and handling /etc/default/qemu-kvm
3423 - qemu-system-common.preinst: add kvm group if needed
3424 - Enable nesting by default on intel.
3425 - set default module option
3426 - re-load kvm_intel.ko if it was loaded without nested=1
3427 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3428 default in qemu64 cpu type.
3429 - Enable svm by default for qemu64 on amd
3430 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3431 types to ease future live vm migration.
3432 - Make qemu-system-common depend on qemu-block-extra
3433 - Make qemu-utils depend on qemu-block-extra
3434 - s390x support
3435 - Create qemu-system-s390x package
3436 - Include s390-ccw.img firmware
3437 - qemu-system-common.postinst:
3438 - change acl placed by udev, and add udevadm trigger.
3439 - d/control-in: change dependencies for fix of wrong acl for newly
3440 created device node on ubuntu
3441 - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3442 relationship, but qemu-efi is still in universe right now.
3443 - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3444 - Several changes were applied but missing in the changelog so far
3445 - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3446 - arch aware kvm wrapper
3447 - update VCS links
3448 - no more skip disable libiscsi on Ubuntu
3449 - let qemu-utils recommend sharutils
3450 - disable x32 architecture
3451 * Dropped Changes:
3452 - Several changes were applied but missing in the changelog so far
3453 but are no more needed
3454 - no pie for relocatable LD calls, with toolchain defaulting to
3455 pie (fixed upstream)
3456 - enable libnuma-dev (now in Debian)
3457 - transition for moved init scripts (can be dropped after LTS
3458 containing >=2.5 which is Xenial)
3459 - --enable-seccomp related whitespace change (had no effect)
3460 - apport hook for qemu source package (In Debian)
3461 - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
3462 - d/qemu-system-x86.maintscript: transition off of
3463 /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
3464 - Enable pie by default, on ubuntu/s390x. (Is the default since
3465 >=Xenial, no cloud archive backport <=Xenial to consider)
3466 - no pie for relocatable LD calls (fixed upstream in commit
3467 7ecf44a5)
3468 - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
3469 - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3470 (Improved fix included by upstream)
3471 - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
3472 - Fixed wrong migration blocker when vhost is used (is upstream in
3473 qemu 2.8)
3474 * Added Changes:
3475 - d/rules, d/control-in: avoid people editing d/control by warning
3476 header and non writable permissions
3477 - fixed moving trusty machine type definition which made it
3478 ambiguous (LP: #1641532)
3479 - d/qemu-system-x86.NEWS describe the issue
3480 - Enable seccomp for ppc64el (LP: #1644639)
3481 - Enable numa support for s390x
3482 - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3483 init.d-script-missing-dependency-on-remote_fs
3484 - d/qemu-system-common.postinst: fix lintian error type
3485 command-with-path-in-maintainer-script
3486 - Transition qemu-kvm to a systemd unit
3487 - Disable glusterfs (Universe dependency)
3488 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3489 - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3490 that it shows up where the user expects (sytemctl status, kvm stdout)
3491 - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3492 - add arch aware kvm wrapper for s390x
3493 - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3494 - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
3495 ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
3496 merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
3497
3498 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
3499
1157qemu (1:2.8+dfsg-2) unstable; urgency=medium3500qemu (1:2.8+dfsg-2) unstable; urgency=medium
11583501
1159 * Revert "update binfmt registration for mipsn32"3502 * Revert "update binfmt registration for mipsn32"
@@ -1272,6 +3615,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
12723615
1273 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +03003616 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
12743617
3618qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
3619
3620 * No-change rebuild to compile against new libxen version.
3621
3622 -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
3623
3624qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
3625
3626 * retain older xenial machine type to avoid issues starting guests
3627 created on xenial prior to the SRU for bug 1621042. In that regard the old
3628 broken xenial machine type and the new fixed one have both to be considered
3629 as valid LTS machine types (LP: #1626070).
3630
3631 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
3632
3633qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
3634
3635 * fix default ubuntu machine types. (LP: #1621042)
3636 - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
3637 - remove double default and double ubuntu alias
3638 - drop former devel releases utopic, vivid, wily
3639 - add xenial and yakkety machine types
3640 - add q35 based ubuntu machine type starting at xenial
3641 - add ubuntu machine types on ppc64el and s390x starting at xenial
3642
3643 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
3644
3645qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
3646
3647 * Enable GPU Passthru for ppc64le (LP: #1541902)
3648 - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
3649 - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
3650 - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
3651 - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
3652 - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
3653 - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
3654 - 0007-spapr_iommu-Migrate-full-state.patch
3655 - 0008-spapr_iommu-Add-root-memory-region.patch
3656 - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
3657 - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
3658 - 0011-memory-Add-reporting-of-supported-page-sizes.patch
3659 - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
3660 - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
3661 - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
3662 - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
3663 - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
3664 - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
3665 - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
3666 - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
3667 - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
3668 - 0021-memory-Fix-IOMMU-replay-base-address.patch
3669
3670 -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
3671
3672qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
3673
3674 * New upstream release. LP: #1617055.
3675 * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3676
3677 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
3678
1275qemu (1:2.6+dfsg-3.1) unstable; urgency=high3679qemu (1:2.6+dfsg-3.1) unstable; urgency=high
12763680
1277 * Non-maintainer upload.3681 * Non-maintainer upload.
@@ -1305,6 +3709,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
13053709
1306 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -06003710 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
13073711
3712qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
3713
3714 * SECURITY UPDATE: DoS via unbounded memory allocation
3715 - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
3716 - CVE-2016-5403
3717 * SECURITY UPDATE: oob write access while reading ESP command
3718 - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
3719 maximum CDB size and handle migration in hw/scsi/esp.c,
3720 include/hw/scsi/esp.h, include/migration/vmstate.h.
3721 - CVE-2016-6351
3722 * SECURITY UPDATE: infinite loop in virtqueue_pop
3723 - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
3724 length in hw/virtio/virtio.c.
3725 - CVE-2016-6490
3726
3727 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
3728
3729qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
3730
3731 * Merge with Debian; remaining changes:
3732 - debian/rules: do not drop the init scripts loading kvm modules
3733 (still needed in precise in cloud archive)
3734 - qemu-system-common.postinst:
3735 * remove acl placed by udev, and add udevadm trigger.
3736 * reload kvm_intel if needed to set nested=1
3737 - qemu-system-common.preinst: add kvm group if needed
3738 - add qemu-kvm upstart job and defaults file (rules,
3739 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3740 - rules,qemu-system-x86.modprobe: support use under older udevs which
3741 do not auto-load the kvm kernel module. Enable nesting by default
3742 on intel.
3743 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3744 in qemu64 cpu type.
3745 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3746 types to ease future live vm migration.
3747 - apport hook for qemu source package: d/source_qemu-kvm.py,
3748 d/qemu-system-common.install
3749 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3750 to fix errors with missing block backends.
3751 - s390x:
3752 * Create qemu-system-s390x package
3753 * Enable pie by default, on ubuntu/s390x.
3754 * Enable svm by default for qemu64 on amd
3755 * Include s390-ccw.img firmware
3756 * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3757 relationship, but qemu-efi is still in universe right now.
3758
3759 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
3760
1308qemu (1:2.6+dfsg-3) unstable; urgency=high3761qemu (1:2.6+dfsg-3) unstable; urgency=high
13093762
1310 * more security fixes picked from upstream:3763 * more security fixes picked from upstream:
@@ -1358,6 +3811,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
13583811
1359 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +03003812 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
13603813
3814qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
3815
3816 * Merge with Debian; remaining changes: (LP: #1583775)
3817 - debian/rules: do not drop the init scripts loading kvm modules
3818 (still needed in precise in cloud archive)
3819 - qemu-system-common.postinst:
3820 * remove acl placed by udev, and add udevadm trigger.
3821 * reload kvm_intel if needed to set nested=1
3822 - qemu-system-common.preinst: add kvm group if needed
3823 - add qemu-kvm upstart job and defaults file (rules,
3824 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3825 - rules,qemu-system-x86.modprobe: support use under older udevs which
3826 do not auto-load the kvm kernel module. Enable nesting by default
3827 on intel.
3828 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3829 in qemu64 cpu type.
3830 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3831 types to ease future live vm migration.
3832 - apport hook for qemu source package: d/source_qemu-kvm.py,
3833 d/qemu-system-common.install
3834 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3835 to fix errors with missing block backends. (LP: #1495895)
3836 - s390x:
3837 * Create qemu-system-s390x package
3838 * Enable pie by default, on ubuntu/s390x.
3839 * Enable svm by default for qemu64 on amd
3840 * Include s390-ccw.img firmware
3841 * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3842 relationship, but qemu-efi is still in universe right now.
3843 * Drop patches which have been applied upstream:
3844
3845 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3846
1361qemu (1:2.6+dfsg-1) unstable; urgency=medium3847qemu (1:2.6+dfsg-1) unstable; urgency=medium
13623848
1363 * new upstream release3849 * new upstream release
@@ -1395,6 +3881,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
13953881
1396 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +03003882 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
13973883
3884qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3885
3886 * Cherrypick upstream patches to support the query-gic-version QMP command
3887 (LP: #1566564)
3888
3889 -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3890
3891qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3892
3893 [Stefan Bader]
3894 * Enable svm by default for qemu64 on amd (LP: #1561019)
3895
3896 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3897
3898qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3899
3900 * qemu-system-s390x only available on s390x, so qemu-system should only
3901 depend on it on this arch.
3902 * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3903 relationship, but qemu-efi is still in universe right now.
3904
3905 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3906
3907qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3908
3909 * And actually ship the right things in qemu-system-s390x.
3910
3911 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3912
3913qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3914
3915 * Create qemu-system-s390x package on ubuntu only.
3916
3917 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3918
3919qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3920
3921 * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3922
3923 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3924
3925qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3926
3927 * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3928 (LP: #1556306)
3929
3930 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3931
3932qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3933
3934 * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3935
3936 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3937
3938qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3939
3940 * d/control{-in}: Re-generate and build with libiscsi-dev now
3941 that its in Ubuntu main (LP: #1271653).
3942
3943 -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3944
3945qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3946
3947 * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3948
3949 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3950
3951qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3952
3953 * No-change rebuild for gnutls transition.
3954
3955 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3956
3957qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3958
3959 * Merge with Debian; remaining changes:
3960 - debian/rules: do not drop the init scripts loading kvm modules
3961 (still needed in precise in cloud archive)
3962 - qemu-system-common.postinst:
3963 * remove acl placed by udev, and add udevadm trigger.
3964 * reload kvm_intel if needed to set nested=1
3965 - qemu-system-common.preinst: add kvm group if needed
3966 - add qemu-kvm upstart job and defaults file (rules,
3967 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3968 - rules,qemu-system-x86.modprobe: support use under older udevs which
3969 do not auto-load the kvm kernel module. Enable nesting by default
3970 on intel.
3971 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3972 in qemu64 cpu type.
3973 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3974 types to ease future live vm migration.
3975 - apport hook for qemu source package: d/source_qemu-kvm.py,
3976 d/qemu-system-common.install
3977 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3978 to fix errors with missing block backends. (LP: #1495895)
3979 - Enable pie by default, on ubuntu/s390x.
3980 - Include s390-ccw.img firmware.
3981
3982 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3983
1398qemu (1:2.5+dfsg-5) unstable; urgency=medium3984qemu (1:2.5+dfsg-5) unstable; urgency=medium
13993985
1400 * fix misspellings in previous debian/changelog entry3986 * fix misspellings in previous debian/changelog entry
@@ -1452,6 +4038,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
14524038
1453 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +03004039 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
14544040
4041qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
4042
4043 * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
4044 contents
4045 - debian/patches/CVE-2015-8550-1.patch: avoid double access in
4046 hw/block/xen_blkif.h.
4047 - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
4048 hw/display/xenfb.c.
4049 - CVE-2015-8550
4050 * SECURITY UPDATE: infinite loop in ehci_advance_state
4051 - debian/patches/CVE-2015-8558.patch: make idt processing more robust
4052 in hw/usb/hcd-ehci.c.
4053 - CVE-2015-8558
4054 * SECURITY UPDATE: host memory leakage in vmxnet3
4055 - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
4056 hw/net/vmxnet3.c.
4057 - CVE-2015-8567
4058 - CVE-2015-8568
4059 * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
4060 - debian/patches/CVE-2015-8613.patch: initialise info object with
4061 appropriate size in hw/scsi/megasas.c.
4062 - CVE-2015-8613
4063 * SECURITY UPDATE: DoS via Human Monitor Interface
4064 - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
4065 in hmp.c, include/ui/console.h, ui/input-legacy.c.
4066 - CVE-2015-8619
4067 * SECURITY UPDATE: incorrect array bounds check in rocker
4068 - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
4069 check in hw/net/rocker/rocker.c.
4070 - CVE-2015-8701
4071 * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
4072 - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
4073 operations in hw/net/ne2000.c.
4074 - CVE-2015-8743
4075 * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
4076 - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
4077 error in hw/ide/ahci.c.
4078 - CVE-2016-1568
4079 * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
4080 - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
4081 hw/i386/kvmvapic.c.
4082 - CVE-2016-1922
4083 * SECURITY UPDATE: e1000 infinite loop
4084 - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
4085 out-of-bounds transfer start in hw/net/e1000.c
4086 - CVE-2016-1981
4087 * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
4088 engines
4089 - debian/patches/CVE-2016-2197.patch: add check before calling
4090 dma_memory_unmap in hw/ide/ahci.c.
4091 - CVE-2016-2197
4092 * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
4093 - debian/patches/CVE-2016-2198.patch: add capability mmio write
4094 function in hw/usb/hcd-ehci.c.
4095 - CVE-2016-2198
4096
4097 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
4098
4099qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
4100
4101 * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
4102 Ubuntu specific running-in-container wrapper. (LP: #1539016)
4103
4104 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
4105
4106qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
4107
4108 * Include s390-ccw.img firmware.
4109
4110 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
4111
4112qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
4113
4114 * Place qemu-kvm.defaults file in qemu-system-common, next to the init
4115 scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
4116 Thanks Simon. (LP: #1531191)
4117
4118 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
4119
4120qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
4121
4122 * Merge with Debian; remaining changes:
4123 - debian/rules: do not drop the init scripts loading kvm modules
4124 (still needed in precise in cloud archive)
4125 - qemu-system-common.postinst:
4126 * remove acl placed by udev, and add udevadm trigger.
4127 * reload kvm_intel if needed to set nested=1
4128 - qemu-system-common.preinst: add kvm group if needed
4129 - add qemu-kvm upstart job and defaults file (rules,
4130 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4131 - rules,qemu-system-x86.modprobe: support use under older udevs which
4132 do not auto-load the kvm kernel module. Enable nesting by default
4133 on intel.
4134 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4135 in qemu64 cpu type.
4136 - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
4137 types to ease future live vm migration.
4138 - apport hook for qemu source package: d/source_qemu-kvm.py,
4139 d/qemu-system-common.install
4140 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
4141 to fix errors with missing block backends. (LP: #1495895)
4142 - Enable pie by default, on ubuntu/s390x.
4143 * Drop vGICv3 support patches - all is now upstream
4144 * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
4145
4146 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
4147
1455qemu (1:2.5+dfsg-1) unstable; urgency=medium4148qemu (1:2.5+dfsg-1) unstable; urgency=medium
14564149
1457 * new upstream release4150 * new upstream release
@@ -1478,6 +4171,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
14784171
1479 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +03004172 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
14804173
4174qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
4175
4176 * Enable pie by default, on ubuntu/s390x.
4177
4178 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
4179
4180qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
4181
4182 * undo the libseccomp delta from debian. libseccomp is indeed available
4183 on other arches, but we need qemu's configure script to be fixed before
4184 we can use it on anything other than amd64|i386. Fixes FTBFS.
4185 (LP: #1522531)
4186
4187 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
4188
4189qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
4190
4191 * Merge with Debian; remaining changes:
4192 - Update the ubuntu machine types patch to reflect upstream churn
4193 - debian/rules: do not drop the init scripts loading kvm modules
4194 (still needed in precise in cloud archive)
4195 - qemu-system-common.postinst:
4196 * remove acl placed by udev, and add udevadm trigger.
4197 * reload kvm_intel if needed to set nested=1
4198 - qemu-system-common.preinst: add kvm group if needed
4199 - add qemu-kvm upstart job and defaults file (rules,
4200 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4201 - rules,qemu-system-x86.modprobe: support use under older udevs which
4202 do not auto-load the kvm kernel module. Enable nesting by default
4203 on intel.
4204 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4205 in qemu64 cpu type.
4206 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4207 machine type to ease future live vm migration.
4208 - apport hook for qemu source package: d/source_qemu-kvm.py,
4209 d/qemu-system-common.install
4210 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
4211 to fix errors with missing block backends. (LP: #1495895)
4212 - control-in: build with libseccomp an all architectures
4213 - Add vGICv3 support
4214
4215 -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
4216
1481qemu (1:2.4+dfsg-5) unstable; urgency=medium4217qemu (1:2.4+dfsg-5) unstable; urgency=medium
14824218
1483 * trace-remove-malloc-tracing.patch from upstream.4219 * trace-remove-malloc-tracing.patch from upstream.
@@ -1490,6 +4226,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
14904226
1491 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +03004227 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
14924228
4229qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
4230
4231 * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
4232 - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
4233 hw/net/pcnet.c.
4234 - CVE-2015-7504
4235 * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
4236 - debian/patches/CVE-2015-7512.patch: check packet length in
4237 hw/net/pcnet.c.
4238 - CVE-2015-7512
4239 * SECURITY UPDATE: infinite loop in eepro100
4240 - debian/patches/CVE-2015-8345.patch: prevent endless loop in
4241 hw/net/eepro100.c.
4242 - CVE-2015-8345
4243
4244 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
4245
4246qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
4247
4248 * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
4249
4250 -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
4251
4252qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
4253
4254 * Merge 2.4 from unstable. Remaining changes:
4255 - Update the ubuntu machine types patch to reflect upstream churn
4256 - debian/rules: do not drop the init scripts loading kvm modules
4257 (still needed in precise in cloud archive)
4258 - qemu-system-common.postinst:
4259 * remove acl placed by udev, and add udevadm trigger.
4260 * reload kvm_intel if needed to set nested=1
4261 - qemu-system-common.preinst: add kvm group if needed
4262 - add qemu-kvm upstart job and defaults file (rules,
4263 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4264 - rules,qemu-system-x86.modprobe: support use under older udevs which
4265 do not auto-load the kvm kernel module. Enable nesting by default
4266 on intel.
4267 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4268 in qemu64 cpu type.
4269 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4270 machine type to ease future live vm migration.
4271 - apport hook for qemu source package: d/source_qemu-kvm.py,
4272 d/qemu-system-common.install
4273 - Make qemu-system-common and qemu-utils depend on qemu-block-extra
4274 to fix errors with missing block backends. (LP: #1495895)
4275 - control-in: build with libseccomp an all architectures.
4276 * Add vGICv3 support
4277
4278 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
4279
1493qemu (1:2.4+dfsg-4) unstable; urgency=medium4280qemu (1:2.4+dfsg-4) unstable; urgency=medium
14944281
1495 * applied 3 patches from upstream to fix virtio-net4282 * applied 3 patches from upstream to fix virtio-net
@@ -1504,7 +4291,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
1504 fix for Heap overflow vulnerability in ne2000_receive() function4291 fix for Heap overflow vulnerability in ne2000_receive() function
1505 (Closes: #799074 CVE-2015-5279)4292 (Closes: #799074 CVE-2015-5279)
1506 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch4293 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
1507 (Closes: #799073 CVE-2015-5278)4294 (Closes: #799073 CVE-2015-5278)
1508 * some binfmt reorg:4295 * some binfmt reorg:
1509 - extend aarch64 to include one more byte as other arches do4296 - extend aarch64 to include one more byte as other arches do
1510 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize4297 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
@@ -1556,6 +4343,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
15564343
1557 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +03004344 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
15584345
4346qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
4347
4348 * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
4349
4350 -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
4351
4352qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
4353
4354 * debian/patches/upstream-fix-irq-route-entries.patch
4355 Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
4356 (LP: #1465935)
4357
4358 -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
4359
4360qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
4361
4362 * Build using libseccomp on all architectures.
4363
4364 -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
4365
4366qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
4367
4368 * SECURITY UPDATE: denial of service via NE2000 driver
4369 - debian/patches/CVE-2015-5278.patch: fix infinite loop in
4370 hw/net/ne2000.c.
4371 - CVE-2015-5278
4372 * SECURITY UPDATE: denial of service and possible code execution via
4373 heap overflow in NE2000 driver
4374 - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
4375 hw/net/ne2000.c.
4376 - CVE-2015-5279
4377 * SECURITY UPDATE: denial of service via e1000 infinite loop
4378 - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
4379 - CVE-2015-6815
4380 * SECURITY UPDATE: denial of service via illegal ATAPI commands
4381 - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
4382 hw/ide/core.c.
4383 - CVE-2015-6855
4384
4385 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
4386
4387qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
4388
4389 * Make qemu-system-common and qemu-utils depend on qemu-block-extra
4390 to fix errors with missing block backends. (LP: #1495895)
4391 * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
4392 * Apply fix for memory corruption during live-migration in tcg mode
4393 (LP: #1493049)
4394 * Apply tracing patch to remove use of custom vtable in newer glibc
4395 (LP: #1491972)
4396
4397 -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
4398
4399qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
4400
4401 * Import qcow2-handle-eagain-from-update_refcount from upstream
4402 to fix errors when using qemu-img convert -c. (LP: #1491050)
4403
4404 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
4405
4406qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
4407
4408 * SECURITY UPDATE: process heap memory disclosure
4409 - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
4410 - CVE-2015-5165
4411 * SECURITY UPDATE: privilege escalation via block device unplugging
4412 - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
4413 in hw/ide/piix.c.
4414 - CVE-2015-5166
4415 * SECURITY UPDATE: privilege escalation via memory corruption in vnc
4416 - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
4417 limits in ui/vnc.c.
4418 - CVE-2015-5225
4419 * SECURITY UPDATE: denial of service via virtio-serial
4420 - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
4421 for control messages in hw/char/virtio-serial-bus.c.
4422 - CVE-2015-5745
4423
4424 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
4425
4426qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
4427
4428 * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
4429 - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
4430 - CVE-2015-3214
4431 * SECURITY UPDATE: heap overflow when processing ATAPI commands
4432 - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
4433 hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
4434 - CVE-2015-5154
4435 * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
4436 - debian/patches/CVE-2015-5158.patch: check length in
4437 hw/scsi/scsi-bus.c.
4438 - CVE-2015-5158
4439
4440 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
4441
4442qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
4443
4444 * SECURITY UPDATE: heap overflow in PCNET controller
4445 - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
4446 - CVE-2015-3209
4447
4448 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
4449
4450qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
4451
4452 * Merge 1:2.3+dfsg-5 from Debian.
4453 * Remaining changes:
4454 - debian/rules: do not drop the init scripts loading kvm modules
4455 (still needed in precise in cloud archive)
4456 - qemu-system-common.postinst:
4457 * remove acl placed by udev, and add udevadm trigger.
4458 * reload kvm_intel if needed to set nested=1
4459 - qemu-system-common.preinst: add kvm group if needed
4460 - add qemu-kvm upstart job and defaults file (rules,
4461 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4462 - rules,qemu-system-x86.modprobe: support use under older udevs which
4463 do not auto-load the kvm kernel module. Enable nesting by default
4464 on intel.
4465 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4466 in qemu64 cpu type.
4467 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4468 machine type to ease future live vm migration.
4469 - apport hook for qemu source package: d/source_qemu-kvm.py,
4470 d/qemu-system-common.install
4471 * Refreshed patches:
4472 - ubuntu/expose-vmx_qemu64cpu.patch
4473 - ubuntu/define-ubuntu-machine-types.patch
4474
4475 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
4476
1559qemu (1:2.3+dfsg-5) unstable; urgency=high4477qemu (1:2.3+dfsg-5) unstable; urgency=high
15604478
1561 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch4479 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
@@ -1567,6 +4485,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
15674485
1568 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +03004486 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
15694487
4488qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
4489
4490 * Merge 1:2.3+dfsg-4 from Debian.
4491 * Remaining changes:
4492 - debian/rules: do not drop the init scripts loading kvm modules
4493 (still needed in precise in cloud archive)
4494 - qemu-system-common.postinst:
4495 * remove acl placed by udev, and add udevadm trigger.
4496 * reload kvm_intel if needed to set nested=1
4497 - qemu-system-common.preinst: add kvm group if needed
4498 - add qemu-kvm upstart job and defaults file (rules,
4499 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4500 - rules,qemu-system-x86.modprobe: support use under older udevs which
4501 do not auto-load the kvm kernel module. Enable nesting by default
4502 on intel.
4503 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4504 in qemu64 cpu type.
4505 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4506 machine type to ease future live vm migration.
4507 - apport hook for qemu source package: d/source_qemu-kvm.py,
4508 d/qemu-system-common.install
4509 * Dropped all patches which are applied upstream
4510 * Move the upstart jobs to a generic script
4511 - add new qemu-kvm-init script
4512 - call that from upstart and sysvrc qemu-kvm scripts
4513 - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
4514
4515 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
4516
1570qemu (1:2.3+dfsg-4) unstable; urgency=medium4517qemu (1:2.3+dfsg-4) unstable; urgency=medium
15714518
1572 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:4519 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
@@ -1628,6 +4575,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
16284575
1629 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +03004576 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
16304577
4578qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
4579
4580 * SECURITY UPDATE: denial of service in vnc web
4581 - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
4582 frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
4583 - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
4584 websockets clients in ui/vnc-ws.c.
4585 - CVE-2015-1779
4586 * SECURITY UPDATE: host code execution via floppy device (VEMON)
4587 - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
4588 bounds of the allocated buffer in hw/block/fdc.c.
4589 - CVE-2015-3456
4590
4591 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
4592
4593qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
4594
4595 * CVE-2015-2756 / XSA-126
4596 - xen: limit guest control of PCI command register
4597
4598 -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
4599
4600qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
4601
4602 * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
4603 accidentally create /1
4604
4605 -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
4606
4607qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
4608
4609 * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
4610
4611 -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
4612
4613qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
4614
4615 * No-change rebuild to pull in libxl-4.5.
4616
4617 -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
4618
4619qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
4620
4621 * debian/control-in: enable numa on architectures where numa is built
4622 (LP: #1417937)
4623
4624 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
4625
4626qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
4627
4628 [Scott Moser]
4629 * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
4630 profile when started by libvirt.
4631
4632 [Serge Hallyn]
4633 * add symlink qemu-system-ppc64le -> qemu-system-ppc64
4634 * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
4635 (LP: #1419855)
4636
4637 [Chris J Arges]
4638 * Determine if we are running inside a virtual environment. If running inside
4639 a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
4640
4641 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
4642
4643qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
4644
4645 * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
4646 - debian/rules: do not drop the init scripts loading kvm modules
4647 (still needed in precise in cloud archive)
4648 * Remaining changes:
4649 - qemu-system-common.postinst:
4650 * remove acl placed by udev, and add udevadm trigger.
4651 * reload kvm_intel if needed to set nested=1
4652 - qemu-system-common.preinst: add kvm group if needed
4653 - add qemu-kvm upstart job and defaults file (rules,
4654 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4655 - rules,qemu-system-x86.modprobe: support use under older udevs which
4656 do not auto-load the kvm kernel module. Enable nesting by default
4657 on intel.
4658 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4659 in qemu64 cpu type.
4660 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4661 machine type to ease future live vm migration.
4662 - apport hook for qemu source package: d/source_qemu-kvm.py,
4663 d/qemu-system-common.install
4664 * Dropped all patches which are applied upstream
4665 * Update ubuntu-vivid machine type to default to std graphics (following
4666 upstream's lead for pc-i440fx-2.2 machine type)
4667
4668 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
4669
1631qemu (1:2.2+dfsg-5exp) experimental; urgency=medium4670qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
16324671
1633 * fix initscript removal once again4672 * fix initscript removal once again
@@ -1677,6 +4716,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
16774716
1678 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +03004717 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
16794718
4719qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
4720
4721 * Cherrypick upstream patch needed to allow ESx hosts to run under
4722 kvm (LP: #1411575)
4723
4724 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
4725
4726qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
4727
4728 * Merge 2.1+dfsg-11. Remaining changes:
4729 - qemu-system-common.postinst:
4730 * remove acl placed by udev, and add udevadm trigger.
4731 * reload kvm_intel if needed to set nested=1
4732 - qemu-system-common.preinst: add kvm group if needed
4733 - add qemu-kvm upstart job and defaults file (rules,
4734 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4735 - rules,qemu-system-x86.modprobe: support use under older udevs which
4736 do not auto-load the kvm kernel module. Enable nesting by default
4737 on intel.
4738 - debian/qemu-system-alternatives.in: use a later version as ubuntu
4739 removed the alternatives bit later.
4740 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4741 in qemu64 cpu type.
4742 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4743 machine type to ease future live vm migration.
4744 - apport hook for qemu source package: d/source_qemu-kvm.py,
4745 d/qemu-system-common.install
4746 - debian/binfmt-update-in: support ppcle
4747 * debian/binfmt-update-in
4748 * Support-ppcle.patch
4749 - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
4750 * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4751 * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4752 * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4753 * Dropped patches (upstream or now in debian's tree):
4754 - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
4755 - CVE-2014-7840.patch
4756 - CVE-2014-8106.patch
4757
4758 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
4759
1680qemu (1:2.1+dfsg-11) unstable; urgency=medium4760qemu (1:2.1+dfsg-11) unstable; urgency=medium
16814761
1682 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload4762 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
@@ -1746,6 +4826,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
17464826
1747 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +03004827 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
17484828
4829qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
4830
4831 * SECURITY UPDATE: code execution via savevm data
4832 - debian/patches/CVE-2014-7840.patch: validate parameters in
4833 arch_init.c.
4834 - CVE-2014-7840
4835 * SECURITY UPDATE: code execution via cirrus vga blit regions
4836 (LP: #1400775)
4837 - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
4838 hw/display/cirrus_vga.c.
4839 - CVE-2014-8106
4840
4841 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
4842
4843qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
4844
4845 * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
4846 dropped and VENDOR now will be all capital UBUNTU).
4847
4848 -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
4849
4850qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
4851
4852 * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4853 d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4854 d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4855 Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
4856 SPSel=0 in certain conditions. (LP: #1349277)
4857
4858 -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
4859
4860qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
4861
4862 * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
4863 Cherry-pick of qemu-upstream patch to fix issues with persistent
4864 grants and the PV backend (Qdisk) (LP: #1394327).
4865
4866 -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
4867
4868qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
4869
4870 * Merge 2.1+dfsg-7. Remaining changes:
4871 - qemu-system-common.postinst:
4872 * remove acl placed by udev, and add udevadm trigger.
4873 * reload kvm_intel if needed to set nested=1
4874 - qemu-system-common.preinst: add kvm group if needed
4875 - add qemu-kvm upstart job and defaults file (rules,
4876 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4877 - rules,qemu-system-x86.modprobe: support use under older udevs which
4878 do not auto-load the kvm kernel module. Enable nesting by default
4879 on intel.
4880 - debian/qemu-system-alternatives.in: use a later version as ubuntu
4881 removed the alternatives bit later.
4882 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4883 in qemu64 cpu type.
4884 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4885 machine type to ease future live vm migration.
4886 - apport hook for qemu source package: d/source_qemu-kvm.py,
4887 d/qemu-system-common.install
4888 - debian/binfmt-update-in: support ppcle
4889 * debian/binfmt-update-in
4890 * Support-ppcle.patch
4891 * Dropped patches (upstream or now in debian's tree):
4892 - pc-reserve-more-memory-for-acpi.patch
4893 - CVE-2014-5388.patch
4894 - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
4895 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
4896 in debian)
4897 - CVE-2014-3615.patch
4898 - CVE-2014-3640.patch
4899 - CVE-2014-3689.patch
4900 - CVE-2014-7815.patch
4901
4902 -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
4903
1749qemu (2.1+dfsg-7) unstable; urgency=high4904qemu (2.1+dfsg-7) unstable; urgency=high
17504905
1751 * urgency is high due to 2 security fixes4906 * urgency is high due to 2 security fixes
@@ -1797,6 +4952,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
17974952
1798 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +04004953 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
17994954
4955qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
4956
4957 * SECURITY UPDATE: information disclosure via vga driver
4958 - debian/patches/CVE-2014-3615.patch: return the correct memory size,
4959 sanity check register writes, and don't use fixed buffer sizes in
4960 hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
4961 ui/spice-display.c.
4962 - CVE-2014-3615
4963 * SECURITY UPDATE: denial of service via slirp NULL pointer deref
4964 - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
4965 stub in slirp/udp.c.
4966 - CVE-2014-3640
4967 * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
4968 - debian/patches/CVE-2014-3689.patch: verify rectangles in
4969 hw/display/vmware_vga.c.
4970 - CVE-2014-3689
4971 * SECURITY UPDATE: denial of service via VNC console
4972 - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
4973 ui/vnc.c.
4974 - CVE-2014-7815
4975
4976 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
4977
4978qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
4979
4980 * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
4981 (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
4982
4983 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
4984
4985qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
4986
4987 * Apply two patches to fix intermittent qemu-img corruption
4988 (LP: #1368815)
4989 - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
4990 - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
4991
4992 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
4993
4994qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
4995
4996 * debian/control: slof is moving into main, so we can depend on qemu-slof as
4997 debian does.
4998
4999 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
5000
5001qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
5002
5003 * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
5004 versa.
5005 * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
5006 * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
5007 to latest upstream machine type, rather than distro one. Add 'ubuntu'
5008 machine type for that.
5009
5010 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
5011
5012qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
5013
5014 * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
5015 container. (LP: #1370199)
5016 * load kvm module on ppc64le at boot (LP: #1369785)
5017 - debian/rules: install qemu-kvm on ppc64el
5018 - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
5019 kvm-hv module if available
5020 * qemu-system-x86.maintscript: remove accidentally installed
5021 /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
5022 * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
5023 ubuntu.
5024
5025 -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
5026
5027qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
5028
5029 * Re-stick the trusty machine type to 2.0 (where it must always stay) and
5030 define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
5031
5032 -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
5033
5034qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
5035
5036 * move kvm_intel nested setting to qemu-system-x86.postinst.
5037
5038 -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
5039
5040qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
5041
5042 * Merge new debian release
5043 * Remaining changes:
5044 - qemu-system-common.postinst:
5045 * remove acl placed by udev, and add udevadm trigger.
5046 * reload kvm_intel if needed to set nested=1
5047 - qemu-system-common.preinst: add kvm group if needed
5048 - add qemu-kvm upstart job and defaults file (rules,
5049 qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
5050 - rules,qemu-system-x86.modprobe: support use under older udevs which
5051 do not auto-load the kvm kernel module. Enable nesting by default
5052 on intel.
5053 - debian/qemu-system-alternatives.in: use a later version as ubuntu
5054 removed the alternatives bit later.
5055 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
5056 in qemu64 cpu type.
5057 - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
5058 machine type to ease future live vm migration.
5059 - apport hook for qemu source package: d/source_qemu-kvm.py,
5060 d/qemu-system-common.install
5061 - debian/binfmt-update-in: support ppcle
5062 * debian/binfmt-update-in
5063 * Support-ppcle.patch
5064 - d/p/CVE-2014-5388.patch
5065
5066 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
5067
1800qemu (2.1+dfsg-4) unstable; urgency=medium5068qemu (2.1+dfsg-4) unstable; urgency=medium
18015069
1802 * mention libnuma-dev but not enable for now5070 * mention libnuma-dev but not enable for now
@@ -1814,6 +5082,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
18145082
1815 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +04005083 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
18165084
5085qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
5086