Merge ~paelzer/ubuntu/+source/qemu:merge-6.2-jammy into ubuntu/+source/qemu:debian/sid

Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 10afde38af01a6cc67d5c686767f1602635c6b89
Proposed branch: ~paelzer/ubuntu/+source/qemu:merge-6.2-jammy
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 6859 lines (+6124/-52)
22 files modified
debian/changelog (+4621/-25)
debian/control (+81/-14)
debian/control-in (+16/-3)
debian/kvm-spice (+7/-2)
debian/optionrom.mak (+1/-1)
debian/patches/series (+9/-0)
debian/patches/ubuntu/avoid-fcf-clashing-with-i486.patch (+23/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+830/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/fix-virtiofsd-for-glibc2.35.patch (+22/-0)
debian/patches/ubuntu/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch (+20/-0)
debian/patches/ubuntu/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch (+84/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/qemu-system-x86_64-spice (+5/-0)
debian/rules (+9/-7)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Andreas Hasenack Approve
git-ubuntu import Pending
Review via email: mp+414649@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4753/+packages

Regression tests are ongoing, but looking good enough by now to get the reviews started.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI regression tests are mostly good (no qemu issue left, just libvirt)

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Did you push the merge tags? I can't find them. Will try to review, in any case.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Looks like old/debian is 1%6.0+dfsg-2exp, but git ubuntu merge start is tagging something else.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'm missing this entry in d/changelog, in "remaining changes":

  d/control.in: Make qemu-system-x86-microvm a transitional package (drop after 22.04)

It's commit 78d7c7c501

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

1:6.1+dfsg-1 has this update:
  * enable jack audio backend (in qemu-system-gui) (Closes: #984726)

And I see in the new d/control that we build-depend on libjack-dev now. But libjack0 is in universe:
 libjack0 | 1:0.125.0-3build2 | jammy/universe | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x

We have qemu-system-gui in main:

 qemu-system-gui | 1:6.0+dfsg-2expubuntu4 | jammy | amd64, arm64, armhf, ppc64el, riscv64, s390x

Will this be a problem?

Revision history for this message
Andreas Hasenack (ahasenack) :
review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI - the new delta are just xen specifics to what Debian accepted from us recently. I have submitted a fix for those in:
=> https://salsa.debian.org/qemu-team/qemu/-/merge_requests/28

dc8af3f... by Christian Ehrhardt 

changelog: add missing mention on qemu-system-x86-microvm transitional

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Will fix the changelog, thanks for catching this - pushed to this MR.

I checked jack myself, the effective generated dependency is this one
  libjack-jackd2-0 (>= 1.9.10+20150825) | libjack-0.125

And we have:
 libjack-jackd2-0 | 1.9.20~dfsg-1 | jammy | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x

So that is in main and not a problem.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote (last edit ):

FYI the x86 tests ran again as a few things got stuck last time.
And indeed they spotted an issue when migrating (x86 only) guests created on Bionic between Impish->Jammy.
I'll debug and hold back the upload until I know more.

ba1aa99... by Christian Ehrhardt 

d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch: Allow long kernel command lines for QEMU (LP: #1959984)

Signed-off-by: Christian Ehrhardt <email address hidden>

50bb88a... by Christian Ehrhardt 

changelog: Allow long kernel command lines for QEMU (LP: #1959984)

Signed-off-by: Christian Ehrhardt <email address hidden>

be8c182... by Christian Ehrhardt 

d/kvm-spice: fix when acceleration is already defined on the commandline

FYI: submitted to Debian in https://salsa.debian.org/qemu-team/qemu/-/merge_requests/29
Issue:

+ lxc exec testkvm-impish-from -- virsh migrate --unsafe --live kvmguest-bionic-normal qemu+ssh://10.104.227.250/system
error: internal error: process exited while connecting to monitor: /usr/bin/kvm-spice: W: this is an old compat wrapper script for qemu-system-x86_64 -enable-kvm
/usr/bin/kvm-spice: W: please use qemu-system-x86_64 instead of /usr/bin/kvm-spice
2022-02-07T15:16:56.765786Z qemu-system-x86_64: The -accel and "-machine accel=" options are incompatible

Original check since qemu 5.0
commit 6f6e1698a68ceb49e57676528612f22eaf2c16c3
Author: Paolo Bonzini <email address hidden>
Date: Wed Nov 13 10:10:47 2019 +0100

    vl: configure accelerators from -accel options

But since recent commit (qemu 6.1)

commit dadafe6785ada3ec4a2d11410c691458b3c2b39f
Author: Jason Andryuk <email address hidden>
Date: Mon Jul 12 22:15:52 2021 -0400

    vl: Parse legacy default_machine_opt

Combined with our fallback legacy kvm-spice wrapper that does
  exec qemu-system-x86_64 -enable-kvm "$@"

It can happen that we have -enable-kvm added by our wrapper (e.g. a guest
created on Bionic has that set as emulator, migrating to a new system).
Then the wrapper adds -enable-kvm.
Internally that is mapped to QEMU_OPTION_enable_kvm which becomes
  qdict_put_str(machine_opts_dict, "accel", "kvm")
that is equivalent to '-accel kvm'

But if libvirt is already passing the new style '-machine accel=kvm' then the
above older check triggers and rightfully complains about the duplication.

Repro, on jammy spawn a guest and set <emulator>/usr/bin/kvm-spice</emulator>
Then starting it will fail with above message.

An example arg might look like:
-machine none,accel=kvm:tcg
-machine none,accel=tcg
-machine accel=tcg
-accel kvm
-accel tcg

In that case we can not add -enable-kvm without breaking it.
Check for that pattern and skip adding -enable-kvm.

Signed-off-by: Christian Ehrhardt <email address hidden>

1e80146... by Christian Ehrhardt 

changelog: fix when acceleration is already defined on the commandline

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Reviewing the latest 4 commits (2 logical changes):

- ba1aa99: OK. Backported patch makes sense.

- 21d76a7: OK. Regexp seems fine and catches all of the mentioned possible cases. I'm assuming it doesn't have a related bug, because no bug was mentioned in the changelog entry.

I haven't tested these fixes locally, FWIW.

LGTM, +1.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Yes it has no bug, just part of the merge.
Thanks for the review.

ALl tests completed as well now.

And just when I thought I'm ready mwhudson was so kind to bring up a potential libc 2.35 issue I have to look at ... (I'm glad I know about it now than after the upload, but it needs work).

c914e6c... by Christian Ehrhardt 

d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list

Signed-off-by: Christian Ehrhardt <email address hidden>

6461022... by Christian Ehrhardt 

changelog: add rseq to seccomp allow list

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The libc issue is fixed by now, submitted upstream and integrated in the planned upload.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I had another final run (this time just x86) after fixing the recent proxy issues for PPAs as well as adding the rseq code that mwhudson asked me to create.

prep (x86_64) : Pass 20 F/S/N 0/0/0 - RC 0 (13 min 54987 lin)
migrate (x86_64) : Pass 280 F/S/N 0/0/0 - RC 0 (68 min 178799 lin)
cross (x86_64) : Pass 46 F/S/N 0/0/1 - RC 0 (62 min 71928 lin)
misc (x86_64) : Pass 73 F/S/N 0/0/0 - RC 0 (27 min 29579 lin)

This is ready for upload now, except for waiting for Xen/IPXE to reach -proposed.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

ipxe migrated, xen is in proposed and LGTM (just waiting on libc and python).
Uploading qemu now.

Sadly just when uploading I found another issue - so I cancelled the just started builds, will prep an ubuntu2 and upload that asap :-/

9ca0e4d... by Christian Ehrhardt 

d/kvm-spice,d/qemu-system-x86_64-spice: also fix the other spice compat wrapper

Submitted to Debian and to be squashed with the former fix on next
merge.

Signed-off-by: Christian Ehrhardt <email address hidden>

2b159ee... by Christian Ehrhardt 

changelog: 1:6.2+dfsg-2ubuntu2

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI both new deltas (xen & spice) accepted in Debian now.
I've replaced the spice delta with the modified version merged in Debian to make the next merge easier for us.

Aborting the build that is 15 minutes in and rebuilding it now is overall more efficient than a full rebuild for that fixup later on.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 11fa686..06028f7 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,72 @@
6+qemu (1:6.2+dfsg-2ubuntu2) jammy; urgency=medium
7+
8+ * Merge with Debian unstable, remaining changes:
9+ - qemu-kvm to systemd unit
10+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
11+ hugepages and architecture specifics
12+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
13+ qemu-kvm-init
14+ - d/qemu-system-common.install: install helper script
15+ - d/qemu-system-common.qemu-kvm.default: defaults for
16+ /etc/default/qemu-kvm
17+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
18+ - Distribution specific machine type
19+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
20+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
21+ types containing release versioned machine attributes
22+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
23+ for host-phys-bits=true
24+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
25+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
26+ - Enable nesting by default
27+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
28+ in qemu64 on amd
29+ [ No more strictly needed, but required for backward compatibility ]
30+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
31+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
32+ reference 256k path
33+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
34+ handle incoming migrations from former releases.
35+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
36+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
37+ add patch to workaround FTBFS when building against OpenSSL 3.0.
38+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
39+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
40+ - Ease the use of module retention on upgrades (LP 1913421)
41+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
42+ - Make qemu-system-x86-microvm a transitional package as the binary is now
43+ in qemu-system-x86 itself.
44+ * Dropped Changes [now part of 1:6.1+dfsg-8]:
45+ - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
46+ (#993658) (LP 1947860)
47+ - improved dependencies
48+ - Make qemu-system-common depend on qemu-block-extra
49+ - Make qemu-utils depend on qemu-block-extra
50+ - d/control*, d/rules: disable xen by default, but provide universe
51+ package qemu-system-x86-xen as alternative
52+ [includes compat links changes of 5.0-5ubuntu4]
53+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
54+ * Dropped Changes [now part of upstream]
55+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
56+ and 3932 machines (LP 1932175)
57+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
58+ migration with audio devices present (LP 1940288)
59+ * Added changes:
60+ - update patches for qemu v6.2.0
61+ - d/p/u/enable-svm-by-default.patch
62+ - d/p/u/define-ubuntu-machine-types.patch
63+ - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
64+ - d/rules: xen libexec dir is no more versioned
65+ - d/rules: ensure xen is built on x86
66+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
67+ Allow long kernel command lines for QEMU (LP: #1959984)
68+ - d/kvm-spice: fix when acceleration is already defined on the commandline
69+ - d/kvm-spice,d/qemu-system-x86_64-spice: also fix the other spice
70+ compat wrapper
71+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
72+
73+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Jan 2022 12:18:25 +0100
74+
75 qemu (1:6.2+dfsg-2) unstable; urgency=medium
76
77 * bump meson build-dep to 0.59.3
78@@ -219,12 +288,101 @@ qemu (1:6.0+dfsg-3) unstable; urgency=medium
79
80 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 17 Aug 2021 17:49:10 +0300
81
82+qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium
83+
84+ * d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
85+ add patch to workaround FTBFS when building against OpenSSL 3.0.
86+ Thanks to Christian Ehrhardt (LP: #1952448)
87+
88+ -- Paride Legovini <paride@ubuntu.com> Fri, 26 Nov 2021 15:47:51 +0100
89+
90+qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium
91+
92+ * No-change rebuild against liburing2
93+
94+ -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:00:26 +0100
95+
96+qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium
97+
98+ * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
99+ (#993658) (LP: #1947860)
100+
101+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 03 Nov 2021 14:10:56 +0100
102+
103+qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium
104+
105+ * Merge with Debian experimental, remaining changes:
106+ - qemu-kvm to systemd unit
107+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
108+ hugepages and architecture specifics
109+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
110+ qemu-kvm-init
111+ - d/qemu-system-common.install: install helper script
112+ - d/qemu-system-common.qemu-kvm.default: defaults for
113+ /etc/default/qemu-kvm
114+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
115+ - Distribution specific machine type
116+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
117+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
118+ types containing release versioned machine attributes
119+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
120+ for host-phys-bits=true
121+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
122+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
123+ - Enable nesting by default
124+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
125+ in qemu64 on amd
126+ [ No more strictly needed, but required for backward compatibility ]
127+ - improved dependencies
128+ - Make qemu-system-common depend on qemu-block-extra
129+ - Make qemu-utils depend on qemu-block-extra
130+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
131+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
132+ reference 256k path
133+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
134+ handle incoming migrations from former releases.
135+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
136+ - d/control*, d/rules: disable xen by default, but provide universe
137+ package qemu-system-x86-xen as alternative
138+ [includes compat links changes of 5.0-5ubuntu4]
139+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
140+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
141+ for v6.0
142+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
143+ - Ease the use of module retention on upgrades (LP 1913421)
144+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
145+ * Dropped Changes [in 1:6.0+dfsg-2exp]:
146+ - d/control-in: Disable capstone disassembler library support (universe)
147+ - Disable fuse export (universe dependency)
148+ - Ease the use of module retention on upgrades (LP 1913421)
149+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
150+ - d/rules: only save modules if /run/qemu isn't noexec
151+ - d/rules: clear all (current and former) modules on purge
152+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
153+ upgrade issues (LP 1932264)
154+ - Enable SDL as secondary UI backend (LP 1256185)
155+ - d/control: add build dependency libsdl2-dev
156+ - d/control: enable sdl graphics on build
157+ - d/qemu-system-gui.install: add ui-sdl.so
158+ - d/control: add runtime dependency to libgl1
159+ * Dropped Changes [no more needed]
160+ - let qemu-utils recommend sharutils
161+ * Added changes:
162+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
163+ -fcf-protection being unavailble on -march=i486 (LP: #1940029)
164+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
165+ and 3932 machines (LP: #1932175)
166+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
167+ migration with audio devices present (LP: #1940288)
168+
169+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Aug 2021 15:35:12 +0200
170+
171 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
172
173 [ Christian Ehrhardt ]
174 * qemu 6.0 broke libvirt <7.2, add a Breaks
175 to avoid partial upgrade issues (LP: #1932264)
176- * enable SDL as secondary UI backend (LP: #1256185) (Closes: #947349)
177+ * enable SDL as secondary UI backend (LP: #1256185)
178 * clear all (current and former) modules on purge
179 * only save modules if /run/qemu isn't noexec
180 * provide run-qemu.mount in qemu-block-extra
181@@ -256,6 +414,104 @@ qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
182
183 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jul 2021 19:43:37 +0300
184
185+qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium
186+
187+ * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch:
188+ fix TCG emulation for ppc64 (LP: #1935617)
189+
190+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 13 Jul 2021 09:34:55 +0200
191+
192+qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium
193+
194+ * d/control: remove fuse2 trial-build (LP 1934510)
195+
196+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Jul 2021 10:26:08 +0200
197+
198+qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium
199+
200+ * Merge with Debian experimental, Among many other things this fixes LP Bugs:
201+ (LP: #1907952) broken arrow keys in -display gtk on aarch64
202+ - qemu-kvm to systemd unit
203+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
204+ hugepages and architecture specifics
205+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
206+ qemu-kvm-init
207+ - d/qemu-system-common.install: install helper script
208+ - d/qemu-system-common.qemu-kvm.default: defaults for
209+ /etc/default/qemu-kvm
210+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
211+ - Distribution specific machine type
212+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
213+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
214+ types containing release versioned machine attributes
215+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
216+ for host-phys-bits=true
217+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
218+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
219+ - Enable nesting by default
220+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
221+ in qemu64 on amd
222+ [ No more strictly needed, but required for backward compatibility ]
223+ - improved dependencies
224+ - Make qemu-system-common depend on qemu-block-extra
225+ - Make qemu-utils depend on qemu-block-extra
226+ - Let qemu-utils recommend sharutils
227+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
228+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
229+ reference 256k path
230+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
231+ handle incoming migrations from former releases.
232+ - d/control-in: Disable capstone disassembler library support (universe)
233+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
234+ - d/control*, d/rules: disable xen by default, but provide universe
235+ package qemu-system-x86-xen as alternative
236+ [includes compat links changes of 5.0-5ubuntu4]
237+ - Fix upgrade module handling (LP 1905377)
238+ --enable-module-upgrades for qemu-xen which doesn't exist in Debian
239+ * Dropped Changes [in 6.0]:
240+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
241+ ld usage of -no-pie (LP 1907789)
242+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
243+ virtio-9p-ccw being missing (LP 1916230)
244+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
245+ to glib2.0 >=2.67.3 (LP 1916705)
246+ - d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
247+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
248+ (LP 1921754)
249+ - d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
250+ (LP 1921880)
251+ - d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*:
252+ fix go in qemu-s390x-static (LP 1922010)
253+ * Dropped Changes [in Debian]:
254+ - Allow qemu to load old modules post upgrade (LP 1847361)
255+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
256+ - d/rules: Drop generating package version into maintainer scripts
257+ * Dropped Changes [No more needed >21.04]:
258+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
259+ the bad old prerm (LP 1906245 1905377)
260+ * Added Changes
261+ - Disable fuse export (universe dependency)
262+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
263+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
264+ for v6.0
265+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926)
266+ - Ease the use of module retention on upgrades (LP: #1913421)
267+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
268+ - d/rules: only save modules if /run/qemu isn't noexec
269+ - d/rules: clear all (current and former) modules on purge
270+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
271+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
272+ upgrade issues (LP: #1932264)
273+ - Enable SDL as secondary UI backend (LP: #1256185)
274+ - d/control: add build dependency libsdl2-dev
275+ - d/control: enable sdl graphics on build
276+ - d/qemu-system-gui.install: add ui-sdl.so
277+ - d/control: add runtime dependency to libgl1
278+ - d/rules: qemu-system-x86-xen builds modules as well now (follows the
279+ other packages)
280+
281+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Jun 2021 12:41:33 +0200
282+
283 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium
284
285 * new upstream release
286@@ -273,26 +529,6 @@ qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium
287
288 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 08 May 2021 10:16:05 +0300
289
290-qemu (1:5.2+dfsg-11) unstable; urgency=medium
291-
292- * i386-acpi-restore-device-paths-for-pre-5.1-vms.patch
293- This fixes a serious issue in some VMs (in particuar, Windows & MacOS)
294- when migrating from buster qemu to bullseye qemu.
295- (Closes: #990675)
296- * pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch
297- (Closes: #990565, CVE-2021-3582)
298- * pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch
299- (Closes: #990564, CVE-2021-3607)
300- * pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch
301- (Closes: #990563, CVE-2021-3608)
302- * ide-atapi-check-logical-block-address-and-read-size-CVE-2020-29443.patch
303- (Closes: #983575, CVE-2020-29443)
304- * usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch
305- usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch
306- (Closes: #988157, CVE-2021-3527)
307-
308- -- Michael Tokarev <mjt@tls.msk.ru> Sun, 18 Jul 2021 16:14:41 +0300
309-
310 qemu (1:5.2+dfsg-10) unstable; urgency=medium
311
312 * 5 sdhci fixes from upstream:
313@@ -308,6 +544,75 @@ qemu (1:5.2+dfsg-10) unstable; urgency=medium
314
315 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 16 Apr 2021 12:43:36 +0300
316
317+qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium
318+
319+ * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
320+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
321+ (LP: #1921754)
322+ * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
323+ (LP: #1921880)
324+
325+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 11:58:29 +0200
326+
327+qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium
328+
329+ * d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch:
330+ fix go in qemu-s390x-static (LP: #1922010)
331+
332+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 Mar 2021 10:01:40 +0200
333+
334+qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium
335+
336+ * Merge with Debian unstable; Remaining changes:
337+ - qemu-kvm to systemd unit
338+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
339+ hugepages and architecture specifics
340+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
341+ qemu-kvm-init
342+ - d/qemu-system-common.install: install helper script
343+ - d/qemu-system-common.qemu-kvm.default: defaults for
344+ /etc/default/qemu-kvm
345+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
346+ - Distribution specific machine type (LP: 1304107 1621042)
347+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
348+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
349+ for host-phys-bits=true (LP: 1776189)
350+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
351+ - provide pseries-bionic-2.11-sxxm type as convenience with all
352+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
353+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
354+ - Enable nesting by default
355+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
356+ in qemu64 on amd
357+ [ No more strictly needed, but required for backward compatibility ]
358+ - improved dependencies
359+ - Make qemu-system-common depend on qemu-block-extra
360+ - Make qemu-utils depend on qemu-block-extra
361+ - let qemu-utils recommend sharutils
362+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
363+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
364+ reference 256k path
365+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
366+ handle incoming migrations from former releases.
367+ - d/control-in: Disable capstone disassembler library support (universe)
368+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
369+ - d/control*, d/rules: disable xen by default, but provide universe
370+ package qemu-system-x86-xen as alternative
371+ [includes compat links changes of 5.0-5ubuntu4]
372+ - allow qemu to load old modules post upgrade (LP 1847361)
373+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
374+ - d/rules: Drop generating package version into maintainer scripts
375+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
376+ the bad old prerm (LP 1906245 1905377)
377+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
378+ ld usage of -no-pie (LP 1907789)
379+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
380+ virtio-9p-ccw being missing (LP 1916230)
381+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
382+ to glib2.0 >=2.67.3 (LP 1916705)
383+
384+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Mar 2021 11:13:49 +0100
385+
386 qemu (1:5.2+dfsg-9) unstable; urgency=medium
387
388 * do not make qemu-system-data dependent on qemu-system-foo
389@@ -347,6 +652,66 @@ qemu (1:5.2+dfsg-7) unstable; urgency=high
390
391 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Mar 2021 11:32:54 +0300
392
393+qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium
394+
395+ * d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
396+ to glib2.0 >=2.67.3 (LP: #1916705)
397+
398+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Feb 2021 08:39:09 +0100
399+
400+qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
401+
402+ * Merge with Debian unstable, includes fixes for
403+ - build operates differently if source is a git repo (LP: #1887535)
404+ Remaining changes:
405+ - qemu-kvm to systemd unit
406+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
407+ hugepages and architecture specifics
408+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
409+ qemu-kvm-init
410+ - d/qemu-system-common.install: install helper script
411+ - d/qemu-system-common.qemu-kvm.default: defaults for
412+ /etc/default/qemu-kvm
413+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
414+ - Distribution specific machine type (LP: 1304107 1621042)
415+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
416+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
417+ for host-phys-bits=true (LP: 1776189)
418+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
419+ - provide pseries-bionic-2.11-sxxm type as convenience with all
420+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
421+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
422+ - Enable nesting by default
423+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
424+ in qemu64 on amd
425+ [ No more strictly needed, but required for backward compatibility ]
426+ - improved dependencies
427+ - Make qemu-system-common depend on qemu-block-extra
428+ - Make qemu-utils depend on qemu-block-extra
429+ - let qemu-utils recommend sharutils
430+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
431+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
432+ reference 256k path
433+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
434+ handle incoming migrations from former releases.
435+ - d/control-in: Disable capstone disassembler library support (universe)
436+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
437+ - d/control*, d/rules: disable xen by default, but provide universe
438+ package qemu-system-x86-xen as alternative
439+ [includes compat links changes of 5.0-5ubuntu4]
440+ - allow qemu to load old modules post upgrade (LP 1847361)
441+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
442+ - d/rules: Drop generating package version into maintainer scripts
443+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
444+ the bad old prerm (LP 1906245 1905377)
445+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
446+ ld usage of -no-pie (LP 1907789)
447+ * Added changes
448+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
449+ virtio-9p-ccw being missing (LP: #1916230)
450+
451+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Feb 2021 11:40:36 +0100
452+
453 qemu (1:5.2+dfsg-6) unstable; urgency=medium
454
455 * deprecate qemu-debootstrap. It is not needed anymore with
456@@ -399,6 +764,64 @@ qemu (1:5.2+dfsg-4) unstable; urgency=medium
457
458 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300
459
460+qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
461+
462+ * No change rebuild to pick up liburing. (LP: #1914145)
463+
464+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 19:44:54 -0300
465+
466+qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
467+
468+ * Merge with Debian unstable, includes fixes for
469+ - qemu-user-static are partially dynamically linked (LP: #1908331)
470+ - qemu crashing when using spice without qemu-system-gui being
471+ installed (LP: #1908577)
472+ Remaining changes:
473+ - qemu-kvm to systemd unit
474+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
475+ hugepages and architecture specifics
476+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
477+ qemu-kvm-init
478+ - d/qemu-system-common.install: install helper script
479+ - d/qemu-system-common.qemu-kvm.default: defaults for
480+ /etc/default/qemu-kvm
481+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
482+ - Distribution specific machine type (LP: 1304107 1621042)
483+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
484+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
485+ for host-phys-bits=true (LP: 1776189)
486+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
487+ - provide pseries-bionic-2.11-sxxm type as convenience with all
488+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
489+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
490+ - Enable nesting by default
491+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
492+ in qemu64 on amd
493+ [ No more strictly needed, but required for backward compatibility ]
494+ - improved dependencies
495+ - Make qemu-system-common depend on qemu-block-extra
496+ - Make qemu-utils depend on qemu-block-extra
497+ - let qemu-utils recommend sharutils
498+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
499+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
500+ reference 256k path
501+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
502+ handle incoming migrations from former releases.
503+ - d/control-in: Disable capstone disassembler library support (universe)
504+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
505+ - d/control*, d/rules: disable xen by default, but provide universe
506+ package qemu-system-x86-xen as alternative
507+ [includes compat links changes of 5.0-5ubuntu4]
508+ - allow qemu to load old modules post upgrade (LP 1847361)
509+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
510+ - d/rules: Drop generating package version into maintainer scripts
511+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
512+ the bad old prerm (LP 1906245 1905377)
513+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
514+ ld usage of -no-pie (LP 1907789)
515+
516+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
517+
518 qemu (1:5.2+dfsg-3) unstable; urgency=medium
519
520 [ Christian Ehrhardt ]
521@@ -415,6 +838,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
522
523 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
524
525+qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
526+
527+ * Merge with Debian unstable
528+ - includes fix for CVE-2020-17380
529+ - includes a fix for s390x PCI device reset (LP: #1907656)
530+ Remaining changes:
531+ - qemu-kvm to systemd unit
532+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
533+ hugepages and architecture specifics
534+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
535+ qemu-kvm-init
536+ - d/qemu-system-common.install: install helper script
537+ - d/qemu-system-common.qemu-kvm.default: defaults for
538+ /etc/default/qemu-kvm
539+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
540+ - Distribution specific machine type (LP: 1304107 1621042)
541+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
542+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
543+ for host-phys-bits=true (LP: 1776189)
544+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
545+ - provide pseries-bionic-2.11-sxxm type as convenience with all
546+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
547+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
548+ - Enable nesting by default
549+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
550+ in qemu64 on amd
551+ [ No more strictly needed, but required for backward compatibility ]
552+ - improved dependencies
553+ - Make qemu-system-common depend on qemu-block-extra
554+ - Make qemu-utils depend on qemu-block-extra
555+ - let qemu-utils recommend sharutils
556+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
557+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
558+ reference 256k path
559+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
560+ handle incoming migrations from former releases.
561+ - d/control-in: Disable capstone disassembler library support (universe)
562+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
563+ - d/control*, d/rules: disable xen by default, but provide universe
564+ package qemu-system-x86-xen as alternative
565+ [includes compat links changes of 5.0-5ubuntu4]
566+ - allow qemu to load old modules post upgrade (LP 1847361)
567+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
568+ - d/rules: Drop generating package version into maintainer scripts
569+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
570+ the bad old prerm (LP 1906245 1905377)
571+ * Dropped Changes:
572+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
573+ resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
574+ fails]
575+ * Added Changes:
576+ - Refreshed ubuntu machine types for hirsute@5.2
577+ - d/control: regenerated from d/control-in
578+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
579+ ld usage of -no-pie (LP: #1907789)
580+
581+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
582+
583 qemu (1:5.2+dfsg-2) unstable; urgency=medium
584
585 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
586@@ -460,6 +941,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
587
588 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
589
590+qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
591+
592+ * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
593+ the bad old prerm (LP: #1906245)
594+
595+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
596+
597+qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
598+
599+ * Fix upgrade module handling (LP: #1905377)
600+ This was accetped in a slightly different form in qemu_5.0-6 and therefore
601+ allows to drop some former delta that is now conflicting.
602+ Ubuntu still keeps enabling --enable-module-upgrades, but only for
603+ qemu-xen which doesn't exist in Debian
604+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
605+ - d/rules: Drop generating package version into maintainer scripts
606+
607+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
608+
609+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
610+
611+ * Merge with Debian testing, remaining changes:
612+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
613+ - qemu-kvm to systemd unit
614+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
615+ hugepages and architecture specifics
616+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
617+ qemu-kvm-init
618+ - d/qemu-system-common.install: install helper script
619+ - d/qemu-system-common.qemu-kvm.default: defaults for
620+ /etc/default/qemu-kvm
621+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
622+ - Distribution specific machine type (LP: 1304107 1621042)
623+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
624+ types
625+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
626+ for host-phys-bits=true (LP: 1776189)
627+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
628+ - provide pseries-bionic-2.11-sxxm type as convenience with all
629+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
630+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
631+ - Enable nesting by default
632+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
633+ in qemu64 on amd
634+ [ No more strictly needed, but required for backward compatibility ]
635+ - improved dependencies
636+ - Make qemu-system-common depend on qemu-block-extra
637+ - Make qemu-utils depend on qemu-block-extra
638+ - let qemu-utils recommend sharutils
639+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
640+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
641+ reference 256k path
642+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
643+ handle incoming migrations from former releases.
644+ - d/control-in: Disable capstone disassembler library support (universe)
645+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
646+ - d/control*, d/rules: disable xen by default, but provide universe
647+ package qemu-system-x86-xen as alternative
648+ [includes compat links changes of 5.0-5ubuntu4]
649+ - allow qemu to load old modules post upgrade (LP 1847361)
650+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
651+ upgrade
652+ - d/rules: generate maintainer scripts matching package version on build
653+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
654+ - d/control: regenerate debian/control out of control-in
655+ * Dropped changes [in Debian or no more needed]
656+ - d/control-in: disable pmem on ppc64 as it is currently considered
657+ experimental on that architecture (pmdk v1.8-1)
658+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
659+ - d/rules: report config log from the correct subdir
660+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
661+ - Pick further changes for groovy from debian/master since 5.0-5
662+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
663+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
664+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
665+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
666+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
667+ - megasas-fix-possible-out-of-bounds-array-access.patch
668+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
669+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
670+ - a few patches from the stable series:
671+ - fix-tulip-breakage.patch
672+ - 9p-lock-directory-streams-with-a-CoMutex.patch
673+ Prevent deadlocks in 9pfs readdir code
674+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
675+ Fix newline accidentally sneaked into id string of a nic
676+ - qemu-nbd-close-inherited-stderr.patch
677+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
678+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
679+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
680+ - acpi-tmr-allow-2-byte-reads.patch
681+ - reapply CVE-2020-13253 fixes from upstream
682+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
683+ - linux-user-add-netlink-RTM_SETLINK-command.patch
684+ - d/control: since qemu-system-data now contains module(s),
685+ it can't be multi-arch. Ditto for qemu-block-extra.
686+ - qemu-system-foo: depend on exact version of qemu-system-data,
687+ due to the latter having modules
688+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
689+ This is another incarnation of the recent bugfix which actually enabled
690+ memory access constraints, like #964247
691+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
692+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
693+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
694+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
695+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
696+ - do not install outdated (0.12 and before) Changelog
697+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
698+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
699+ Closes: CVE-2020-15863
700+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
701+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
702+ another fix for revert-memory-accept-.. CVE-2020-13754
703+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
704+ - d/control-in: build-dep libcap is no more needed
705+ - arch aware kvm wrappers
706+ [upstream now automatically enables KVM if available and called with
707+ kvm* name, provides KVM as before but with auto-fallback to tcg.
708+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
709+ * Dropped changes [upstream now]
710+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
711+ setup_len
712+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
713+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
714+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
715+ from vfio-ccw (LP 1887935)
716+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
717+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
718+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
719+ SQXBR (LP 1883984)
720+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
721+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
722+ environments (LP 1887763)
723+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
724+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
725+ crashes it on shutdown (LP 1878973)
726+ - update d/p/ubuntu/lp-1835546-* to the final versions
727+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
728+ FTBFS in groovy
729+ * Added Changes:
730+ - update ubuntu machine types for hirsute@5.1
731+ - d/control: regenerated from d/control-in
732+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
733+ resolved in gcc-10 (LP: 1890435)
734+
735+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
736+
737 qemu (1:5.1+dfsg-4) unstable; urgency=high
738
739 * mention closing of CVE-2020-16092 by 5.1
740@@ -478,7 +1106,7 @@ qemu (1:5.1+dfsg-3) unstable; urgency=medium
741
742 qemu (1:5.1+dfsg-2) unstable; urgency=medium
743
744- * fix brown-paper bag bug in last upload
745+ * fix brown-paper bag bug in last upload
746
747 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 17 Aug 2020 20:58:52 +0300
748
749@@ -701,6 +1329,298 @@ qemu (1:5.0-6) unstable; urgency=medium
750
751 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
752
753+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
754+
755+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
756+ machine type to match how it originally was released (LP: #1902654)
757+
758+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
759+
760+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
761+
762+ * No-change rebuild for brltty soname change.
763+
764+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
765+
766+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
767+
768+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
769+ setup_len
770+ CVE-2020-14364
771+
772+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
773+
774+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
775+
776+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
777+
778+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
779+
780+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
781+
782+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
783+
784+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
785+
786+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
787+
788+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
789+ from vfio-ccw (LP: #1887935)
790+
791+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
792+
793+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
794+
795+ * fix qemu-user-static initialization to allow executing systemd
796+ (LP: #1890881)
797+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
798+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
799+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
800+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
801+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
802+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
803+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
804+ CVE-2020-16092
805+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
806+
807+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
808+
809+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
810+
811+ * xen: provide compat links to what libxen-dev reports where to find
812+ the binaries (LP: #1890005)
813+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
814+ SQXBR (LP: #1883984)
815+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
816+
817+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
818+
819+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
820+
821+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
822+ environments (LP: #1887763)
823+ * Pick further changes for groovy from debian/master since 5.0-5
824+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
825+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
826+ infinite recursion via a crafted mm_index value during
827+ ati_mm_read or ati_mm_write call.
828+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
829+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
830+ devices which uses min_access_size and max_access_size Memory API fields.
831+ Also closes: CVE-2020-13791
832+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
833+ CVE-2020-13659: address_space_map in exec.c can trigger
834+ a NULL pointer dereference related to BounceBuffer
835+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
836+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
837+ has an OOB read via a crafted reply_queue_head field from a guest OS user
838+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
839+ fix other possible cases like in CVE-2020-13362 (#961887)
840+ - megasas-fix-possible-out-of-bounds-array-access.patch
841+ Some tracepoints use a guest-controlled value as an index into the
842+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
843+ impact OOB errors here
844+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
845+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
846+ This flaw occurs when an nbd-client sends a spec-compliant request that is
847+ near the boundary of maximum permitted request length. A remote nbd-client
848+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
849+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
850+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
851+ properly validate the frame count, which allows guest OS users to trigger
852+ an out-of-bounds access during an es1370_write() operation
853+ - a few patches from the stable series:
854+ - fix-tulip-breakage.patch
855+ The tulip network driver in a qemu-system-hppa emulation is broken in
856+ the sense that bigger network packages aren't received any longer and
857+ thus even running e.g. "apt update" inside the VM fails. Fix this.
858+ - 9p-lock-directory-streams-with-a-CoMutex.patch
859+ Prevent deadlocks in 9pfs readdir code
860+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
861+ Fix newline accidentally sneaked into id string of a nic
862+ - qemu-nbd-close-inherited-stderr.patch
863+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
864+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
865+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
866+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
867+ - reapply CVE-2020-13253 fixed from upstream:
868+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
869+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
870+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
871+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
872+ Closes: #961297, CVE-2020-13253
873+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
874+ (Closes: #965109)
875+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
876+ - d/control: since qemu-system-data now contains module(s),
877+ it can't be multi-arch. Ditto for qemu-block-extra.
878+ - qemu-system-foo: depend on exact version of qemu-system-data,
879+ due to the latter having modules
880+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
881+ This is another incarnation of the recent bugfix which actually enabled
882+ memory access constraints, like #964247
883+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
884+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
885+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
886+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
887+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
888+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
889+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
890+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
891+ Closes: CVE-2020-15863
892+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
893+ List of patches:
894+ sm501-convert-printf-abort-to-qemu_log_mask.patch
895+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
896+ sm501-use-BIT-macro-to-shorten-constant.patch
897+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
898+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
899+ Closes: #961451, CVE-2020-12829
900+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
901+ another fix for revert-memory-accept-.. CVE-2020-13754
902+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
903+
904+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
905+
906+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
907+
908+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
909+
910+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
911+
912+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
913+
914+ * Merge with Debian testing (LP: #1749393), remaining changes:
915+ - qemu-kvm to systemd unit
916+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
917+ hugepages and architecture specifics
918+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
919+ qemu-kvm-init
920+ - d/qemu-system-common.install: install helper script
921+ - d/qemu-system-common.qemu-kvm.default: defaults for
922+ /etc/default/qemu-kvm
923+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
924+ - Distribution specific machine type (LP: 1304107 1621042)
925+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
926+ types
927+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
928+ for host-phys-bits=true (LP: 1776189)
929+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
930+ - provide pseries-bionic-2.11-sxxm type as convenience with all
931+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
932+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
933+ - Enable nesting by default
934+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
935+ in qemu64 on amd
936+ [ No more strictly needed, but required for backward compatibility ]
937+ - improved dependencies
938+ - Make qemu-system-common depend on qemu-block-extra
939+ - Make qemu-utils depend on qemu-block-extra
940+ - let qemu-utils recommend sharutils
941+ - arch aware kvm wrappers
942+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
943+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
944+ reference 256k path
945+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
946+ handle incoming migrations from former releases.
947+ - d/control-in: Disable capstone disassembler library support (universe)
948+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
949+ - d/control*, d/rules: disable xen by default, but provide universe
950+ package qemu-system-x86-xen as alternative
951+ [includes --disable-xen for user-static builds]
952+ - d/control-in: disable pmem on ppc64 as it is currently considered
953+ experimental on that architecture (pmdk v1.8-1)
954+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
955+ - d/rules: report config log from the correct subdir
956+ - allow qemu to load old modules post upgrade (LP 1847361)
957+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
958+ upgrade
959+ - d/rules: generate maintainer scripts matching package version on build
960+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
961+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
962+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
963+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
964+ crashes it on shutdown (LP 1878973)
965+ * Dropped changes (no more needed)
966+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
967+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
968+ in qemu64 cpu type.
969+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
970+ Debian. Fixed by bumping the related Breaks/Replaces to the
971+ Version Ubuntu introduced the change (LP 1862287)
972+ * Dropped changes (in Debian)
973+ - improved s390x support
974+ - d/binfmt-update-in: fix binfmt being called in some containers
975+ (LP 1840956)
976+ - qemu-system-x86-microvm package
977+ In addition to the generic multi-purpose qemu also provide a minimal
978+ feature binary that is loading faster for use cases with microvm machine
979+ type and qboot bios
980+ - d/control-in: add a new qemu-system-x86-microvm package
981+ - d/rules: add an extra config/build step to get the minimal qemu
982+ - Security and packaging fixes (LP 1872937)
983+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
984+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
985+ CVE-2020-10702
986+ CVE-2020-11102
987+ - fix external spice UI
988+ + install ui-spice-app.so in qemu-system-common
989+ + install ui-spice-app.so only if built, spice is optional
990+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
991+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
992+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
993+ - enable riscv build (LP 1872931)
994+ [ changes picked from Debian ]
995+ - enable support for riscv64 hosts
996+ - only enable librbd on architectures where it is built
997+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
998+ depends on the former
999+ - seccomp grew up, no need in versioned build-dep
1000+ - enable seccomp only on architectures where it can be built
1001+ * Dropped changes (upstream)
1002+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1003+ (LP 1857033)
1004+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1005+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1006+ vhost-user-gpu
1007+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1008+ avoid unnecessary IOTLB transactions (LP 1866207)
1009+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1010+ patches @qemu-stable (LP 1867519)
1011+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1012+ to avoid broken nesting (LP 1868692)
1013+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1014+ (LP 1871830)
1015+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
1016+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1017+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1018+ and clobbered doubles (LP 1872945)
1019+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1020+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1021+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1022+ - CVE-2020-11869
1023+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1024+ - async: use explicit memory barriers (LP 1805256)
1025+ - aio-wait: delegate polling of main AioContext if BQL not held
1026+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1027+ supporting to set them (LP 1882774)
1028+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1029+ load to a versioned path
1030+ * Added Changes:
1031+ - d/control: regenerate debian/control out of control-in
1032+ - update d/p/ubuntu/lp-1835546-* to the final versions
1033+ - 11 patches dropped as they are in 5.0
1034+ - 20 patches updated to how they will be in 5.1
1035+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1036+ FTBFS in groovy
1037+ - Make qemu-system-x86-microvm a transitional package as the binary is now
1038+ in qemu-system-x86 itself.
1039+ - d/control-in: build-dep libcap is no more needed
1040+ - d/rules: update arch aware kvm wrappers
1041+ - d/qemu-system-x86.README.Debian: fix typo
1042+
1043+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
1044+
1045 qemu (1:5.0-5) unstable; urgency=medium
1046
1047 * more binfmt-install updates
1048@@ -833,6 +1753,188 @@ qemu (1:4.2-4) unstable; urgency=medium
1049
1050 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
1051
1052+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
1053+
1054+ * No-change rebuild against libnettle8
1055+
1056+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
1057+
1058+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
1059+
1060+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1061+ crashes it on shutdown (LP: #1878973)
1062+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1063+ supporting to set them (LP: #1882774)
1064+
1065+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
1066+
1067+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1068+
1069+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1070+ - async: use explicit memory barriers (LP: #1805256)
1071+ - aio-wait: delegate polling of main AioContext if BQL not held
1072+
1073+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1074+
1075+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1076+
1077+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1078+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1079+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1080+ - CVE-2020-11869
1081+
1082+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1083+
1084+qemu (1:4.2-3ubuntu6) focal; urgency=medium
1085+
1086+ [ Christian Ehrhardt ]
1087+ * enable riscv build (LP: #1872931)
1088+ [ changes picked from Debian ]
1089+ - enable support for riscv64 hosts
1090+ - only enable librbd on architectures where it is built
1091+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1092+ depends on the former
1093+ - seccomp grew up, no need in versioned build-dep
1094+ - enable seccomp only on architectures where it can be built
1095+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1096+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1097+ and clobbered doubles (LP: #1872945)
1098+
1099+ [ William Grant ]
1100+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1101+
1102+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1103+
1104+qemu (1:4.2-3ubuntu5) focal; urgency=medium
1105+
1106+ [ Christian Ehrhardt ]
1107+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1108+ (LP: #1871830)
1109+ * Security and packaging fixes (LP: #1872937)
1110+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1111+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1112+ CVE-2020-10702
1113+ CVE-2020-11102
1114+ - fix external spice UI
1115+ + install ui-spice-app.so in qemu-system-common
1116+ + install ui-spice-app.so only if built, spice is optional
1117+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1118+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1119+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1120+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1121+
1122+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1123+
1124+qemu (1:4.2-3ubuntu4) focal; urgency=medium
1125+
1126+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1127+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1128+ to avoid broken nesting (LP: #1868692)
1129+
1130+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1131+
1132+qemu (1:4.2-3ubuntu3) focal; urgency=medium
1133+
1134+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1135+ patches @qemu-stable (LP: #1867519)
1136+
1137+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1138+
1139+qemu (1:4.2-3ubuntu2) focal; urgency=medium
1140+
1141+ * allow qemu to load old modules post upgrade (LP: #1847361)
1142+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1143+ load to a versioned path
1144+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1145+ upgrade
1146+ - d/rules: generate maintainer scripts matching package version on build
1147+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1148+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1149+ avoid unnecessary IOTLB transactions (LP: #1866207)
1150+
1151+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1152+
1153+qemu (1:4.2-3ubuntu1) focal; urgency=medium
1154+
1155+ * Merge with Debian testing, remaining changes:
1156+ - qemu-kvm to systemd unit
1157+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1158+ hugepages and architecture specifics
1159+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1160+ qemu-kvm-init
1161+ - d/qemu-system-common.install: install helper script
1162+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1163+ - d/qemu-system-common.qemu-kvm.default: defaults for
1164+ /etc/default/qemu-kvm
1165+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1166+ - Distribution specific machine type (LP: 1304107 1621042)
1167+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1168+ types
1169+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1170+ for host-phys-bits=true (LP: 1776189)
1171+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1172+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1173+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1174+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1175+ - Enable nesting by default
1176+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1177+ in qemu64 cpu type.
1178+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1179+ in qemu64 on amd
1180+ [ No more strictly needed, but required for backward compatibility ]
1181+ - improved dependencies
1182+ - Make qemu-system-common depend on qemu-block-extra
1183+ - Make qemu-utils depend on qemu-block-extra
1184+ - let qemu-utils recommend sharutils
1185+ - improved s390x support
1186+ - d/rules: build s390-ccw.img with upstream Makefile
1187+ - d/rules: build s390-netboot.img with upstream Makefile
1188+ - arch aware kvm wrappers
1189+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1190+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1191+ reference 256k path
1192+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1193+ handle incoming migrations from former releases.
1194+ - d/control-in: Disable capstone disassembler library support (universe)
1195+ - d/binfmt-update-in: fix binfmt being called in some containers
1196+ (LP 1840956)
1197+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1198+ (LP 1857033)
1199+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1200+ - d/control*, d/rules: disable xen by default, but provide universe
1201+ package qemu-system-x86-xen as alternative
1202+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1203+ - Dropped changes [ in Debian ]
1204+ - d/control: update VCS links
1205+ - d/control-in: bump debhelper build-dep for compat 12
1206+ - d/control: disable bluetooth being deprecated
1207+ - d/not-installed: ignore new interop docs and extra icons for now
1208+ - d/not-installed: do not install elf2dmp until namespaced
1209+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1210+ [ not needed ]
1211+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1212+ - s390x support
1213+ - Create qemu-system-s390x package
1214+ - Enable numa support for s390x
1215+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
1216+ * Added changes
1217+ - d/control: regenerate debian/control out of control-in
1218+ - qemu-system-x86-microvm package
1219+ In addition to the generic multi-purpose qemu also provide a minimal
1220+ feature binary that is loading faster for use cases with microvm machine
1221+ type and qboot bios
1222+ - d/control-in: add a new qemu-system-x86-microvm package
1223+ - d/rules: add an extra config/build step to get the minimal qemu
1224+ - d/control-in: disable pmem on ppc64 as it is currently considered
1225+ experimental on that architecture (pmdk v1.8-1)
1226+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1227+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1228+ vhost-user-gpu
1229+ - d/rules: report config log from the correct subdir
1230+ - d/rules: --disable-xen for user-static builds
1231+
1232+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1233+
1234 qemu (1:4.2-3) unstable; urgency=medium
1235
1236 * mention closing of #909743 in previous changelog (Closes: #909743)
1237@@ -875,6 +1977,169 @@ qemu (1:4.2-2) unstable; urgency=medium
1238
1239 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
1240
1241+qemu (1:4.2-1ubuntu2) focal; urgency=medium
1242+
1243+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1244+ Debian. Fixed by by bumping the related Breaks/Replaces to the
1245+ Version Ubuntu introduced the change (LP: #1862287)
1246+
1247+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1248+
1249+qemu (1:4.2-1ubuntu1) focal; urgency=medium
1250+
1251+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1252+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1253+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1254+ LP: #1852744 - Crypto Passthrough Interrupt Support
1255+ LP: #1853316 - CCW IPL Support
1256+ Remaining changes:
1257+ - qemu-kvm to systemd unit
1258+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1259+ hugepages and architecture specifics
1260+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1261+ qemu-kvm-init
1262+ - d/qemu-system-common.install: install helper script
1263+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1264+ - d/qemu-system-common.qemu-kvm.default: defaults for
1265+ /etc/default/qemu-kvm
1266+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1267+ - Distribution specific machine type (LP: 1304107 1621042)
1268+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1269+ types
1270+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1271+ for host-phys-bits=true (LP: 1776189)
1272+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1273+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1274+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1275+ - Enable nesting by default
1276+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1277+ in qemu64 cpu type.
1278+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1279+ in qemu64 on amd
1280+ [ No more strictly needed, but required for backward compatibility ]
1281+ - improved dependencies
1282+ - Make qemu-system-common depend on qemu-block-extra
1283+ - Make qemu-utils depend on qemu-block-extra
1284+ - let qemu-utils recommend sharutils
1285+ - s390x support
1286+ - Create qemu-system-s390x package
1287+ - Enable numa support for s390x
1288+ - d/rules: build s390-ccw.img with upstream Makefile
1289+ - d/rules: build s390-netboot.img with upstream Makefile
1290+ - arch aware kvm wrappers
1291+ - d/control: update VCS links
1292+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1293+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1294+ reference 256k path
1295+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1296+ handle incoming migrations from former releases.
1297+ - d/control-in: Disable capstone disassembler library support (universe)
1298+ - d/control: disable bluetooth being deprecated
1299+ - d/not-installed: ignore new interop docs and extra icons for now
1300+ - d/not-installed: do not install elf2dmp until namespaced
1301+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1302+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1303+ - d/binfmt-update-in: fix binfmt being called in some containers
1304+ (LP 1840956)
1305+ - Dropped changes (in Debian)
1306+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1307+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1308+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1309+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1310+ - enable RDMA config option
1311+ - add libibumad-dev build-dep
1312+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1313+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1314+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1315+ replace it with a build-indep using the upstream makefiles.
1316+ This is less prone to miss future changes/fixes that are done to the
1317+ makefiles
1318+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1319+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1320+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1321+ - Refreshed patches for v4.0 context changes
1322+ - d/control*: remove sdlabi which was removed upstream
1323+ - d/control*: enable docs (now explicit) and provide new build-dep
1324+ python3-sphinx
1325+ - d/qemu-system-data.install: use new paths for formerly used icons
1326+ - Merge with Upstream release of qemu 4.0
1327+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1328+ - Dropped changes (Upstream)
1329+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1330+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1331+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1332+ fix i386 build error
1333+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1334+ fix naming of the new vector facitlity (LP 1836066)
1335+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1336+ for missing SIOCGSTAMP definition; final fix is still in discussion
1337+ upstream (LP: 1836159)
1338+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1339+ s390x machines (LP 1836154)
1340+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1341+ (LP 1841066)
1342+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1343+ update the z15 model name (LP 1842774)
1344+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1345+ fix a potential hang when qemu or qemu-img where accessing http backed
1346+ disks via libcurl (LP 1848556)
1347+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
1348+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
1349+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1350+ toleration for future machines (LP 1830704)
1351+ - SECURITY UPDATE: Add support for exposing md-clear functionality
1352+ to guests
1353+ - d/p/ubuntu/enable-md-clear.patch
1354+ - d/p/ubuntu/enable-md-no.patch
1355+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1356+ - SECURITY UPDATE: heap overflow when loading device tree blob
1357+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1358+ copy the device tree blob into is.
1359+ - CVE-2018-20815
1360+ - SECURITY UPDATE: device driver denial of service via NULL pointer
1361+ dereference
1362+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1363+ routine
1364+ - CVE-2019-5008
1365+ - SECURITY UPDATE: information leak in SLiRP
1366+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1367+ emulating ident.
1368+ - CVE-2019-9824
1369+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1370+ unimplement.patch: properly return architecture defined exception
1371+ on bad subcodes of diag 308 (LP 1812384)
1372+ * Dropped changes (no more needed)
1373+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1374+ mv_conffile since the new path is a directory in the old package
1375+ version which can not be handled by mv_conffile.
1376+ [ only needed between disco and eoan ]
1377+ - disable pvrdma
1378+ [ CVEs all fixed now ]
1379+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1380+ avoid misdetection of simplified nesting blocking all migrations
1381+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
1382+ - Enable nesting by default
1383+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1384+ (is default on amd)
1385+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1386+ without nested=1
1387+ [ nesting is default in kernel modules and default selected cpu types ]
1388+ * Added changes
1389+ - d/control: regenerate debian/control out of control-in
1390+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
1391+ - added ubuntu focal types for qemu 4.2
1392+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1393+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1394+ (LP: #1857033)
1395+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1396+ - d/control*, d/rules: disable xen by default, but provide universe
1397+ package qemu-system-x86-xen as alternative
1398+ - fix typos in changelog and d/qemu-system-x86.NEWS
1399+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
1400+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
1401+
1402+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
1403+
1404 qemu (1:4.2-1) unstable; urgency=medium
1405
1406 * new upstream release (4.2.0)
1407@@ -951,6 +2216,205 @@ qemu (1:4.1-1) unstable; urgency=medium
1408
1409 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
1410
1411+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
1412+
1413+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1414+ fix a potential hang when qemu or qemu-img where accessing http backed
1415+ disks via libcurl (LP: #1848556)
1416+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
1417+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
1418+
1419+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
1420+
1421+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
1422+
1423+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1424+ update the z15 model name (LP: #1842774)
1425+
1426+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
1427+
1428+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
1429+
1430+ * d/binfmt-update-in: fix binfmt being called in some containers
1431+ (LP: #1840956)
1432+
1433+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
1434+
1435+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
1436+
1437+ * No-change upload with strops.h and sys/strops.h removed in glibc.
1438+
1439+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
1440+
1441+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
1442+
1443+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1444+ (LP: #1841066)
1445+
1446+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
1447+
1448+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
1449+
1450+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1451+ s390x machines (LP: #1836154)
1452+
1453+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
1454+
1455+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
1456+
1457+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
1458+ - pick Debian change for (#889885)
1459+ move ovmf to recommends on debian and update aarch ovmf refs
1460+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
1461+
1462+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
1463+
1464+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
1465+
1466+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1467+ for missing SIOCGSTAMP definition; final fix is still in discussion
1468+ upstream (LP: 1836159)
1469+
1470+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
1471+
1472+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
1473+
1474+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1475+ fix naming of the new vector facitlity (LP: #1836066)
1476+ * d/control-in: update VCS links in control template as well
1477+
1478+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
1479+
1480+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
1481+
1482+ * Merge with Upstream release of qemu 4.0.
1483+ Among many other things this fixes LP Bugs:
1484+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
1485+ LP: #1828038 - Update s390x CPU Model for more HW support
1486+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
1487+ Remaining Changes:
1488+ - qemu-kvm to systemd unit
1489+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1490+ hugepages and architecture specifics
1491+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1492+ qemu-kvm-init
1493+ - d/qemu-system-common.install: install helper script
1494+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1495+ - d/qemu-system-common.qemu-kvm.default: defaults for
1496+ /etc/default/qemu-kvm
1497+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1498+ - Enable nesting by default
1499+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1500+ (is default on amd)
1501+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1502+ without nested=1
1503+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1504+ in qemu64 cpu type.
1505+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1506+ in qemu64 on amd
1507+ - d/qemu-system-x86.README.Debian: document intention of nested being
1508+ default is comfort, not full support
1509+ - Distribution specific machine type (LP: 1304107 1621042)
1510+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1511+ types
1512+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1513+ for host-phys-bits=true (LP: 1776189)
1514+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1515+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1516+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1517+ - improved dependencies
1518+ - Make qemu-system-common depend on qemu-block-extra
1519+ - Make qemu-utils depend on qemu-block-extra
1520+ - let qemu-utils recommend sharutils
1521+ - s390x support
1522+ - Create qemu-system-s390x package
1523+ - Enable numa support for s390x
1524+ - arch aware kvm wrappers
1525+ - d/control: update VCS links
1526+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1527+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1528+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1529+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1530+ - enable RDMA config option
1531+ - add libibumad-dev build-dep
1532+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1533+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1534+ reference 256k path
1535+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1536+ handle incoming migrations from former releases.
1537+ - d/control-in: Disable capstone disassembler library support (universe)
1538+ - Move s390x roms to a new qemu-system-data-s390x
1539+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1540+ qemu-system-data
1541+ - d/rules: build s390-ccw.img with upstream Makefile
1542+ - d/rules: build s390-netboot.img with upstream Makefile
1543+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1544+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1545+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1546+ replace it with a build-indep using the upstream makefiles.
1547+ This is less prone to miss future changes/fixes that are done to the
1548+ makefiles
1549+ - d/control-in: add breaks/replaces for moving s390x roms from
1550+ qemu-system-s390x to qemu-system-data
1551+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1552+ [From not yet uploaded Debian branch]
1553+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1554+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1555+ - disable pvrdma - besides several security holes there are many other
1556+ bugs there as well
1557+ * Dropped patches that are upstream in v4.0
1558+ - d/p/do-not-link-everything-with-xen.patch
1559+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
1560+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
1561+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1562+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
1563+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
1564+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
1565+ (LP: 1759509)
1566+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
1567+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
1568+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
1569+ - d/p/ubuntu/CVE-2018-20815.patch
1570+ - d/p/ubuntu/CVE-2019-5008.patch
1571+ - d/p/ubuntu/CVE-2019-9824.patch
1572+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1573+ avoid misdetection of simplified nesting blocking all migrations
1574+ * Dropped further patches
1575+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
1576+ [upstream deprecated the whole subsystem instead of applying the fix]
1577+ * Added Changes
1578+ - updated ubuntu machine types for v4.0
1579+ - added eoan types
1580+ - fixed s390x issue of upstream types having a "v" prefix
1581+ - add back dropped machine types to avoid more issues like LP: 1802944
1582+ - fix kvm split irqchip default in ubuntu q35 machine type
1583+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
1584+ adapt updated CamelCase
1585+ - -hpb types now need to use GlobalProperties
1586+ - pc_compat_2_0 got a _fn suffix and slight changes
1587+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
1588+ SLOF of qemu 4.0
1589+ - Refreshed patches still needed for v4.0 context changes
1590+ - d/p/use-fixed-data-path.patch
1591+ - d/p/ubuntu/enable-svm-by-default.patch
1592+ - d/p/ubuntu/enable-md-clear.patch
1593+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
1594+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
1595+ (LP: #1830243)
1596+ - d/control: disable bluetooth being deprecated
1597+ - d/control*: remove sdlabi which was removed upstream
1598+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
1599+ - d/control*: enable docs (now explicit) and provide new build-dep
1600+ python3-sphinx
1601+ - d/not-installed: ignore new interop docs and extra icons for now
1602+ - d/not-installed: do not install elf2dmp until namespaced
1603+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1604+ - d/qemu-system-data.install: use new paths for formerly used icons
1605+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1606+ fix i386 build error
1607+
1608+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
1609+
1610 qemu (1:3.1+dfsg-8) unstable; urgency=high
1611
1612 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
1613@@ -1053,6 +2517,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
1614
1615 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
1616
1617+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
1618+
1619+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
1620+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
1621+ fix migrations from old machines (LP: #1829868).
1622+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1623+ toleration for future machines (LP: #1830704
1624+
1625+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
1626+
1627+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
1628+
1629+ * SECURITY UPDATE: Add support for exposing md-clear functionality
1630+ to guests
1631+ - d/p/ubuntu/enable-md-clear.patch
1632+ - d/p/ubuntu/enable-md-no.patch
1633+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1634+ * SECURITY UPDATE: heap overflow when loading device tree blob
1635+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1636+ copy the device tree blob into is.
1637+ - CVE-2018-20815
1638+ * SECURITY UPDATE: device driver denial of service via NULL pointer
1639+ dereference
1640+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1641+ routine
1642+ - CVE-2019-5008
1643+ * SECURITY UPDATE: information leak in SLiRP
1644+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1645+ emulating ident.
1646+ - CVE-2019-9824
1647+
1648+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
1649+
1650+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
1651+
1652+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
1653+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
1654+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1655+ mv_conffile since the new path is a directory in the old package
1656+ version which can not be handled by mv_conffile.
1657+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
1658+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
1659+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
1660+ CVE-2019-3812
1661+
1662+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
1663+
1664+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
1665+
1666+ * disable pvrdma - besides several security holes there are many other
1667+ bugs there as well, and the amount of patches applied upstream after
1668+ 3.1 release is large (Closes, or actuallymakes unimportant again)
1669+ - CVE-2018-20123
1670+ - CVE-2018-20124
1671+ - CVE-2018-20125
1672+ - CVE-2018-20126
1673+ - CVE-2018-20191
1674+ - CVE-2018-20216
1675+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1676+ - CVE-2019-6501
1677+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
1678+ - CVE-2019-6778
1679+
1680+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
1681+
1682+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
1683+
1684+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1685+ LP: #1806104 - fix misleading page size error on ppc64el
1686+ LP: #1782205 - SnowRidge enabled new ISAs
1687+ LP: #1786956 - upgrade to qemu >= 3.0
1688+ LP: #1809083 - Backward migration to Xenial on ppc64el
1689+ LP: #1803315 - s390x Huge page enablement
1690+ LP: #1657409 - enable virglrenderer
1691+ Remaining Changes:
1692+ - qemu-kvm to systemd unit
1693+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1694+ hugepages and architecture specifics
1695+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1696+ - d/qemu-system-common.install: install systemd unit and helper script
1697+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1698+ - d/qemu-system-common.qemu-kvm.default: defaults for
1699+ /etc/default/qemu-kvm
1700+ - d/rules: install /etc/default/qemu-kvm
1701+ - Enable nesting by default
1702+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1703+ (is default on amd)
1704+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1705+ without nested=1
1706+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1707+ in qemu64 cpu type.
1708+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1709+ in qemu64 on amd
1710+ - d/qemu-system-x86.README.Debian: document intention of nested being
1711+ default is comfort, not full support
1712+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
1713+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1714+ types
1715+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1716+ for host-phys-bits=true (LP: 1776189)
1717+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1718+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1719+ convenience with all meltdown/spectre workarounds enabled by default.
1720+ (LP: 1761372).
1721+ - improved dependencies
1722+ - Make qemu-system-common depend on qemu-block-extra
1723+ - Make qemu-utils depend on qemu-block-extra
1724+ - let qemu-utils recommend sharutils
1725+ - s390x support
1726+ - Create qemu-system-s390x package
1727+ - Enable numa support for s390x
1728+ - arch aware kvm wrappers
1729+ - d/control: update VCS links (updated to match latest Ubuntu)
1730+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1731+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1732+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1733+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1734+ - enable RDMA config option
1735+ - add libibumad-dev build-dep
1736+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1737+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1738+ reference 256k path
1739+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1740+ handle incoming migrations from former releases.
1741+ - d/control-in: Disable capstone disassembler library support (universe)
1742+ * Added Changes:
1743+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
1744+ for qemu 3.1 in the Ubuntu Disco release
1745+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
1746+ - Move s390x roms to a new qemu-system-data-s390x
1747+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1748+ qemu-system-data
1749+ - d/rules: build s390-ccw.img with upstream Makefile
1750+ - d/rules: build s390x-netboot.img with upstream Makefile
1751+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1752+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1753+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1754+ replace it with a build-indep using the upstream makefiles.
1755+ This is less prone to miss future changes/fixes that are done to the
1756+ makefiles
1757+ - d/control-in: add breaks/replaces for moving s390x roms from
1758+ qemu-system-s390x to qemu-system-data
1759+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1760+ [From not yet uploaded Debian branch]
1761+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1762+ (Closes: #918378)
1763+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1764+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1765+ avoid misdetection of simplified nesting blocking all migrations
1766+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1767+ unimplement.patch: properly return archicture defined exception
1768+ on bad subcodes of diag 308 (LP: #1812384)
1769+ * Dropped Changes:
1770+ - Include s390-ccw.img firmware (old style native build)
1771+ - d/rules enable install s390x-netboot.img (old style native build)
1772+ - libvirt/qemu user/group support
1773+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1774+ trigger.
1775+ [ Droppable since logind properly sets ACLs now ]
1776+ - qemu-system-common.preinst: add kvm group if needed
1777+ [ Droppable because systemd/udev take care of it since 239-6]
1778+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
1779+ freeze-hook fixes (LP: 1484990)
1780+ [upstream]
1781+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
1782+ merged upstream
1783+ [upstream]
1784+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
1785+ computation while concatenating mbuf.
1786+ CVE-2018-11806
1787+ [upstream]
1788+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
1789+ for powerpc64 to speed up translation (LP: 1781526)
1790+ [upstream]
1791+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
1792+ cpu model for z14 ZR1 (LP: 1780773).
1793+ [upstream]
1794+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
1795+ (Closes: 903562)
1796+ [in Debian]
1797+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
1798+ unreleased Debian version)
1799+ [in Debian]
1800+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1801+ by migrations with UI frontends or frequent guest resolution changes
1802+ (LP #1755912)
1803+ [upstream]
1804+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1805+ extend eieio for POWER9 emulation (LP: 1787408).
1806+ [upstream]
1807+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1808+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
1809+ [upstream]
1810+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
1811+ [upstream]
1812+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
1813+ [upstream]
1814+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
1815+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
1816+ [in Debian]
1817+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1818+ Adapters on s390x (LP: 1787405)
1819+ [upstream]
1820+ - enable opengl for vfio-MDEV support (LP: 1804766)
1821+ [in Debian]
1822+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1823+ [upstream]
1824+ - SECURITY UPDATE: integer overflow via crafted QMP command
1825+ [upstream]
1826+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1827+ [upstream]
1828+ - SECURITY UPDATE: buffer overflow in rtl8139
1829+ [upstream]
1830+ - SECURITY UPDATE: buffer overflow in pcnet
1831+ [upstream]
1832+ - SECURITY UPDATE: DoS via large packet sizes
1833+ [upstream]
1834+ - SECURITY UPDATE: DoS in lsi53c895a
1835+ [upstream]
1836+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1837+ [upstream]
1838+ - SECURITY UPDATE: race condition in 9p
1839+ [upstream]
1840+
1841+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
1842+
1843 qemu (1:3.1+dfsg-2) unstable; urgency=medium
1844
1845 * d/rules: split arch and indep builds
1846@@ -1132,6 +2822,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
1847
1848 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
1849
1850+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
1851+
1852+ [ Marc Deslauriers ]
1853+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1854+ - debian/patches/CVE-2018-10839.patch: use proper type in
1855+ hw/net/ne2000.c.
1856+ - CVE-2018-10839
1857+ * SECURITY UPDATE: integer overflow via crafted QMP command
1858+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
1859+ guest-file-read in qga/commands-posix.c.
1860+ - CVE-2018-12617
1861+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1862+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
1863+ - CVE-2018-16847
1864+ * SECURITY UPDATE: buffer overflow in rtl8139
1865+ - debian/patches/CVE-2018-17958.patch: use proper type in
1866+ hw/net/rtl8139.c.
1867+ - CVE-2018-17958
1868+ * SECURITY UPDATE: buffer overflow in pcnet
1869+ - debian/patches/CVE-2018-17962.patch: use proper type in
1870+ hw/net/pcnet.c.
1871+ - CVE-2018-17962
1872+ * SECURITY UPDATE: DoS via large packet sizes
1873+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
1874+ - CVE-2018-17963
1875+ * SECURITY UPDATE: DoS in lsi53c895a
1876+ - debian/patches/CVE-2018-18849.patch: check message length value is
1877+ valid in hw/scsi/lsi53c895a.c.
1878+ - CVE-2018-18849
1879+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1880+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
1881+ access in hw/ppc/pnv_lpc.c.
1882+ - CVE-2018-18954
1883+ * SECURITY UPDATE: race condition in 9p
1884+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
1885+ hw/9pfs/cofile.c.
1886+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
1887+ hw/9pfs/9p.c.
1888+ - CVE-2018-19364
1889+
1890+ [ Christian Ehrhardt]
1891+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1892+ Adapters on s390x (LP: #1787405)
1893+ * enable opengl for vfio-MDEV support (LP: #1804766)
1894+ - d/control-in: set --enable-opengl
1895+ - d/control-in: add gl related build-dependencies
1896+
1897+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
1898+
1899+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
1900+
1901+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
1902+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
1903+
1904+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
1905+
1906+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
1907+
1908+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
1909+ The SLOF source pieces in src:qemu are only used for s390x netboot,
1910+ which are independent ROMs (no linking). All other binaries out of this
1911+ are part of src:slof and independent.
1912+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
1913+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
1914+ and related fixes
1915+
1916+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
1917+
1918+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
1919+
1920+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
1921+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
1922+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
1923+
1924+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
1925+
1926+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
1927+
1928+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1929+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
1930+ - CVE-2018-15746
1931+
1932+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
1933+
1934+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
1935+
1936+ [ Murilo Opsfelder Araujo ]
1937+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1938+ extend eieio for POWER9 emulation (LP: #1787408).
1939+
1940+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
1941+
1942+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
1943+
1944+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1945+ by migrations with UI frontends or frequent guest resolution changes
1946+ (LP: #1755912)
1947+
1948+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
1949+
1950+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
1951+
1952+ * Disable capstone disassembler library support (universe dependency)
1953+
1954+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
1955+
1956+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
1957+
1958+ * Merge with Debian testing, Remaining Changes:
1959+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
1960+ - qemu-kvm to systemd unit
1961+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1962+ hugepages and architecture specifics
1963+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1964+ - d/qemu-system-common.install: install systemd unit and helper script
1965+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1966+ - d/qemu-system-common.qemu-kvm.default: defaults for
1967+ /etc/default/qemu-kvm
1968+ - d/rules: install /etc/default/qemu-kvm
1969+ - Enable nesting by default
1970+ - set nested=1 module option on intel. (is default on amd)
1971+ - re-load kvm_intel.ko if it was loaded without nested=1
1972+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1973+ in qemu64 cpu type.
1974+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1975+ in qemu64 on amd
1976+ - d/qemu-system-x86.README.Debian: document intention of nested being
1977+ default is comfort, not full support
1978+ - libvirt/qemu user/group support
1979+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1980+ trigger.
1981+ - qemu-system-common.preinst: add kvm group if needed
1982+ - Distribution specific machine type
1983+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1984+ types to ease future live vm migration.
1985+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1986+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
1987+ for host-phys-bits=true (LP: 1776189)
1988+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1989+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1990+ convenience with all meltdown/spectre workarounds enabled by default.
1991+ (LP: 1761372).
1992+ - improved dependencies
1993+ - Make qemu-system-common depend on qemu-block-extra
1994+ - Make qemu-utils depend on qemu-block-extra
1995+ - let qemu-utils recommend sharutils
1996+ - s390x support
1997+ - Create qemu-system-s390x package
1998+ - Include s390-ccw.img firmware
1999+ - Enable numa support for s390x
2000+ - arch aware kvm wrappers
2001+ - update VCS-git (updated to match cosmic)
2002+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2003+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2004+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2005+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2006+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2007+ - d/rules enable install s390x-netboot.img
2008+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2009+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2010+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2011+ reference 256k path
2012+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2013+ handle incoming migrations from former releases.
2014+ - SECURITY UPDATE: Speculative Store Bypass
2015+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2016+ CPUID feature bit in target/i386/cpu.*.
2017+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2018+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2019+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2020+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2021+ target/i386/machine.c.
2022+ - CVE-2018-3639
2023+ * Added Changes:
2024+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2025+ - add cosmic types for base and -hpb
2026+ - drop no more supported types (zesty and yakkety)
2027+ - d/p/series: group machine type changes
2028+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2029+ merged upstream
2030+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2031+ computation while concatenating mbuf.
2032+ CVE-2018-11806
2033+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2034+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2035+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2036+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2037+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2038+ to POWER8
2039+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2040+ is no more needed with systemd-detect-virt being more mature and always
2041+ present.
2042+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2043+ - d/control-in: add libibumad-dev which is now needed for rdma
2044+ - d/rules: update s390x delta to match new Debian packaging
2045+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2046+ for powerpc64 to speed up translation (LP: #1781526)
2047+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2048+ cpu model for z14 ZR1 (LP: #1780773).
2049+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2050+ (Closes: 903562)
2051+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2052+ unreleased Debian version)
2053+ * Dropped Changes:
2054+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2055+ (No more removed when building DFSG orig tarball in Debian)
2056+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2057+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2058+ so we revert related changes to stick with the proven for now:
2059+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2060+ depends on it)
2061+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2062+ (Debian switched to gtk which seems to work better and has all
2063+ dependencies in main.)
2064+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2065+ - Changes that are now upstream with qemu 2.12
2066+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2067+ newer versions of glibc >=2.27 (LP: 1753826)
2068+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2069+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2070+ SSE/AVX/AVX512 cpu features (LP: 1739665)
2071+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2072+ space+commpage continuous which avoids long startup times on
2073+ qemu-user-static (LP: 1740219)
2074+ - provide pseries-2.12-sxxm type (LP: 1761372)
2075+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2076+ filesystem-dax with pmem by backporting align and unarmed options
2077+ (LP: 1704312).
2078+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2079+ option to slirp's DHCP server (LP: 1762315)
2080+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2081+ Protection information (LP: 1762854).
2082+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2083+ migration (LP: 1763468).
2084+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
2085+ CVE-2017-16845
2086+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
2087+ CVE-2018-7550
2088+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2089+ CVE-2018-7858
2090+
2091+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2092+
2093 qemu (1:2.12+dfsg-3) unstable; urgency=medium
2094
2095 * make qemu-system-foo depending
2096@@ -1220,6 +3153,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
2097
2098 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
2099
2100+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2101+
2102+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2103+ for host-phys-bits=true (LP: #1776189)
2104+ - add an info about this change in debian/qemu-system-x86.NEWS
2105+
2106+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2107+
2108+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2109+
2110+ * SECURITY UPDATE: Speculative Store Bypass
2111+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2112+ CPUID feature bit in target/i386/cpu.*.
2113+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2114+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2115+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2116+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2117+ target/i386/machine.c.
2118+ - CVE-2018-3639
2119+
2120+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2121+
2122+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2123+
2124+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
2125+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2126+ in post_load routine in hw/input/ps2.c.
2127+ - CVE-2017-16845
2128+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
2129+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2130+ zero in hw/i386/multiboot.c.
2131+ - CVE-2018-7550
2132+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2133+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2134+ hw/display/vga.c.
2135+ - CVE-2018-7858
2136+
2137+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2138+
2139+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2140+
2141+ * No-change rebuild for ncurses soname changes.
2142+
2143+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2144+
2145+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2146+
2147+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2148+ information (LP: #1762854).
2149+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2150+ (LP: #1763468).
2151+
2152+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2153+
2154+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2155+
2156+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2157+ The Kernel fixes are preferred and already committed to the kernel.
2158+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
2159+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2160+ SSE/AVX/AVX512 cpu features (LP: #1739665)
2161+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2162+ space+commpage continuous which avoids long startup times on
2163+ qemu-user-static (LP: #1740219)
2164+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2165+ convenience with all meltdown/spectre workarounds enabled by default.
2166+ This is not the default type following upstream and x86 on that.
2167+ (LP: #1761372).
2168+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2169+ with pmem by backporting align and unarmed options (LP: #1704312).
2170+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2171+ option to slirp's DHCP server (LP: #1762315)
2172+
2173+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2174+
2175+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2176+
2177+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2178+ accepted to be better long term maintainable (LP: #1753938)
2179+
2180+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2181+
2182+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2183+
2184+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2185+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2186+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2187+ versions of glibc >=2.27 (LP: #1753826)
2188+
2189+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2190+
2191+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2192+
2193+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2194+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2195+ Add domainname option and classless static routes support to the user
2196+ networking's DHCP server
2197+
2198+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2199+
2200+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2201+
2202+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2203+ - among other fixes this adds code to:
2204+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2205+ However, enabling this functionality requires additional configuration
2206+ beyond just updating QEMU. Also migrations need special consideration.
2207+ Details about that can be found at:
2208+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2209+ - Power9 allocation of max 8 threads per core (LP: #1750526)
2210+ * Drop changes that are part of the upstream stable release
2211+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2212+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2213+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2214+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2215+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2216+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2217+ common compat.h header and add some extra info in the patch header.
2218+
2219+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2220+
2221+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2222+
2223+ * Merge with Debian testing, among other fixes this includes
2224+ - fix fatal error on negative maxcpus (LP: #1722495)
2225+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2226+ - linux user threading issues (LP: #1350435)
2227+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2228+ Remaining changes:
2229+ - qemu-kvm to systemd unit
2230+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2231+ hugepages and architecture specifics
2232+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2233+ - d/qemu-system-common.install: install systemd unit and helper script
2234+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2235+ - d/qemu-system-common.qemu-kvm.default: defaults for
2236+ /etc/default/qemu-kvm
2237+ - d/rules: install /etc/default/qemu-kvm
2238+ - Enable nesting by default
2239+ - set nested=1 module option on intel. (is default on amd)
2240+ - re-load kvm_intel.ko if it was loaded without nested=1
2241+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2242+ in qemu64 cpu type.
2243+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2244+ in qemu64 on amd
2245+ - libvirt/qemu user/group support
2246+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2247+ trigger.
2248+ - qemu-system-common.preinst: add kvm group if needed
2249+ - Distribution specific machine type
2250+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2251+ types to ease future live vm migration.
2252+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2253+ - improved dependencies
2254+ - Make qemu-system-common depend on qemu-block-extra
2255+ - Make qemu-utils depend on qemu-block-extra
2256+ - let qemu-utils recommend sharutils
2257+ - s390x support
2258+ - Create qemu-system-s390x package
2259+ - Include s390-ccw.img firmware
2260+ - Enable numa support for s390x
2261+ - ppc64[le] support
2262+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2263+ - arch aware kvm wrappers
2264+ * Added Changes
2265+ - update VCS-git to match the bionic branch
2266+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2267+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2268+ so we revert related changes to stick with the proven for now:
2269+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2270+ depends on it)
2271+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2272+ - d/qemu-system-x86.README.Debian: document intention of nested being
2273+ default is comfort, not full support
2274+ - update Ubuntu machine types for qemu 2.11
2275+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2276+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2277+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2278+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2279+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2280+ - d/rules enable install s390x-netboot.img
2281+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2282+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
2283+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2284+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2285+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2286+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2287+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2288+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2289+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2290+ reference 256k path
2291+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2292+ handle incoming migrations from former releases.
2293+ - d/control-in: enable seccomp on s390x
2294+ * Dropped changes (no more needed):
2295+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2296+ The functionality is retained for upgraders, but is deprecated.
2297+ Post 18.04 the implementation for these configurations will be removed.
2298+ * Dropped changes (in Debian now):
2299+ - ppc64[le] support
2300+ - Enable seccomp for ppc64el
2301+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2302+ - disable missing x32 architecture
2303+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2304+ - d/qemu-system-common.docs: new paths since (ac06724a)
2305+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2306+ by qapi-schema.json which is already packaged (since 4d8bb958)
2307+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2308+ to Debian patch to match qemu 2.10)
2309+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2310+ since 8508eee7
2311+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2312+ - make nios2/hppa not installed explicitly until further stablized
2313+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2314+ qemu-ga-ref
2315+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2316+ along the qapi intro
2317+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2318+ dh_missing that are already provided in other formats qemu-doc,
2319+ qemu-qmp-ref,qemu-ga-ref
2320+ * Dropped changes (integrated upstream):
2321+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2322+ on arm64 when doing suspend/resume and reboots due to older kernels not
2323+ supporting ITS (LP 1731051).
2324+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2325+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2326+ calls (LP 1726394)
2327+ - update to upstream 2.10.1 point release (LP 1722808)
2328+
2329+
2330+
2331+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2332+
2333 qemu (1:2.11+dfsg-1) unstable; urgency=medium
2334
2335 [ Michael Tokarev ]
2336@@ -1334,6 +3500,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
2337
2338 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
2339
2340+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
2341+
2342+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2343+ on arm64 when doing suspend/resume and reboots due to older kernels not
2344+ supporting ITS (LP: #1731051).
2345+
2346+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
2347+
2348+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
2349+
2350+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2351+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2352+ calls (LP: #1726394)
2353+
2354+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
2355+
2356+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
2357+
2358+ * fix enablement of qemu-kvm service (LP: #1720397)
2359+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
2360+ - d/rules: add proper enablement debhelper calls
2361+ - d/qemu-system-common.install: install covered by dh_installinit
2362+
2363+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
2364+
2365+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
2366+
2367+ * update to upstream 2.10.1 point release (LP: #1722808)
2368+
2369+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
2370+
2371+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
2372+
2373+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
2374+ Remaining changes:
2375+ - qemu-kvm to systemd unit
2376+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2377+ hugepages and architecture specifics
2378+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2379+ - d/qemu-system-common.install: install systemd unit and helper script
2380+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2381+ - d/qemu-system-common.qemu-kvm.default: defaults for
2382+ /etc/default/qemu-kvm
2383+ - d/rules: install /etc/default/qemu-kvm
2384+ - Enable nesting by default
2385+ - set nested=1 module option on intel. (is default on amd)
2386+ - re-load kvm_intel.ko if it was loaded without nested=1
2387+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2388+ in qemu64 cpu type.
2389+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2390+ in qemu64 on amd
2391+ - libvirt/qemu user/group support
2392+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2393+ trigger.
2394+ - qemu-system-common.preinst: add kvm group if needed
2395+ - Distribution specific machine type
2396+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2397+ types to ease future live vm migration.
2398+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2399+ - improved dependencies
2400+ - Make qemu-system-common depend on qemu-block-extra
2401+ - Make qemu-utils depend on qemu-block-extra
2402+ - let qemu-utils recommend sharutils
2403+ - s390x support
2404+ - Create qemu-system-s390x package
2405+ - Include s390-ccw.img firmware
2406+ - Enable numa support for s390x
2407+ - ppc64[le] support
2408+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2409+ - Enable seccomp for ppc64el
2410+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2411+ - arch aware kvm wrappers
2412+ - update VCS-git to match the Artful branch
2413+ - disable missing x32 architecture
2414+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2415+ - d/qemu-system-common.docs: new paths since (ac06724a)
2416+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2417+ by qapi-schema.json which is already packaged (since 4d8bb958)
2418+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2419+ to Debian patch to match qemu 2.10)
2420+ - s390x package now builds correctly on all architectures (LP 1710695)
2421+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2422+ since 8508eee7
2423+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2424+ - make nios2/hppa not installed explicitly until further stablized
2425+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2426+ qemu-ga-ref
2427+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2428+ along the qapi intro
2429+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2430+ dh_missing that are already provided in other formats qemu-doc,
2431+ qemu-qmp-ref,qemu-ga-ref
2432+
2433+
2434+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
2435+
2436+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
2437+
2438+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
2439+ Remaining changes:
2440+ - qemu-kvm to systemd unit
2441+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2442+ hugepages and architecture specifics
2443+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2444+ - d/qemu-system-common.install: install systemd unit and helper script
2445+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2446+ - d/qemu-system-common.qemu-kvm.default: defaults for
2447+ /etc/default/qemu-kvm
2448+ - d/rules: install /etc/default/qemu-kvm
2449+ - Enable nesting by default
2450+ - set nested=1 module option on intel. (is default on amd)
2451+ - re-load kvm_intel.ko if it was loaded without nested=1
2452+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2453+ in qemu64 cpu type.
2454+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2455+ in qemu64 on amd
2456+ - libvirt/qemu user/group support
2457+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2458+ trigger.
2459+ - qemu-system-common.preinst: add kvm group if needed
2460+ - Distribution specific machine type
2461+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2462+ types to ease future live vm migration.
2463+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2464+ - improved dependencies
2465+ - Make qemu-system-common depend on qemu-block-extra
2466+ - Make qemu-utils depend on qemu-block-extra
2467+ - let qemu-utils recommend sharutils
2468+ - s390x support
2469+ - Create qemu-system-s390x package
2470+ - Include s390-ccw.img firmware
2471+ - Enable numa support for s390x
2472+ - ppc64[le] support
2473+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2474+ - Enable seccomp for ppc64el
2475+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2476+ - arch aware kvm wrappers
2477+ - update VCS-git to match the Artful branch
2478+ - disable missing x32 architecture
2479+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2480+ - d/qemu-system-common.docs: new paths since (ac06724a)
2481+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2482+ by qapi-schema.json which is already packaged (since 4d8bb958)
2483+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2484+ to Debian patch to match qemu 2.10)
2485+ - s390x package now builds correctly on all architectures (LP 1710695)
2486+ * Added changes:
2487+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2488+ since 8508eee7
2489+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2490+ - make nios2/hppa not installed explicitly until further stablized
2491+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2492+ qemu-ga-ref
2493+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2494+ along the qapi intro
2495+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2496+ dh_missing that are already provided in other formats qemu-doc,
2497+ qemu-qmp-ref,qemu-ga-ref
2498+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
2499+ changes in 2.10-rc4
2500+
2501+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
2502+
2503+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
2504+
2505+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
2506+ a set of bugs
2507+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
2508+ - CPU hot unplug fails after migrating a CPU hotplugged guest
2509+ from source (LP: #1677552)
2510+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
2511+ - New KVM 288 Pass Through (LP: #1672447)
2512+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
2513+ * Remaining changes:
2514+ - qemu-kvm to systemd unit
2515+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2516+ hugepages and architecture specifics
2517+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2518+ - d/qemu-system-common.install: install systemd unit and helper script
2519+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2520+ - d/qemu-system-common.qemu-kvm.default: defaults for
2521+ /etc/default/qemu-kvm
2522+ - d/rules: install /etc/default/qemu-kvm
2523+ - Enable nesting by default
2524+ - set nested=1 module option on intel. (is default on amd)
2525+ - re-load kvm_intel.ko if it was loaded without nested=1
2526+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2527+ in qemu64 cpu type.
2528+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2529+ in qemu64 on amd
2530+ - libvirt/qemu user/group support
2531+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2532+ trigger.
2533+ - qemu-system-common.preinst: add kvm group if needed
2534+ - Distribution specific machine type
2535+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2536+ types to ease future live vm migration.
2537+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2538+ - improved dependencies
2539+ - Make qemu-system-common depend on qemu-block-extra
2540+ - Make qemu-utils depend on qemu-block-extra
2541+ - let qemu-utils recommend sharutils
2542+ - s390x support
2543+ - Create qemu-system-s390x package
2544+ - Include s390-ccw.img firmware
2545+ - Enable numa support for s390x
2546+ - ppc64[le] support
2547+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2548+ - Enable seccomp for ppc64el
2549+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2550+ - arch aware kvm wrappers
2551+ - disable missing x32 architecture
2552+ - update VCS links
2553+ * Added changes
2554+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2555+ - d/qemu-system-common.docs: new paths since (ac06724a)
2556+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2557+ by qapi-schema.json which is already packaged (since 4d8bb958)
2558+ - Updates in debian/patches to match qemu 2.10
2559+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
2560+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
2561+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
2562+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
2563+ - update VCS-git to match the Artful branch
2564+ - s390x package now builds correctly on all architectures (LP: #1710695)
2565+ * Dropped changes (integrated upstream):
2566+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2567+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
2568+ - All CVE fixes formerly applied are upstream and thereby dropped.
2569+
2570+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
2571+
2572 qemu (1:2.8+dfsg-7) unstable; urgency=medium
2573
2574 * uploading to unstable all fixes which went to stretch-security
2575@@ -1443,6 +3841,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
2576
2577 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
2578
2579+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
2580+
2581+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
2582+ This was inadvertently dropped on 2.8 merge.
2583+
2584+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
2585+
2586+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
2587+
2588+ * SECURITY UPDATE: denial of service via leak in virtFS
2589+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
2590+ hw/9pfs/9p.c.
2591+ - CVE-2017-7377
2592+ * SECURITY UPDATE: denial of service in cirrus_vga
2593+ - debian/patches/CVE-2017-7718.patch: check parameters in
2594+ hw/display/cirrus_vga_rop.h.
2595+ - CVE-2017-7718
2596+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
2597+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
2598+ hw/display/cirrus_vga.c.
2599+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
2600+ hw/display/cirrus_vga.c.
2601+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
2602+ in hw/display/cirrus_vga.c.
2603+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
2604+ hw/display/cirrus_vga.c.
2605+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
2606+ in hw/display/cirrus_vga.c.
2607+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
2608+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2609+ hw/display/cirrus_vga_rop2.h.
2610+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
2611+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2612+ hw/display/cirrus_vga_rop2.h.
2613+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
2614+ hw/display/cirrus_vga_rop.h.
2615+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
2616+ hw/display/cirrus_vga.c.
2617+ - CVE-2017-7980
2618+ * SECURITY UPDATE: denial of service via memory leak in virtFS
2619+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
2620+ - CVE-2017-8086
2621+ * SECURITY UPDATE: denial of service via leak in audio
2622+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
2623+ audio/audio.c.
2624+ - CVE-2017-8309
2625+ * SECURITY UPDATE: denial of service via leak in keyboard
2626+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
2627+ ui/input.c.
2628+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
2629+ ui/input.c.
2630+ - CVE-2017-8379
2631+
2632+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
2633+
2634+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
2635+
2636+ * SECURITY UPDATE: DoS in virtio GPU device
2637+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
2638+ max_size in hw/display/virtio-gpu-3d.c.
2639+ - CVE-2016-10028
2640+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
2641+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
2642+ in hw/dma/rc4030.c.
2643+ - CVE-2016-8667
2644+ * SECURITY UPDATE: host filesystem access via virtFS
2645+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
2646+ hw/9pfs/*.
2647+ - CVE-2016-9602
2648+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
2649+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
2650+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
2651+ ui/console.c, ui/vnc.c.
2652+ - CVE-2016-9603
2653+ * SECURITY UPDATE: information leak in virtio GPU device
2654+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
2655+ hw/display/virtio-gpu-3d.c.
2656+ - CVE-2016-9908
2657+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2658+ - debian/patches/CVE-2016-9912.patch: properly free memory in
2659+ hw/display/virtio-gpu.c.
2660+ - CVE-2016-9912
2661+ * SECURITY UPDATE: DoS via virtFS
2662+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
2663+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
2664+ - CVE-2016-9914
2665+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2666+ - debian/patches/CVE-2017-5552.patch: check return value in
2667+ hw/display/virtio-gpu-3d.c.
2668+ - CVE-2017-5552
2669+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2670+ - debian/patches/CVE-2017-5578.patch: check res->iov in
2671+ hw/display/virtio-gpu.c.
2672+ - CVE-2017-5578
2673+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
2674+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
2675+ handling in hw/sd/sdhci.c.
2676+ - CVE-2017-5987
2677+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
2678+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
2679+ hw/usb/hcd-ohci.c.
2680+ - CVE-2017-6505
2681+
2682+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
2683+
2684+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
2685+
2686+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2687+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
2688+
2689+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
2690+
2691+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
2692+
2693+ * Merge with Debian;
2694+ This fixes several CVEs that were reported against qemu 2.8 and also
2695+ includes a few important functional backports (LP: #1667033); remaining
2696+ changes:
2697+ - add qemu-kvm init script and defaults file
2698+ (d/qemu-system-common.qemu-kvm.*)
2699+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2700+ modules and handling /etc/default/qemu-kvm
2701+ - qemu-system-common.preinst: add kvm group if needed
2702+ - Enable nesting by default on intel.
2703+ - set default module option
2704+ - re-load kvm_intel.ko if it was loaded without nested=1
2705+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2706+ default in qemu64 cpu type.
2707+ - Enable svm by default for qemu64 on amd
2708+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
2709+ define distro machine types to ease future live vm migration (includes
2710+ all former follow up fixes).
2711+ - Make qemu-system-common depend on qemu-block-extra
2712+ - Make qemu-utils depend on qemu-block-extra
2713+ - s390x support
2714+ - Create qemu-system-s390x package
2715+ - Include s390-ccw.img firmware
2716+ - qemu-system-common.postinst:
2717+ - change acl placed by udev, and add udevadm trigger.
2718+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2719+ - Several changes were applied but missing in the changelog so far
2720+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2721+ - arch aware kvm wrapper
2722+ - update VCS links
2723+ - let qemu-utils recommend sharutils
2724+ - disable x32 architecture
2725+ - Enable seccomp for ppc64el
2726+ - Enable numa support for s390x
2727+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2728+ init.d-script-missing-dependency-on-remote_fs
2729+ - d/qemu-system-common.postinst: fix lintian error type
2730+ command-with-path-in-maintainer-script
2731+ - Transition qemu-kvm to a systemd unit
2732+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2733+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2734+ that it shows up where the user expects (sytemctl status, kvm stdout)
2735+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2736+ - add arch aware kvm wrapper for s390x
2737+ * Dropped Changes (in Debian now):
2738+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2739+ - d/control-in: change dependencies for fix of wrong acl for newly
2740+ created device node on ubuntu
2741+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2742+ relationship, but qemu-efi is still in universe right now.
2743+ - Disable glusterfs (Universe dependency)
2744+ - no more skip disable libiscsi on Ubuntu
2745+ - d/rules, d/control-in: avoid people editing d/control
2746+ * Added Changes:
2747+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
2748+ power makes 2.3 the minimum level.
2749+
2750+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
2751+
2752 qemu (1:2.8+dfsg-3) unstable; urgency=high
2753
2754 * urgency high due to security fixes
2755@@ -1503,6 +4074,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
2756
2757 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
2758
2759+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
2760+
2761+ * Merge with Debian; remaining changes:
2762+ - add qemu-kvm init script and defaults file
2763+ (d/qemu-system-common.qemu-kvm.*)
2764+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2765+ modules and handling /etc/default/qemu-kvm
2766+ - qemu-system-common.preinst: add kvm group if needed
2767+ - Enable nesting by default on intel.
2768+ - set default module option
2769+ - re-load kvm_intel.ko if it was loaded without nested=1
2770+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2771+ default in qemu64 cpu type.
2772+ - Enable svm by default for qemu64 on amd
2773+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2774+ types to ease future live vm migration.
2775+ - Make qemu-system-common depend on qemu-block-extra
2776+ - Make qemu-utils depend on qemu-block-extra
2777+ - s390x support
2778+ - Create qemu-system-s390x package
2779+ - Include s390-ccw.img firmware
2780+ - qemu-system-common.postinst:
2781+ - change acl placed by udev, and add udevadm trigger.
2782+ - d/control-in: change dependencies for fix of wrong acl for newly
2783+ created device node on ubuntu
2784+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2785+ relationship, but qemu-efi is still in universe right now.
2786+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2787+ - Several changes were applied but missing in the changelog so far
2788+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2789+ - arch aware kvm wrapper
2790+ - update VCS links
2791+ - no more skip disable libiscsi on Ubuntu
2792+ - let qemu-utils recommend sharutils
2793+ - disable x32 architecture
2794+ * Dropped Changes:
2795+ - Several changes were applied but missing in the changelog so far
2796+ but are no more needed
2797+ - no pie for relocatable LD calls, with toolchain defaulting to
2798+ pie (fixed upstream)
2799+ - enable libnuma-dev (now in Debian)
2800+ - transition for moved init scripts (can be dropped after LTS
2801+ containing >=2.5 which is Xenial)
2802+ - --enable-seccomp related whitespace change (had no effect)
2803+ - apport hook for qemu source package (In Debian)
2804+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
2805+ - d/qemu-system-x86.maintscript: transition off of
2806+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
2807+ - Enable pie by default, on ubuntu/s390x. (Is the default since
2808+ >=Xenial, no cloud archive backport <=Xenial to consider)
2809+ - no pie for relocatable LD calls (fixed upstream in commit
2810+ 7ecf44a5)
2811+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
2812+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
2813+ (Improved fix included by upstream)
2814+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
2815+ - Fixed wrong migration blocker when vhost is used (is upstream in
2816+ qemu 2.8)
2817+ * Added Changes:
2818+ - d/rules, d/control-in: avoid people editing d/control by warning
2819+ header and non writable permissions
2820+ - fixed moving trusty machine type definition which made it
2821+ ambiguous (LP: #1641532)
2822+ - d/qemu-system-x86.NEWS describe the issue
2823+ - Enable seccomp for ppc64el (LP: #1644639)
2824+ - Enable numa support for s390x
2825+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2826+ init.d-script-missing-dependency-on-remote_fs
2827+ - d/qemu-system-common.postinst: fix lintian error type
2828+ command-with-path-in-maintainer-script
2829+ - Transition qemu-kvm to a systemd unit
2830+ - Disable glusterfs (Universe dependency)
2831+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2832+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2833+ that it shows up where the user expects (sytemctl status, kvm stdout)
2834+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2835+ - add arch aware kvm wrapper for s390x
2836+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2837+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
2838+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
2839+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
2840+
2841+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
2842+
2843 qemu (1:2.8+dfsg-2) unstable; urgency=medium
2844
2845 * Revert "update binfmt registration for mipsn32"
2846@@ -1621,6 +4276,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
2847
2848 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
2849
2850+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
2851+
2852+ * No-change rebuild to compile against new libxen version.
2853+
2854+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
2855+
2856+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
2857+
2858+ * retain older xenial machine type to avoid issues starting guests
2859+ created on xenial prior to the SRU for bug 1621042. In that regard the old
2860+ broken xenial machine type and the new fixed one have both to be considered
2861+ as valid LTS machine types (LP: #1626070).
2862+
2863+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
2864+
2865+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
2866+
2867+ * fix default ubuntu machine types. (LP: #1621042)
2868+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
2869+ - remove double default and double ubuntu alias
2870+ - drop former devel releases utopic, vivid, wily
2871+ - add xenial and yakkety machine types
2872+ - add q35 based ubuntu machine type starting at xenial
2873+ - add ubuntu machine types on ppc64el and s390x starting at xenial
2874+
2875+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
2876+
2877+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
2878+
2879+ * Enable GPU Passthru for ppc64le (LP: #1541902)
2880+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
2881+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
2882+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
2883+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
2884+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
2885+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
2886+ - 0007-spapr_iommu-Migrate-full-state.patch
2887+ - 0008-spapr_iommu-Add-root-memory-region.patch
2888+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
2889+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
2890+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
2891+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
2892+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
2893+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
2894+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
2895+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
2896+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
2897+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
2898+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
2899+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
2900+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
2901+
2902+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
2903+
2904+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
2905+
2906+ * New upstream release. LP: #1617055.
2907+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
2908+
2909+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
2910+
2911 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
2912
2913 * Non-maintainer upload.
2914@@ -1654,6 +4370,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
2915
2916 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
2917
2918+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
2919+
2920+ * SECURITY UPDATE: DoS via unbounded memory allocation
2921+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
2922+ - CVE-2016-5403
2923+ * SECURITY UPDATE: oob write access while reading ESP command
2924+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
2925+ maximum CDB size and handle migration in hw/scsi/esp.c,
2926+ include/hw/scsi/esp.h, include/migration/vmstate.h.
2927+ - CVE-2016-6351
2928+ * SECURITY UPDATE: infinite loop in virtqueue_pop
2929+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
2930+ length in hw/virtio/virtio.c.
2931+ - CVE-2016-6490
2932+
2933+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
2934+
2935+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
2936+
2937+ * Merge with Debian; remaining changes:
2938+ - debian/rules: do not drop the init scripts loading kvm modules
2939+ (still needed in precise in cloud archive)
2940+ - qemu-system-common.postinst:
2941+ * remove acl placed by udev, and add udevadm trigger.
2942+ * reload kvm_intel if needed to set nested=1
2943+ - qemu-system-common.preinst: add kvm group if needed
2944+ - add qemu-kvm upstart job and defaults file (rules,
2945+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2946+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2947+ do not auto-load the kvm kernel module. Enable nesting by default
2948+ on intel.
2949+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2950+ in qemu64 cpu type.
2951+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2952+ types to ease future live vm migration.
2953+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2954+ d/qemu-system-common.install
2955+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2956+ to fix errors with missing block backends.
2957+ - s390x:
2958+ * Create qemu-system-s390x package
2959+ * Enable pie by default, on ubuntu/s390x.
2960+ * Enable svm by default for qemu64 on amd
2961+ * Include s390-ccw.img firmware
2962+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
2963+ relationship, but qemu-efi is still in universe right now.
2964+
2965+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
2966+
2967 qemu (1:2.6+dfsg-3) unstable; urgency=high
2968
2969 * more security fixes picked from upstream:
2970@@ -1707,6 +4472,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
2971
2972 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
2973
2974+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
2975+
2976+ * Merge with Debian; remaining changes: (LP: #1583775)
2977+ - debian/rules: do not drop the init scripts loading kvm modules
2978+ (still needed in precise in cloud archive)
2979+ - qemu-system-common.postinst:
2980+ * remove acl placed by udev, and add udevadm trigger.
2981+ * reload kvm_intel if needed to set nested=1
2982+ - qemu-system-common.preinst: add kvm group if needed
2983+ - add qemu-kvm upstart job and defaults file (rules,
2984+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
2985+ - rules,qemu-system-x86.modprobe: support use under older udevs which
2986+ do not auto-load the kvm kernel module. Enable nesting by default
2987+ on intel.
2988+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
2989+ in qemu64 cpu type.
2990+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2991+ types to ease future live vm migration.
2992+ - apport hook for qemu source package: d/source_qemu-kvm.py,
2993+ d/qemu-system-common.install
2994+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
2995+ to fix errors with missing block backends. (LP: #1495895)
2996+ - s390x:
2997+ * Create qemu-system-s390x package
2998+ * Enable pie by default, on ubuntu/s390x.
2999+ * Enable svm by default for qemu64 on amd
3000+ * Include s390-ccw.img firmware
3001+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3002+ relationship, but qemu-efi is still in universe right now.
3003+ * Drop patches which have been applied upstream:
3004+
3005+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3006+
3007 qemu (1:2.6+dfsg-1) unstable; urgency=medium
3008
3009 * new upstream release
3010@@ -1744,6 +4542,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
3011
3012 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
3013
3014+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3015+
3016+ * Cherrypick upstream patches to support the query-gic-version QMP command
3017+ (LP: #1566564)
3018+
3019+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3020+
3021+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3022+
3023+ [Stefan Bader]
3024+ * Enable svm by default for qemu64 on amd (LP: #1561019)
3025+
3026+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3027+
3028+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3029+
3030+ * qemu-system-s390x only available on s390x, so qemu-system should only
3031+ depend on it on this arch.
3032+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3033+ relationship, but qemu-efi is still in universe right now.
3034+
3035+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3036+
3037+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3038+
3039+ * And actually ship the right things in qemu-system-s390x.
3040+
3041+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3042+
3043+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3044+
3045+ * Create qemu-system-s390x package on ubuntu only.
3046+
3047+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3048+
3049+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3050+
3051+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3052+
3053+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3054+
3055+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3056+
3057+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3058+ (LP: #1556306)
3059+
3060+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3061+
3062+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3063+
3064+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3065+
3066+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3067+
3068+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3069+
3070+ * d/control{-in}: Re-generate and build with libiscsi-dev now
3071+ that its in Ubuntu main (LP: #1271653).
3072+
3073+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3074+
3075+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3076+
3077+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3078+
3079+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3080+
3081+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3082+
3083+ * No-change rebuild for gnutls transition.
3084+
3085+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3086+
3087+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3088+
3089+ * Merge with Debian; remaining changes:
3090+ - debian/rules: do not drop the init scripts loading kvm modules
3091+ (still needed in precise in cloud archive)
3092+ - qemu-system-common.postinst:
3093+ * remove acl placed by udev, and add udevadm trigger.
3094+ * reload kvm_intel if needed to set nested=1
3095+ - qemu-system-common.preinst: add kvm group if needed
3096+ - add qemu-kvm upstart job and defaults file (rules,
3097+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3098+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3099+ do not auto-load the kvm kernel module. Enable nesting by default
3100+ on intel.
3101+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3102+ in qemu64 cpu type.
3103+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3104+ types to ease future live vm migration.
3105+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3106+ d/qemu-system-common.install
3107+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3108+ to fix errors with missing block backends. (LP: #1495895)
3109+ - Enable pie by default, on ubuntu/s390x.
3110+ - Include s390-ccw.img firmware.
3111+
3112+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3113+
3114 qemu (1:2.5+dfsg-5) unstable; urgency=medium
3115
3116 * fix misspellings in previous debian/changelog entry
3117@@ -1801,6 +4699,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
3118
3119 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
3120
3121+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
3122+
3123+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
3124+ contents
3125+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
3126+ hw/block/xen_blkif.h.
3127+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
3128+ hw/display/xenfb.c.
3129+ - CVE-2015-8550
3130+ * SECURITY UPDATE: infinite loop in ehci_advance_state
3131+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
3132+ in hw/usb/hcd-ehci.c.
3133+ - CVE-2015-8558
3134+ * SECURITY UPDATE: host memory leakage in vmxnet3
3135+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
3136+ hw/net/vmxnet3.c.
3137+ - CVE-2015-8567
3138+ - CVE-2015-8568
3139+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
3140+ - debian/patches/CVE-2015-8613.patch: initialise info object with
3141+ appropriate size in hw/scsi/megasas.c.
3142+ - CVE-2015-8613
3143+ * SECURITY UPDATE: DoS via Human Monitor Interface
3144+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
3145+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
3146+ - CVE-2015-8619
3147+ * SECURITY UPDATE: incorrect array bounds check in rocker
3148+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
3149+ check in hw/net/rocker/rocker.c.
3150+ - CVE-2015-8701
3151+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
3152+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
3153+ operations in hw/net/ne2000.c.
3154+ - CVE-2015-8743
3155+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
3156+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
3157+ error in hw/ide/ahci.c.
3158+ - CVE-2016-1568
3159+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
3160+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
3161+ hw/i386/kvmvapic.c.
3162+ - CVE-2016-1922
3163+ * SECURITY UPDATE: e1000 infinite loop
3164+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
3165+ out-of-bounds transfer start in hw/net/e1000.c
3166+ - CVE-2016-1981
3167+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
3168+ engines
3169+ - debian/patches/CVE-2016-2197.patch: add check before calling
3170+ dma_memory_unmap in hw/ide/ahci.c.
3171+ - CVE-2016-2197
3172+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
3173+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
3174+ function in hw/usb/hcd-ehci.c.
3175+ - CVE-2016-2198
3176+
3177+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
3178+
3179+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
3180+
3181+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
3182+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
3183+
3184+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
3185+
3186+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
3187+
3188+ * Include s390-ccw.img firmware.
3189+
3190+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
3191+
3192+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
3193+
3194+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
3195+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
3196+ Thanks Simon. (LP: #1531191)
3197+
3198+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
3199+
3200+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
3201+
3202+ * Merge with Debian; remaining changes:
3203+ - debian/rules: do not drop the init scripts loading kvm modules
3204+ (still needed in precise in cloud archive)
3205+ - qemu-system-common.postinst:
3206+ * remove acl placed by udev, and add udevadm trigger.
3207+ * reload kvm_intel if needed to set nested=1
3208+ - qemu-system-common.preinst: add kvm group if needed
3209+ - add qemu-kvm upstart job and defaults file (rules,
3210+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3211+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3212+ do not auto-load the kvm kernel module. Enable nesting by default
3213+ on intel.
3214+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3215+ in qemu64 cpu type.
3216+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3217+ types to ease future live vm migration.
3218+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3219+ d/qemu-system-common.install
3220+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3221+ to fix errors with missing block backends. (LP: #1495895)
3222+ - Enable pie by default, on ubuntu/s390x.
3223+ * Drop vGICv3 support patches - all is now upstream
3224+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
3225+
3226+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
3227+
3228 qemu (1:2.5+dfsg-1) unstable; urgency=medium
3229
3230 * new upstream release
3231@@ -1827,6 +4832,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
3232
3233 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
3234
3235+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
3236+
3237+ * Enable pie by default, on ubuntu/s390x.
3238+
3239+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
3240+
3241+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
3242+
3243+ * undo the libseccomp delta from debian. libseccomp is indeed available
3244+ on other arches, but we need qemu's configure script to be fixed before
3245+ we can use it on anything other than amd64|i386. Fixes FTBFS.
3246+ (LP: #1522531)
3247+
3248+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
3249+
3250+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
3251+
3252+ * Merge with Debian; remaining changes:
3253+ - Update the ubuntu machine types patch to reflect upstream churn
3254+ - debian/rules: do not drop the init scripts loading kvm modules
3255+ (still needed in precise in cloud archive)
3256+ - qemu-system-common.postinst:
3257+ * remove acl placed by udev, and add udevadm trigger.
3258+ * reload kvm_intel if needed to set nested=1
3259+ - qemu-system-common.preinst: add kvm group if needed
3260+ - add qemu-kvm upstart job and defaults file (rules,
3261+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3262+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3263+ do not auto-load the kvm kernel module. Enable nesting by default
3264+ on intel.
3265+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3266+ in qemu64 cpu type.
3267+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3268+ machine type to ease future live vm migration.
3269+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3270+ d/qemu-system-common.install
3271+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3272+ to fix errors with missing block backends. (LP: #1495895)
3273+ - control-in: build with libseccomp an all architectures
3274+ - Add vGICv3 support
3275+
3276+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
3277+
3278 qemu (1:2.4+dfsg-5) unstable; urgency=medium
3279
3280 * trace-remove-malloc-tracing.patch from upstream.
3281@@ -1839,6 +4887,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
3282
3283 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
3284
3285+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
3286+
3287+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
3288+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
3289+ hw/net/pcnet.c.
3290+ - CVE-2015-7504
3291+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
3292+ - debian/patches/CVE-2015-7512.patch: check packet length in
3293+ hw/net/pcnet.c.
3294+ - CVE-2015-7512
3295+ * SECURITY UPDATE: infinite loop in eepro100
3296+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
3297+ hw/net/eepro100.c.
3298+ - CVE-2015-8345
3299+
3300+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
3301+
3302+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
3303+
3304+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
3305+
3306+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
3307+
3308+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
3309+
3310+ * Merge 2.4 from unstable. Remaining changes:
3311+ - Update the ubuntu machine types patch to reflect upstream churn
3312+ - debian/rules: do not drop the init scripts loading kvm modules
3313+ (still needed in precise in cloud archive)
3314+ - qemu-system-common.postinst:
3315+ * remove acl placed by udev, and add udevadm trigger.
3316+ * reload kvm_intel if needed to set nested=1
3317+ - qemu-system-common.preinst: add kvm group if needed
3318+ - add qemu-kvm upstart job and defaults file (rules,
3319+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3320+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3321+ do not auto-load the kvm kernel module. Enable nesting by default
3322+ on intel.
3323+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3324+ in qemu64 cpu type.
3325+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3326+ machine type to ease future live vm migration.
3327+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3328+ d/qemu-system-common.install
3329+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3330+ to fix errors with missing block backends. (LP: #1495895)
3331+ - control-in: build with libseccomp an all architectures.
3332+ * Add vGICv3 support
3333+
3334+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
3335+
3336 qemu (1:2.4+dfsg-4) unstable; urgency=medium
3337
3338 * applied 3 patches from upstream to fix virtio-net
3339@@ -1853,7 +4952,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
3340 fix for Heap overflow vulnerability in ne2000_receive() function
3341 (Closes: #799074 CVE-2015-5279)
3342 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
3343- (Closes: #799073 CVE-2015-5278)
3344+ (Closes: #799073 CVE-2015-5278)
3345 * some binfmt reorg:
3346 - extend aarch64 to include one more byte as other arches do
3347 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
3348@@ -1905,6 +5004,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
3349
3350 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
3351
3352+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
3353+
3354+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
3355+
3356+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
3357+
3358+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
3359+
3360+ * debian/patches/upstream-fix-irq-route-entries.patch
3361+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
3362+ (LP: #1465935)
3363+
3364+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
3365+
3366+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
3367+
3368+ * Build using libseccomp on all architectures.
3369+
3370+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
3371+
3372+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
3373+
3374+ * SECURITY UPDATE: denial of service via NE2000 driver
3375+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
3376+ hw/net/ne2000.c.
3377+ - CVE-2015-5278
3378+ * SECURITY UPDATE: denial of service and possible code execution via
3379+ heap overflow in NE2000 driver
3380+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
3381+ hw/net/ne2000.c.
3382+ - CVE-2015-5279
3383+ * SECURITY UPDATE: denial of service via e1000 infinite loop
3384+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
3385+ - CVE-2015-6815
3386+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
3387+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
3388+ hw/ide/core.c.
3389+ - CVE-2015-6855
3390+
3391+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
3392+
3393+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
3394+
3395+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
3396+ to fix errors with missing block backends. (LP: #1495895)
3397+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
3398+ * Apply fix for memory corruption during live-migration in tcg mode
3399+ (LP: #1493049)
3400+ * Apply tracing patch to remove use of custom vtable in newer glibc
3401+ (LP: #1491972)
3402+
3403+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
3404+
3405+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
3406+
3407+ * Import qcow2-handle-eagain-from-update_refcount from upstream
3408+ to fix errors when using qemu-img convert -c. (LP: #1491050)
3409+
3410+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
3411+
3412+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
3413+
3414+ * SECURITY UPDATE: process heap memory disclosure
3415+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
3416+ - CVE-2015-5165
3417+ * SECURITY UPDATE: privilege escalation via block device unplugging
3418+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
3419+ in hw/ide/piix.c.
3420+ - CVE-2015-5166
3421+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
3422+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
3423+ limits in ui/vnc.c.
3424+ - CVE-2015-5225
3425+ * SECURITY UPDATE: denial of service via virtio-serial
3426+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
3427+ for control messages in hw/char/virtio-serial-bus.c.
3428+ - CVE-2015-5745
3429+
3430+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
3431+
3432+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
3433+
3434+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
3435+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
3436+ - CVE-2015-3214
3437+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
3438+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
3439+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
3440+ - CVE-2015-5154
3441+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
3442+ - debian/patches/CVE-2015-5158.patch: check length in
3443+ hw/scsi/scsi-bus.c.
3444+ - CVE-2015-5158
3445+
3446+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
3447+
3448+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
3449+
3450+ * SECURITY UPDATE: heap overflow in PCNET controller
3451+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
3452+ - CVE-2015-3209
3453+
3454+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
3455+
3456+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
3457+
3458+ * Merge 1:2.3+dfsg-5 from Debian.
3459+ * Remaining changes:
3460+ - debian/rules: do not drop the init scripts loading kvm modules
3461+ (still needed in precise in cloud archive)
3462+ - qemu-system-common.postinst:
3463+ * remove acl placed by udev, and add udevadm trigger.
3464+ * reload kvm_intel if needed to set nested=1
3465+ - qemu-system-common.preinst: add kvm group if needed
3466+ - add qemu-kvm upstart job and defaults file (rules,
3467+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3468+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3469+ do not auto-load the kvm kernel module. Enable nesting by default
3470+ on intel.
3471+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3472+ in qemu64 cpu type.
3473+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3474+ machine type to ease future live vm migration.
3475+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3476+ d/qemu-system-common.install
3477+ * Refreshed patches:
3478+ - ubuntu/expose-vmx_qemu64cpu.patch
3479+ - ubuntu/define-ubuntu-machine-types.patch
3480+
3481+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
3482+
3483 qemu (1:2.3+dfsg-5) unstable; urgency=high
3484
3485 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
3486@@ -1916,6 +5146,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
3487
3488 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
3489
3490+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
3491+
3492+ * Merge 1:2.3+dfsg-4 from Debian.
3493+ * Remaining changes:
3494+ - debian/rules: do not drop the init scripts loading kvm modules
3495+ (still needed in precise in cloud archive)
3496+ - qemu-system-common.postinst:
3497+ * remove acl placed by udev, and add udevadm trigger.
3498+ * reload kvm_intel if needed to set nested=1
3499+ - qemu-system-common.preinst: add kvm group if needed
3500+ - add qemu-kvm upstart job and defaults file (rules,
3501+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3502+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3503+ do not auto-load the kvm kernel module. Enable nesting by default
3504+ on intel.
3505+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3506+ in qemu64 cpu type.
3507+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3508+ machine type to ease future live vm migration.
3509+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3510+ d/qemu-system-common.install
3511+ * Dropped all patches which are applied upstream
3512+ * Move the upstart jobs to a generic script
3513+ - add new qemu-kvm-init script
3514+ - call that from upstart and sysvrc qemu-kvm scripts
3515+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
3516+
3517+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
3518+
3519 qemu (1:2.3+dfsg-4) unstable; urgency=medium
3520
3521 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
3522@@ -1977,6 +5236,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
3523
3524 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
3525
3526+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
3527+
3528+ * SECURITY UPDATE: denial of service in vnc web
3529+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
3530+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
3531+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
3532+ websockets clients in ui/vnc-ws.c.
3533+ - CVE-2015-1779
3534+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
3535+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
3536+ bounds of the allocated buffer in hw/block/fdc.c.
3537+ - CVE-2015-3456
3538+
3539+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
3540+
3541+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
3542+
3543+ * CVE-2015-2756 / XSA-126
3544+ - xen: limit guest control of PCI command register
3545+
3546+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
3547+
3548+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
3549+
3550+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
3551+ accidentally create /1
3552+
3553+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
3554+
3555+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
3556+
3557+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
3558+
3559+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
3560+
3561+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
3562+
3563+ * No-change rebuild to pull in libxl-4.5.
3564+
3565+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
3566+
3567+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
3568+
3569+ * debian/control-in: enable numa on architectures where numa is built
3570+ (LP: #1417937)
3571+
3572+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
3573+
3574+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
3575+
3576+ [Scott Moser]
3577+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
3578+ profile when started by libvirt.
3579+
3580+ [Serge Hallyn]
3581+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
3582+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
3583+ (LP: #1419855)
3584+
3585+ [Chris J Arges]
3586+ * Determine if we are running inside a virtual environment. If running inside
3587+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
3588+
3589+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
3590+
3591+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
3592+
3593+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
3594+ - debian/rules: do not drop the init scripts loading kvm modules
3595+ (still needed in precise in cloud archive)
3596+ * Remaining changes:
3597+ - qemu-system-common.postinst:
3598+ * remove acl placed by udev, and add udevadm trigger.
3599+ * reload kvm_intel if needed to set nested=1
3600+ - qemu-system-common.preinst: add kvm group if needed
3601+ - add qemu-kvm upstart job and defaults file (rules,
3602+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3603+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3604+ do not auto-load the kvm kernel module. Enable nesting by default
3605+ on intel.
3606+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3607+ in qemu64 cpu type.
3608+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3609+ machine type to ease future live vm migration.
3610+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3611+ d/qemu-system-common.install
3612+ * Dropped all patches which are applied upstream
3613+ * Update ubuntu-vivid machine type to default to std graphics (following
3614+ upstream's lead for pc-i440fx-2.2 machine type)
3615+
3616+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
3617+
3618 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
3619
3620 * fix initscript removal once again
3621@@ -2026,6 +5377,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
3622
3623 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
3624
3625+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
3626+
3627+ * Cherrypick upstream patch needed to allow ESx hosts to run under
3628+ kvm (LP: #1411575)
3629+
3630+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
3631+
3632+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
3633+
3634+ * Merge 2.1+dfsg-11. Remaining changes:
3635+ - qemu-system-common.postinst:
3636+ * remove acl placed by udev, and add udevadm trigger.
3637+ * reload kvm_intel if needed to set nested=1
3638+ - qemu-system-common.preinst: add kvm group if needed
3639+ - add qemu-kvm upstart job and defaults file (rules,
3640+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3641+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3642+ do not auto-load the kvm kernel module. Enable nesting by default
3643+ on intel.
3644+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3645+ removed the alternatives bit later.
3646+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3647+ in qemu64 cpu type.
3648+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3649+ machine type to ease future live vm migration.
3650+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3651+ d/qemu-system-common.install
3652+ - debian/binfmt-update-in: support ppcle
3653+ * debian/binfmt-update-in
3654+ * Support-ppcle.patch
3655+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
3656+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3657+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3658+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3659+ * Dropped patches (upstream or now in debian's tree):
3660+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
3661+ - CVE-2014-7840.patch
3662+ - CVE-2014-8106.patch
3663+
3664+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
3665+
3666 qemu (1:2.1+dfsg-11) unstable; urgency=medium
3667
3668 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
3669@@ -2095,6 +5487,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
3670
3671 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
3672
3673+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
3674+
3675+ * SECURITY UPDATE: code execution via savevm data
3676+ - debian/patches/CVE-2014-7840.patch: validate parameters in
3677+ arch_init.c.
3678+ - CVE-2014-7840
3679+ * SECURITY UPDATE: code execution via cirrus vga blit regions
3680+ (LP: #1400775)
3681+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
3682+ hw/display/cirrus_vga.c.
3683+ - CVE-2014-8106
3684+
3685+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
3686+
3687+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
3688+
3689+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
3690+ dropped and VENDOR now will be all capital UBUNTU).
3691+
3692+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
3693+
3694+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
3695+
3696+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3697+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3698+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3699+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
3700+ SPSel=0 in certain conditions. (LP: #1349277)
3701+
3702+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
3703+
3704+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
3705+
3706+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
3707+ Cherry-pick of qemu-upstream patch to fix issues with persistent
3708+ grants and the PV backend (Qdisk) (LP: #1394327).
3709+
3710+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
3711+
3712+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
3713+
3714+ * Merge 2.1+dfsg-7. Remaining changes:
3715+ - qemu-system-common.postinst:
3716+ * remove acl placed by udev, and add udevadm trigger.
3717+ * reload kvm_intel if needed to set nested=1
3718+ - qemu-system-common.preinst: add kvm group if needed
3719+ - add qemu-kvm upstart job and defaults file (rules,
3720+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3721+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3722+ do not auto-load the kvm kernel module. Enable nesting by default
3723+ on intel.
3724+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3725+ removed the alternatives bit later.
3726+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3727+ in qemu64 cpu type.
3728+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3729+ machine type to ease future live vm migration.
3730+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3731+ d/qemu-system-common.install
3732+ - debian/binfmt-update-in: support ppcle
3733+ * debian/binfmt-update-in
3734+ * Support-ppcle.patch
3735+ * Dropped patches (upstream or now in debian's tree):
3736+ - pc-reserve-more-memory-for-acpi.patch
3737+ - CVE-2014-5388.patch
3738+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
3739+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
3740+ in debian)
3741+ - CVE-2014-3615.patch
3742+ - CVE-2014-3640.patch
3743+ - CVE-2014-3689.patch
3744+ - CVE-2014-7815.patch
3745+
3746+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
3747+
3748 qemu (2.1+dfsg-7) unstable; urgency=high
3749
3750 * urgency is high due to 2 security fixes
3751@@ -2146,6 +5613,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
3752
3753 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
3754
3755+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
3756+
3757+ * SECURITY UPDATE: information disclosure via vga driver
3758+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
3759+ sanity check register writes, and don't use fixed buffer sizes in
3760+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
3761+ ui/spice-display.c.
3762+ - CVE-2014-3615
3763+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
3764+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
3765+ stub in slirp/udp.c.
3766+ - CVE-2014-3640
3767+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
3768+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
3769+ hw/display/vmware_vga.c.
3770+ - CVE-2014-3689
3771+ * SECURITY UPDATE: denial of service via VNC console
3772+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
3773+ ui/vnc.c.
3774+ - CVE-2014-7815
3775+
3776+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
3777+
3778+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
3779+
3780+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
3781+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
3782+
3783+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
3784+
3785+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
3786+
3787+ * Apply two patches to fix intermittent qemu-img corruption
3788+ (LP: #1368815)
3789+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
3790+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
3791+
3792+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
3793+
3794+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
3795+
3796+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
3797+ debian does.
3798+
3799+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
3800+
3801+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
3802+
3803+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
3804+ versa.
3805+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
3806+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
3807+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
3808+ machine type for that.
3809+
3810+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
3811+
3812+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
3813+
3814+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
3815+ container. (LP: #1370199)
3816+ * load kvm module on ppc64le at boot (LP: #1369785)
3817+ - debian/rules: install qemu-kvm on ppc64el
3818+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
3819+ kvm-hv module if available
3820+ * qemu-system-x86.maintscript: remove accidentally installed
3821+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
3822+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
3823+ ubuntu.
3824+
3825+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
3826+
3827+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
3828+
3829+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
3830+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
3831+
3832+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
3833+
3834+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
3835+
3836+ * move kvm_intel nested setting to qemu-system-x86.postinst.
3837+
3838+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
3839+
3840+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
3841+
3842+ * Merge new debian release
3843+ * Remaining changes:
3844+ - qemu-system-common.postinst:
3845+ * remove acl placed by udev, and add udevadm trigger.
3846+ * reload kvm_intel if needed to set nested=1
3847+ - qemu-system-common.preinst: add kvm group if needed
3848+ - add qemu-kvm upstart job and defaults file (rules,
3849+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3850+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3851+ do not auto-load the kvm kernel module. Enable nesting by default
3852+ on intel.
3853+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3854+ removed the alternatives bit later.
3855+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3856+ in qemu64 cpu type.
3857+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3858+ machine type to ease future live vm migration.
3859+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3860+ d/qemu-system-common.install
3861+ - debian/binfmt-update-in: support ppcle
3862+ * debian/binfmt-update-in
3863+ * Support-ppcle.patch
3864+ - d/p/CVE-2014-5388.patch
3865+
3866+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
3867+
3868 qemu (2.1+dfsg-4) unstable; urgency=medium
3869
3870 * mention libnuma-dev but not enable for now
3871@@ -2163,6 +5743,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
3872
3873 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
3874
3875+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
3876+
3877+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
3878+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
3879+ - CVE-2014-5388
3880+
3881+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
3882+
3883+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
3884+
3885+ * replace d/p/revert-acpi-table-size-bump with
3886+ pc-reserve-more-memory-for-acpi.patch from upstream
3887+ * debian/binfmt-update-in
3888+ - don't run in a container
3889+ - add ppc64le as target (LP: #1358268)
3890+ * Add experimental ppcle support (LP: #1358268)
3891+
3892+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
3893+
3894+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
3895+
3896+ * revert-acpi-table-size-bump - get qemu -kernel working again.
3897+
3898+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
3899+
3900+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
3901+
3902+ * Merge new debian release
3903+ * Remaining changes:
3904+ - control-in: stick to libsdl1.2-dev.
3905+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3906+ qemu-bridge-helper
3907+ - qemu-system-common.postinst: remove acl placed by udev,
3908+ and add udevadm trigger.
3909+ - qemu-system-common.preinst: add kvm group if needed
3910+ - add qemu-kvm upstart job and defaults file (rules,
3911+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3912+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3913+ do not auto-load the kvm kernel module. Enable nesting by default
3914+ on intel.
3915+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3916+ removed the alternatives bit later.
3917+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3918+ in qemu64 cpu type.
3919+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3920+ machine type to ease future live vm migration.
3921+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3922+ d/qemu-system-common.install
3923+ * Upstart job: use getent group to check for kvm group
3924+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
3925+
3926+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
3927+
3928 qemu (2.1+dfsg-3) unstable; urgency=medium
3929
3930 * set SHELL = /bin/sh -e, so that more complex shell constructs
3931@@ -2189,6 +5822,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
3932
3933 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
3934
3935+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
3936+
3937+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
3938+
3939+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
3940+
3941+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
3942+
3943+ * Merge new debian release
3944+ * Remaining changes:
3945+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3946+ have in ipxe-qemu package.
3947+ - control-in: stick to libsdl1.2-dev.
3948+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
3949+ qemu-bridge-helper
3950+ - qemu-system-common.postinst: remove acl placed by udev,
3951+ and add udevadm trigger.
3952+ - qemu-system-common.preinst: add kvm group if needed
3953+ - add qemu-kvm upstart job and defaults file (rules,
3954+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3955+ - debian/rules: add qemu-kvm-spice
3956+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3957+ do not auto-load the kvm kernel module. Enable nesting by default
3958+ on intel.
3959+ - binfmt-update-in: make sure to filter out compat arches.
3960+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3961+ removed the alternatives bit later.
3962+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3963+ in qemu64 cpu type.
3964+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3965+ machine type to ease future live vm migration.
3966+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3967+ d/qemu-system-common.install
3968+
3969+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
3970+
3971 qemu (2.1+dfsg-2) unstable; urgency=medium
3972
3973 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
3974@@ -2223,7 +5892,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
3975
3976 qemu (2.0.0+dfsg-7) unstable; urgency=medium
3977
3978- * clarify description of qemu-user-binfmt a bit
3979+ * clarify description of qemu-user-binfmt a bit
3980 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
3981 * remove qemu-keymaps package, since it is not used by other tools
3982 anymore, and ship keymaps in qemu-system-common.
3983@@ -2240,6 +5909,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
3984
3985 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
3986
3987+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
3988+
3989+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
3990+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
3991+
3992+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
3993+
3994+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
3995+
3996+ * Merge 2.0.0+dfsg-6. Remaining changes:
3997+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
3998+ have in ipxe-qemu package.
3999+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
4000+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4001+ qemu-bridge-helper
4002+ - qemu-system-common.postinst: remove acl placed by udev,
4003+ and add udevadm trigger.
4004+ - qemu-system-common.preinst: add kvm group if needed
4005+ - add qemu-kvm upstart job and defaults file (rules,
4006+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4007+ - debian/rules: add qemu-kvm-spice
4008+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4009+ do not auto-load the kvm kernel module. Enable nesting by default
4010+ on intel.
4011+ - binfmt-update-in: make sure to filter out compat arches.
4012+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4013+ removed the alternatives bit later.
4014+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4015+ in qemu64 cpu type.
4016+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4017+ machine type to ease future live vm migration.
4018+ - re-introduce apport hook for qemu source package:
4019+ d/source_qemu-kvm.py, d/qemu-system-common.install
4020+ * enable-build-dep on libjpeg8-dev - which is now in main
4021+
4022+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
4023+
4024 qemu (2.0.0+dfsg-6) unstable; urgency=medium
4025
4026 * build-depend on libgnutls28-dev not libgnutls-dev
4027@@ -2283,6 +5989,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
4028
4029 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
4030
4031+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
4032+
4033+ * remove alternatives for qemu: different architectures
4034+ aren't really alternatives and never had been (LP: #1316829)
4035+
4036+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
4037+
4038+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
4039+
4040+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
4041+ * debian/control: drop the versioning requirement from libfdt-dev
4042+ build-dependency, as it is longer needed (LP: #1295072)
4043+
4044+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
4045+
4046+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
4047+
4048+ * Merge 2.0.0+dfsg-2
4049+ * Incorporates a fix for spice users (LP: #1309452)
4050+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
4051+ the regression requiring it was reverted for 2.0 upstream.
4052+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
4053+ * debian/qemu-debootstrap: add arm64
4054+ * Remaining changes from debian:
4055+ - keep qemu 'alternative' (not something to change in SRU)
4056+ - debian/control and debian/control-in:
4057+ * versioned libfdt-dev check, until libfdt is fixed in precise
4058+ * enable rbd
4059+ * remove ovmf Recommends, as it is in multiverse
4060+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
4061+ * add a qemu-system-aarch64 metapackage for transitions from trusty
4062+ development version. This can be removed after trusty.
4063+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4064+ qemu-bridge-helper
4065+ - qemu-system-common.postinst: fix /dev/kvm acls
4066+ - qemu-system-common.preinst: add kvm group if needed
4067+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4068+ have in ipxe-qemu package.
4069+ - qemu-system-x86.modprobe: set module options for older releases
4070+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
4071+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
4072+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
4073+ - debian/rules
4074+ * add legacy kvm-spice link
4075+ * fix ppc and arm slections
4076+ * add aarch64 to user_targets
4077+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
4078+ pc-i440fx-trusty machine type as the default.
4079+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
4080+ default in qemu64 cpu time.
4081+
4082+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
4083+
4084 qemu (2.0.0+dfsg-2) unstable; urgency=medium
4085
4086 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
4087@@ -2308,7 +6067,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
4088 * kmod dependency is linux-any
4089 * doc-grammify-allows-to.patch: fix some lintian warnings
4090 * remove alternatives for qemu: different architectures
4091- aren't really alternatives and never had been
4092+ aren't really alternatives and never had been
4093 * update Standards-Version to 3.9.5 (no changes needed)
4094 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
4095 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
4096@@ -2342,6 +6101,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
4097
4098 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
4099
4100+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
4101+
4102+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
4103+ don't abort() just because the kernel has no dirty bitmap.
4104+ (LP: #1303926)
4105+
4106+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
4107+
4108+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
4109+
4110+ * define-trusty-machine-type.patch: update the trusty machine type name to
4111+ pc-i440fx-trusty (LP: #1304107)
4112+
4113+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
4114+
4115+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
4116+
4117+ * Merge 2.0.0-rc1
4118+ * debian/rules: consolidate ppc filter entries.
4119+ * Move qemu-system-arch64 into qemu-system-arm
4120+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
4121+ type, currently the same as pc-i440fx-2.0, to put is in a better position
4122+ to enable live migrations from trusty onward. (LP: #1294823)
4123+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
4124+ * Merge latest upstream git to commit dc9528f
4125+ * Debian/rules:
4126+ - remove -enable-uname-release=2.6.32
4127+ - don't make the aarch64 target Ubuntu-specific.
4128+ * Remove patches which are now upstream:
4129+ - fix-smb-security-share.patch
4130+ - slirp-smb-redirect-port-445-too.patch
4131+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
4132+ - signal-added-a-wrapper-for-sigprocmask-function.patch
4133+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4134+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4135+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
4136+ * add link for /usr/share/qemu/bios-256k.bin
4137+ * Remove all linaro patches.
4138+ * Remove all arm64/ patches. Many but not all are upstream.
4139+ * Remove CVE-2013-4377.patch which is upstream.
4140+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
4141+
4142+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
4143+
4144 qemu (1.7.0+dfsg-9) unstable; urgency=medium
4145
4146 * remove rbd/rados/ceph support *again*, till they'll actually provide
4147@@ -2406,6 +6209,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
4148
4149 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
4150
4151+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
4152+
4153+ * No-change rebuild to build with libxen-4.4.
4154+
4155+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
4156+
4157+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
4158+
4159+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
4160+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
4161+
4162+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
4163+
4164+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
4165+
4166+ [ dann frazier ]
4167+ * Add patches from the susematz tree to avoid intermittent segfaults:
4168+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
4169+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4170+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4171+
4172+ [ Serge Hallyn ]
4173+ * Modify do_sigprocmask to only change behavior for aarch64.
4174+ (LP: #1285363)
4175+
4176+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
4177+
4178+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
4179+
4180+ [ Steve Langasek ]
4181+ * Merge debian/control with unreleased Debian branch: our architecture
4182+ lists should now be in sync.
4183+
4184+ [ Dann Frazier ]
4185+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
4186+ on arm64 and maybe others. (LP: #1284344)
4187+
4188+ [ Serge Hallyn ]
4189+ * Move the OVMF.fd link to the ovmf package.
4190+
4191+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
4192+
4193+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
4194+
4195+ * Add ppc64el to the architecture list (supposedly added in the previous
4196+ upload, but really wasn't).
4197+
4198+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
4199+
4200+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
4201+
4202+ * Backport changes to enable qemu-user-static support for aarch64
4203+ * debian/control: add ppc64el to Architectures
4204+ * debian/rules: only install qemu-system-aarch64 on arm64.
4205+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
4206+ debian/qemu-system-aarch64 directory
4207+
4208+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
4209+
4210+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
4211+
4212+ * Fix broken filter_binfmts
4213+ * Remove use of dpkg-version in postinsts, as we're not Depending on
4214+ dpkg-dev.
4215+
4216+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
4217+
4218+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
4219+
4220+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
4221+ - debian/patches/ubuntu:
4222+ * expose-vmx_qemu64cpu.patch
4223+ * linaro (omap3) and arm64 patches
4224+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
4225+ on ppc
4226+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
4227+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
4228+ - debian/control:
4229+ * add arm64 to Architectures
4230+ * add qemu-common and qemu-system-aarch64 packages
4231+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
4232+ - debian/qemu-system-common.preinst: add kvm group
4233+ - debian/qemu-system-common.postinst: remove acl placed by udev,
4234+ and add udevadm trigger.
4235+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
4236+ pxe-e1000 and pxe-rtl8139.
4237+ - add qemu-system-x86.qemu-kvm.upstart and .default
4238+ - qemu-user-static.postinst-in: remove arm64 binfmt
4239+ - debian/rules:
4240+ * allow parallel build
4241+ * add aarch64 to system_targets and sys_systems
4242+ * add qemu-kvm-spice links
4243+ * install qemu-system-x86.modprobe
4244+ - add debian/qemu-system-common.links for OVMF.fd link
4245+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
4246+
4247+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
4248+
4249 qemu (1.7.0+dfsg-3) unstable; urgency=low
4250
4251 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
4252@@ -2431,6 +6332,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
4253
4254 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
4255
4256+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
4257+
4258+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
4259+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
4260+
4261+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
4262+
4263+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
4264+
4265+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
4266+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
4267+ virtio device unplugging.
4268+ - CVE-2013-4377
4269+
4270+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
4271+
4272+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
4273+
4274+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
4275+ powerpc.
4276+
4277+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
4278+
4279+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
4280+
4281+ [ Serge Hallyn ]
4282+ * add arm64 patchset from upstream. The three arm virt patches previously
4283+ pushed are in that set, so drop them.
4284+
4285+ [ dann frazier ]
4286+ * Add packaging for qemu-system-aarch64. This package is currently only
4287+ available for arm64, as full software emulation is not yet supported.
4288+
4289+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
4290+
4291+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
4292+
4293+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
4294+ supported any longer.
4295+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
4296+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
4297+ churn caused by linaro patchset.
4298+ * debian/rules: enable parallel builds.
4299+
4300+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
4301+
4302+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
4303+
4304+ * d/control: enable usbredir (LP: 1126390)
4305+
4306+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
4307+
4308+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
4309+
4310+ * add missing arm virt patches from the mach-virt-v7 branch of
4311+ git://git.linaro.org/people/cdall/qemu-arm.git
4312+
4313+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
4314+
4315+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
4316+
4317+ * debian/control: add arm64 to list of architectures.
4318+
4319+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
4320+
4321+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
4322+
4323+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
4324+ - debian/control
4325+ * update maintainer
4326+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4327+ from build-deps
4328+ * enable rbd
4329+ * add qemu-system and qemu-common B/R to qemu-keymaps
4330+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4331+ qemu-system-common
4332+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4333+ - add qemu-common, qemu-kvm, kvm to B/R
4334+ - remove openbios-sparc from qemu-system-sparc D
4335+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4336+ * qemu-system-x86:
4337+ - add qemu-common to Breaks/Replaces.
4338+ - add cpu-checker to Recommends.
4339+ * qemu-user: add B/R:qemu-kvm
4340+ * qemu-kvm:
4341+ - add armhf armel powerpc sparc to Architecture
4342+ - C/R/P: qemu-kvm-spice
4343+ * add qemu-common package
4344+ * drop qemu-slof which is not packaged in ubuntu
4345+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4346+ - qemu-system-x86.links:
4347+ * remove pxe rom links which are in kvm-ipxe
4348+ - debian/rules
4349+ * add kvm-spice symlink to qemu-kvm
4350+ * call dh_installmodules for qemu-system-x86
4351+ * update dh_installinit to install upstart script
4352+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4353+ - Add qemu-utils.links for kvm-* symlinks.
4354+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4355+ - Add qemu-system-x86.modprobe to set nesting=1
4356+ - Add qemu-system-common.preinst to add kvm group
4357+ - qemu-system-common.postinst: remove bad group acl if there, then have
4358+ udev relabel /dev/kvm.
4359+ - New linaro patches from qemu-linaro rebasing branch
4360+ - Dropped patches:
4361+ * linaro patchset
4362+ * mach-virt patchset
4363+ - Kept patches:
4364+ * expose_vms_qemu64cpu.patch
4365+ * fix-pci-add
4366+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4367+ qemu-bridge-helper
4368+
4369+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 07 Dec 2013 06:08:11 +0000
4370+
4371 qemu (1.7.0+dfsg-2) unstable; urgency=low
4372
4373 * switch from vgabios to seavgabios
4374@@ -2460,6 +6476,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
4375
4376 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Nov 2013 03:14:21 +0400
4377
4378+qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
4379+
4380+ * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
4381+ to prevent lts-to-lts updates from breaking. (LP: #1243403)
4382+
4383+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:31:05 -0500
4384+
4385+qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
4386+
4387+ * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
4388+ - debian/control
4389+ * update maintainer
4390+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4391+ from build-deps
4392+ * enable rbd
4393+ * add qemu-system and qemu-common B/R to qemu-keymaps
4394+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4395+ qemu-system-common
4396+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4397+ - add qemu-kvm to Provides
4398+ - add qemu-common, qemu-kvm, kvm to B/R
4399+ - remove openbios-sparc from qemu-system-sparc D
4400+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4401+ * qemu-system-x86:
4402+ - add qemu-common to Breaks/Replaces.
4403+ - add cpu-checker to Recommends.
4404+ * qemu-user: add B/R:qemu-kvm
4405+ * qemu-kvm:
4406+ - add armhf armel powerpc sparc to Architecture
4407+ - C/R/P: qemu-kvm-spice
4408+ * add qemu-common package
4409+ * drop qemu-slof which is not packaged in ubuntu
4410+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4411+ - qemu-system-x86.links:
4412+ * remove pxe rom links which are in kvm-ipxe
4413+ * add symlink for kvm.1 manpage
4414+ - debian/rules
4415+ * add kvm-spice symlink to qemu-kvm
4416+ * call dh_installmodules for qemu-system-x86
4417+ * update dh_installinit to install upstart script
4418+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4419+ - Add qemu-utils.links for kvm-* symlinks.
4420+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4421+ - Add qemu-system-x86.modprobe to set nesting=1
4422+ - Add qemu-system-common.preinst to add kvm group
4423+ - qemu-system-common.postinst: remove bad group acl if there, then have
4424+ udev relabel /dev/kvm.
4425+ - New linaro patches from qemu-linaro rebasing branch
4426+ - Dropped patches:
4427+ * xen-simplify-xen_enabled.patch
4428+ * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
4429+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4430+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4431+ * virtio-rng-fix-crash
4432+ - Kept patches:
4433+ * expose_vms_qemu64cpu.patch - updated
4434+ * linaro arm patches from qemu-linaro rebasing branch
4435+ - New patches:
4436+ * fix-pci-add: change CONFIG variable in ifdef to make sure that
4437+ pci_add is defined.
4438+ * Add linaro patches
4439+ * Add experimental mach-virt patches for arm virtualization.
4440+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4441+ qemu-bridge-helper
4442+
4443+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 22 Oct 2013 22:47:07 -0500
4444+
4445 qemu (1.6.0+dfsg-2) unstable; urgency=low
4446
4447 * Build-depend in seccomp again once it is in -testing
4448@@ -2530,6 +6613,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium
4449
4450 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 06 Jun 2013 01:50:32 +0400
4451
4452+qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
4453+
4454+ * No change rebuild for new seccomp.
4455+
4456+ -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 18:34:50 -0400
4457+
4458+qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
4459+
4460+ * Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
4461+ - virtio-rng-fix-crash
4462+
4463+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Oct 2013 17:46:49 -0500
4464+
4465+qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low
4466+
4467+ * Re-introduce snippet in upstart job to load kvm modules if needed.
4468+ (LP: #1218459)
4469+
4470+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Sep 2013 22:43:52 +0000
4471+
4472+qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low
4473+
4474+ * Cherry-picking three Xen related patches targetted for qemu-stable:
4475+ * xen-simplify-xen_enabled.patch
4476+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4477+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4478+
4479+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 26 Jul 2013 15:01:44 +0200
4480+
4481+qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low
4482+
4483+ * Drop openbios-ppc and openhackware Depends to Suggests for now.
4484+
4485+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Jun 2013 03:23:56 -0600
4486+
4487+qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low
4488+
4489+ * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes:
4490+ - debian/control
4491+ * update maintainer
4492+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4493+ from build-deps
4494+ * enable rbd
4495+ * add qemu-system and qemu-common B/R to qemu-keymaps
4496+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4497+ qemu-system-common
4498+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4499+ - add qemu-kvm to Provides
4500+ - add qemu-common, qemu-kvm, kvm to B/R
4501+ - remove openbios-sparc from qemu-system-sparc D
4502+ * qemu-system-x86:
4503+ - add qemu-common to Breaks/Replaces.
4504+ - add cpu-checker to Recommends.
4505+ * qemu-user: add B/R:qemu-kvm
4506+ * qemu-kvm:
4507+ - add armhf armel powerpc sparc to Architecture
4508+ - C/R/P: qemu-kvm-spice
4509+ * add qemu-common package
4510+ * drop qemu-slof which is not packaged in ubuntu
4511+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4512+ - qemu-system-x86.links:
4513+ * remove pxe rom links which are in kvm-ipxe
4514+ * add symlink for kvm.1 manpage
4515+ - debian/rules
4516+ * add kvm-spice symlink to qemu-kvm
4517+ * call dh_installmodules for qemu-system-x86
4518+ * update dh_installinit to install upstart script
4519+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4520+ - Add qemu-utils.links for kvm-* symlinks.
4521+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4522+ - Add qemu-system-x86.modprobe to set nesting=1
4523+ - Add qemu-system-common.preinst to add kvm group
4524+ - qemu-system-common.postinst: remove bad group acl if there, then have
4525+ udev relabel /dev/kvm.
4526+ - Dropped patches:
4527+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4528+ - Kept patches:
4529+ * expose_vms_qemu64cpu.patch - updated
4530+ * gridcentric patch - updated
4531+ * linaro arm patches from qemu-linaro rebasing branch
4532+
4533+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Jun 2013 22:56:43 +0200
4534+
4535 qemu (1.5.0+dfsg-3) unstable; urgency=low
4536
4537 * fix sections: misc => otherosfs
4538@@ -2549,6 +6715,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low
4539
4540 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Jun 2013 01:49:47 +0400
4541
4542+qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low
4543+
4544+ * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes:
4545+ - debian/control
4546+ * update maintainer
4547+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4548+ from build-deps
4549+ * enable rbd
4550+ * add qemu-system and qemu-common B/R to qemu-keymaps
4551+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4552+ qemu-system-common
4553+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4554+ - add qemu-kvm to Provides
4555+ - add qemu-common, qemu-kvm, kvm to B/R
4556+ - remove openbios-sparc from qemu-system-sparc D
4557+ * qemu-system-x86:
4558+ - add qemu-common to Breaks/Replaces.
4559+ - add cpu-checker to Recommends.
4560+ * qemu-user: add B/R:qemu-kvm
4561+ * qemu-kvm:
4562+ - add armhf armel powerpc sparc to Architecture
4563+ - C/R/P: qemu-kvm-spice
4564+ * add qemu-common package
4565+ * drop qemu-slof which is not packaged in ubuntu
4566+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4567+ - qemu-system-x86.links:
4568+ * remove pxe rom links which are in kvm-ipxe
4569+ * add symlink for kvm.1 manpage
4570+ - debian/rules
4571+ * add kvm-spice symlink to qemu-kvm
4572+ * call dh_installmodules for qemu-system-x86
4573+ * update dh_installinit to install upstart script
4574+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4575+ - Add qemu-utils.links for kvm-* symlinks.
4576+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4577+ - Add qemu-system-x86.modprobe to set nesting=1
4578+ - Add qemu-system-common.preinst to add kvm group
4579+ - qemu-system-common.postinst: remove bad group acl if there, then have
4580+ udev relabel /dev/kvm.
4581+ - Dropped patches:
4582+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4583+ - Kept patches:
4584+ * expose_vms_qemu64cpu.patch - updated
4585+ * gridcentric patch - updated
4586+ * linaro arm patches from qemu-linaro rebasing branch
4587+
4588+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 May 2013 08:18:30 -0500
4589+
4590 qemu (1.5.0+dfsg-2) unstable; urgency=low
4591
4592 * merged development history of wheezy and experimental branches.
4593@@ -2616,6 +6830,76 @@ qemu (1.4.0+dfsg-2exp) experimental; urgency=low
4594
4595 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 18 Apr 2013 14:45:30 +0400
4596
4597+qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low
4598+
4599+ * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177)
4600+ * qemu-system-x86.qemu-kvm.upstart:
4601+ - remove NESTED workarounds from upstart file.
4602+ - remove loading of modules which is now always done
4603+ - remove TAPR define which is no longer used
4604+ * move customizable defines back to qemu-kvm.default
4605+ * copy creation of group kvm to preinst - the group must exist when the
4606+ kvm udev rule is installed (LP: #1103022) (LP: #1092715)
4607+ * add adduser to qemu-system-common Pre-Depends for use by preinst.
4608+
4609+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Mar 2013 14:21:53 -0500
4610+
4611+qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low
4612+
4613+ * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on
4614+ i386/amd64 targets. (LP: #1126258)
4615+
4616+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 28 Feb 2013 15:17:16 -0600
4617+
4618+qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low
4619+
4620+ * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing
4621+ tree.
4622+ * add qemu-common to qemu-system-common B/R (was accidentally dropped from
4623+ 1.3.0 in 1.4.0 merge).
4624+ * debian/control: fix kvm P/C/B/R:
4625+ - make all C/B/R against kvm versioned
4626+ - don't have any qemu-system-* other than x86 Provides: kvm
4627+
4628+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Feb 2013 13:34:07 -0600
4629+
4630+qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low
4631+
4632+ * Merge 1.4.0+dfsg-1exp from debian. Remaining changes:
4633+ - debian/control:
4634+ * update maintainer
4635+ * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps
4636+ * enable rbd
4637+ * add qemu-system and qemu-common B/R to qemu-keymaps
4638+ * add D:udev and R:qemu to qemu-system-common
4639+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4640+ - add qemu-kvm and kvm to Provides
4641+ - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc,
4642+ qemu-system-sparc:
4643+ - remove openbios-$arch from Depends
4644+ * qemu-system-x86:
4645+ - add qemu-common to Breaks/Replaces.
4646+ - add cpu-checker to Recommends.
4647+ * qemu-user:
4648+ - add B/R qemu-kvm
4649+ * qemu-utils:
4650+ - add B/R qemu-user and qemu-kvm
4651+ * qemu-kvm: add armhf armel powerpc sparc to Architecture
4652+ * add qemu-common package
4653+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4654+ - qemu-system-x86.links:
4655+ * remove pxe rom links which are in kvm-ipxe
4656+ * add symlink for kvm.1 manpage
4657+ - Add qemu-utils.links for kvm-* symlinks.
4658+ - Add qemu-kvm.conf upstart job to qemu-system
4659+ - Clear /dev/kvm acls on install
4660+ - Add linaro arm patches.
4661+ - Add gridcentric patches.
4662+ - Re-add expose_vms_qemu64cpu.patch (from Daviey)
4663+ * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4664+
4665+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 11:58:27 -0600
4666+
4667 qemu (1.4.0+dfsg-1exp) experimental; urgency=low
4668
4669 [ Michael Tokarev ]
4670@@ -2671,6 +6955,116 @@ qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low
4671
4672 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 02 Feb 2013 21:05:28 +0400
4673
4674+qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low
4675+
4676+ * qemu-system-common.postinst: only run setfacl when /dev/kvm exists.
4677+ (LP: #1130591)
4678+
4679+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 08:58:53 -0600
4680+
4681+qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low
4682+
4683+ * Update workarounds for udev/inotify: (LP: #1092715)
4684+ - qemu-system-common.udev: go back to original, simple rule
4685+ - qemu-system-common.postinst: manually run setfacl
4686+ - (keep Depends: on acl as well)
4687+ - this can be removed once bug 1092715 is fixed.
4688+
4689+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 19 Feb 2013 12:41:22 -0600
4690+
4691+qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low
4692+
4693+ * Now that qemu provides spice support, and qemu-kvm-spice is removed from
4694+ the archive, have qemu-kvm (which qemu-kvm-spice always depended on)
4695+ P/C/R qemu-kvm-spice.
4696+
4697+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Feb 2013 13:43:27 -0600
4698+
4699+qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low
4700+
4701+ * Enable spice.
4702+ * Address lintian warning by adding ${misc:Depends} to qemu-common and
4703+ qemu-kvm.
4704+
4705+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 12 Feb 2013 16:07:04 -0600
4706+
4707+qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low
4708+
4709+ [ Serge Hallyn ]
4710+ * Merge 1.3.0+dfsg-5exp from Debian.
4711+ * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1:
4712+ - debian/control:
4713+ * update maintainer
4714+ * remove vde2 recommends
4715+ * build-deps: remove libusbredir, libvdeplug2-dev,
4716+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev
4717+ * qemu-system:
4718+ - break/replace qemu-common
4719+ - depend on udev
4720+ - remove openbios-ppc, openbios-sparc, and openhackware from
4721+ Depends. (Intend to add them back once we can build them.)
4722+ * qemu-utils: break/replace qemu-kvm
4723+ - qemu-kvm.upstart:
4724+ - add qemu-system.qemu-kvm.upstart
4725+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4726+ - take the defaults from the old qemu-kvm.defaults, and move them into
4727+ the upstart job
4728+ - debian/patches:
4729+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4730+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4731+ - add links for qemu-ifup/down in qemu-system-common.links
4732+ - debian/qemu-system-common.postinst
4733+ - udevadm trigger to fix up /dev/kvm perms
4734+ - debian/qemu-system.links:
4735+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4736+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4737+ back to qemu-system at some point.
4738+ * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1:
4739+ - qemu-system-common.links: add link for OVMF
4740+ - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages.
4741+ - qemu-system.links:
4742+ * Add link to usr/share/ovmf/OVMF.fd
4743+ * Fix target of /etc/kvm/kvm-if{up,down} links
4744+ - debian/control: qemu-system should Recommend cpu-checker
4745+ - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4746+ (i.e.) qemu-x86_64.
4747+ - add qemu-kvm, and qemu-common transitional packages.
4748+ - Add breaks/replaces to qemu-keymaps for qemu-system.
4749+ - Add provides: qemu-kvm and kvm to qemu-system-ppc.
4750+ - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common.
4751+ - Add breaks/replaces to qemu-kvm for qemu-common.
4752+ - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm.
4753+ - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional
4754+ package.
4755+ - Add qemu-common package.
4756+ - Make sure /dev/kvm gets its acls cleared:
4757+ * Add acl to qemu-system.depends
4758+ * update qemu-system.udev to run setfacl to set g::rw acl
4759+ - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4760+ * dropped debian/patches/CVE-2012-6075.patch (duplicate of
4761+ e1000-discard-oversize-packets-based-on-SBP_LPE.patch)
4762+ * debian/{control,configure-opts}: enable rbd (LP: #1118406)
4763+ * add symlink for kvm.1 -> qemu.1 manpage (LP: #1117636)
4764+ * add replaces to qemu-system-common for qemu - we briefly moved conflicting
4765+ docs to qemu, which debian moved to qemu-system-common. This can be
4766+ dropped after raring.
4767+ * move qemu-kvm.upstart from qemu-system to qemu-system-x86.
4768+ * Support upgrade from qemu-kvm on non-x86 arches:
4769+ - Add Provides: qemu-kvm, kvm to qemu-system-{arm,ppc,sparc,x86}
4770+ - Add Breaks/Replaces for qemu-{common,system,kvm} and kvm.
4771+ * Re-add expose_vms_qemu64cpu.patch (from Daviey) from quantal.
4772+
4773+ [ Steve Langasek ]
4774+ * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that
4775+ we have a sensible baseline kernel value regardless of what the
4776+ underlying host kernel is. This makes eglibc happier when running under
4777+ emulation on a very old kernel for instance (whose host syscall ABI has
4778+ nothing to do with what emulated syscalls are supported), and probably
4779+ also lets us steer clear for the moment of code that has problem with
4780+ the new kernel upstream versioning convention. LP: #921078.
4781+
4782+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Feb 2013 14:15:26 -0600
4783+
4784 qemu (1.3.0+dfsg-5exp) experimental; urgency=low
4785
4786 * qemu-system-split: split qemu-system into several target-specific packages:
4787@@ -2750,6 +7144,106 @@ qemu (1.3.0+dfsg-2exp) experimental; urgency=low
4788
4789 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 20 Jan 2013 22:12:11 +0400
4790
4791+qemu (1.3.0+dfsg-1~exp3ubuntu8) raring; urgency=low
4792+
4793+ * qemu-system.links:
4794+ - Add link to usr/share/ovmf/OVMF.fd (LP: #1074207)
4795+ - Fix target of /etc/kvm/kvm-if{up,down} links
4796+
4797+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Jan 2013 10:52:22 -0600
4798+
4799+qemu (1.3.0+dfsg-1~exp3ubuntu7) raring; urgency=low
4800+
4801+ * debian/control: qemu-system should Recommend cpu-checker (LP: #1103982)
4802+
4803+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 28 Jan 2013 11:52:10 -0600
4804+
4805+qemu (1.3.0+dfsg-1~exp3ubuntu6) raring; urgency=low
4806+
4807+ * configure-opts: add audio-cards list (LP: #1102487)
4808+ * configure-opts: change order of audio-drv-list for ubuntu, putting pa
4809+ first.
4810+
4811+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 12:02:09 -0600
4812+
4813+qemu (1.3.0+dfsg-1~exp3ubuntu5) raring; urgency=low
4814+
4815+ * Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4816+ (i.e.) qemu-x86_64. (LP: #1102332)
4817+
4818+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 08:58:07 -0600
4819+
4820+qemu (1.3.0+dfsg-1~exp3ubuntu4) raring; urgency=low
4821+
4822+ * Move three docs from qemu-system.install to qemu.docs (LP: #1101798)
4823+
4824+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 20:12:48 -0700
4825+
4826+qemu (1.3.0+dfsg-1~exp3ubuntu3) raring; urgency=low
4827+
4828+ * debian/patches/CVE-2012-6075.patch: Fix guest denial of service and
4829+ possible code execution in hw/e1000.c by dropping oversize packets.
4830+
4831+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 07:31:50 -0700
4832+
4833+qemu (1.3.0+dfsg-1~exp3ubuntu2) raring; urgency=low
4834+
4835+ * debian/rules: empty MAKEFLAGS when building spapr-rtas.bin on powerpc, to
4836+ fix FTBFS due to parallel compile.
4837+
4838+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Jan 2013 15:51:09 -0600
4839+
4840+qemu (1.3.0+dfsg-1~exp3ubuntu1) raring; urgency=low
4841+
4842+ * Merge 1.3.0+dfsg-1~exp3. Remaining ubuntu delta:
4843+ - debian/control:
4844+ * update maintainer
4845+ * remove vde2 recommends
4846+ * build-deps: remove libusbredir, libvdeplug2-dev,
4847+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
4848+ and libxen-dev.
4849+ * qemu-keymaps: break/replace qemu-common
4850+ * qemu-system:
4851+ - break/replace qemu-common
4852+ - depend on udev
4853+ - remove openbios-ppc, openbios-sparc, and openhackware from
4854+ Depends. (Intend to add them back once we can build them.)
4855+ - provides: qemu-kvm
4856+ * qemu-utils: break/replace qemu-kvm
4857+ * set up transitional packages for qemu-kvm, qemu-common, and kvm.
4858+ - qemu-kvm.upstart:
4859+ - add qemu-system.qemu-kvm.upstart
4860+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4861+ - take the defaults from the old qemu-kvm.defaults, and move them into
4862+ the upstart job
4863+ - debian/patches:
4864+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4865+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4866+ - ifup/down:
4867+ - copy Debian qemu-kvm's kvm-ifup/down into debian/
4868+ - fix dh_install for kvm-ifup/down in debian/rules
4869+ - add links for qemu-ifup/down in qemu-system.links
4870+ - remove (debian's original) qemu-ifup from qemu-system.install
4871+ - debian/qemu-system.postinst
4872+ - udevadm trigger to fix up /dev/kvm perms
4873+ - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
4874+ - debian/qemu-system.links:
4875+ - point 'kvm' to qemu-system-x86_64
4876+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4877+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4878+ back to qemu-system at some point.
4879+ * Add note about kvm to qemu-system.README.debian.
4880+ * Copy kvm-ifup and kvm-ifdown from debian's qemu-kvm
4881+ * Remove TAPBR from qemu-kvm.conf.
4882+ * Make sure /dev/kvm gets its acls cleared:
4883+ - Add acl to qemu-system.depends
4884+ - update qemu-system.udev to run setfacl to set g::rw acl
4885+ * qemu-system.qemu-kvm.conf: don't rmmod at stop
4886+ * Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4887+ * Remove hugepages sysctl file - qemu now supports transparent hugepages.
4888+
4889+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Jan 2013 23:22:51 -0600
4890+
4891 qemu (1.3.0+dfsg-1~exp3) experimental; urgency=low
4892
4893 * enable vde on kFreebsd too (no idea why it was disabled)
4894@@ -2834,6 +7328,107 @@ qemu (1.3.0+dfsg-1~exp1) experimental; urgency=low
4895
4896 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 30 Dec 2012 01:52:21 +0400
4897
4898+qemu (1.2.0.dfsg-1~exp1-0ubuntu2) raring; urgency=low
4899+
4900+ * Remove kvm package
4901+ - make qemu-system P/C/B: kvm.
4902+
4903+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Jan 2013 12:03:19 -0600
4904+
4905+qemu (1.2.0.dfsg-1~exp1-0ubuntu1) raring; urgency=low
4906+
4907+ [ Serge Hallyn ]
4908+ * debian/control:
4909+ - update maintainer
4910+ - remove vde2 recommends
4911+ - build-deps: remove libusbredir, libvdeplug2-dev,
4912+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
4913+ and libxen-dev.
4914+ - qemu-keymaps: break/replace qemu-common
4915+ - qemu-system:
4916+ - break/replace qemu-common
4917+ - depend on udev
4918+ - remove openbios-ppc, openbios-sparc, and openhackware from
4919+ Depends. (Intend to add them back once we can build them.)
4920+ - provides: qemu-kvm
4921+ - qemu-utils: break/replace qemu-kvm
4922+ - set up transitional packages for qemu-kvm, qemu-common, and kvm.
4923+ * debian/rules:
4924+ - install kvm-ifup and kvm-ifdown
4925+ - dh_installinit the qemu-kvm upstart job
4926+ * install a 30-qemu-kvm.conf into /etc/sysctl.c for nr_hugepages.
4927+ * qemu-kvm.upstart:
4928+ - add qemu-system.qemu-kvm.upstart
4929+ - add mv_confile to qemu-system.preinst, postinst, and .postrm to rename
4930+ /etc/init/qemu-kvm.conf to qemu-system.conf
4931+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4932+ - take the defaults from the old qemu-kvm.defaults, and move them into
4933+ the upstart job
4934+ * debian/patches:
4935+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4936+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4937+ - apply nbd-fixes-to-read-only-handling.patch from upstream to
4938+ make read-write mount after read-only mount work. (LP: #1077838)
4939+ * ifup/down:
4940+ - copy Ubuntu qemu-kvm's kvm-ifup/down into debian/
4941+ - fix dh_install for kvm-ifup/down in debian/rules
4942+ - add links for qemu-ifup/down in qemu-system.links
4943+ - remove (debian's original) qemu-ifup from qemu-system.install
4944+ * debian/qemu-system.postinst
4945+ - udevadm trigger to fix up /dev/kvm perms
4946+ - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
4947+ * debian/qemu-system.links:
4948+ - point 'kvm' to qemu-system-x86_64
4949+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4950+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4951+ back to qemu-system at some point.
4952+ - add qemu-ifdown and qemu-ifup links
4953+ * debian/qemu-system.install:
4954+ - remove /etc/qemu-ifup link
4955+ - add /etc/sysctl.d/30-qemu-kvm.conf
4956+
4957+ [ Adam Conrad ]
4958+ * Appease apt-get's dist-upgrade resolver by creating a qemu-common
4959+ transitional package to upgrade more gracefully to qemu-keymaps.
4960+ * Move all the empty transitional packages to the oldlibs section.
4961+ * Restore the versioned dep from qemu-kvm (and kvm) to qemu-system.
4962+
4963+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Jan 2013 08:50:24 -0600
4964+
4965+qemu (1.2.0+dfsg-1~exp1) UNRELEASED; urgency=low
4966+
4967+ [ Michael Tokarev ]
4968+ * new upstream version (1.3.0)
4969+ (Closes: #676374, #622319, #597527, #593547, #660154)
4970+ - Removed patches included upstream:
4971+ do-not-include-libutil.h.patch
4972+ configure-nss-usbredir.patch
4973+ tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch
4974+ net-add--netdev-options-to-man-page.patch
4975+ - update 02_kfreebsd.patch
4976+ - do not build mpc8544ds.dtb
4977+ - include new targets
4978+ * Cleaned up the build system ALOT. Larger changes:
4979+ - used explicit lists of emulated targets in debian/rules
4980+ and generate everything else from there, instead of repeating
4981+ these lists in lots of places.
4982+ - stop using debian/$pkg.manpages and other auxilary files like this,
4983+ moving eveything to debian/$pkg.install, because with the number
4984+ of packages growing, amount of these small files becomes very
4985+ large and the result is difficult to maintain.
4986+ * ship forgotten target-x86_64.conf in qemu-system.
4987+ * ship virtfs-proxy-helper in qemu-utils.
4988+ * stop shipping tundev.c, since it does not reflect the reality for
4989+ a long time now (Closes: #325761, #325754).
4990+ * re-introduce support parallel build using DEB_BUILD_OPTIONS=parallel=N,
4991+ this time by adding to $MAKEFLAGS instead of passing down to submakes
4992+ * build-depend on libcap-ng-dev (for virtfs-proxy-helper)
4993+
4994+ [ Vagrant Cascadian ]
4995+ * Add libcap-dev to Build-Depends to support virtfs-proxy-helper.
4996+
4997+ -- Michael Tokarev <mjt@tls.msk.ru> Sun, 30 Dec 2012 01:52:21 +0400
4998+
4999 qemu (1.1.2+dfsg-6a) unstable; urgency=low
5000
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches