Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:merge-7.0-kinetic into ubuntu/+source/qemu:debian/sid

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. merge-7.0-kinetic
  4. Merge into debian/sid
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 69c5691d4012f80a346c76ba3a122f5870b76aee
Proposed branch: ~paelzer/ubuntu/+source/qemu:merge-7.0-kinetic
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 7306 lines (+6615/-37)
23 files modified
debian/changelog (+4759/-3)
debian/control (+55/-9)
debian/control-in (+15/-25)
debian/patches/CVE-2021-3507.patch (+81/-0)
debian/patches/series (+13/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+870/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/lp-1981339-target-s390x-Exit-tb-after-executing-ex_value.patch (+39/-0)
debian/patches/ubuntu/lp-1981339-target-s390x-Remove-DISAS_GOTO_TB.patch (+62/-0)
debian/patches/ubuntu/lp-1981339-target-s390x-Remove-DISAS_PC_STALE.patch (+79/-0)
debian/patches/ubuntu/lp-1981339-target-s390x-Remove-DISAS_PC_STALE_NOCHAIN.patch (+113/-0)
debian/patches/ubuntu/lp1970737-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch (+39/-0)
debian/patches/ubuntu/lp1970737-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch (+46/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/patches/ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch (+44/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/rules (+4/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
git-ubuntu bot Approve
Canonical Server Reporter Pending
Review via email: mp+426272@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi,
I wanted to open the MR early on for review of the general merge, drops and
changes. As usual more testing might identify more to add / change later, but
since this most likely represents the majority of the work we can start the
review concurrent to the builds and tests.

Pushed tags as usual for complex merges:
To ssh://git.launchpad.net/~paelzer/ubuntu/+source/qemu
 * [new branch] merge-7.0-kinetic -> merge-7.0-kinetic
 * [new tag] lp1971315/logical/1%2.6.1+dfsg-0ubuntu8 -> lp1971315/logical/1%2.6.1+dfsg-0ubuntu8
 * [new tag] lp1971315/new/debian -> lp1971315/new/debian
 * [new tag] lp1971315/old/debian -> lp1971315/old/debian
 * [new tag] lp1971315/old/ubuntu -> lp1971315/old/ubuntu
 * [new tag] lp1971315/reconstruct/1%6.2+dfsg-2ubuntu8 -> lp1971315/reconstruct/1%6.2+dfsg-2ubuntu8
 * [new tag] lp1971315/split/1%6.2+dfsg-2ubuntu8 -> lp1971315/split/1%6.2+dfsg-2ubuntu8

I'll update with PPA and Test info later once available.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Resolved the first local build issue which was after the main qemu (in the bios).
I now started cross arch PPA builds in:
  https://launchpad.net/~paelzer/+archive/ubuntu/qemu-7.0-kinetic/+packages

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Builds complete.

We can not pre-test the autopkgetests on LP infra as it needs to run once in an official upload to be able to be triggerable on PPAs.

I'll soon start extended testing, but by now review of this is really unblocked and can start as soon as someone finds time for it.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Taking a look.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I was expecting your old/debian tag to match the corresponding import tag, but I don't see that:

commit 5ad2a7321fbeb16601d814427e5254fcf2b3ee3b (tag: pkg/import/1%6.2+dfsg-2)
Author: Michael Tokarev <email address hidden>
Date: Thu Jan 20 10:52:19 2022 +0300

    1:6.2+dfsg-2 (patches unapplied)

    Imported using git-ubuntu import.

vs

commit ff4a6930bebd8ec0e50b248b94caf63eafb7b42e (tag: paelzer/lp1971315/old/debian)
Author: Michael Tokarev <email address hidden>
Date: Thu Jan 20 10:52:19 2022 +0300

    1:6.2+dfsg-2 (patches unapplied)

    Imported using git-ubuntu import.

I mean, the content is probably the same, but I usually start my checks from the trusted tag (pkg/import), and if yours match, I go on with yours. Same with new/debian and old/ubuntu.

Not a blocker, but an observation, I think qemu imports have a history of being "different", but do let me know if you think something is wrong, or if I'm doing something wrong.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I think you pushed the wrong logical tag:

  * [new tag] lp1971315/logical/1%2.6.1+dfsg-0ubuntu8 -> lp1971315/logical/1%2.6.1+dfsg-0ubuntu8

I was expecting "logical/1%6.2+dfsg-2ubuntu8"

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hmm, yeah git-ubuntu's detection of where branches have split was wrong and I had to recreate most things manually due to that.
Re-Checking all of them ...

lp1971315/new/debian is on 1:7.0+dfsg-7 - on import-tag - ok

lp1971315/old/debian is on 1:6.2+dfsg-2 - ok - same content, but not on import-tag
That is really odd - the wrong commit it is on is also from the importer.
It would make no content-difference but might be important for the commit history (which also worked fine, but who knows), so I'm retagging this one.
 + ff4a6930be...5ad2a7321f lp1971315/old/debian -> lp1971315/old/debian (forced update)

lp1971315/old/ubuntu is on 1:6.2+dfsg-2ubuntu8 - on import-tag - ok

reconstruct, split and logical were all fine content-wise, but all based on the former lp1971315/old/debian. I've rebased them for you as well.
 + b5e67debc9...0019bb330f lp1971315/logical/1%2.6.1+dfsg-0ubuntu8 -> lp1971315/logical/1%2.6.1+dfsg-0ubuntu8 (forced update)
 + 20b3cab272...c4ed62e5ef lp1971315/reconstruct/1%6.2+dfsg-2ubuntu8 -> lp1971315/reconstruct/1%6.2+dfsg-2ubuntu8 (forced update)
 + 5d5686c37a...da23e7b8b6 lp1971315/split/1%6.2+dfsg-2ubuntu8 -> lp1971315/split/1%6.2+dfsg-2ubuntu8 (forced update)

---

I was trying to check where this wrong commit came from (as it might also explain what made git-ubuntu merge go nuts). It is hiding :-) as it is not found by any of the following oO
$ git branch -a --contains ff4a6930be
$ git tag --contains ff4a6930be
$ for r in $(git remote -v | cut -f 1 | uniq); do echo "$r"; git fetch $r ff4a6930be; done

Tracking its log, it seems it split off from correctly tagged ones on pkg/import/1%5.0-13 which is the last import tag in its history. All later commits are still git-ubuntu imports but without an import-tag.
I found via git "stash clear + reflog expire + fsck --unreachable + gc " that it was a non-cleared reference reachable from a git stash (an fsck before stash-clear/reflog-expire didn't clean it) that I had around from long ago.

After that clearing it LGTM now, just one 1:6.2+dfsg-2 and that is the right one :-)
Git-ubuntu might have searched for a matching treeish and picked the wrong one - maybe that cleanup allows my next merge to work out of the box?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Any idea why Debian is not patching CVE-2021-3507, nor why it's not fixed upstream yet? The floppy disk controller is not enabled/supported over there?

I looked over the rest, and matched the changes to what is described in d/changelog, and git range-diff agrees, and the new transitional package also has the correct breaks/replaces (case #6 of https://wiki.debian.org/PackageTransition)

+1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: paelzer, ahasenack
Uploaders: paelzer, ahasenack
MP auto-approved

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks Andreas,
I do not know what continues CVE-2021-3507 to be special. But I'm ok just following security on that one.

Also some interim tests results - majority good, but some hiccups to resolve (as usual).

- x86
  - misc run hit a LXD issue loosing websockets-> rerun

- ppc
  - 24 migration issues
    - type mismatch (I had the wrong test git branch, ok on a rerun)
    - all reverse migrations failed
       error: unable to connect to server at 'testkvm-kinetic-from:49152': No route to host
      Retry if this persists, if yes I'll need to debug
  - 1 misc issue - flaky concurrent restart, not a problem
  - cross run hit LXD issue -> rerun

- s390x
  - got stuck at initializing guests
  - lxd issue getting bionic guests fully started -> retry
  - lxc exec $g runlevel is hanging

That is ok for a first run, I've cleaned all up and started the next.
On the current retries multiple arches go into apt issues .. *sigh* ... this seems to be some more work, but all except the potential ppc reverse migration issue seem to be cause by other components.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

x86 and s390x tests seemed ok, but failed due to external reasons.
They are runnign again.

ppc64 was kind of complete and ok:
prep (ppc64le) : Pass 25 F/S/N 0/0/0 - RC 0 (82 min 47476 lin)
migrate (ppc64le): Pass 276 F/S/N 1/0/0 - RC 1 (129 min 172463 lin)
cross (ppc64le) : Pass 80 F/S/N 0/0/0 - RC 0 (162 min 115393 lin)
misc (ppc64le) : Pass 46 F/S/N 2/1/0 - RC 2 (43 min 33232 lin)

The three remaining issues were triggered by overload, those cases are already retried and worked in 9/10 cases - additionally the other systems passed that just fine and issues in these subtests (other than load vs cpu-power) are usually non arch specific.

Waiting for x86/s390x to complete again ...

~paelzer/ubuntu/+source/qemu:merge-7.0-kinetic updated
05ce2e3... by Christian Ehrhardt 

d/p/u/lp-1981339-*: fix s390x system emulation (LP: #1981339)

Signed-off-by: Christian Ehrhardt <email address hidden>

f2fbf42... by Christian Ehrhardt 

changelog: fix s390x system emulation (LP: #1981339)

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Landed a further fix for bug 1981339

~paelzer/ubuntu/+source/qemu:merge-7.0-kinetic updated
69c5691... by Christian Ehrhardt 

changelog: also mention (LP: #1980896)

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Changes ok, still +1

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks, uploaded to Kinetic

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 4c15a5c..d6dfb3f 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,78 @@
6+qemu (1:7.0+dfsg-7ubuntu1) kinetic; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #1971315)(LP: #1980896), remaining changes:
9+ - qemu-kvm to systemd unit
10+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
11+ hugepages and architecture specifics
12+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
13+ qemu-kvm-init
14+ - d/qemu-system-common.install: install helper script
15+ - d/qemu-system-common.qemu-kvm.default: defaults for
16+ /etc/default/qemu-kvm
17+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
18+ - Distribution specific machine type
19+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
20+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
21+ types containing release versioned machine attributes
22+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
23+ for host-phys-bits=true
24+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
25+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
26+ - Enable nesting by default
27+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
28+ in qemu64 on amd
29+ [ No more strictly needed, but required for backward compatibility ]
30+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
31+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
32+ reference 256k path
33+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
34+ handle incoming migrations from former releases.
35+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
36+ - Ease the use of module retention on upgrades (LP 1913421)
37+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
38+ - Fix I/O stalls when using NVMe storage (LP 1970737).
39+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
40+ in laio_io_unplug.
41+ - SECURITY UPDATE: heap overflow in floppy disk emulator
42+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
43+ hw/block/fdc.c.
44+ - CVE-2021-3507
45+ * Dropped Changes [now part of 1:7.0+dfsg-7]:
46+ - d/rules: xen libexec dir is no more versioned
47+ - d/rules: ensure xen is built on x86
48+ - d/kvm-spice: fix when acceleration is already defined on the commandline
49+ - debian/control[-in]: no more disable glusterfs in Ubuntu (LP 1246924)
50+ * Dropped Changes [now part of upstream v7.0.0]
51+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
52+ Allow long kernel command lines for QEMU (LP 1959984)
53+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
54+ - d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
55+ tcg on s390x.
56+ - Fix diff handling on ceph that can cause data corruption (LP 1968258)
57+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
58+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
59+ - d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
60+ in vnc connections (LP 1970563)
61+ - All CVE fixes of 1:6.2+dfsg-2ubuntu8 except CVE-2021-3507
62+ * Dropped Changes
63+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
64+ add patch to workaround FTBFS when building against OpenSSL 3.0.
65+ [ now working with OpenSSL 3.0 ]
66+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
67+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
68+ [ fixed in compiler toolchain ]
69+ - Make qemu-system-x86-microvm a transitional package as the binary is now
70+ in qemu-system-x86 itself.
71+ [ no more needed]
72+ * Added Changes
73+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
74+ landed in Debian but under a different name.
75+ - d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch: fix qboot FTBFS
76+ with LTO
77+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP: #1981339)
78+
79+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jul 2022 12:07:19 +0200
80+
81 qemu (1:7.0+dfsg-7) unstable; urgency=medium
82
83 * d/tests/test-qemu-user: rework ls/glob test a bit
84@@ -132,6 +207,141 @@ qemu (1:6.2+dfsg-3) unstable; urgency=medium
85
86 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 25 Feb 2022 12:01:46 +0300
87
88+qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium
89+
90+ [ Marc Deslauriers ]
91+ * SECURITY UPDATE: heap overflow in floppy disk emulator
92+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
93+ hw/block/fdc.c.
94+ - CVE-2021-3507
95+ * SECURITY UPDATE: use-after-free in nvme
96+ - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
97+ device itself in hw/nvme/ctrl.c.
98+ - CVE-2021-3929
99+ * SECURITY UPDATE: integer overflow in QXL display device emulation
100+ - debian/patches/CVE-2021-4206.patch: check width and height in
101+ hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
102+ - CVE-2021-4206
103+ * SECURITY UPDATE: heap overflow in QXL display device emulation
104+ - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
105+ in hw/display/qxl-render.c.
106+ - CVE-2021-4207
107+ * SECURITY UPDATE: potential privilege escalation in virtiofsd
108+ - debian/patches/CVE-2022-0358.patch: Drop membership of all
109+ supplementary groups in tools/virtiofsd/passthrough_ll.c.
110+ - CVE-2022-0358
111+ * SECURITY UPDATE: memory leakage in virtio-net device
112+ - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
113+ receive in hw/net/virtio-net.c.
114+ - CVE-2022-26353
115+ * SECURITY UPDATE: memory leakage in vhost-vsock device
116+ - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
117+ case of error in hw/virtio/vhost-vsock-common.c.
118+ - CVE-2022-26354
119+
120+ [ Sergio Durigan Junior ]
121+ * Fix I/O stalls when using NVMe storage (LP: #1970737).
122+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
123+ in laio_io_unplug.
124+
125+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 22 Jun 2022 15:38:37 -0400
126+
127+qemu (1:6.2+dfsg-2ubuntu7) kinetic; urgency=medium
128+
129+ * d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
130+ in vnc connections (LP: #1970563)
131+
132+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 May 2022 08:25:20 +0200
133+
134+qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
135+
136+ * debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
137+ * Fix diff handling on ceph that can cause data corruption (LP: #1968258)
138+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
139+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
140+
141+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 08 Apr 2022 09:36:34 +0200
142+
143+qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium
144+
145+ * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
146+ tcg on s390x.
147+
148+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Feb 2022 09:54:36 +0100
149+
150+qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium
151+
152+ * No-change rebuild to update maintainer scripts, see LP: 1959054
153+
154+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:28:14 +0000
155+
156+qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium
157+
158+ * Merge with Debian unstable, remaining changes:
159+ - qemu-kvm to systemd unit
160+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
161+ hugepages and architecture specifics
162+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
163+ qemu-kvm-init
164+ - d/qemu-system-common.install: install helper script
165+ - d/qemu-system-common.qemu-kvm.default: defaults for
166+ /etc/default/qemu-kvm
167+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
168+ - Distribution specific machine type
169+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
170+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
171+ types containing release versioned machine attributes
172+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
173+ for host-phys-bits=true
174+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
175+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
176+ - Enable nesting by default
177+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
178+ in qemu64 on amd
179+ [ No more strictly needed, but required for backward compatibility ]
180+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
181+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
182+ reference 256k path
183+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
184+ handle incoming migrations from former releases.
185+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
186+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
187+ add patch to workaround FTBFS when building against OpenSSL 3.0.
188+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
189+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
190+ - Ease the use of module retention on upgrades (LP 1913421)
191+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
192+ - Make qemu-system-x86-microvm a transitional package as the binary is now
193+ in qemu-system-x86 itself.
194+ * Dropped Changes [now part of 1:6.1+dfsg-8]:
195+ - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
196+ (#993658) (LP 1947860)
197+ - improved dependencies
198+ - Make qemu-system-common depend on qemu-block-extra
199+ - Make qemu-utils depend on qemu-block-extra
200+ - d/control*, d/rules: disable xen by default, but provide universe
201+ package qemu-system-x86-xen as alternative
202+ [includes compat links changes of 5.0-5ubuntu4]
203+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
204+ * Dropped Changes [now part of upstream]
205+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
206+ and 3932 machines (LP 1932175)
207+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
208+ migration with audio devices present (LP 1940288)
209+ * Added changes:
210+ - update patches for qemu v6.2.0
211+ - d/p/u/enable-svm-by-default.patch
212+ - d/p/u/define-ubuntu-machine-types.patch
213+ - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
214+ - d/rules: xen libexec dir is no more versioned
215+ - d/rules: ensure xen is built on x86
216+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
217+ Allow long kernel command lines for QEMU (LP: #1959984)
218+ - d/kvm-spice: fix when acceleration is already defined on the commandline
219+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
220+
221+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Jan 2022 12:18:25 +0100
222+
223 qemu (1:6.2+dfsg-2) unstable; urgency=medium
224
225 * bump meson build-dep to 0.59.3
226@@ -353,6 +563,95 @@ qemu (1:6.0+dfsg-3) unstable; urgency=medium
227
228 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 17 Aug 2021 17:49:10 +0300
229
230+qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium
231+
232+ * d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
233+ add patch to workaround FTBFS when building against OpenSSL 3.0.
234+ Thanks to Christian Ehrhardt (LP: #1952448)
235+
236+ -- Paride Legovini <paride@ubuntu.com> Fri, 26 Nov 2021 15:47:51 +0100
237+
238+qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium
239+
240+ * No-change rebuild against liburing2
241+
242+ -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:00:26 +0100
243+
244+qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium
245+
246+ * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
247+ (#993658) (LP: #1947860)
248+
249+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 03 Nov 2021 14:10:56 +0100
250+
251+qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium
252+
253+ * Merge with Debian experimental, remaining changes:
254+ - qemu-kvm to systemd unit
255+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
256+ hugepages and architecture specifics
257+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
258+ qemu-kvm-init
259+ - d/qemu-system-common.install: install helper script
260+ - d/qemu-system-common.qemu-kvm.default: defaults for
261+ /etc/default/qemu-kvm
262+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
263+ - Distribution specific machine type
264+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
265+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
266+ types containing release versioned machine attributes
267+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
268+ for host-phys-bits=true
269+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
270+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
271+ - Enable nesting by default
272+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
273+ in qemu64 on amd
274+ [ No more strictly needed, but required for backward compatibility ]
275+ - improved dependencies
276+ - Make qemu-system-common depend on qemu-block-extra
277+ - Make qemu-utils depend on qemu-block-extra
278+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
279+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
280+ reference 256k path
281+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
282+ handle incoming migrations from former releases.
283+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
284+ - d/control*, d/rules: disable xen by default, but provide universe
285+ package qemu-system-x86-xen as alternative
286+ [includes compat links changes of 5.0-5ubuntu4]
287+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
288+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
289+ for v6.0
290+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
291+ - Ease the use of module retention on upgrades (LP 1913421)
292+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
293+ * Dropped Changes [in 1:6.0+dfsg-2exp]:
294+ - d/control-in: Disable capstone disassembler library support (universe)
295+ - Disable fuse export (universe dependency)
296+ - Ease the use of module retention on upgrades (LP 1913421)
297+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
298+ - d/rules: only save modules if /run/qemu isn't noexec
299+ - d/rules: clear all (current and former) modules on purge
300+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
301+ upgrade issues (LP 1932264)
302+ - Enable SDL as secondary UI backend (LP 1256185)
303+ - d/control: add build dependency libsdl2-dev
304+ - d/control: enable sdl graphics on build
305+ - d/qemu-system-gui.install: add ui-sdl.so
306+ - d/control: add runtime dependency to libgl1
307+ * Dropped Changes [no more needed]
308+ - let qemu-utils recommend sharutils
309+ * Added changes:
310+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
311+ -fcf-protection being unavailble on -march=i486 (LP: #1940029)
312+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
313+ and 3932 machines (LP: #1932175)
314+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
315+ migration with audio devices present (LP: #1940288)
316+
317+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Aug 2021 15:35:12 +0200
318+
319 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
320
321 [ Christian Ehrhardt ]
322@@ -390,6 +689,104 @@ qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
323
324 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jul 2021 19:43:37 +0300
325
326+qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium
327+
328+ * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch:
329+ fix TCG emulation for ppc64 (LP: #1935617)
330+
331+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 13 Jul 2021 09:34:55 +0200
332+
333+qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium
334+
335+ * d/control: remove fuse2 trial-build (LP 1934510)
336+
337+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Jul 2021 10:26:08 +0200
338+
339+qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium
340+
341+ * Merge with Debian experimental, Among many other things this fixes LP Bugs:
342+ (LP: #1907952) broken arrow keys in -display gtk on aarch64
343+ - qemu-kvm to systemd unit
344+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
345+ hugepages and architecture specifics
346+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
347+ qemu-kvm-init
348+ - d/qemu-system-common.install: install helper script
349+ - d/qemu-system-common.qemu-kvm.default: defaults for
350+ /etc/default/qemu-kvm
351+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
352+ - Distribution specific machine type
353+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
354+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
355+ types containing release versioned machine attributes
356+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
357+ for host-phys-bits=true
358+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
359+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
360+ - Enable nesting by default
361+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
362+ in qemu64 on amd
363+ [ No more strictly needed, but required for backward compatibility ]
364+ - improved dependencies
365+ - Make qemu-system-common depend on qemu-block-extra
366+ - Make qemu-utils depend on qemu-block-extra
367+ - Let qemu-utils recommend sharutils
368+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
369+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
370+ reference 256k path
371+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
372+ handle incoming migrations from former releases.
373+ - d/control-in: Disable capstone disassembler library support (universe)
374+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
375+ - d/control*, d/rules: disable xen by default, but provide universe
376+ package qemu-system-x86-xen as alternative
377+ [includes compat links changes of 5.0-5ubuntu4]
378+ - Fix upgrade module handling (LP 1905377)
379+ --enable-module-upgrades for qemu-xen which doesn't exist in Debian
380+ * Dropped Changes [in 6.0]:
381+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
382+ ld usage of -no-pie (LP 1907789)
383+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
384+ virtio-9p-ccw being missing (LP 1916230)
385+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
386+ to glib2.0 >=2.67.3 (LP 1916705)
387+ - d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
388+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
389+ (LP 1921754)
390+ - d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
391+ (LP 1921880)
392+ - d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*:
393+ fix go in qemu-s390x-static (LP 1922010)
394+ * Dropped Changes [in Debian]:
395+ - Allow qemu to load old modules post upgrade (LP 1847361)
396+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
397+ - d/rules: Drop generating package version into maintainer scripts
398+ * Dropped Changes [No more needed >21.04]:
399+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
400+ the bad old prerm (LP 1906245 1905377)
401+ * Added Changes
402+ - Disable fuse export (universe dependency)
403+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
404+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
405+ for v6.0
406+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926)
407+ - Ease the use of module retention on upgrades (LP: #1913421)
408+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
409+ - d/rules: only save modules if /run/qemu isn't noexec
410+ - d/rules: clear all (current and former) modules on purge
411+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
412+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
413+ upgrade issues (LP: #1932264)
414+ - Enable SDL as secondary UI backend (LP: #1256185)
415+ - d/control: add build dependency libsdl2-dev
416+ - d/control: enable sdl graphics on build
417+ - d/qemu-system-gui.install: add ui-sdl.so
418+ - d/control: add runtime dependency to libgl1
419+ - d/rules: qemu-system-x86-xen builds modules as well now (follows the
420+ other packages)
421+
422+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Jun 2021 12:41:33 +0200
423+
424 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium
425
426 * new upstream release
427@@ -442,6 +839,75 @@ qemu (1:5.2+dfsg-10) unstable; urgency=medium
428
429 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 16 Apr 2021 12:43:36 +0300
430
431+qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium
432+
433+ * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
434+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
435+ (LP: #1921754)
436+ * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
437+ (LP: #1921880)
438+
439+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 11:58:29 +0200
440+
441+qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium
442+
443+ * d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch:
444+ fix go in qemu-s390x-static (LP: #1922010)
445+
446+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 Mar 2021 10:01:40 +0200
447+
448+qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium
449+
450+ * Merge with Debian unstable; Remaining changes:
451+ - qemu-kvm to systemd unit
452+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
453+ hugepages and architecture specifics
454+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
455+ qemu-kvm-init
456+ - d/qemu-system-common.install: install helper script
457+ - d/qemu-system-common.qemu-kvm.default: defaults for
458+ /etc/default/qemu-kvm
459+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
460+ - Distribution specific machine type (LP: 1304107 1621042)
461+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
462+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
463+ for host-phys-bits=true (LP: 1776189)
464+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
465+ - provide pseries-bionic-2.11-sxxm type as convenience with all
466+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
467+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
468+ - Enable nesting by default
469+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
470+ in qemu64 on amd
471+ [ No more strictly needed, but required for backward compatibility ]
472+ - improved dependencies
473+ - Make qemu-system-common depend on qemu-block-extra
474+ - Make qemu-utils depend on qemu-block-extra
475+ - let qemu-utils recommend sharutils
476+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
477+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
478+ reference 256k path
479+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
480+ handle incoming migrations from former releases.
481+ - d/control-in: Disable capstone disassembler library support (universe)
482+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
483+ - d/control*, d/rules: disable xen by default, but provide universe
484+ package qemu-system-x86-xen as alternative
485+ [includes compat links changes of 5.0-5ubuntu4]
486+ - allow qemu to load old modules post upgrade (LP 1847361)
487+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
488+ - d/rules: Drop generating package version into maintainer scripts
489+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
490+ the bad old prerm (LP 1906245 1905377)
491+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
492+ ld usage of -no-pie (LP 1907789)
493+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
494+ virtio-9p-ccw being missing (LP 1916230)
495+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
496+ to glib2.0 >=2.67.3 (LP 1916705)
497+
498+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Mar 2021 11:13:49 +0100
499+
500 qemu (1:5.2+dfsg-9) unstable; urgency=medium
501
502 * do not make qemu-system-data dependent on qemu-system-foo
503@@ -481,6 +947,66 @@ qemu (1:5.2+dfsg-7) unstable; urgency=high
504
505 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Mar 2021 11:32:54 +0300
506
507+qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium
508+
509+ * d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
510+ to glib2.0 >=2.67.3 (LP: #1916705)
511+
512+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Feb 2021 08:39:09 +0100
513+
514+qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
515+
516+ * Merge with Debian unstable, includes fixes for
517+ - build operates differently if source is a git repo (LP: #1887535)
518+ Remaining changes:
519+ - qemu-kvm to systemd unit
520+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
521+ hugepages and architecture specifics
522+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
523+ qemu-kvm-init
524+ - d/qemu-system-common.install: install helper script
525+ - d/qemu-system-common.qemu-kvm.default: defaults for
526+ /etc/default/qemu-kvm
527+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
528+ - Distribution specific machine type (LP: 1304107 1621042)
529+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
530+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
531+ for host-phys-bits=true (LP: 1776189)
532+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
533+ - provide pseries-bionic-2.11-sxxm type as convenience with all
534+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
535+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
536+ - Enable nesting by default
537+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
538+ in qemu64 on amd
539+ [ No more strictly needed, but required for backward compatibility ]
540+ - improved dependencies
541+ - Make qemu-system-common depend on qemu-block-extra
542+ - Make qemu-utils depend on qemu-block-extra
543+ - let qemu-utils recommend sharutils
544+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
545+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
546+ reference 256k path
547+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
548+ handle incoming migrations from former releases.
549+ - d/control-in: Disable capstone disassembler library support (universe)
550+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
551+ - d/control*, d/rules: disable xen by default, but provide universe
552+ package qemu-system-x86-xen as alternative
553+ [includes compat links changes of 5.0-5ubuntu4]
554+ - allow qemu to load old modules post upgrade (LP 1847361)
555+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
556+ - d/rules: Drop generating package version into maintainer scripts
557+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
558+ the bad old prerm (LP 1906245 1905377)
559+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
560+ ld usage of -no-pie (LP 1907789)
561+ * Added changes
562+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
563+ virtio-9p-ccw being missing (LP: #1916230)
564+
565+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Feb 2021 11:40:36 +0100
566+
567 qemu (1:5.2+dfsg-6) unstable; urgency=medium
568
569 * deprecate qemu-debootstrap. It is not needed anymore with
570@@ -533,6 +1059,64 @@ qemu (1:5.2+dfsg-4) unstable; urgency=medium
571
572 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300
573
574+qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
575+
576+ * No change rebuild to pick up liburing. (LP: #1914145)
577+
578+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 19:44:54 -0300
579+
580+qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
581+
582+ * Merge with Debian unstable, includes fixes for
583+ - qemu-user-static are partially dynamically linked (LP: #1908331)
584+ - qemu crashing when using spice without qemu-system-gui being
585+ installed (LP: #1908577)
586+ Remaining changes:
587+ - qemu-kvm to systemd unit
588+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
589+ hugepages and architecture specifics
590+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
591+ qemu-kvm-init
592+ - d/qemu-system-common.install: install helper script
593+ - d/qemu-system-common.qemu-kvm.default: defaults for
594+ /etc/default/qemu-kvm
595+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
596+ - Distribution specific machine type (LP: 1304107 1621042)
597+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
598+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
599+ for host-phys-bits=true (LP: 1776189)
600+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
601+ - provide pseries-bionic-2.11-sxxm type as convenience with all
602+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
603+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
604+ - Enable nesting by default
605+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
606+ in qemu64 on amd
607+ [ No more strictly needed, but required for backward compatibility ]
608+ - improved dependencies
609+ - Make qemu-system-common depend on qemu-block-extra
610+ - Make qemu-utils depend on qemu-block-extra
611+ - let qemu-utils recommend sharutils
612+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
613+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
614+ reference 256k path
615+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
616+ handle incoming migrations from former releases.
617+ - d/control-in: Disable capstone disassembler library support (universe)
618+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
619+ - d/control*, d/rules: disable xen by default, but provide universe
620+ package qemu-system-x86-xen as alternative
621+ [includes compat links changes of 5.0-5ubuntu4]
622+ - allow qemu to load old modules post upgrade (LP 1847361)
623+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
624+ - d/rules: Drop generating package version into maintainer scripts
625+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
626+ the bad old prerm (LP 1906245 1905377)
627+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
628+ ld usage of -no-pie (LP 1907789)
629+
630+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
631+
632 qemu (1:5.2+dfsg-3) unstable; urgency=medium
633
634 [ Christian Ehrhardt ]
635@@ -549,6 +1133,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
636
637 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
638
639+qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
640+
641+ * Merge with Debian unstable
642+ - includes fix for CVE-2020-17380
643+ - includes a fix for s390x PCI device reset (LP: #1907656)
644+ Remaining changes:
645+ - qemu-kvm to systemd unit
646+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
647+ hugepages and architecture specifics
648+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
649+ qemu-kvm-init
650+ - d/qemu-system-common.install: install helper script
651+ - d/qemu-system-common.qemu-kvm.default: defaults for
652+ /etc/default/qemu-kvm
653+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
654+ - Distribution specific machine type (LP: 1304107 1621042)
655+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
656+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
657+ for host-phys-bits=true (LP: 1776189)
658+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
659+ - provide pseries-bionic-2.11-sxxm type as convenience with all
660+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
661+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
662+ - Enable nesting by default
663+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
664+ in qemu64 on amd
665+ [ No more strictly needed, but required for backward compatibility ]
666+ - improved dependencies
667+ - Make qemu-system-common depend on qemu-block-extra
668+ - Make qemu-utils depend on qemu-block-extra
669+ - let qemu-utils recommend sharutils
670+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
671+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
672+ reference 256k path
673+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
674+ handle incoming migrations from former releases.
675+ - d/control-in: Disable capstone disassembler library support (universe)
676+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
677+ - d/control*, d/rules: disable xen by default, but provide universe
678+ package qemu-system-x86-xen as alternative
679+ [includes compat links changes of 5.0-5ubuntu4]
680+ - allow qemu to load old modules post upgrade (LP 1847361)
681+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
682+ - d/rules: Drop generating package version into maintainer scripts
683+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
684+ the bad old prerm (LP 1906245 1905377)
685+ * Dropped Changes:
686+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
687+ resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
688+ fails]
689+ * Added Changes:
690+ - Refreshed ubuntu machine types for hirsute@5.2
691+ - d/control: regenerated from d/control-in
692+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
693+ ld usage of -no-pie (LP: #1907789)
694+
695+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
696+
697 qemu (1:5.2+dfsg-2) unstable; urgency=medium
698
699 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
700@@ -594,6 +1236,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
701
702 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
703
704+qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
705+
706+ * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
707+ the bad old prerm (LP: #1906245)
708+
709+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
710+
711+qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
712+
713+ * Fix upgrade module handling (LP: #1905377)
714+ This was accetped in a slightly different form in qemu_5.0-6 and therefore
715+ allows to drop some former delta that is now conflicting.
716+ Ubuntu still keeps enabling --enable-module-upgrades, but only for
717+ qemu-xen which doesn't exist in Debian
718+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
719+ - d/rules: Drop generating package version into maintainer scripts
720+
721+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
722+
723+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
724+
725+ * Merge with Debian testing, remaining changes:
726+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
727+ - qemu-kvm to systemd unit
728+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
729+ hugepages and architecture specifics
730+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
731+ qemu-kvm-init
732+ - d/qemu-system-common.install: install helper script
733+ - d/qemu-system-common.qemu-kvm.default: defaults for
734+ /etc/default/qemu-kvm
735+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
736+ - Distribution specific machine type (LP: 1304107 1621042)
737+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
738+ types
739+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
740+ for host-phys-bits=true (LP: 1776189)
741+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
742+ - provide pseries-bionic-2.11-sxxm type as convenience with all
743+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
744+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
745+ - Enable nesting by default
746+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
747+ in qemu64 on amd
748+ [ No more strictly needed, but required for backward compatibility ]
749+ - improved dependencies
750+ - Make qemu-system-common depend on qemu-block-extra
751+ - Make qemu-utils depend on qemu-block-extra
752+ - let qemu-utils recommend sharutils
753+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
754+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
755+ reference 256k path
756+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
757+ handle incoming migrations from former releases.
758+ - d/control-in: Disable capstone disassembler library support (universe)
759+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
760+ - d/control*, d/rules: disable xen by default, but provide universe
761+ package qemu-system-x86-xen as alternative
762+ [includes compat links changes of 5.0-5ubuntu4]
763+ - allow qemu to load old modules post upgrade (LP 1847361)
764+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
765+ upgrade
766+ - d/rules: generate maintainer scripts matching package version on build
767+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
768+ - d/control: regenerate debian/control out of control-in
769+ * Dropped changes [in Debian or no more needed]
770+ - d/control-in: disable pmem on ppc64 as it is currently considered
771+ experimental on that architecture (pmdk v1.8-1)
772+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
773+ - d/rules: report config log from the correct subdir
774+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
775+ - Pick further changes for groovy from debian/master since 5.0-5
776+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
777+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
778+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
779+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
780+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
781+ - megasas-fix-possible-out-of-bounds-array-access.patch
782+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
783+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
784+ - a few patches from the stable series:
785+ - fix-tulip-breakage.patch
786+ - 9p-lock-directory-streams-with-a-CoMutex.patch
787+ Prevent deadlocks in 9pfs readdir code
788+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
789+ Fix newline accidentally sneaked into id string of a nic
790+ - qemu-nbd-close-inherited-stderr.patch
791+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
792+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
793+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
794+ - acpi-tmr-allow-2-byte-reads.patch
795+ - reapply CVE-2020-13253 fixes from upstream
796+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
797+ - linux-user-add-netlink-RTM_SETLINK-command.patch
798+ - d/control: since qemu-system-data now contains module(s),
799+ it can't be multi-arch. Ditto for qemu-block-extra.
800+ - qemu-system-foo: depend on exact version of qemu-system-data,
801+ due to the latter having modules
802+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
803+ This is another incarnation of the recent bugfix which actually enabled
804+ memory access constraints, like #964247
805+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
806+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
807+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
808+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
809+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
810+ - do not install outdated (0.12 and before) Changelog
811+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
812+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
813+ Closes: CVE-2020-15863
814+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
815+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
816+ another fix for revert-memory-accept-.. CVE-2020-13754
817+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
818+ - d/control-in: build-dep libcap is no more needed
819+ - arch aware kvm wrappers
820+ [upstream now automatically enables KVM if available and called with
821+ kvm* name, provides KVM as before but with auto-fallback to tcg.
822+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
823+ * Dropped changes [upstream now]
824+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
825+ setup_len
826+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
827+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
828+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
829+ from vfio-ccw (LP 1887935)
830+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
831+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
832+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
833+ SQXBR (LP 1883984)
834+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
835+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
836+ environments (LP 1887763)
837+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
838+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
839+ crashes it on shutdown (LP 1878973)
840+ - update d/p/ubuntu/lp-1835546-* to the final versions
841+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
842+ FTBFS in groovy
843+ * Added Changes:
844+ - update ubuntu machine types for hirsute@5.1
845+ - d/control: regenerated from d/control-in
846+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
847+ resolved in gcc-10 (LP: 1890435)
848+
849+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
850+
851 qemu (1:5.1+dfsg-4) unstable; urgency=high
852
853 * mention closing of CVE-2020-16092 by 5.1
854@@ -835,6 +1624,298 @@ qemu (1:5.0-6) unstable; urgency=medium
855
856 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
857
858+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
859+
860+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
861+ machine type to match how it originally was released (LP: #1902654)
862+
863+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
864+
865+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
866+
867+ * No-change rebuild for brltty soname change.
868+
869+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
870+
871+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
872+
873+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
874+ setup_len
875+ CVE-2020-14364
876+
877+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
878+
879+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
880+
881+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
882+
883+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
884+
885+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
886+
887+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
888+
889+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
890+
891+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
892+
893+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
894+ from vfio-ccw (LP: #1887935)
895+
896+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
897+
898+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
899+
900+ * fix qemu-user-static initialization to allow executing systemd
901+ (LP: #1890881)
902+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
903+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
904+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
905+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
906+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
907+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
908+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
909+ CVE-2020-16092
910+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
911+
912+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
913+
914+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
915+
916+ * xen: provide compat links to what libxen-dev reports where to find
917+ the binaries (LP: #1890005)
918+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
919+ SQXBR (LP: #1883984)
920+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
921+
922+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
923+
924+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
925+
926+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
927+ environments (LP: #1887763)
928+ * Pick further changes for groovy from debian/master since 5.0-5
929+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
930+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
931+ infinite recursion via a crafted mm_index value during
932+ ati_mm_read or ati_mm_write call.
933+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
934+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
935+ devices which uses min_access_size and max_access_size Memory API fields.
936+ Also closes: CVE-2020-13791
937+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
938+ CVE-2020-13659: address_space_map in exec.c can trigger
939+ a NULL pointer dereference related to BounceBuffer
940+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
941+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
942+ has an OOB read via a crafted reply_queue_head field from a guest OS user
943+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
944+ fix other possible cases like in CVE-2020-13362 (#961887)
945+ - megasas-fix-possible-out-of-bounds-array-access.patch
946+ Some tracepoints use a guest-controlled value as an index into the
947+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
948+ impact OOB errors here
949+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
950+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
951+ This flaw occurs when an nbd-client sends a spec-compliant request that is
952+ near the boundary of maximum permitted request length. A remote nbd-client
953+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
954+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
955+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
956+ properly validate the frame count, which allows guest OS users to trigger
957+ an out-of-bounds access during an es1370_write() operation
958+ - a few patches from the stable series:
959+ - fix-tulip-breakage.patch
960+ The tulip network driver in a qemu-system-hppa emulation is broken in
961+ the sense that bigger network packages aren't received any longer and
962+ thus even running e.g. "apt update" inside the VM fails. Fix this.
963+ - 9p-lock-directory-streams-with-a-CoMutex.patch
964+ Prevent deadlocks in 9pfs readdir code
965+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
966+ Fix newline accidentally sneaked into id string of a nic
967+ - qemu-nbd-close-inherited-stderr.patch
968+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
969+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
970+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
971+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
972+ - reapply CVE-2020-13253 fixed from upstream:
973+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
974+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
975+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
976+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
977+ Closes: #961297, CVE-2020-13253
978+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
979+ (Closes: #965109)
980+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
981+ - d/control: since qemu-system-data now contains module(s),
982+ it can't be multi-arch. Ditto for qemu-block-extra.
983+ - qemu-system-foo: depend on exact version of qemu-system-data,
984+ due to the latter having modules
985+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
986+ This is another incarnation of the recent bugfix which actually enabled
987+ memory access constraints, like #964247
988+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
989+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
990+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
991+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
992+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
993+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
994+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
995+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
996+ Closes: CVE-2020-15863
997+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
998+ List of patches:
999+ sm501-convert-printf-abort-to-qemu_log_mask.patch
1000+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
1001+ sm501-use-BIT-macro-to-shorten-constant.patch
1002+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
1003+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
1004+ Closes: #961451, CVE-2020-12829
1005+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1006+ another fix for revert-memory-accept-.. CVE-2020-13754
1007+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1008+
1009+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
1010+
1011+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
1012+
1013+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
1014+
1015+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
1016+
1017+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
1018+
1019+ * Merge with Debian testing (LP: #1749393), remaining changes:
1020+ - qemu-kvm to systemd unit
1021+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1022+ hugepages and architecture specifics
1023+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1024+ qemu-kvm-init
1025+ - d/qemu-system-common.install: install helper script
1026+ - d/qemu-system-common.qemu-kvm.default: defaults for
1027+ /etc/default/qemu-kvm
1028+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1029+ - Distribution specific machine type (LP: 1304107 1621042)
1030+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1031+ types
1032+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1033+ for host-phys-bits=true (LP: 1776189)
1034+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1035+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1036+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1037+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1038+ - Enable nesting by default
1039+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1040+ in qemu64 on amd
1041+ [ No more strictly needed, but required for backward compatibility ]
1042+ - improved dependencies
1043+ - Make qemu-system-common depend on qemu-block-extra
1044+ - Make qemu-utils depend on qemu-block-extra
1045+ - let qemu-utils recommend sharutils
1046+ - arch aware kvm wrappers
1047+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1048+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1049+ reference 256k path
1050+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1051+ handle incoming migrations from former releases.
1052+ - d/control-in: Disable capstone disassembler library support (universe)
1053+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1054+ - d/control*, d/rules: disable xen by default, but provide universe
1055+ package qemu-system-x86-xen as alternative
1056+ [includes --disable-xen for user-static builds]
1057+ - d/control-in: disable pmem on ppc64 as it is currently considered
1058+ experimental on that architecture (pmdk v1.8-1)
1059+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1060+ - d/rules: report config log from the correct subdir
1061+ - allow qemu to load old modules post upgrade (LP 1847361)
1062+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1063+ upgrade
1064+ - d/rules: generate maintainer scripts matching package version on build
1065+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1066+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1067+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1068+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1069+ crashes it on shutdown (LP 1878973)
1070+ * Dropped changes (no more needed)
1071+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1072+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1073+ in qemu64 cpu type.
1074+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
1075+ Debian. Fixed by bumping the related Breaks/Replaces to the
1076+ Version Ubuntu introduced the change (LP 1862287)
1077+ * Dropped changes (in Debian)
1078+ - improved s390x support
1079+ - d/binfmt-update-in: fix binfmt being called in some containers
1080+ (LP 1840956)
1081+ - qemu-system-x86-microvm package
1082+ In addition to the generic multi-purpose qemu also provide a minimal
1083+ feature binary that is loading faster for use cases with microvm machine
1084+ type and qboot bios
1085+ - d/control-in: add a new qemu-system-x86-microvm package
1086+ - d/rules: add an extra config/build step to get the minimal qemu
1087+ - Security and packaging fixes (LP 1872937)
1088+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1089+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1090+ CVE-2020-10702
1091+ CVE-2020-11102
1092+ - fix external spice UI
1093+ + install ui-spice-app.so in qemu-system-common
1094+ + install ui-spice-app.so only if built, spice is optional
1095+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1096+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1097+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1098+ - enable riscv build (LP 1872931)
1099+ [ changes picked from Debian ]
1100+ - enable support for riscv64 hosts
1101+ - only enable librbd on architectures where it is built
1102+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1103+ depends on the former
1104+ - seccomp grew up, no need in versioned build-dep
1105+ - enable seccomp only on architectures where it can be built
1106+ * Dropped changes (upstream)
1107+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1108+ (LP 1857033)
1109+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1110+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1111+ vhost-user-gpu
1112+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1113+ avoid unnecessary IOTLB transactions (LP 1866207)
1114+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1115+ patches @qemu-stable (LP 1867519)
1116+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1117+ to avoid broken nesting (LP 1868692)
1118+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1119+ (LP 1871830)
1120+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
1121+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1122+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1123+ and clobbered doubles (LP 1872945)
1124+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1125+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1126+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1127+ - CVE-2020-11869
1128+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1129+ - async: use explicit memory barriers (LP 1805256)
1130+ - aio-wait: delegate polling of main AioContext if BQL not held
1131+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1132+ supporting to set them (LP 1882774)
1133+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1134+ load to a versioned path
1135+ * Added Changes:
1136+ - d/control: regenerate debian/control out of control-in
1137+ - update d/p/ubuntu/lp-1835546-* to the final versions
1138+ - 11 patches dropped as they are in 5.0
1139+ - 20 patches updated to how they will be in 5.1
1140+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1141+ FTBFS in groovy
1142+ - Make qemu-system-x86-microvm a transitional package as the binary is now
1143+ in qemu-system-x86 itself.
1144+ - d/control-in: build-dep libcap is no more needed
1145+ - d/rules: update arch aware kvm wrappers
1146+ - d/qemu-system-x86.README.Debian: fix typo
1147+
1148+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
1149+
1150 qemu (1:5.0-5) unstable; urgency=medium
1151
1152 * more binfmt-install updates
1153@@ -967,6 +2048,188 @@ qemu (1:4.2-4) unstable; urgency=medium
1154
1155 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
1156
1157+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
1158+
1159+ * No-change rebuild against libnettle8
1160+
1161+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
1162+
1163+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
1164+
1165+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1166+ crashes it on shutdown (LP: #1878973)
1167+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1168+ supporting to set them (LP: #1882774)
1169+
1170+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
1171+
1172+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1173+
1174+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1175+ - async: use explicit memory barriers (LP: #1805256)
1176+ - aio-wait: delegate polling of main AioContext if BQL not held
1177+
1178+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1179+
1180+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1181+
1182+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1183+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1184+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1185+ - CVE-2020-11869
1186+
1187+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1188+
1189+qemu (1:4.2-3ubuntu6) focal; urgency=medium
1190+
1191+ [ Christian Ehrhardt ]
1192+ * enable riscv build (LP: #1872931)
1193+ [ changes picked from Debian ]
1194+ - enable support for riscv64 hosts
1195+ - only enable librbd on architectures where it is built
1196+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1197+ depends on the former
1198+ - seccomp grew up, no need in versioned build-dep
1199+ - enable seccomp only on architectures where it can be built
1200+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1201+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1202+ and clobbered doubles (LP: #1872945)
1203+
1204+ [ William Grant ]
1205+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1206+
1207+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1208+
1209+qemu (1:4.2-3ubuntu5) focal; urgency=medium
1210+
1211+ [ Christian Ehrhardt ]
1212+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1213+ (LP: #1871830)
1214+ * Security and packaging fixes (LP: #1872937)
1215+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1216+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1217+ CVE-2020-10702
1218+ CVE-2020-11102
1219+ - fix external spice UI
1220+ + install ui-spice-app.so in qemu-system-common
1221+ + install ui-spice-app.so only if built, spice is optional
1222+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1223+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1224+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1225+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1226+
1227+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1228+
1229+qemu (1:4.2-3ubuntu4) focal; urgency=medium
1230+
1231+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1232+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1233+ to avoid broken nesting (LP: #1868692)
1234+
1235+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1236+
1237+qemu (1:4.2-3ubuntu3) focal; urgency=medium
1238+
1239+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1240+ patches @qemu-stable (LP: #1867519)
1241+
1242+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1243+
1244+qemu (1:4.2-3ubuntu2) focal; urgency=medium
1245+
1246+ * allow qemu to load old modules post upgrade (LP: #1847361)
1247+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1248+ load to a versioned path
1249+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1250+ upgrade
1251+ - d/rules: generate maintainer scripts matching package version on build
1252+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1253+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1254+ avoid unnecessary IOTLB transactions (LP: #1866207)
1255+
1256+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1257+
1258+qemu (1:4.2-3ubuntu1) focal; urgency=medium
1259+
1260+ * Merge with Debian testing, remaining changes:
1261+ - qemu-kvm to systemd unit
1262+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1263+ hugepages and architecture specifics
1264+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1265+ qemu-kvm-init
1266+ - d/qemu-system-common.install: install helper script
1267+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1268+ - d/qemu-system-common.qemu-kvm.default: defaults for
1269+ /etc/default/qemu-kvm
1270+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1271+ - Distribution specific machine type (LP: 1304107 1621042)
1272+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1273+ types
1274+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1275+ for host-phys-bits=true (LP: 1776189)
1276+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1277+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1278+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1279+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1280+ - Enable nesting by default
1281+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1282+ in qemu64 cpu type.
1283+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1284+ in qemu64 on amd
1285+ [ No more strictly needed, but required for backward compatibility ]
1286+ - improved dependencies
1287+ - Make qemu-system-common depend on qemu-block-extra
1288+ - Make qemu-utils depend on qemu-block-extra
1289+ - let qemu-utils recommend sharutils
1290+ - improved s390x support
1291+ - d/rules: build s390-ccw.img with upstream Makefile
1292+ - d/rules: build s390-netboot.img with upstream Makefile
1293+ - arch aware kvm wrappers
1294+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1295+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1296+ reference 256k path
1297+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1298+ handle incoming migrations from former releases.
1299+ - d/control-in: Disable capstone disassembler library support (universe)
1300+ - d/binfmt-update-in: fix binfmt being called in some containers
1301+ (LP 1840956)
1302+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1303+ (LP 1857033)
1304+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1305+ - d/control*, d/rules: disable xen by default, but provide universe
1306+ package qemu-system-x86-xen as alternative
1307+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1308+ - Dropped changes [ in Debian ]
1309+ - d/control: update VCS links
1310+ - d/control-in: bump debhelper build-dep for compat 12
1311+ - d/control: disable bluetooth being deprecated
1312+ - d/not-installed: ignore new interop docs and extra icons for now
1313+ - d/not-installed: do not install elf2dmp until namespaced
1314+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1315+ [ not needed ]
1316+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1317+ - s390x support
1318+ - Create qemu-system-s390x package
1319+ - Enable numa support for s390x
1320+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
1321+ * Added changes
1322+ - d/control: regenerate debian/control out of control-in
1323+ - qemu-system-x86-microvm package
1324+ In addition to the generic multi-purpose qemu also provide a minimal
1325+ feature binary that is loading faster for use cases with microvm machine
1326+ type and qboot bios
1327+ - d/control-in: add a new qemu-system-x86-microvm package
1328+ - d/rules: add an extra config/build step to get the minimal qemu
1329+ - d/control-in: disable pmem on ppc64 as it is currently considered
1330+ experimental on that architecture (pmdk v1.8-1)
1331+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1332+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1333+ vhost-user-gpu
1334+ - d/rules: report config log from the correct subdir
1335+ - d/rules: --disable-xen for user-static builds
1336+
1337+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1338+
1339 qemu (1:4.2-3) unstable; urgency=medium
1340
1341 * mention closing of #909743 in previous changelog (Closes: #909743)
1342@@ -1009,6 +2272,169 @@ qemu (1:4.2-2) unstable; urgency=medium
1343
1344 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
1345
1346+qemu (1:4.2-1ubuntu2) focal; urgency=medium
1347+
1348+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1349+ Debian. Fixed by by bumping the related Breaks/Replaces to the
1350+ Version Ubuntu introduced the change (LP: #1862287)
1351+
1352+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1353+
1354+qemu (1:4.2-1ubuntu1) focal; urgency=medium
1355+
1356+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1357+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1358+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1359+ LP: #1852744 - Crypto Passthrough Interrupt Support
1360+ LP: #1853316 - CCW IPL Support
1361+ Remaining changes:
1362+ - qemu-kvm to systemd unit
1363+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1364+ hugepages and architecture specifics
1365+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1366+ qemu-kvm-init
1367+ - d/qemu-system-common.install: install helper script
1368+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1369+ - d/qemu-system-common.qemu-kvm.default: defaults for
1370+ /etc/default/qemu-kvm
1371+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1372+ - Distribution specific machine type (LP: 1304107 1621042)
1373+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1374+ types
1375+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1376+ for host-phys-bits=true (LP: 1776189)
1377+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1378+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1379+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1380+ - Enable nesting by default
1381+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1382+ in qemu64 cpu type.
1383+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1384+ in qemu64 on amd
1385+ [ No more strictly needed, but required for backward compatibility ]
1386+ - improved dependencies
1387+ - Make qemu-system-common depend on qemu-block-extra
1388+ - Make qemu-utils depend on qemu-block-extra
1389+ - let qemu-utils recommend sharutils
1390+ - s390x support
1391+ - Create qemu-system-s390x package
1392+ - Enable numa support for s390x
1393+ - d/rules: build s390-ccw.img with upstream Makefile
1394+ - d/rules: build s390-netboot.img with upstream Makefile
1395+ - arch aware kvm wrappers
1396+ - d/control: update VCS links
1397+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1398+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1399+ reference 256k path
1400+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1401+ handle incoming migrations from former releases.
1402+ - d/control-in: Disable capstone disassembler library support (universe)
1403+ - d/control: disable bluetooth being deprecated
1404+ - d/not-installed: ignore new interop docs and extra icons for now
1405+ - d/not-installed: do not install elf2dmp until namespaced
1406+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1407+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1408+ - d/binfmt-update-in: fix binfmt being called in some containers
1409+ (LP 1840956)
1410+ - Dropped changes (in Debian)
1411+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1412+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1413+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1414+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1415+ - enable RDMA config option
1416+ - add libibumad-dev build-dep
1417+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1418+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1419+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1420+ replace it with a build-indep using the upstream makefiles.
1421+ This is less prone to miss future changes/fixes that are done to the
1422+ makefiles
1423+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1424+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1425+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1426+ - Refreshed patches for v4.0 context changes
1427+ - d/control*: remove sdlabi which was removed upstream
1428+ - d/control*: enable docs (now explicit) and provide new build-dep
1429+ python3-sphinx
1430+ - d/qemu-system-data.install: use new paths for formerly used icons
1431+ - Merge with Upstream release of qemu 4.0
1432+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1433+ - Dropped changes (Upstream)
1434+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1435+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1436+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1437+ fix i386 build error
1438+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1439+ fix naming of the new vector facitlity (LP 1836066)
1440+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1441+ for missing SIOCGSTAMP definition; final fix is still in discussion
1442+ upstream (LP: 1836159)
1443+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1444+ s390x machines (LP 1836154)
1445+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1446+ (LP 1841066)
1447+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1448+ update the z15 model name (LP 1842774)
1449+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1450+ fix a potential hang when qemu or qemu-img where accessing http backed
1451+ disks via libcurl (LP 1848556)
1452+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
1453+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
1454+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1455+ toleration for future machines (LP 1830704)
1456+ - SECURITY UPDATE: Add support for exposing md-clear functionality
1457+ to guests
1458+ - d/p/ubuntu/enable-md-clear.patch
1459+ - d/p/ubuntu/enable-md-no.patch
1460+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1461+ - SECURITY UPDATE: heap overflow when loading device tree blob
1462+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1463+ copy the device tree blob into is.
1464+ - CVE-2018-20815
1465+ - SECURITY UPDATE: device driver denial of service via NULL pointer
1466+ dereference
1467+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1468+ routine
1469+ - CVE-2019-5008
1470+ - SECURITY UPDATE: information leak in SLiRP
1471+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1472+ emulating ident.
1473+ - CVE-2019-9824
1474+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1475+ unimplement.patch: properly return architecture defined exception
1476+ on bad subcodes of diag 308 (LP 1812384)
1477+ * Dropped changes (no more needed)
1478+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1479+ mv_conffile since the new path is a directory in the old package
1480+ version which can not be handled by mv_conffile.
1481+ [ only needed between disco and eoan ]
1482+ - disable pvrdma
1483+ [ CVEs all fixed now ]
1484+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1485+ avoid misdetection of simplified nesting blocking all migrations
1486+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
1487+ - Enable nesting by default
1488+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1489+ (is default on amd)
1490+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1491+ without nested=1
1492+ [ nesting is default in kernel modules and default selected cpu types ]
1493+ * Added changes
1494+ - d/control: regenerate debian/control out of control-in
1495+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
1496+ - added ubuntu focal types for qemu 4.2
1497+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1498+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1499+ (LP: #1857033)
1500+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1501+ - d/control*, d/rules: disable xen by default, but provide universe
1502+ package qemu-system-x86-xen as alternative
1503+ - fix typos in changelog and d/qemu-system-x86.NEWS
1504+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
1505+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
1506+
1507+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
1508+
1509 qemu (1:4.2-1) unstable; urgency=medium
1510
1511 * new upstream release (4.2.0)
1512@@ -1085,6 +2511,205 @@ qemu (1:4.1-1) unstable; urgency=medium
1513
1514 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
1515
1516+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
1517+
1518+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1519+ fix a potential hang when qemu or qemu-img where accessing http backed
1520+ disks via libcurl (LP: #1848556)
1521+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
1522+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
1523+
1524+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
1525+
1526+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
1527+
1528+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1529+ update the z15 model name (LP: #1842774)
1530+
1531+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
1532+
1533+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
1534+
1535+ * d/binfmt-update-in: fix binfmt being called in some containers
1536+ (LP: #1840956)
1537+
1538+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
1539+
1540+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
1541+
1542+ * No-change upload with strops.h and sys/strops.h removed in glibc.
1543+
1544+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
1545+
1546+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
1547+
1548+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1549+ (LP: #1841066)
1550+
1551+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
1552+
1553+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
1554+
1555+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1556+ s390x machines (LP: #1836154)
1557+
1558+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
1559+
1560+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
1561+
1562+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
1563+ - pick Debian change for (#889885)
1564+ move ovmf to recommends on debian and update aarch ovmf refs
1565+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
1566+
1567+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
1568+
1569+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
1570+
1571+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1572+ for missing SIOCGSTAMP definition; final fix is still in discussion
1573+ upstream (LP: 1836159)
1574+
1575+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
1576+
1577+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
1578+
1579+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1580+ fix naming of the new vector facitlity (LP: #1836066)
1581+ * d/control-in: update VCS links in control template as well
1582+
1583+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
1584+
1585+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
1586+
1587+ * Merge with Upstream release of qemu 4.0.
1588+ Among many other things this fixes LP Bugs:
1589+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
1590+ LP: #1828038 - Update s390x CPU Model for more HW support
1591+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
1592+ Remaining Changes:
1593+ - qemu-kvm to systemd unit
1594+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1595+ hugepages and architecture specifics
1596+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1597+ qemu-kvm-init
1598+ - d/qemu-system-common.install: install helper script
1599+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1600+ - d/qemu-system-common.qemu-kvm.default: defaults for
1601+ /etc/default/qemu-kvm
1602+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1603+ - Enable nesting by default
1604+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1605+ (is default on amd)
1606+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1607+ without nested=1
1608+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1609+ in qemu64 cpu type.
1610+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1611+ in qemu64 on amd
1612+ - d/qemu-system-x86.README.Debian: document intention of nested being
1613+ default is comfort, not full support
1614+ - Distribution specific machine type (LP: 1304107 1621042)
1615+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1616+ types
1617+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1618+ for host-phys-bits=true (LP: 1776189)
1619+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1620+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1621+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1622+ - improved dependencies
1623+ - Make qemu-system-common depend on qemu-block-extra
1624+ - Make qemu-utils depend on qemu-block-extra
1625+ - let qemu-utils recommend sharutils
1626+ - s390x support
1627+ - Create qemu-system-s390x package
1628+ - Enable numa support for s390x
1629+ - arch aware kvm wrappers
1630+ - d/control: update VCS links
1631+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1632+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1633+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1634+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1635+ - enable RDMA config option
1636+ - add libibumad-dev build-dep
1637+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1638+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1639+ reference 256k path
1640+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1641+ handle incoming migrations from former releases.
1642+ - d/control-in: Disable capstone disassembler library support (universe)
1643+ - Move s390x roms to a new qemu-system-data-s390x
1644+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1645+ qemu-system-data
1646+ - d/rules: build s390-ccw.img with upstream Makefile
1647+ - d/rules: build s390-netboot.img with upstream Makefile
1648+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1649+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1650+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1651+ replace it with a build-indep using the upstream makefiles.
1652+ This is less prone to miss future changes/fixes that are done to the
1653+ makefiles
1654+ - d/control-in: add breaks/replaces for moving s390x roms from
1655+ qemu-system-s390x to qemu-system-data
1656+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1657+ [From not yet uploaded Debian branch]
1658+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1659+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1660+ - disable pvrdma - besides several security holes there are many other
1661+ bugs there as well
1662+ * Dropped patches that are upstream in v4.0
1663+ - d/p/do-not-link-everything-with-xen.patch
1664+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
1665+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
1666+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1667+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
1668+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
1669+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
1670+ (LP: 1759509)
1671+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
1672+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
1673+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
1674+ - d/p/ubuntu/CVE-2018-20815.patch
1675+ - d/p/ubuntu/CVE-2019-5008.patch
1676+ - d/p/ubuntu/CVE-2019-9824.patch
1677+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1678+ avoid misdetection of simplified nesting blocking all migrations
1679+ * Dropped further patches
1680+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
1681+ [upstream deprecated the whole subsystem instead of applying the fix]
1682+ * Added Changes
1683+ - updated ubuntu machine types for v4.0
1684+ - added eoan types
1685+ - fixed s390x issue of upstream types having a "v" prefix
1686+ - add back dropped machine types to avoid more issues like LP: 1802944
1687+ - fix kvm split irqchip default in ubuntu q35 machine type
1688+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
1689+ adapt updated CamelCase
1690+ - -hpb types now need to use GlobalProperties
1691+ - pc_compat_2_0 got a _fn suffix and slight changes
1692+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
1693+ SLOF of qemu 4.0
1694+ - Refreshed patches still needed for v4.0 context changes
1695+ - d/p/use-fixed-data-path.patch
1696+ - d/p/ubuntu/enable-svm-by-default.patch
1697+ - d/p/ubuntu/enable-md-clear.patch
1698+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
1699+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
1700+ (LP: #1830243)
1701+ - d/control: disable bluetooth being deprecated
1702+ - d/control*: remove sdlabi which was removed upstream
1703+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
1704+ - d/control*: enable docs (now explicit) and provide new build-dep
1705+ python3-sphinx
1706+ - d/not-installed: ignore new interop docs and extra icons for now
1707+ - d/not-installed: do not install elf2dmp until namespaced
1708+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1709+ - d/qemu-system-data.install: use new paths for formerly used icons
1710+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1711+ fix i386 build error
1712+
1713+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
1714+
1715 qemu (1:3.1+dfsg-8) unstable; urgency=high
1716
1717 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
1718@@ -1187,6 +2812,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
1719
1720 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
1721
1722+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
1723+
1724+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
1725+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
1726+ fix migrations from old machines (LP: #1829868).
1727+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1728+ toleration for future machines (LP: #1830704
1729+
1730+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
1731+
1732+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
1733+
1734+ * SECURITY UPDATE: Add support for exposing md-clear functionality
1735+ to guests
1736+ - d/p/ubuntu/enable-md-clear.patch
1737+ - d/p/ubuntu/enable-md-no.patch
1738+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1739+ * SECURITY UPDATE: heap overflow when loading device tree blob
1740+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1741+ copy the device tree blob into is.
1742+ - CVE-2018-20815
1743+ * SECURITY UPDATE: device driver denial of service via NULL pointer
1744+ dereference
1745+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1746+ routine
1747+ - CVE-2019-5008
1748+ * SECURITY UPDATE: information leak in SLiRP
1749+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1750+ emulating ident.
1751+ - CVE-2019-9824
1752+
1753+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
1754+
1755+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
1756+
1757+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
1758+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
1759+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1760+ mv_conffile since the new path is a directory in the old package
1761+ version which can not be handled by mv_conffile.
1762+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
1763+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
1764+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
1765+ CVE-2019-3812
1766+
1767+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
1768+
1769+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
1770+
1771+ * disable pvrdma - besides several security holes there are many other
1772+ bugs there as well, and the amount of patches applied upstream after
1773+ 3.1 release is large (Closes, or actuallymakes unimportant again)
1774+ - CVE-2018-20123
1775+ - CVE-2018-20124
1776+ - CVE-2018-20125
1777+ - CVE-2018-20126
1778+ - CVE-2018-20191
1779+ - CVE-2018-20216
1780+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1781+ - CVE-2019-6501
1782+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
1783+ - CVE-2019-6778
1784+
1785+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
1786+
1787+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
1788+
1789+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1790+ LP: #1806104 - fix misleading page size error on ppc64el
1791+ LP: #1782205 - SnowRidge enabled new ISAs
1792+ LP: #1786956 - upgrade to qemu >= 3.0
1793+ LP: #1809083 - Backward migration to Xenial on ppc64el
1794+ LP: #1803315 - s390x Huge page enablement
1795+ LP: #1657409 - enable virglrenderer
1796+ Remaining Changes:
1797+ - qemu-kvm to systemd unit
1798+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1799+ hugepages and architecture specifics
1800+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1801+ - d/qemu-system-common.install: install systemd unit and helper script
1802+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1803+ - d/qemu-system-common.qemu-kvm.default: defaults for
1804+ /etc/default/qemu-kvm
1805+ - d/rules: install /etc/default/qemu-kvm
1806+ - Enable nesting by default
1807+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1808+ (is default on amd)
1809+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1810+ without nested=1
1811+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1812+ in qemu64 cpu type.
1813+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1814+ in qemu64 on amd
1815+ - d/qemu-system-x86.README.Debian: document intention of nested being
1816+ default is comfort, not full support
1817+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
1818+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1819+ types
1820+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1821+ for host-phys-bits=true (LP: 1776189)
1822+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1823+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1824+ convenience with all meltdown/spectre workarounds enabled by default.
1825+ (LP: 1761372).
1826+ - improved dependencies
1827+ - Make qemu-system-common depend on qemu-block-extra
1828+ - Make qemu-utils depend on qemu-block-extra
1829+ - let qemu-utils recommend sharutils
1830+ - s390x support
1831+ - Create qemu-system-s390x package
1832+ - Enable numa support for s390x
1833+ - arch aware kvm wrappers
1834+ - d/control: update VCS links (updated to match latest Ubuntu)
1835+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1836+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1837+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1838+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1839+ - enable RDMA config option
1840+ - add libibumad-dev build-dep
1841+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1842+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1843+ reference 256k path
1844+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1845+ handle incoming migrations from former releases.
1846+ - d/control-in: Disable capstone disassembler library support (universe)
1847+ * Added Changes:
1848+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
1849+ for qemu 3.1 in the Ubuntu Disco release
1850+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
1851+ - Move s390x roms to a new qemu-system-data-s390x
1852+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1853+ qemu-system-data
1854+ - d/rules: build s390-ccw.img with upstream Makefile
1855+ - d/rules: build s390x-netboot.img with upstream Makefile
1856+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1857+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1858+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1859+ replace it with a build-indep using the upstream makefiles.
1860+ This is less prone to miss future changes/fixes that are done to the
1861+ makefiles
1862+ - d/control-in: add breaks/replaces for moving s390x roms from
1863+ qemu-system-s390x to qemu-system-data
1864+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1865+ [From not yet uploaded Debian branch]
1866+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1867+ (Closes: #918378)
1868+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1869+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1870+ avoid misdetection of simplified nesting blocking all migrations
1871+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1872+ unimplement.patch: properly return archicture defined exception
1873+ on bad subcodes of diag 308 (LP: #1812384)
1874+ * Dropped Changes:
1875+ - Include s390-ccw.img firmware (old style native build)
1876+ - d/rules enable install s390x-netboot.img (old style native build)
1877+ - libvirt/qemu user/group support
1878+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
1879+ trigger.
1880+ [ Droppable since logind properly sets ACLs now ]
1881+ - qemu-system-common.preinst: add kvm group if needed
1882+ [ Droppable because systemd/udev take care of it since 239-6]
1883+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
1884+ freeze-hook fixes (LP: 1484990)
1885+ [upstream]
1886+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
1887+ merged upstream
1888+ [upstream]
1889+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
1890+ computation while concatenating mbuf.
1891+ CVE-2018-11806
1892+ [upstream]
1893+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
1894+ for powerpc64 to speed up translation (LP: 1781526)
1895+ [upstream]
1896+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
1897+ cpu model for z14 ZR1 (LP: 1780773).
1898+ [upstream]
1899+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
1900+ (Closes: 903562)
1901+ [in Debian]
1902+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
1903+ unreleased Debian version)
1904+ [in Debian]
1905+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
1906+ by migrations with UI frontends or frequent guest resolution changes
1907+ (LP #1755912)
1908+ [upstream]
1909+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
1910+ extend eieio for POWER9 emulation (LP: 1787408).
1911+ [upstream]
1912+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
1913+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
1914+ [upstream]
1915+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
1916+ [upstream]
1917+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
1918+ [upstream]
1919+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
1920+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
1921+ [in Debian]
1922+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1923+ Adapters on s390x (LP: 1787405)
1924+ [upstream]
1925+ - enable opengl for vfio-MDEV support (LP: 1804766)
1926+ [in Debian]
1927+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1928+ [upstream]
1929+ - SECURITY UPDATE: integer overflow via crafted QMP command
1930+ [upstream]
1931+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1932+ [upstream]
1933+ - SECURITY UPDATE: buffer overflow in rtl8139
1934+ [upstream]
1935+ - SECURITY UPDATE: buffer overflow in pcnet
1936+ [upstream]
1937+ - SECURITY UPDATE: DoS via large packet sizes
1938+ [upstream]
1939+ - SECURITY UPDATE: DoS in lsi53c895a
1940+ [upstream]
1941+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1942+ [upstream]
1943+ - SECURITY UPDATE: race condition in 9p
1944+ [upstream]
1945+
1946+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
1947+
1948 qemu (1:3.1+dfsg-2) unstable; urgency=medium
1949
1950 * d/rules: split arch and indep builds
1951@@ -1266,6 +3117,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
1952
1953 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
1954
1955+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
1956+
1957+ [ Marc Deslauriers ]
1958+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
1959+ - debian/patches/CVE-2018-10839.patch: use proper type in
1960+ hw/net/ne2000.c.
1961+ - CVE-2018-10839
1962+ * SECURITY UPDATE: integer overflow via crafted QMP command
1963+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
1964+ guest-file-read in qga/commands-posix.c.
1965+ - CVE-2018-12617
1966+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
1967+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
1968+ - CVE-2018-16847
1969+ * SECURITY UPDATE: buffer overflow in rtl8139
1970+ - debian/patches/CVE-2018-17958.patch: use proper type in
1971+ hw/net/rtl8139.c.
1972+ - CVE-2018-17958
1973+ * SECURITY UPDATE: buffer overflow in pcnet
1974+ - debian/patches/CVE-2018-17962.patch: use proper type in
1975+ hw/net/pcnet.c.
1976+ - CVE-2018-17962
1977+ * SECURITY UPDATE: DoS via large packet sizes
1978+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
1979+ - CVE-2018-17963
1980+ * SECURITY UPDATE: DoS in lsi53c895a
1981+ - debian/patches/CVE-2018-18849.patch: check message length value is
1982+ valid in hw/scsi/lsi53c895a.c.
1983+ - CVE-2018-18849
1984+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
1985+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
1986+ access in hw/ppc/pnv_lpc.c.
1987+ - CVE-2018-18954
1988+ * SECURITY UPDATE: race condition in 9p
1989+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
1990+ hw/9pfs/cofile.c.
1991+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
1992+ hw/9pfs/9p.c.
1993+ - CVE-2018-19364
1994+
1995+ [ Christian Ehrhardt]
1996+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
1997+ Adapters on s390x (LP: #1787405)
1998+ * enable opengl for vfio-MDEV support (LP: #1804766)
1999+ - d/control-in: set --enable-opengl
2000+ - d/control-in: add gl related build-dependencies
2001+
2002+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
2003+
2004+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
2005+
2006+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
2007+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
2008+
2009+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
2010+
2011+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
2012+
2013+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
2014+ The SLOF source pieces in src:qemu are only used for s390x netboot,
2015+ which are independent ROMs (no linking). All other binaries out of this
2016+ are part of src:slof and independent.
2017+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
2018+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
2019+ and related fixes
2020+
2021+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
2022+
2023+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
2024+
2025+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
2026+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
2027+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
2028+
2029+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
2030+
2031+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
2032+
2033+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2034+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
2035+ - CVE-2018-15746
2036+
2037+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
2038+
2039+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
2040+
2041+ [ Murilo Opsfelder Araujo ]
2042+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2043+ extend eieio for POWER9 emulation (LP: #1787408).
2044+
2045+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
2046+
2047+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
2048+
2049+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2050+ by migrations with UI frontends or frequent guest resolution changes
2051+ (LP: #1755912)
2052+
2053+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
2054+
2055+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
2056+
2057+ * Disable capstone disassembler library support (universe dependency)
2058+
2059+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
2060+
2061+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
2062+
2063+ * Merge with Debian testing, Remaining Changes:
2064+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
2065+ - qemu-kvm to systemd unit
2066+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2067+ hugepages and architecture specifics
2068+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2069+ - d/qemu-system-common.install: install systemd unit and helper script
2070+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2071+ - d/qemu-system-common.qemu-kvm.default: defaults for
2072+ /etc/default/qemu-kvm
2073+ - d/rules: install /etc/default/qemu-kvm
2074+ - Enable nesting by default
2075+ - set nested=1 module option on intel. (is default on amd)
2076+ - re-load kvm_intel.ko if it was loaded without nested=1
2077+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2078+ in qemu64 cpu type.
2079+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2080+ in qemu64 on amd
2081+ - d/qemu-system-x86.README.Debian: document intention of nested being
2082+ default is comfort, not full support
2083+ - libvirt/qemu user/group support
2084+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2085+ trigger.
2086+ - qemu-system-common.preinst: add kvm group if needed
2087+ - Distribution specific machine type
2088+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2089+ types to ease future live vm migration.
2090+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2091+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2092+ for host-phys-bits=true (LP: 1776189)
2093+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2094+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2095+ convenience with all meltdown/spectre workarounds enabled by default.
2096+ (LP: 1761372).
2097+ - improved dependencies
2098+ - Make qemu-system-common depend on qemu-block-extra
2099+ - Make qemu-utils depend on qemu-block-extra
2100+ - let qemu-utils recommend sharutils
2101+ - s390x support
2102+ - Create qemu-system-s390x package
2103+ - Include s390-ccw.img firmware
2104+ - Enable numa support for s390x
2105+ - arch aware kvm wrappers
2106+ - update VCS-git (updated to match cosmic)
2107+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2108+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2109+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2110+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2111+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2112+ - d/rules enable install s390x-netboot.img
2113+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2114+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2115+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2116+ reference 256k path
2117+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2118+ handle incoming migrations from former releases.
2119+ - SECURITY UPDATE: Speculative Store Bypass
2120+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2121+ CPUID feature bit in target/i386/cpu.*.
2122+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2123+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2124+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2125+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2126+ target/i386/machine.c.
2127+ - CVE-2018-3639
2128+ * Added Changes:
2129+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2130+ - add cosmic types for base and -hpb
2131+ - drop no more supported types (zesty and yakkety)
2132+ - d/p/series: group machine type changes
2133+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2134+ merged upstream
2135+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2136+ computation while concatenating mbuf.
2137+ CVE-2018-11806
2138+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2139+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2140+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2141+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2142+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2143+ to POWER8
2144+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2145+ is no more needed with systemd-detect-virt being more mature and always
2146+ present.
2147+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2148+ - d/control-in: add libibumad-dev which is now needed for rdma
2149+ - d/rules: update s390x delta to match new Debian packaging
2150+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2151+ for powerpc64 to speed up translation (LP: #1781526)
2152+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2153+ cpu model for z14 ZR1 (LP: #1780773).
2154+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2155+ (Closes: 903562)
2156+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2157+ unreleased Debian version)
2158+ * Dropped Changes:
2159+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2160+ (No more removed when building DFSG orig tarball in Debian)
2161+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2162+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2163+ so we revert related changes to stick with the proven for now:
2164+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2165+ depends on it)
2166+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2167+ (Debian switched to gtk which seems to work better and has all
2168+ dependencies in main.)
2169+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2170+ - Changes that are now upstream with qemu 2.12
2171+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2172+ newer versions of glibc >=2.27 (LP: 1753826)
2173+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2174+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2175+ SSE/AVX/AVX512 cpu features (LP: 1739665)
2176+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2177+ space+commpage continuous which avoids long startup times on
2178+ qemu-user-static (LP: 1740219)
2179+ - provide pseries-2.12-sxxm type (LP: 1761372)
2180+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2181+ filesystem-dax with pmem by backporting align and unarmed options
2182+ (LP: 1704312).
2183+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2184+ option to slirp's DHCP server (LP: 1762315)
2185+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2186+ Protection information (LP: 1762854).
2187+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2188+ migration (LP: 1763468).
2189+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
2190+ CVE-2017-16845
2191+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
2192+ CVE-2018-7550
2193+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2194+ CVE-2018-7858
2195+
2196+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2197+
2198 qemu (1:2.12+dfsg-3) unstable; urgency=medium
2199
2200 * make qemu-system-foo depending
2201@@ -1354,6 +3448,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
2202
2203 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
2204
2205+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2206+
2207+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2208+ for host-phys-bits=true (LP: #1776189)
2209+ - add an info about this change in debian/qemu-system-x86.NEWS
2210+
2211+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2212+
2213+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2214+
2215+ * SECURITY UPDATE: Speculative Store Bypass
2216+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2217+ CPUID feature bit in target/i386/cpu.*.
2218+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2219+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2220+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2221+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2222+ target/i386/machine.c.
2223+ - CVE-2018-3639
2224+
2225+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2226+
2227+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2228+
2229+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
2230+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2231+ in post_load routine in hw/input/ps2.c.
2232+ - CVE-2017-16845
2233+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
2234+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2235+ zero in hw/i386/multiboot.c.
2236+ - CVE-2018-7550
2237+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2238+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2239+ hw/display/vga.c.
2240+ - CVE-2018-7858
2241+
2242+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2243+
2244+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2245+
2246+ * No-change rebuild for ncurses soname changes.
2247+
2248+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2249+
2250+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2251+
2252+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2253+ information (LP: #1762854).
2254+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2255+ (LP: #1763468).
2256+
2257+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2258+
2259+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2260+
2261+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2262+ The Kernel fixes are preferred and already committed to the kernel.
2263+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
2264+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2265+ SSE/AVX/AVX512 cpu features (LP: #1739665)
2266+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2267+ space+commpage continuous which avoids long startup times on
2268+ qemu-user-static (LP: #1740219)
2269+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2270+ convenience with all meltdown/spectre workarounds enabled by default.
2271+ This is not the default type following upstream and x86 on that.
2272+ (LP: #1761372).
2273+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2274+ with pmem by backporting align and unarmed options (LP: #1704312).
2275+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2276+ option to slirp's DHCP server (LP: #1762315)
2277+
2278+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2279+
2280+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2281+
2282+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2283+ accepted to be better long term maintainable (LP: #1753938)
2284+
2285+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2286+
2287+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2288+
2289+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2290+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2291+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2292+ versions of glibc >=2.27 (LP: #1753826)
2293+
2294+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2295+
2296+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2297+
2298+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2299+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2300+ Add domainname option and classless static routes support to the user
2301+ networking's DHCP server
2302+
2303+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2304+
2305+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2306+
2307+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2308+ - among other fixes this adds code to:
2309+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2310+ However, enabling this functionality requires additional configuration
2311+ beyond just updating QEMU. Also migrations need special consideration.
2312+ Details about that can be found at:
2313+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2314+ - Power9 allocation of max 8 threads per core (LP: #1750526)
2315+ * Drop changes that are part of the upstream stable release
2316+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2317+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2318+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2319+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2320+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2321+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2322+ common compat.h header and add some extra info in the patch header.
2323+
2324+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2325+
2326+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2327+
2328+ * Merge with Debian testing, among other fixes this includes
2329+ - fix fatal error on negative maxcpus (LP: #1722495)
2330+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2331+ - linux user threading issues (LP: #1350435)
2332+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2333+ Remaining changes:
2334+ - qemu-kvm to systemd unit
2335+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2336+ hugepages and architecture specifics
2337+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2338+ - d/qemu-system-common.install: install systemd unit and helper script
2339+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2340+ - d/qemu-system-common.qemu-kvm.default: defaults for
2341+ /etc/default/qemu-kvm
2342+ - d/rules: install /etc/default/qemu-kvm
2343+ - Enable nesting by default
2344+ - set nested=1 module option on intel. (is default on amd)
2345+ - re-load kvm_intel.ko if it was loaded without nested=1
2346+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2347+ in qemu64 cpu type.
2348+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2349+ in qemu64 on amd
2350+ - libvirt/qemu user/group support
2351+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2352+ trigger.
2353+ - qemu-system-common.preinst: add kvm group if needed
2354+ - Distribution specific machine type
2355+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2356+ types to ease future live vm migration.
2357+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2358+ - improved dependencies
2359+ - Make qemu-system-common depend on qemu-block-extra
2360+ - Make qemu-utils depend on qemu-block-extra
2361+ - let qemu-utils recommend sharutils
2362+ - s390x support
2363+ - Create qemu-system-s390x package
2364+ - Include s390-ccw.img firmware
2365+ - Enable numa support for s390x
2366+ - ppc64[le] support
2367+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2368+ - arch aware kvm wrappers
2369+ * Added Changes
2370+ - update VCS-git to match the bionic branch
2371+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2372+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2373+ so we revert related changes to stick with the proven for now:
2374+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2375+ depends on it)
2376+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2377+ - d/qemu-system-x86.README.Debian: document intention of nested being
2378+ default is comfort, not full support
2379+ - update Ubuntu machine types for qemu 2.11
2380+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2381+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2382+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2383+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2384+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2385+ - d/rules enable install s390x-netboot.img
2386+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2387+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
2388+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2389+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2390+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2391+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2392+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2393+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2394+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2395+ reference 256k path
2396+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2397+ handle incoming migrations from former releases.
2398+ - d/control-in: enable seccomp on s390x
2399+ * Dropped changes (no more needed):
2400+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2401+ The functionality is retained for upgraders, but is deprecated.
2402+ Post 18.04 the implementation for these configurations will be removed.
2403+ * Dropped changes (in Debian now):
2404+ - ppc64[le] support
2405+ - Enable seccomp for ppc64el
2406+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2407+ - disable missing x32 architecture
2408+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2409+ - d/qemu-system-common.docs: new paths since (ac06724a)
2410+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2411+ by qapi-schema.json which is already packaged (since 4d8bb958)
2412+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2413+ to Debian patch to match qemu 2.10)
2414+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2415+ since 8508eee7
2416+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2417+ - make nios2/hppa not installed explicitly until further stablized
2418+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2419+ qemu-ga-ref
2420+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2421+ along the qapi intro
2422+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2423+ dh_missing that are already provided in other formats qemu-doc,
2424+ qemu-qmp-ref,qemu-ga-ref
2425+ * Dropped changes (integrated upstream):
2426+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2427+ on arm64 when doing suspend/resume and reboots due to older kernels not
2428+ supporting ITS (LP 1731051).
2429+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2430+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2431+ calls (LP 1726394)
2432+ - update to upstream 2.10.1 point release (LP 1722808)
2433+
2434+
2435+
2436+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2437+
2438 qemu (1:2.11+dfsg-1) unstable; urgency=medium
2439
2440 [ Michael Tokarev ]
2441@@ -1468,6 +3795,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
2442
2443 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
2444
2445+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
2446+
2447+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2448+ on arm64 when doing suspend/resume and reboots due to older kernels not
2449+ supporting ITS (LP: #1731051).
2450+
2451+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
2452+
2453+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
2454+
2455+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2456+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2457+ calls (LP: #1726394)
2458+
2459+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
2460+
2461+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
2462+
2463+ * fix enablement of qemu-kvm service (LP: #1720397)
2464+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
2465+ - d/rules: add proper enablement debhelper calls
2466+ - d/qemu-system-common.install: install covered by dh_installinit
2467+
2468+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
2469+
2470+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
2471+
2472+ * update to upstream 2.10.1 point release (LP: #1722808)
2473+
2474+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
2475+
2476+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
2477+
2478+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
2479+ Remaining changes:
2480+ - qemu-kvm to systemd unit
2481+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2482+ hugepages and architecture specifics
2483+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2484+ - d/qemu-system-common.install: install systemd unit and helper script
2485+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2486+ - d/qemu-system-common.qemu-kvm.default: defaults for
2487+ /etc/default/qemu-kvm
2488+ - d/rules: install /etc/default/qemu-kvm
2489+ - Enable nesting by default
2490+ - set nested=1 module option on intel. (is default on amd)
2491+ - re-load kvm_intel.ko if it was loaded without nested=1
2492+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2493+ in qemu64 cpu type.
2494+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2495+ in qemu64 on amd
2496+ - libvirt/qemu user/group support
2497+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2498+ trigger.
2499+ - qemu-system-common.preinst: add kvm group if needed
2500+ - Distribution specific machine type
2501+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2502+ types to ease future live vm migration.
2503+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2504+ - improved dependencies
2505+ - Make qemu-system-common depend on qemu-block-extra
2506+ - Make qemu-utils depend on qemu-block-extra
2507+ - let qemu-utils recommend sharutils
2508+ - s390x support
2509+ - Create qemu-system-s390x package
2510+ - Include s390-ccw.img firmware
2511+ - Enable numa support for s390x
2512+ - ppc64[le] support
2513+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2514+ - Enable seccomp for ppc64el
2515+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2516+ - arch aware kvm wrappers
2517+ - update VCS-git to match the Artful branch
2518+ - disable missing x32 architecture
2519+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2520+ - d/qemu-system-common.docs: new paths since (ac06724a)
2521+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2522+ by qapi-schema.json which is already packaged (since 4d8bb958)
2523+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2524+ to Debian patch to match qemu 2.10)
2525+ - s390x package now builds correctly on all architectures (LP 1710695)
2526+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2527+ since 8508eee7
2528+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2529+ - make nios2/hppa not installed explicitly until further stablized
2530+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2531+ qemu-ga-ref
2532+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2533+ along the qapi intro
2534+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2535+ dh_missing that are already provided in other formats qemu-doc,
2536+ qemu-qmp-ref,qemu-ga-ref
2537+
2538+
2539+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
2540+
2541+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
2542+
2543+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
2544+ Remaining changes:
2545+ - qemu-kvm to systemd unit
2546+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2547+ hugepages and architecture specifics
2548+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2549+ - d/qemu-system-common.install: install systemd unit and helper script
2550+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2551+ - d/qemu-system-common.qemu-kvm.default: defaults for
2552+ /etc/default/qemu-kvm
2553+ - d/rules: install /etc/default/qemu-kvm
2554+ - Enable nesting by default
2555+ - set nested=1 module option on intel. (is default on amd)
2556+ - re-load kvm_intel.ko if it was loaded without nested=1
2557+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2558+ in qemu64 cpu type.
2559+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2560+ in qemu64 on amd
2561+ - libvirt/qemu user/group support
2562+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2563+ trigger.
2564+ - qemu-system-common.preinst: add kvm group if needed
2565+ - Distribution specific machine type
2566+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2567+ types to ease future live vm migration.
2568+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2569+ - improved dependencies
2570+ - Make qemu-system-common depend on qemu-block-extra
2571+ - Make qemu-utils depend on qemu-block-extra
2572+ - let qemu-utils recommend sharutils
2573+ - s390x support
2574+ - Create qemu-system-s390x package
2575+ - Include s390-ccw.img firmware
2576+ - Enable numa support for s390x
2577+ - ppc64[le] support
2578+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2579+ - Enable seccomp for ppc64el
2580+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2581+ - arch aware kvm wrappers
2582+ - update VCS-git to match the Artful branch
2583+ - disable missing x32 architecture
2584+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2585+ - d/qemu-system-common.docs: new paths since (ac06724a)
2586+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2587+ by qapi-schema.json which is already packaged (since 4d8bb958)
2588+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2589+ to Debian patch to match qemu 2.10)
2590+ - s390x package now builds correctly on all architectures (LP 1710695)
2591+ * Added changes:
2592+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2593+ since 8508eee7
2594+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2595+ - make nios2/hppa not installed explicitly until further stablized
2596+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2597+ qemu-ga-ref
2598+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2599+ along the qapi intro
2600+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2601+ dh_missing that are already provided in other formats qemu-doc,
2602+ qemu-qmp-ref,qemu-ga-ref
2603+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
2604+ changes in 2.10-rc4
2605+
2606+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
2607+
2608+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
2609+
2610+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
2611+ a set of bugs
2612+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
2613+ - CPU hot unplug fails after migrating a CPU hotplugged guest
2614+ from source (LP: #1677552)
2615+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
2616+ - New KVM 288 Pass Through (LP: #1672447)
2617+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
2618+ * Remaining changes:
2619+ - qemu-kvm to systemd unit
2620+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2621+ hugepages and architecture specifics
2622+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2623+ - d/qemu-system-common.install: install systemd unit and helper script
2624+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2625+ - d/qemu-system-common.qemu-kvm.default: defaults for
2626+ /etc/default/qemu-kvm
2627+ - d/rules: install /etc/default/qemu-kvm
2628+ - Enable nesting by default
2629+ - set nested=1 module option on intel. (is default on amd)
2630+ - re-load kvm_intel.ko if it was loaded without nested=1
2631+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2632+ in qemu64 cpu type.
2633+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2634+ in qemu64 on amd
2635+ - libvirt/qemu user/group support
2636+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2637+ trigger.
2638+ - qemu-system-common.preinst: add kvm group if needed
2639+ - Distribution specific machine type
2640+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2641+ types to ease future live vm migration.
2642+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2643+ - improved dependencies
2644+ - Make qemu-system-common depend on qemu-block-extra
2645+ - Make qemu-utils depend on qemu-block-extra
2646+ - let qemu-utils recommend sharutils
2647+ - s390x support
2648+ - Create qemu-system-s390x package
2649+ - Include s390-ccw.img firmware
2650+ - Enable numa support for s390x
2651+ - ppc64[le] support
2652+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2653+ - Enable seccomp for ppc64el
2654+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2655+ - arch aware kvm wrappers
2656+ - disable missing x32 architecture
2657+ - update VCS links
2658+ * Added changes
2659+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2660+ - d/qemu-system-common.docs: new paths since (ac06724a)
2661+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2662+ by qapi-schema.json which is already packaged (since 4d8bb958)
2663+ - Updates in debian/patches to match qemu 2.10
2664+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
2665+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
2666+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
2667+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
2668+ - update VCS-git to match the Artful branch
2669+ - s390x package now builds correctly on all architectures (LP: #1710695)
2670+ * Dropped changes (integrated upstream):
2671+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2672+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
2673+ - All CVE fixes formerly applied are upstream and thereby dropped.
2674+
2675+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
2676+
2677 qemu (1:2.8+dfsg-7) unstable; urgency=medium
2678
2679 * uploading to unstable all fixes which went to stretch-security
2680@@ -1577,6 +4136,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
2681
2682 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
2683
2684+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
2685+
2686+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
2687+ This was inadvertently dropped on 2.8 merge.
2688+
2689+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
2690+
2691+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
2692+
2693+ * SECURITY UPDATE: denial of service via leak in virtFS
2694+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
2695+ hw/9pfs/9p.c.
2696+ - CVE-2017-7377
2697+ * SECURITY UPDATE: denial of service in cirrus_vga
2698+ - debian/patches/CVE-2017-7718.patch: check parameters in
2699+ hw/display/cirrus_vga_rop.h.
2700+ - CVE-2017-7718
2701+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
2702+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
2703+ hw/display/cirrus_vga.c.
2704+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
2705+ hw/display/cirrus_vga.c.
2706+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
2707+ in hw/display/cirrus_vga.c.
2708+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
2709+ hw/display/cirrus_vga.c.
2710+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
2711+ in hw/display/cirrus_vga.c.
2712+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
2713+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2714+ hw/display/cirrus_vga_rop2.h.
2715+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
2716+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2717+ hw/display/cirrus_vga_rop2.h.
2718+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
2719+ hw/display/cirrus_vga_rop.h.
2720+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
2721+ hw/display/cirrus_vga.c.
2722+ - CVE-2017-7980
2723+ * SECURITY UPDATE: denial of service via memory leak in virtFS
2724+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
2725+ - CVE-2017-8086
2726+ * SECURITY UPDATE: denial of service via leak in audio
2727+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
2728+ audio/audio.c.
2729+ - CVE-2017-8309
2730+ * SECURITY UPDATE: denial of service via leak in keyboard
2731+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
2732+ ui/input.c.
2733+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
2734+ ui/input.c.
2735+ - CVE-2017-8379
2736+
2737+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
2738+
2739+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
2740+
2741+ * SECURITY UPDATE: DoS in virtio GPU device
2742+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
2743+ max_size in hw/display/virtio-gpu-3d.c.
2744+ - CVE-2016-10028
2745+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
2746+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
2747+ in hw/dma/rc4030.c.
2748+ - CVE-2016-8667
2749+ * SECURITY UPDATE: host filesystem access via virtFS
2750+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
2751+ hw/9pfs/*.
2752+ - CVE-2016-9602
2753+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
2754+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
2755+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
2756+ ui/console.c, ui/vnc.c.
2757+ - CVE-2016-9603
2758+ * SECURITY UPDATE: information leak in virtio GPU device
2759+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
2760+ hw/display/virtio-gpu-3d.c.
2761+ - CVE-2016-9908
2762+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2763+ - debian/patches/CVE-2016-9912.patch: properly free memory in
2764+ hw/display/virtio-gpu.c.
2765+ - CVE-2016-9912
2766+ * SECURITY UPDATE: DoS via virtFS
2767+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
2768+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
2769+ - CVE-2016-9914
2770+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2771+ - debian/patches/CVE-2017-5552.patch: check return value in
2772+ hw/display/virtio-gpu-3d.c.
2773+ - CVE-2017-5552
2774+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2775+ - debian/patches/CVE-2017-5578.patch: check res->iov in
2776+ hw/display/virtio-gpu.c.
2777+ - CVE-2017-5578
2778+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
2779+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
2780+ handling in hw/sd/sdhci.c.
2781+ - CVE-2017-5987
2782+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
2783+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
2784+ hw/usb/hcd-ohci.c.
2785+ - CVE-2017-6505
2786+
2787+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
2788+
2789+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
2790+
2791+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2792+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
2793+
2794+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
2795+
2796+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
2797+
2798+ * Merge with Debian;
2799+ This fixes several CVEs that were reported against qemu 2.8 and also
2800+ includes a few important functional backports (LP: #1667033); remaining
2801+ changes:
2802+ - add qemu-kvm init script and defaults file
2803+ (d/qemu-system-common.qemu-kvm.*)
2804+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2805+ modules and handling /etc/default/qemu-kvm
2806+ - qemu-system-common.preinst: add kvm group if needed
2807+ - Enable nesting by default on intel.
2808+ - set default module option
2809+ - re-load kvm_intel.ko if it was loaded without nested=1
2810+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2811+ default in qemu64 cpu type.
2812+ - Enable svm by default for qemu64 on amd
2813+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
2814+ define distro machine types to ease future live vm migration (includes
2815+ all former follow up fixes).
2816+ - Make qemu-system-common depend on qemu-block-extra
2817+ - Make qemu-utils depend on qemu-block-extra
2818+ - s390x support
2819+ - Create qemu-system-s390x package
2820+ - Include s390-ccw.img firmware
2821+ - qemu-system-common.postinst:
2822+ - change acl placed by udev, and add udevadm trigger.
2823+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2824+ - Several changes were applied but missing in the changelog so far
2825+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2826+ - arch aware kvm wrapper
2827+ - update VCS links
2828+ - let qemu-utils recommend sharutils
2829+ - disable x32 architecture
2830+ - Enable seccomp for ppc64el
2831+ - Enable numa support for s390x
2832+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2833+ init.d-script-missing-dependency-on-remote_fs
2834+ - d/qemu-system-common.postinst: fix lintian error type
2835+ command-with-path-in-maintainer-script
2836+ - Transition qemu-kvm to a systemd unit
2837+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2838+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2839+ that it shows up where the user expects (sytemctl status, kvm stdout)
2840+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2841+ - add arch aware kvm wrapper for s390x
2842+ * Dropped Changes (in Debian now):
2843+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2844+ - d/control-in: change dependencies for fix of wrong acl for newly
2845+ created device node on ubuntu
2846+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2847+ relationship, but qemu-efi is still in universe right now.
2848+ - Disable glusterfs (Universe dependency)
2849+ - no more skip disable libiscsi on Ubuntu
2850+ - d/rules, d/control-in: avoid people editing d/control
2851+ * Added Changes:
2852+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
2853+ power makes 2.3 the minimum level.
2854+
2855+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
2856+
2857 qemu (1:2.8+dfsg-3) unstable; urgency=high
2858
2859 * urgency high due to security fixes
2860@@ -1637,6 +4369,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
2861
2862 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
2863
2864+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
2865+
2866+ * Merge with Debian; remaining changes:
2867+ - add qemu-kvm init script and defaults file
2868+ (d/qemu-system-common.qemu-kvm.*)
2869+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2870+ modules and handling /etc/default/qemu-kvm
2871+ - qemu-system-common.preinst: add kvm group if needed
2872+ - Enable nesting by default on intel.
2873+ - set default module option
2874+ - re-load kvm_intel.ko if it was loaded without nested=1
2875+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2876+ default in qemu64 cpu type.
2877+ - Enable svm by default for qemu64 on amd
2878+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2879+ types to ease future live vm migration.
2880+ - Make qemu-system-common depend on qemu-block-extra
2881+ - Make qemu-utils depend on qemu-block-extra
2882+ - s390x support
2883+ - Create qemu-system-s390x package
2884+ - Include s390-ccw.img firmware
2885+ - qemu-system-common.postinst:
2886+ - change acl placed by udev, and add udevadm trigger.
2887+ - d/control-in: change dependencies for fix of wrong acl for newly
2888+ created device node on ubuntu
2889+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2890+ relationship, but qemu-efi is still in universe right now.
2891+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2892+ - Several changes were applied but missing in the changelog so far
2893+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2894+ - arch aware kvm wrapper
2895+ - update VCS links
2896+ - no more skip disable libiscsi on Ubuntu
2897+ - let qemu-utils recommend sharutils
2898+ - disable x32 architecture
2899+ * Dropped Changes:
2900+ - Several changes were applied but missing in the changelog so far
2901+ but are no more needed
2902+ - no pie for relocatable LD calls, with toolchain defaulting to
2903+ pie (fixed upstream)
2904+ - enable libnuma-dev (now in Debian)
2905+ - transition for moved init scripts (can be dropped after LTS
2906+ containing >=2.5 which is Xenial)
2907+ - --enable-seccomp related whitespace change (had no effect)
2908+ - apport hook for qemu source package (In Debian)
2909+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
2910+ - d/qemu-system-x86.maintscript: transition off of
2911+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
2912+ - Enable pie by default, on ubuntu/s390x. (Is the default since
2913+ >=Xenial, no cloud archive backport <=Xenial to consider)
2914+ - no pie for relocatable LD calls (fixed upstream in commit
2915+ 7ecf44a5)
2916+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
2917+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
2918+ (Improved fix included by upstream)
2919+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
2920+ - Fixed wrong migration blocker when vhost is used (is upstream in
2921+ qemu 2.8)
2922+ * Added Changes:
2923+ - d/rules, d/control-in: avoid people editing d/control by warning
2924+ header and non writable permissions
2925+ - fixed moving trusty machine type definition which made it
2926+ ambiguous (LP: #1641532)
2927+ - d/qemu-system-x86.NEWS describe the issue
2928+ - Enable seccomp for ppc64el (LP: #1644639)
2929+ - Enable numa support for s390x
2930+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2931+ init.d-script-missing-dependency-on-remote_fs
2932+ - d/qemu-system-common.postinst: fix lintian error type
2933+ command-with-path-in-maintainer-script
2934+ - Transition qemu-kvm to a systemd unit
2935+ - Disable glusterfs (Universe dependency)
2936+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2937+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2938+ that it shows up where the user expects (sytemctl status, kvm stdout)
2939+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2940+ - add arch aware kvm wrapper for s390x
2941+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2942+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
2943+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
2944+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
2945+
2946+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
2947+
2948 qemu (1:2.8+dfsg-2) unstable; urgency=medium
2949
2950 * Revert "update binfmt registration for mipsn32"
2951@@ -1755,6 +4571,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
2952
2953 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
2954
2955+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
2956+
2957+ * No-change rebuild to compile against new libxen version.
2958+
2959+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
2960+
2961+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
2962+
2963+ * retain older xenial machine type to avoid issues starting guests
2964+ created on xenial prior to the SRU for bug 1621042. In that regard the old
2965+ broken xenial machine type and the new fixed one have both to be considered
2966+ as valid LTS machine types (LP: #1626070).
2967+
2968+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
2969+
2970+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
2971+
2972+ * fix default ubuntu machine types. (LP: #1621042)
2973+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
2974+ - remove double default and double ubuntu alias
2975+ - drop former devel releases utopic, vivid, wily
2976+ - add xenial and yakkety machine types
2977+ - add q35 based ubuntu machine type starting at xenial
2978+ - add ubuntu machine types on ppc64el and s390x starting at xenial
2979+
2980+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
2981+
2982+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
2983+
2984+ * Enable GPU Passthru for ppc64le (LP: #1541902)
2985+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
2986+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
2987+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
2988+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
2989+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
2990+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
2991+ - 0007-spapr_iommu-Migrate-full-state.patch
2992+ - 0008-spapr_iommu-Add-root-memory-region.patch
2993+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
2994+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
2995+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
2996+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
2997+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
2998+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
2999+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
3000+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
3001+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
3002+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
3003+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
3004+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
3005+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
3006+
3007+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
3008+
3009+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
3010+
3011+ * New upstream release. LP: #1617055.
3012+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3013+
3014+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
3015+
3016 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3017
3018 * Non-maintainer upload.
3019@@ -1788,6 +4665,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3020
3021 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
3022
3023+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
3024+
3025+ * SECURITY UPDATE: DoS via unbounded memory allocation
3026+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
3027+ - CVE-2016-5403
3028+ * SECURITY UPDATE: oob write access while reading ESP command
3029+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
3030+ maximum CDB size and handle migration in hw/scsi/esp.c,
3031+ include/hw/scsi/esp.h, include/migration/vmstate.h.
3032+ - CVE-2016-6351
3033+ * SECURITY UPDATE: infinite loop in virtqueue_pop
3034+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
3035+ length in hw/virtio/virtio.c.
3036+ - CVE-2016-6490
3037+
3038+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
3039+
3040+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
3041+
3042+ * Merge with Debian; remaining changes:
3043+ - debian/rules: do not drop the init scripts loading kvm modules
3044+ (still needed in precise in cloud archive)
3045+ - qemu-system-common.postinst:
3046+ * remove acl placed by udev, and add udevadm trigger.
3047+ * reload kvm_intel if needed to set nested=1
3048+ - qemu-system-common.preinst: add kvm group if needed
3049+ - add qemu-kvm upstart job and defaults file (rules,
3050+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3051+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3052+ do not auto-load the kvm kernel module. Enable nesting by default
3053+ on intel.
3054+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3055+ in qemu64 cpu type.
3056+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3057+ types to ease future live vm migration.
3058+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3059+ d/qemu-system-common.install
3060+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3061+ to fix errors with missing block backends.
3062+ - s390x:
3063+ * Create qemu-system-s390x package
3064+ * Enable pie by default, on ubuntu/s390x.
3065+ * Enable svm by default for qemu64 on amd
3066+ * Include s390-ccw.img firmware
3067+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3068+ relationship, but qemu-efi is still in universe right now.
3069+
3070+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
3071+
3072 qemu (1:2.6+dfsg-3) unstable; urgency=high
3073
3074 * more security fixes picked from upstream:
3075@@ -1841,6 +4767,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
3076
3077 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
3078
3079+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
3080+
3081+ * Merge with Debian; remaining changes: (LP: #1583775)
3082+ - debian/rules: do not drop the init scripts loading kvm modules
3083+ (still needed in precise in cloud archive)
3084+ - qemu-system-common.postinst:
3085+ * remove acl placed by udev, and add udevadm trigger.
3086+ * reload kvm_intel if needed to set nested=1
3087+ - qemu-system-common.preinst: add kvm group if needed
3088+ - add qemu-kvm upstart job and defaults file (rules,
3089+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3090+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3091+ do not auto-load the kvm kernel module. Enable nesting by default
3092+ on intel.
3093+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3094+ in qemu64 cpu type.
3095+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3096+ types to ease future live vm migration.
3097+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3098+ d/qemu-system-common.install
3099+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3100+ to fix errors with missing block backends. (LP: #1495895)
3101+ - s390x:
3102+ * Create qemu-system-s390x package
3103+ * Enable pie by default, on ubuntu/s390x.
3104+ * Enable svm by default for qemu64 on amd
3105+ * Include s390-ccw.img firmware
3106+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3107+ relationship, but qemu-efi is still in universe right now.
3108+ * Drop patches which have been applied upstream:
3109+
3110+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3111+
3112 qemu (1:2.6+dfsg-1) unstable; urgency=medium
3113
3114 * new upstream release
3115@@ -1878,6 +4837,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
3116
3117 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
3118
3119+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3120+
3121+ * Cherrypick upstream patches to support the query-gic-version QMP command
3122+ (LP: #1566564)
3123+
3124+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3125+
3126+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3127+
3128+ [Stefan Bader]
3129+ * Enable svm by default for qemu64 on amd (LP: #1561019)
3130+
3131+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3132+
3133+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3134+
3135+ * qemu-system-s390x only available on s390x, so qemu-system should only
3136+ depend on it on this arch.
3137+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3138+ relationship, but qemu-efi is still in universe right now.
3139+
3140+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3141+
3142+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3143+
3144+ * And actually ship the right things in qemu-system-s390x.
3145+
3146+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3147+
3148+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3149+
3150+ * Create qemu-system-s390x package on ubuntu only.
3151+
3152+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3153+
3154+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3155+
3156+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3157+
3158+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3159+
3160+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3161+
3162+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3163+ (LP: #1556306)
3164+
3165+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3166+
3167+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3168+
3169+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3170+
3171+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3172+
3173+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3174+
3175+ * d/control{-in}: Re-generate and build with libiscsi-dev now
3176+ that its in Ubuntu main (LP: #1271653).
3177+
3178+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3179+
3180+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3181+
3182+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3183+
3184+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3185+
3186+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3187+
3188+ * No-change rebuild for gnutls transition.
3189+
3190+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3191+
3192+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3193+
3194+ * Merge with Debian; remaining changes:
3195+ - debian/rules: do not drop the init scripts loading kvm modules
3196+ (still needed in precise in cloud archive)
3197+ - qemu-system-common.postinst:
3198+ * remove acl placed by udev, and add udevadm trigger.
3199+ * reload kvm_intel if needed to set nested=1
3200+ - qemu-system-common.preinst: add kvm group if needed
3201+ - add qemu-kvm upstart job and defaults file (rules,
3202+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3203+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3204+ do not auto-load the kvm kernel module. Enable nesting by default
3205+ on intel.
3206+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3207+ in qemu64 cpu type.
3208+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3209+ types to ease future live vm migration.
3210+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3211+ d/qemu-system-common.install
3212+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3213+ to fix errors with missing block backends. (LP: #1495895)
3214+ - Enable pie by default, on ubuntu/s390x.
3215+ - Include s390-ccw.img firmware.
3216+
3217+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3218+
3219 qemu (1:2.5+dfsg-5) unstable; urgency=medium
3220
3221 * fix misspellings in previous debian/changelog entry
3222@@ -1935,6 +4994,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
3223
3224 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
3225
3226+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
3227+
3228+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
3229+ contents
3230+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
3231+ hw/block/xen_blkif.h.
3232+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
3233+ hw/display/xenfb.c.
3234+ - CVE-2015-8550
3235+ * SECURITY UPDATE: infinite loop in ehci_advance_state
3236+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
3237+ in hw/usb/hcd-ehci.c.
3238+ - CVE-2015-8558
3239+ * SECURITY UPDATE: host memory leakage in vmxnet3
3240+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
3241+ hw/net/vmxnet3.c.
3242+ - CVE-2015-8567
3243+ - CVE-2015-8568
3244+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
3245+ - debian/patches/CVE-2015-8613.patch: initialise info object with
3246+ appropriate size in hw/scsi/megasas.c.
3247+ - CVE-2015-8613
3248+ * SECURITY UPDATE: DoS via Human Monitor Interface
3249+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
3250+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
3251+ - CVE-2015-8619
3252+ * SECURITY UPDATE: incorrect array bounds check in rocker
3253+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
3254+ check in hw/net/rocker/rocker.c.
3255+ - CVE-2015-8701
3256+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
3257+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
3258+ operations in hw/net/ne2000.c.
3259+ - CVE-2015-8743
3260+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
3261+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
3262+ error in hw/ide/ahci.c.
3263+ - CVE-2016-1568
3264+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
3265+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
3266+ hw/i386/kvmvapic.c.
3267+ - CVE-2016-1922
3268+ * SECURITY UPDATE: e1000 infinite loop
3269+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
3270+ out-of-bounds transfer start in hw/net/e1000.c
3271+ - CVE-2016-1981
3272+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
3273+ engines
3274+ - debian/patches/CVE-2016-2197.patch: add check before calling
3275+ dma_memory_unmap in hw/ide/ahci.c.
3276+ - CVE-2016-2197
3277+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
3278+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
3279+ function in hw/usb/hcd-ehci.c.
3280+ - CVE-2016-2198
3281+
3282+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
3283+
3284+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
3285+
3286+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
3287+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
3288+
3289+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
3290+
3291+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
3292+
3293+ * Include s390-ccw.img firmware.
3294+
3295+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
3296+
3297+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
3298+
3299+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
3300+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
3301+ Thanks Simon. (LP: #1531191)
3302+
3303+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
3304+
3305+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
3306+
3307+ * Merge with Debian; remaining changes:
3308+ - debian/rules: do not drop the init scripts loading kvm modules
3309+ (still needed in precise in cloud archive)
3310+ - qemu-system-common.postinst:
3311+ * remove acl placed by udev, and add udevadm trigger.
3312+ * reload kvm_intel if needed to set nested=1
3313+ - qemu-system-common.preinst: add kvm group if needed
3314+ - add qemu-kvm upstart job and defaults file (rules,
3315+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3316+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3317+ do not auto-load the kvm kernel module. Enable nesting by default
3318+ on intel.
3319+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3320+ in qemu64 cpu type.
3321+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3322+ types to ease future live vm migration.
3323+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3324+ d/qemu-system-common.install
3325+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3326+ to fix errors with missing block backends. (LP: #1495895)
3327+ - Enable pie by default, on ubuntu/s390x.
3328+ * Drop vGICv3 support patches - all is now upstream
3329+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
3330+
3331+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
3332+
3333 qemu (1:2.5+dfsg-1) unstable; urgency=medium
3334
3335 * new upstream release
3336@@ -1961,6 +5127,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
3337
3338 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
3339
3340+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
3341+
3342+ * Enable pie by default, on ubuntu/s390x.
3343+
3344+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
3345+
3346+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
3347+
3348+ * undo the libseccomp delta from debian. libseccomp is indeed available
3349+ on other arches, but we need qemu's configure script to be fixed before
3350+ we can use it on anything other than amd64|i386. Fixes FTBFS.
3351+ (LP: #1522531)
3352+
3353+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
3354+
3355+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
3356+
3357+ * Merge with Debian; remaining changes:
3358+ - Update the ubuntu machine types patch to reflect upstream churn
3359+ - debian/rules: do not drop the init scripts loading kvm modules
3360+ (still needed in precise in cloud archive)
3361+ - qemu-system-common.postinst:
3362+ * remove acl placed by udev, and add udevadm trigger.
3363+ * reload kvm_intel if needed to set nested=1
3364+ - qemu-system-common.preinst: add kvm group if needed
3365+ - add qemu-kvm upstart job and defaults file (rules,
3366+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3367+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3368+ do not auto-load the kvm kernel module. Enable nesting by default
3369+ on intel.
3370+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3371+ in qemu64 cpu type.
3372+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3373+ machine type to ease future live vm migration.
3374+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3375+ d/qemu-system-common.install
3376+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3377+ to fix errors with missing block backends. (LP: #1495895)
3378+ - control-in: build with libseccomp an all architectures
3379+ - Add vGICv3 support
3380+
3381+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
3382+
3383 qemu (1:2.4+dfsg-5) unstable; urgency=medium
3384
3385 * trace-remove-malloc-tracing.patch from upstream.
3386@@ -1973,6 +5182,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
3387
3388 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
3389
3390+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
3391+
3392+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
3393+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
3394+ hw/net/pcnet.c.
3395+ - CVE-2015-7504
3396+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
3397+ - debian/patches/CVE-2015-7512.patch: check packet length in
3398+ hw/net/pcnet.c.
3399+ - CVE-2015-7512
3400+ * SECURITY UPDATE: infinite loop in eepro100
3401+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
3402+ hw/net/eepro100.c.
3403+ - CVE-2015-8345
3404+
3405+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
3406+
3407+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
3408+
3409+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
3410+
3411+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
3412+
3413+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
3414+
3415+ * Merge 2.4 from unstable. Remaining changes:
3416+ - Update the ubuntu machine types patch to reflect upstream churn
3417+ - debian/rules: do not drop the init scripts loading kvm modules
3418+ (still needed in precise in cloud archive)
3419+ - qemu-system-common.postinst:
3420+ * remove acl placed by udev, and add udevadm trigger.
3421+ * reload kvm_intel if needed to set nested=1
3422+ - qemu-system-common.preinst: add kvm group if needed
3423+ - add qemu-kvm upstart job and defaults file (rules,
3424+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3425+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3426+ do not auto-load the kvm kernel module. Enable nesting by default
3427+ on intel.
3428+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3429+ in qemu64 cpu type.
3430+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3431+ machine type to ease future live vm migration.
3432+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3433+ d/qemu-system-common.install
3434+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3435+ to fix errors with missing block backends. (LP: #1495895)
3436+ - control-in: build with libseccomp an all architectures.
3437+ * Add vGICv3 support
3438+
3439+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
3440+
3441 qemu (1:2.4+dfsg-4) unstable; urgency=medium
3442
3443 * applied 3 patches from upstream to fix virtio-net
3444@@ -1987,7 +5247,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
3445 fix for Heap overflow vulnerability in ne2000_receive() function
3446 (Closes: #799074 CVE-2015-5279)
3447 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
3448- (Closes: #799073 CVE-2015-5278)
3449+ (Closes: #799073 CVE-2015-5278)
3450 * some binfmt reorg:
3451 - extend aarch64 to include one more byte as other arches do
3452 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
3453@@ -2039,6 +5299,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
3454
3455 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
3456
3457+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
3458+
3459+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
3460+
3461+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
3462+
3463+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
3464+
3465+ * debian/patches/upstream-fix-irq-route-entries.patch
3466+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
3467+ (LP: #1465935)
3468+
3469+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
3470+
3471+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
3472+
3473+ * Build using libseccomp on all architectures.
3474+
3475+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
3476+
3477+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
3478+
3479+ * SECURITY UPDATE: denial of service via NE2000 driver
3480+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
3481+ hw/net/ne2000.c.
3482+ - CVE-2015-5278
3483+ * SECURITY UPDATE: denial of service and possible code execution via
3484+ heap overflow in NE2000 driver
3485+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
3486+ hw/net/ne2000.c.
3487+ - CVE-2015-5279
3488+ * SECURITY UPDATE: denial of service via e1000 infinite loop
3489+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
3490+ - CVE-2015-6815
3491+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
3492+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
3493+ hw/ide/core.c.
3494+ - CVE-2015-6855
3495+
3496+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
3497+
3498+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
3499+
3500+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
3501+ to fix errors with missing block backends. (LP: #1495895)
3502+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
3503+ * Apply fix for memory corruption during live-migration in tcg mode
3504+ (LP: #1493049)
3505+ * Apply tracing patch to remove use of custom vtable in newer glibc
3506+ (LP: #1491972)
3507+
3508+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
3509+
3510+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
3511+
3512+ * Import qcow2-handle-eagain-from-update_refcount from upstream
3513+ to fix errors when using qemu-img convert -c. (LP: #1491050)
3514+
3515+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
3516+
3517+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
3518+
3519+ * SECURITY UPDATE: process heap memory disclosure
3520+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
3521+ - CVE-2015-5165
3522+ * SECURITY UPDATE: privilege escalation via block device unplugging
3523+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
3524+ in hw/ide/piix.c.
3525+ - CVE-2015-5166
3526+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
3527+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
3528+ limits in ui/vnc.c.
3529+ - CVE-2015-5225
3530+ * SECURITY UPDATE: denial of service via virtio-serial
3531+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
3532+ for control messages in hw/char/virtio-serial-bus.c.
3533+ - CVE-2015-5745
3534+
3535+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
3536+
3537+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
3538+
3539+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
3540+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
3541+ - CVE-2015-3214
3542+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
3543+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
3544+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
3545+ - CVE-2015-5154
3546+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
3547+ - debian/patches/CVE-2015-5158.patch: check length in
3548+ hw/scsi/scsi-bus.c.
3549+ - CVE-2015-5158
3550+
3551+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
3552+
3553+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
3554+
3555+ * SECURITY UPDATE: heap overflow in PCNET controller
3556+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
3557+ - CVE-2015-3209
3558+
3559+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
3560+
3561+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
3562+
3563+ * Merge 1:2.3+dfsg-5 from Debian.
3564+ * Remaining changes:
3565+ - debian/rules: do not drop the init scripts loading kvm modules
3566+ (still needed in precise in cloud archive)
3567+ - qemu-system-common.postinst:
3568+ * remove acl placed by udev, and add udevadm trigger.
3569+ * reload kvm_intel if needed to set nested=1
3570+ - qemu-system-common.preinst: add kvm group if needed
3571+ - add qemu-kvm upstart job and defaults file (rules,
3572+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3573+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3574+ do not auto-load the kvm kernel module. Enable nesting by default
3575+ on intel.
3576+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3577+ in qemu64 cpu type.
3578+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3579+ machine type to ease future live vm migration.
3580+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3581+ d/qemu-system-common.install
3582+ * Refreshed patches:
3583+ - ubuntu/expose-vmx_qemu64cpu.patch
3584+ - ubuntu/define-ubuntu-machine-types.patch
3585+
3586+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
3587+
3588 qemu (1:2.3+dfsg-5) unstable; urgency=high
3589
3590 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
3591@@ -2050,6 +5441,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
3592
3593 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
3594
3595+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
3596+
3597+ * Merge 1:2.3+dfsg-4 from Debian.
3598+ * Remaining changes:
3599+ - debian/rules: do not drop the init scripts loading kvm modules
3600+ (still needed in precise in cloud archive)
3601+ - qemu-system-common.postinst:
3602+ * remove acl placed by udev, and add udevadm trigger.
3603+ * reload kvm_intel if needed to set nested=1
3604+ - qemu-system-common.preinst: add kvm group if needed
3605+ - add qemu-kvm upstart job and defaults file (rules,
3606+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3607+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3608+ do not auto-load the kvm kernel module. Enable nesting by default
3609+ on intel.
3610+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3611+ in qemu64 cpu type.
3612+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3613+ machine type to ease future live vm migration.
3614+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3615+ d/qemu-system-common.install
3616+ * Dropped all patches which are applied upstream
3617+ * Move the upstart jobs to a generic script
3618+ - add new qemu-kvm-init script
3619+ - call that from upstart and sysvrc qemu-kvm scripts
3620+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
3621+
3622+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
3623+
3624 qemu (1:2.3+dfsg-4) unstable; urgency=medium
3625
3626 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
3627@@ -2111,6 +5531,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
3628
3629 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
3630
3631+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
3632+
3633+ * SECURITY UPDATE: denial of service in vnc web
3634+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
3635+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
3636+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
3637+ websockets clients in ui/vnc-ws.c.
3638+ - CVE-2015-1779
3639+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
3640+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
3641+ bounds of the allocated buffer in hw/block/fdc.c.
3642+ - CVE-2015-3456
3643+
3644+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
3645+
3646+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
3647+
3648+ * CVE-2015-2756 / XSA-126
3649+ - xen: limit guest control of PCI command register
3650+
3651+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
3652+
3653+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
3654+
3655+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
3656+ accidentally create /1
3657+
3658+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
3659+
3660+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
3661+
3662+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
3663+
3664+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
3665+
3666+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
3667+
3668+ * No-change rebuild to pull in libxl-4.5.
3669+
3670+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
3671+
3672+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
3673+
3674+ * debian/control-in: enable numa on architectures where numa is built
3675+ (LP: #1417937)
3676+
3677+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
3678+
3679+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
3680+
3681+ [Scott Moser]
3682+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
3683+ profile when started by libvirt.
3684+
3685+ [Serge Hallyn]
3686+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
3687+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
3688+ (LP: #1419855)
3689+
3690+ [Chris J Arges]
3691+ * Determine if we are running inside a virtual environment. If running inside
3692+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
3693+
3694+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
3695+
3696+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
3697+
3698+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
3699+ - debian/rules: do not drop the init scripts loading kvm modules
3700+ (still needed in precise in cloud archive)
3701+ * Remaining changes:
3702+ - qemu-system-common.postinst:
3703+ * remove acl placed by udev, and add udevadm trigger.
3704+ * reload kvm_intel if needed to set nested=1
3705+ - qemu-system-common.preinst: add kvm group if needed
3706+ - add qemu-kvm upstart job and defaults file (rules,
3707+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3708+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3709+ do not auto-load the kvm kernel module. Enable nesting by default
3710+ on intel.
3711+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3712+ in qemu64 cpu type.
3713+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3714+ machine type to ease future live vm migration.
3715+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3716+ d/qemu-system-common.install
3717+ * Dropped all patches which are applied upstream
3718+ * Update ubuntu-vivid machine type to default to std graphics (following
3719+ upstream's lead for pc-i440fx-2.2 machine type)
3720+
3721+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
3722+
3723 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
3724
3725 * fix initscript removal once again
3726@@ -2160,6 +5672,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
3727
3728 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
3729
3730+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
3731+
3732+ * Cherrypick upstream patch needed to allow ESx hosts to run under
3733+ kvm (LP: #1411575)
3734+
3735+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
3736+
3737+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
3738+
3739+ * Merge 2.1+dfsg-11. Remaining changes:
3740+ - qemu-system-common.postinst:
3741+ * remove acl placed by udev, and add udevadm trigger.
3742+ * reload kvm_intel if needed to set nested=1
3743+ - qemu-system-common.preinst: add kvm group if needed
3744+ - add qemu-kvm upstart job and defaults file (rules,
3745+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3746+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3747+ do not auto-load the kvm kernel module. Enable nesting by default
3748+ on intel.
3749+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3750+ removed the alternatives bit later.
3751+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3752+ in qemu64 cpu type.
3753+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3754+ machine type to ease future live vm migration.
3755+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3756+ d/qemu-system-common.install
3757+ - debian/binfmt-update-in: support ppcle
3758+ * debian/binfmt-update-in
3759+ * Support-ppcle.patch
3760+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
3761+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3762+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3763+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3764+ * Dropped patches (upstream or now in debian's tree):
3765+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
3766+ - CVE-2014-7840.patch
3767+ - CVE-2014-8106.patch
3768+
3769+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
3770+
3771 qemu (1:2.1+dfsg-11) unstable; urgency=medium
3772
3773 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
3774@@ -2229,6 +5782,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
3775
3776 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
3777
3778+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
3779+
3780+ * SECURITY UPDATE: code execution via savevm data
3781+ - debian/patches/CVE-2014-7840.patch: validate parameters in
3782+ arch_init.c.
3783+ - CVE-2014-7840
3784+ * SECURITY UPDATE: code execution via cirrus vga blit regions
3785+ (LP: #1400775)
3786+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
3787+ hw/display/cirrus_vga.c.
3788+ - CVE-2014-8106
3789+
3790+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
3791+
3792+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
3793+
3794+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
3795+ dropped and VENDOR now will be all capital UBUNTU).
3796+
3797+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
3798+
3799+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
3800+
3801+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3802+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3803+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3804+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
3805+ SPSel=0 in certain conditions. (LP: #1349277)
3806+
3807+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
3808+
3809+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
3810+
3811+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
3812+ Cherry-pick of qemu-upstream patch to fix issues with persistent
3813+ grants and the PV backend (Qdisk) (LP: #1394327).
3814+
3815+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
3816+
3817+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
3818+
3819+ * Merge 2.1+dfsg-7. Remaining changes:
3820+ - qemu-system-common.postinst:
3821+ * remove acl placed by udev, and add udevadm trigger.
3822+ * reload kvm_intel if needed to set nested=1
3823+ - qemu-system-common.preinst: add kvm group if needed
3824+ - add qemu-kvm upstart job and defaults file (rules,
3825+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3826+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3827+ do not auto-load the kvm kernel module. Enable nesting by default
3828+ on intel.
3829+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3830+ removed the alternatives bit later.
3831+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3832+ in qemu64 cpu type.
3833+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3834+ machine type to ease future live vm migration.
3835+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3836+ d/qemu-system-common.install
3837+ - debian/binfmt-update-in: support ppcle
3838+ * debian/binfmt-update-in
3839+ * Support-ppcle.patch
3840+ * Dropped patches (upstream or now in debian's tree):
3841+ - pc-reserve-more-memory-for-acpi.patch
3842+ - CVE-2014-5388.patch
3843+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
3844+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
3845+ in debian)
3846+ - CVE-2014-3615.patch
3847+ - CVE-2014-3640.patch
3848+ - CVE-2014-3689.patch
3849+ - CVE-2014-7815.patch
3850+
3851+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
3852+
3853 qemu (2.1+dfsg-7) unstable; urgency=high
3854
3855 * urgency is high due to 2 security fixes
3856@@ -2280,6 +5908,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
3857
3858 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
3859
3860+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
3861+
3862+ * SECURITY UPDATE: information disclosure via vga driver
3863+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
3864+ sanity check register writes, and don't use fixed buffer sizes in
3865+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
3866+ ui/spice-display.c.
3867+ - CVE-2014-3615
3868+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
3869+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
3870+ stub in slirp/udp.c.
3871+ - CVE-2014-3640
3872+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
3873+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
3874+ hw/display/vmware_vga.c.
3875+ - CVE-2014-3689
3876+ * SECURITY UPDATE: denial of service via VNC console
3877+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
3878+ ui/vnc.c.
3879+ - CVE-2014-7815
3880+
3881+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
3882+
3883+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
3884+
3885+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
3886+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
3887+
3888+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
3889+
3890+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
3891+
3892+ * Apply two patches to fix intermittent qemu-img corruption
3893+ (LP: #1368815)
3894+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
3895+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
3896+
3897+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
3898+
3899+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
3900+
3901+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
3902+ debian does.
3903+
3904+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
3905+
3906+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
3907+
3908+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
3909+ versa.
3910+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
3911+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
3912+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
3913+ machine type for that.
3914+
3915+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
3916+
3917+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
3918+
3919+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
3920+ container. (LP: #1370199)
3921+ * load kvm module on ppc64le at boot (LP: #1369785)
3922+ - debian/rules: install qemu-kvm on ppc64el
3923+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
3924+ kvm-hv module if available
3925+ * qemu-system-x86.maintscript: remove accidentally installed
3926+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
3927+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
3928+ ubuntu.
3929+
3930+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
3931+
3932+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
3933+
3934+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
3935+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
3936+
3937+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
3938+
3939+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
3940+
3941+ * move kvm_intel nested setting to qemu-system-x86.postinst.
3942+
3943+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
3944+
3945+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
3946+
3947+ * Merge new debian release
3948+ * Remaining changes:
3949+ - qemu-system-common.postinst:
3950+ * remove acl placed by udev, and add udevadm trigger.
3951+ * reload kvm_intel if needed to set nested=1
3952+ - qemu-system-common.preinst: add kvm group if needed
3953+ - add qemu-kvm upstart job and defaults file (rules,
3954+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3955+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3956+ do not auto-load the kvm kernel module. Enable nesting by default
3957+ on intel.
3958+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3959+ removed the alternatives bit later.
3960+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3961+ in qemu64 cpu type.
3962+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3963+ machine type to ease future live vm migration.
3964+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3965+ d/qemu-system-common.install
3966+ - debian/binfmt-update-in: support ppcle
3967+ * debian/binfmt-update-in
3968+ * Support-ppcle.patch
3969+ - d/p/CVE-2014-5388.patch
3970+
3971+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
3972+
3973 qemu (2.1+dfsg-4) unstable; urgency=medium
3974
3975 * mention libnuma-dev but not enable for now
3976@@ -2297,6 +6038,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
3977
3978 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
3979
3980+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
3981+
3982+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
3983+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
3984+ - CVE-2014-5388
3985+
3986+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
3987+
3988+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
3989+
3990+ * replace d/p/revert-acpi-table-size-bump with
3991+ pc-reserve-more-memory-for-acpi.patch from upstream
3992+ * debian/binfmt-update-in
3993+ - don't run in a container
3994+ - add ppc64le as target (LP: #1358268)
3995+ * Add experimental ppcle support (LP: #1358268)
3996+
3997+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
3998+
3999+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
4000+
4001+ * revert-acpi-table-size-bump - get qemu -kernel working again.
4002+
4003+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
4004+
4005+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
4006+
4007+ * Merge new debian release
4008+ * Remaining changes:
4009+ - control-in: stick to libsdl1.2-dev.
4010+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4011+ qemu-bridge-helper
4012+ - qemu-system-common.postinst: remove acl placed by udev,
4013+ and add udevadm trigger.
4014+ - qemu-system-common.preinst: add kvm group if needed
4015+ - add qemu-kvm upstart job and defaults file (rules,
4016+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4017+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4018+ do not auto-load the kvm kernel module. Enable nesting by default
4019+ on intel.
4020+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4021+ removed the alternatives bit later.
4022+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4023+ in qemu64 cpu type.
4024+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4025+ machine type to ease future live vm migration.
4026+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4027+ d/qemu-system-common.install
4028+ * Upstart job: use getent group to check for kvm group
4029+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
4030+
4031+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
4032+
4033 qemu (2.1+dfsg-3) unstable; urgency=medium
4034
4035 * set SHELL = /bin/sh -e, so that more complex shell constructs
4036@@ -2323,6 +6117,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
4037
4038 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
4039
4040+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
4041+
4042+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
4043+
4044+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
4045+
4046+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
4047+
4048+ * Merge new debian release
4049+ * Remaining changes:
4050+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4051+ have in ipxe-qemu package.
4052+ - control-in: stick to libsdl1.2-dev.
4053+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4054+ qemu-bridge-helper
4055+ - qemu-system-common.postinst: remove acl placed by udev,
4056+ and add udevadm trigger.
4057+ - qemu-system-common.preinst: add kvm group if needed
4058+ - add qemu-kvm upstart job and defaults file (rules,
4059+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4060+ - debian/rules: add qemu-kvm-spice
4061+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4062+ do not auto-load the kvm kernel module. Enable nesting by default
4063+ on intel.
4064+ - binfmt-update-in: make sure to filter out compat arches.
4065+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4066+ removed the alternatives bit later.
4067+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4068+ in qemu64 cpu type.
4069+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4070+ machine type to ease future live vm migration.
4071+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4072+ d/qemu-system-common.install
4073+
4074+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
4075+
4076 qemu (2.1+dfsg-2) unstable; urgency=medium
4077
4078 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
4079@@ -2357,7 +6187,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
4080
4081 qemu (2.0.0+dfsg-7) unstable; urgency=medium
4082
4083- * clarify description of qemu-user-binfmt a bit
4084+ * clarify description of qemu-user-binfmt a bit
4085 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
4086 * remove qemu-keymaps package, since it is not used by other tools
4087 anymore, and ship keymaps in qemu-system-common.
4088@@ -2374,6 +6204,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
4089
4090 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
4091
4092+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
4093+
4094+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
4095+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
4096+
4097+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
4098+
4099+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
4100+
4101+ * Merge 2.0.0+dfsg-6. Remaining changes:
4102+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4103+ have in ipxe-qemu package.
4104+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
4105+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4106+ qemu-bridge-helper
4107+ - qemu-system-common.postinst: remove acl placed by udev,
4108+ and add udevadm trigger.
4109+ - qemu-system-common.preinst: add kvm group if needed
4110+ - add qemu-kvm upstart job and defaults file (rules,
4111+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4112+ - debian/rules: add qemu-kvm-spice
4113+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4114+ do not auto-load the kvm kernel module. Enable nesting by default
4115+ on intel.
4116+ - binfmt-update-in: make sure to filter out compat arches.
4117+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4118+ removed the alternatives bit later.
4119+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4120+ in qemu64 cpu type.
4121+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4122+ machine type to ease future live vm migration.
4123+ - re-introduce apport hook for qemu source package:
4124+ d/source_qemu-kvm.py, d/qemu-system-common.install
4125+ * enable-build-dep on libjpeg8-dev - which is now in main
4126+
4127+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
4128+
4129 qemu (2.0.0+dfsg-6) unstable; urgency=medium
4130
4131 * build-depend on libgnutls28-dev not libgnutls-dev
4132@@ -2417,6 +6284,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
4133
4134 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
4135
4136+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
4137+
4138+ * remove alternatives for qemu: different architectures
4139+ aren't really alternatives and never had been (LP: #1316829)
4140+
4141+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
4142+
4143+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
4144+
4145+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
4146+ * debian/control: drop the versioning requirement from libfdt-dev
4147+ build-dependency, as it is longer needed (LP: #1295072)
4148+
4149+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
4150+
4151+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
4152+
4153+ * Merge 2.0.0+dfsg-2
4154+ * Incorporates a fix for spice users (LP: #1309452)
4155+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
4156+ the regression requiring it was reverted for 2.0 upstream.
4157+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
4158+ * debian/qemu-debootstrap: add arm64
4159+ * Remaining changes from debian:
4160+ - keep qemu 'alternative' (not something to change in SRU)
4161+ - debian/control and debian/control-in:
4162+ * versioned libfdt-dev check, until libfdt is fixed in precise
4163+ * enable rbd
4164+ * remove ovmf Recommends, as it is in multiverse
4165+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
4166+ * add a qemu-system-aarch64 metapackage for transitions from trusty
4167+ development version. This can be removed after trusty.
4168+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4169+ qemu-bridge-helper
4170+ - qemu-system-common.postinst: fix /dev/kvm acls
4171+ - qemu-system-common.preinst: add kvm group if needed
4172+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4173+ have in ipxe-qemu package.
4174+ - qemu-system-x86.modprobe: set module options for older releases
4175+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
4176+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
4177+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
4178+ - debian/rules
4179+ * add legacy kvm-spice link
4180+ * fix ppc and arm slections
4181+ * add aarch64 to user_targets
4182+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
4183+ pc-i440fx-trusty machine type as the default.
4184+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
4185+ default in qemu64 cpu time.
4186+
4187+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
4188+
4189 qemu (2.0.0+dfsg-2) unstable; urgency=medium
4190
4191 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
4192@@ -2442,7 +6362,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
4193 * kmod dependency is linux-any
4194 * doc-grammify-allows-to.patch: fix some lintian warnings
4195 * remove alternatives for qemu: different architectures
4196- aren't really alternatives and never had been
4197+ aren't really alternatives and never had been
4198 * update Standards-Version to 3.9.5 (no changes needed)
4199 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
4200 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
4201@@ -2476,6 +6396,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
4202
4203 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
4204
4205+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
4206+
4207+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
4208+ don't abort() just because the kernel has no dirty bitmap.
4209+ (LP: #1303926)
4210+
4211+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
4212+
4213+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
4214+
4215+ * define-trusty-machine-type.patch: update the trusty machine type name to
4216+ pc-i440fx-trusty (LP: #1304107)
4217+
4218+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
4219+
4220+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
4221+
4222+ * Merge 2.0.0-rc1
4223+ * debian/rules: consolidate ppc filter entries.
4224+ * Move qemu-system-arch64 into qemu-system-arm
4225+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
4226+ type, currently the same as pc-i440fx-2.0, to put is in a better position
4227+ to enable live migrations from trusty onward. (LP: #1294823)
4228+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
4229+ * Merge latest upstream git to commit dc9528f
4230+ * Debian/rules:
4231+ - remove -enable-uname-release=2.6.32
4232+ - don't make the aarch64 target Ubuntu-specific.
4233+ * Remove patches which are now upstream:
4234+ - fix-smb-security-share.patch
4235+ - slirp-smb-redirect-port-445-too.patch
4236+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
4237+ - signal-added-a-wrapper-for-sigprocmask-function.patch
4238+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4239+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4240+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
4241+ * add link for /usr/share/qemu/bios-256k.bin
4242+ * Remove all linaro patches.
4243+ * Remove all arm64/ patches. Many but not all are upstream.
4244+ * Remove CVE-2013-4377.patch which is upstream.
4245+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
4246+
4247+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
4248+
4249 qemu (1.7.0+dfsg-9) unstable; urgency=medium
4250
4251 * remove rbd/rados/ceph support *again*, till they'll actually provide
4252@@ -2540,6 +6504,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
4253
4254 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
4255
4256+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
4257+
4258+ * No-change rebuild to build with libxen-4.4.
4259+
4260+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
4261+
4262+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
4263+
4264+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
4265+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
4266+
4267+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
4268+
4269+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
4270+
4271+ [ dann frazier ]
4272+ * Add patches from the susematz tree to avoid intermittent segfaults:
4273+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
4274+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4275+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4276+
4277+ [ Serge Hallyn ]
4278+ * Modify do_sigprocmask to only change behavior for aarch64.
4279+ (LP: #1285363)
4280+
4281+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
4282+
4283+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
4284+
4285+ [ Steve Langasek ]
4286+ * Merge debian/control with unreleased Debian branch: our architecture
4287+ lists should now be in sync.
4288+
4289+ [ Dann Frazier ]
4290+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
4291+ on arm64 and maybe others. (LP: #1284344)
4292+
4293+ [ Serge Hallyn ]
4294+ * Move the OVMF.fd link to the ovmf package.
4295+
4296+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
4297+
4298+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
4299+
4300+ * Add ppc64el to the architecture list (supposedly added in the previous
4301+ upload, but really wasn't).
4302+
4303+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
4304+
4305+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
4306+
4307+ * Backport changes to enable qemu-user-static support for aarch64
4308+ * debian/control: add ppc64el to Architectures
4309+ * debian/rules: only install qemu-system-aarch64 on arm64.
4310+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
4311+ debian/qemu-system-aarch64 directory
4312+
4313+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
4314+
4315+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
4316+
4317+ * Fix broken filter_binfmts
4318+ * Remove use of dpkg-version in postinsts, as we're not Depending on
4319+ dpkg-dev.
4320+
4321+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
4322+
4323+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
4324+
4325+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
4326+ - debian/patches/ubuntu:
4327+ * expose-vmx_qemu64cpu.patch
4328+ * linaro (omap3) and arm64 patches
4329+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
4330+ on ppc
4331+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
4332+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
4333+ - debian/control:
4334+ * add arm64 to Architectures
4335+ * add qemu-common and qemu-system-aarch64 packages
4336+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
4337+ - debian/qemu-system-common.preinst: add kvm group
4338+ - debian/qemu-system-common.postinst: remove acl placed by udev,
4339+ and add udevadm trigger.
4340+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
4341+ pxe-e1000 and pxe-rtl8139.
4342+ - add qemu-system-x86.qemu-kvm.upstart and .default
4343+ - qemu-user-static.postinst-in: remove arm64 binfmt
4344+ - debian/rules:
4345+ * allow parallel build
4346+ * add aarch64 to system_targets and sys_systems
4347+ * add qemu-kvm-spice links
4348+ * install qemu-system-x86.modprobe
4349+ - add debian/qemu-system-common.links for OVMF.fd link
4350+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
4351+
4352+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
4353+
4354 qemu (1.7.0+dfsg-3) unstable; urgency=low
4355
4356 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
4357@@ -2565,6 +6627,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
4358
4359 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
4360
4361+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
4362+
4363+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
4364+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
4365+
4366+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
4367+
4368+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
4369+
4370+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
4371+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
4372+ virtio device unplugging.
4373+ - CVE-2013-4377
4374+
4375+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
4376+
4377+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
4378+
4379+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
4380+ powerpc.
4381+
4382+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
4383+
4384+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
4385+
4386+ [ Serge Hallyn ]
4387+ * add arm64 patchset from upstream. The three arm virt patches previously
4388+ pushed are in that set, so drop them.
4389+
4390+ [ dann frazier ]
4391+ * Add packaging for qemu-system-aarch64. This package is currently only
4392+ available for arm64, as full software emulation is not yet supported.
4393+
4394+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
4395+
4396+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
4397+
4398+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
4399+ supported any longer.
4400+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
4401+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
4402+ churn caused by linaro patchset.
4403+ * debian/rules: enable parallel builds.
4404+
4405+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
4406+
4407+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
4408+
4409+ * d/control: enable usbredir (LP: 1126390)
4410+
4411+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
4412+
4413+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
4414+
4415+ * add missing arm virt patches from the mach-virt-v7 branch of
4416+ git://git.linaro.org/people/cdall/qemu-arm.git
4417+
4418+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
4419+
4420+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
4421+
4422+ * debian/control: add arm64 to list of architectures.
4423+
4424+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
4425+
4426+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
4427+
4428+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
4429+ - debian/control
4430+ * update maintainer
4431+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4432+ from build-deps
4433+ * enable rbd
4434+ * add qemu-system and qemu-common B/R to qemu-keymaps
4435+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4436+ qemu-system-common
4437+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4438+ - add qemu-common, qemu-kvm, kvm to B/R
4439+ - remove openbios-sparc from qemu-system-sparc D
4440+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4441+ * qemu-system-x86:
4442+ - add qemu-common to Breaks/Replaces.
4443+ - add cpu-checker to Recommends.
4444+ * qemu-user: add B/R:qemu-kvm
4445+ * qemu-kvm:
4446+ - add armhf armel powerpc sparc to Architecture
4447+ - C/R/P: qemu-kvm-spice
4448+ * add qemu-common package
4449+ * drop qemu-slof which is not packaged in ubuntu
4450+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4451+ - qemu-system-x86.links:
4452+ * remove pxe rom links which are in kvm-ipxe
4453+ - debian/rules
4454+ * add kvm-spice symlink to qemu-kvm
4455+ * call dh_installmodules for qemu-system-x86
4456+ * update dh_installinit to install upstart script
4457+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4458+ - Add qemu-utils.links for kvm-* symlinks.
4459+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4460+ - Add qemu-system-x86.modprobe to set nesting=1
4461+ - Add qemu-system-common.preinst to add kvm group
4462+ - qemu-system-common.postinst: remove bad group acl if there, then have
4463+ udev relabel /dev/kvm.
4464+ - New linaro patches from qemu-linaro rebasing branch
4465+ - Dropped patches:
4466+ * linaro patchset
4467+ * mach-virt patchset
4468+ - Kept patches:
4469+ * expose_vms_qemu64cpu.patch
4470+ * fix-pci-add
4471+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4472+ qemu-bridge-helper
4473+
4474+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 07 Dec 2013 06:08:11 +0000
4475+
4476 qemu (1.7.0+dfsg-2) unstable; urgency=low
4477
4478 * switch from vgabios to seavgabios
4479@@ -2594,6 +6771,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
4480
4481 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Nov 2013 03:14:21 +0400
4482
4483+qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
4484+
4485+ * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
4486+ to prevent lts-to-lts updates from breaking. (LP: #1243403)
4487+
4488+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:31:05 -0500
4489+
4490+qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
4491+
4492+ * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
4493+ - debian/control
4494+ * update maintainer
4495+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4496+ from build-deps
4497+ * enable rbd
4498+ * add qemu-system and qemu-common B/R to qemu-keymaps
4499+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4500+ qemu-system-common
4501+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4502+ - add qemu-kvm to Provides
4503+ - add qemu-common, qemu-kvm, kvm to B/R
4504+ - remove openbios-sparc from qemu-system-sparc D
4505+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4506+ * qemu-system-x86:
4507+ - add qemu-common to Breaks/Replaces.
4508+ - add cpu-checker to Recommends.
4509+ * qemu-user: add B/R:qemu-kvm
4510+ * qemu-kvm:
4511+ - add armhf armel powerpc sparc to Architecture
4512+ - C/R/P: qemu-kvm-spice
4513+ * add qemu-common package
4514+ * drop qemu-slof which is not packaged in ubuntu
4515+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4516+ - qemu-system-x86.links:
4517+ * remove pxe rom links which are in kvm-ipxe
4518+ * add symlink for kvm.1 manpage
4519+ - debian/rules
4520+ * add kvm-spice symlink to qemu-kvm
4521+ * call dh_installmodules for qemu-system-x86
4522+ * update dh_installinit to install upstart script
4523+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4524+ - Add qemu-utils.links for kvm-* symlinks.
4525+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4526+ - Add qemu-system-x86.modprobe to set nesting=1
4527+ - Add qemu-system-common.preinst to add kvm group
4528+ - qemu-system-common.postinst: remove bad group acl if there, then have
4529+ udev relabel /dev/kvm.
4530+ - New linaro patches from qemu-linaro rebasing branch
4531+ - Dropped patches:
4532+ * xen-simplify-xen_enabled.patch
4533+ * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
4534+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4535+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4536+ * virtio-rng-fix-crash
4537+ - Kept patches:
4538+ * expose_vms_qemu64cpu.patch - updated
4539+ * linaro arm patches from qemu-linaro rebasing branch
4540+ - New patches:
4541+ * fix-pci-add: change CONFIG variable in ifdef to make sure that
4542+ pci_add is defined.
4543+ * Add linaro patches
4544+ * Add experimental mach-virt patches for arm virtualization.
4545+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4546+ qemu-bridge-helper
4547+
4548+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 22 Oct 2013 22:47:07 -0500
4549+
4550 qemu (1.6.0+dfsg-2) unstable; urgency=low
4551
4552 * Build-depend in seccomp again once it is in -testing
4553@@ -2664,6 +6908,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium
4554
4555 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 06 Jun 2013 01:50:32 +0400
4556
4557+qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
4558+
4559+ * No change rebuild for new seccomp.
4560+
4561+ -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 18:34:50 -0400
4562+
4563+qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
4564+
4565+ * Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
4566+ - virtio-rng-fix-crash
4567+
4568+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Oct 2013 17:46:49 -0500
4569+
4570+qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low
4571+
4572+ * Re-introduce snippet in upstart job to load kvm modules if needed.
4573+ (LP: #1218459)
4574+
4575+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Sep 2013 22:43:52 +0000
4576+
4577+qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low
4578+
4579+ * Cherry-picking three Xen related patches targetted for qemu-stable:
4580+ * xen-simplify-xen_enabled.patch
4581+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4582+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4583+
4584+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 26 Jul 2013 15:01:44 +0200
4585+
4586+qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low
4587+
4588+ * Drop openbios-ppc and openhackware Depends to Suggests for now.
4589+
4590+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Jun 2013 03:23:56 -0600
4591+
4592+qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low
4593+
4594+ * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes:
4595+ - debian/control
4596+ * update maintainer
4597+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4598+ from build-deps
4599+ * enable rbd
4600+ * add qemu-system and qemu-common B/R to qemu-keymaps
4601+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4602+ qemu-system-common
4603+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4604+ - add qemu-kvm to Provides
4605+ - add qemu-common, qemu-kvm, kvm to B/R
4606+ - remove openbios-sparc from qemu-system-sparc D
4607+ * qemu-system-x86:
4608+ - add qemu-common to Breaks/Replaces.
4609+ - add cpu-checker to Recommends.
4610+ * qemu-user: add B/R:qemu-kvm
4611+ * qemu-kvm:
4612+ - add armhf armel powerpc sparc to Architecture
4613+ - C/R/P: qemu-kvm-spice
4614+ * add qemu-common package
4615+ * drop qemu-slof which is not packaged in ubuntu
4616+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4617+ - qemu-system-x86.links:
4618+ * remove pxe rom links which are in kvm-ipxe
4619+ * add symlink for kvm.1 manpage
4620+ - debian/rules
4621+ * add kvm-spice symlink to qemu-kvm
4622+ * call dh_installmodules for qemu-system-x86
4623+ * update dh_installinit to install upstart script
4624+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4625+ - Add qemu-utils.links for kvm-* symlinks.
4626+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4627+ - Add qemu-system-x86.modprobe to set nesting=1
4628+ - Add qemu-system-common.preinst to add kvm group
4629+ - qemu-system-common.postinst: remove bad group acl if there, then have
4630+ udev relabel /dev/kvm.
4631+ - Dropped patches:
4632+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4633+ - Kept patches:
4634+ * expose_vms_qemu64cpu.patch - updated
4635+ * gridcentric patch - updated
4636+ * linaro arm patches from qemu-linaro rebasing branch
4637+
4638+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Jun 2013 22:56:43 +0200
4639+
4640 qemu (1.5.0+dfsg-3) unstable; urgency=low
4641
4642 * fix sections: misc => otherosfs
4643@@ -2683,6 +7010,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low
4644
4645 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Jun 2013 01:49:47 +0400
4646
4647+qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low
4648+
4649+ * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes:
4650+ - debian/control
4651+ * update maintainer
4652+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4653+ from build-deps
4654+ * enable rbd
4655+ * add qemu-system and qemu-common B/R to qemu-keymaps
4656+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4657+ qemu-system-common
4658+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4659+ - add qemu-kvm to Provides
4660+ - add qemu-common, qemu-kvm, kvm to B/R
4661+ - remove openbios-sparc from qemu-system-sparc D
4662+ * qemu-system-x86:
4663+ - add qemu-common to Breaks/Replaces.
4664+ - add cpu-checker to Recommends.
4665+ * qemu-user: add B/R:qemu-kvm
4666+ * qemu-kvm:
4667+ - add armhf armel powerpc sparc to Architecture
4668+ - C/R/P: qemu-kvm-spice
4669+ * add qemu-common package
4670+ * drop qemu-slof which is not packaged in ubuntu
4671+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4672+ - qemu-system-x86.links:
4673+ * remove pxe rom links which are in kvm-ipxe
4674+ * add symlink for kvm.1 manpage
4675+ - debian/rules
4676+ * add kvm-spice symlink to qemu-kvm
4677+ * call dh_installmodules for qemu-system-x86
4678+ * update dh_installinit to install upstart script
4679+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4680+ - Add qemu-utils.links for kvm-* symlinks.
4681+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4682+ - Add qemu-system-x86.modprobe to set nesting=1
4683+ - Add qemu-system-common.preinst to add kvm group
4684+ - qemu-system-common.postinst: remove bad group acl if there, then have
4685+ udev relabel /dev/kvm.
4686+ - Dropped patches:
4687+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4688+ - Kept patches:
4689+ * expose_vms_qemu64cpu.patch - updated
4690+ * gridcentric patch - updated
4691+ * linaro arm patches from qemu-linaro rebasing branch
4692+
4693+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 May 2013 08:18:30 -0500
4694+
4695 qemu (1.5.0+dfsg-2) unstable; urgency=low
4696
4697 * merged development history of wheezy and experimental branches.
4698@@ -2750,6 +7125,76 @@ qemu (1.4.0+dfsg-2exp) experimental; urgency=low
4699
4700 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 18 Apr 2013 14:45:30 +0400
4701
4702+qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low
4703+
4704+ * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177)
4705+ * qemu-system-x86.qemu-kvm.upstart:
4706+ - remove NESTED workarounds from upstart file.
4707+ - remove loading of modules which is now always done
4708+ - remove TAPR define which is no longer used
4709+ * move customizable defines back to qemu-kvm.default
4710+ * copy creation of group kvm to preinst - the group must exist when the
4711+ kvm udev rule is installed (LP: #1103022) (LP: #1092715)
4712+ * add adduser to qemu-system-common Pre-Depends for use by preinst.
4713+
4714+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Mar 2013 14:21:53 -0500
4715+
4716+qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low
4717+
4718+ * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on
4719+ i386/amd64 targets. (LP: #1126258)
4720+
4721+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 28 Feb 2013 15:17:16 -0600
4722+
4723+qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low
4724+
4725+ * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing
4726+ tree.
4727+ * add qemu-common to qemu-system-common B/R (was accidentally dropped from
4728+ 1.3.0 in 1.4.0 merge).
4729+ * debian/control: fix kvm P/C/B/R:
4730+ - make all C/B/R against kvm versioned
4731+ - don't have any qemu-system-* other than x86 Provides: kvm
4732+
4733+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Feb 2013 13:34:07 -0600
4734+
4735+qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low
4736+
4737+ * Merge 1.4.0+dfsg-1exp from debian. Remaining changes:
4738+ - debian/control:
4739+ * update maintainer
4740+ * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps
4741+ * enable rbd
4742+ * add qemu-system and qemu-common B/R to qemu-keymaps
4743+ * add D:udev and R:qemu to qemu-system-common
4744+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4745+ - add qemu-kvm and kvm to Provides
4746+ - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc,
4747+ qemu-system-sparc:
4748+ - remove openbios-$arch from Depends
4749+ * qemu-system-x86:
4750+ - add qemu-common to Breaks/Replaces.
4751+ - add cpu-checker to Recommends.
4752+ * qemu-user:
4753+ - add B/R qemu-kvm
4754+ * qemu-utils:
4755+ - add B/R qemu-user and qemu-kvm
4756+ * qemu-kvm: add armhf armel powerpc sparc to Architecture
4757+ * add qemu-common package
4758+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4759+ - qemu-system-x86.links:
4760+ * remove pxe rom links which are in kvm-ipxe
4761+ * add symlink for kvm.1 manpage
4762+ - Add qemu-utils.links for kvm-* symlinks.
4763+ - Add qemu-kvm.conf upstart job to qemu-system
4764+ - Clear /dev/kvm acls on install
4765+ - Add linaro arm patches.
4766+ - Add gridcentric patches.
4767+ - Re-add expose_vms_qemu64cpu.patch (from Daviey)
4768+ * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4769+
4770+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 11:58:27 -0600
4771+
4772 qemu (1.4.0+dfsg-1exp) experimental; urgency=low
4773
4774 [ Michael Tokarev ]
4775@@ -2805,6 +7250,116 @@ qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low
4776
4777 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 02 Feb 2013 21:05:28 +0400
4778
4779+qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low
4780+
4781+ * qemu-system-common.postinst: only run setfacl when /dev/kvm exists.
4782+ (LP: #1130591)
4783+
4784+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 08:58:53 -0600
4785+
4786+qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low
4787+
4788+ * Update workarounds for udev/inotify: (LP: #1092715)
4789+ - qemu-system-common.udev: go back to original, simple rule
4790+ - qemu-system-common.postinst: manually run setfacl
4791+ - (keep Depends: on acl as well)
4792+ - this can be removed once bug 1092715 is fixed.
4793+
4794+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 19 Feb 2013 12:41:22 -0600
4795+
4796+qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low
4797+
4798+ * Now that qemu provides spice support, and qemu-kvm-spice is removed from
4799+ the archive, have qemu-kvm (which qemu-kvm-spice always depended on)
4800+ P/C/R qemu-kvm-spice.
4801+
4802+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Feb 2013 13:43:27 -0600
4803+
4804+qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low
4805+
4806+ * Enable spice.
4807+ * Address lintian warning by adding ${misc:Depends} to qemu-common and
4808+ qemu-kvm.
4809+
4810+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 12 Feb 2013 16:07:04 -0600
4811+
4812+qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low
4813+
4814+ [ Serge Hallyn ]
4815+ * Merge 1.3.0+dfsg-5exp from Debian.
4816+ * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1:
4817+ - debian/control:
4818+ * update maintainer
4819+ * remove vde2 recommends
4820+ * build-deps: remove libusbredir, libvdeplug2-dev,
4821+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev
4822+ * qemu-system:
4823+ - break/replace qemu-common
4824+ - depend on udev
4825+ - remove openbios-ppc, openbios-sparc, and openhackware from
4826+ Depends. (Intend to add them back once we can build them.)
4827+ * qemu-utils: break/replace qemu-kvm
4828+ - qemu-kvm.upstart:
4829+ - add qemu-system.qemu-kvm.upstart
4830+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4831+ - take the defaults from the old qemu-kvm.defaults, and move them into
4832+ the upstart job
4833+ - debian/patches:
4834+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4835+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4836+ - add links for qemu-ifup/down in qemu-system-common.links
4837+ - debian/qemu-system-common.postinst
4838+ - udevadm trigger to fix up /dev/kvm perms
4839+ - debian/qemu-system.links:
4840+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4841+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4842+ back to qemu-system at some point.
4843+ * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1:
4844+ - qemu-system-common.links: add link for OVMF
4845+ - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages.
4846+ - qemu-system.links:
4847+ * Add link to usr/share/ovmf/OVMF.fd
4848+ * Fix target of /etc/kvm/kvm-if{up,down} links
4849+ - debian/control: qemu-system should Recommend cpu-checker
4850+ - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4851+ (i.e.) qemu-x86_64.
4852+ - add qemu-kvm, and qemu-common transitional packages.
4853+ - Add breaks/replaces to qemu-keymaps for qemu-system.
4854+ - Add provides: qemu-kvm and kvm to qemu-system-ppc.
4855+ - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common.
4856+ - Add breaks/replaces to qemu-kvm for qemu-common.
4857+ - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm.
4858+ - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional
4859+ package.
4860+ - Add qemu-common package.
4861+ - Make sure /dev/kvm gets its acls cleared:
4862+ * Add acl to qemu-system.depends
4863+ * update qemu-system.udev to run setfacl to set g::rw acl
4864+ - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4865+ * dropped debian/patches/CVE-2012-6075.patch (duplicate of
4866+ e1000-discard-oversize-packets-based-on-SBP_LPE.patch)
4867+ * debian/{control,configure-opts}: enable rbd (LP: #1118406)
4868+ * add symlink for kvm.1 -> qemu.1 manpage (LP: #1117636)
4869+ * add replaces to qemu-system-common for qemu - we briefly moved conflicting
4870+ docs to qemu, which debian moved to qemu-system-common. This can be
4871+ dropped after raring.
4872+ * move qemu-kvm.upstart from qemu-system to qemu-system-x86.
4873+ * Support upgrade from qemu-kvm on non-x86 arches:
4874+ - Add Provides: qemu-kvm, kvm to qemu-system-{arm,ppc,sparc,x86}
4875+ - Add Breaks/Replaces for qemu-{common,system,kvm} and kvm.
4876+ * Re-add expose_vms_qemu64cpu.patch (from Daviey) from quantal.
4877+
4878+ [ Steve Langasek ]
4879+ * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that
4880+ we have a sensible baseline kernel value regardless of what the
4881+ underlying host kernel is. This makes eglibc happier when running under
4882+ emulation on a very old kernel for instance (whose host syscall ABI has
4883+ nothing to do with what emulated syscalls are supported), and probably
4884+ also lets us steer clear for the moment of code that has problem with
4885+ the new kernel upstream versioning convention. LP: #921078.
4886+
4887+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Feb 2013 14:15:26 -0600
4888+
4889 qemu (1.3.0+dfsg-5exp) experimental; urgency=low
4890
4891 * qemu-system-split: split qemu-system into several target-specific packages:
4892@@ -2884,6 +7439,106 @@ qemu (1.3.0+dfsg-2exp) experimental; urgency=low
4893
4894 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 20 Jan 2013 22:12:11 +0400
4895
4896+qemu (1.3.0+dfsg-1~exp3ubuntu8) raring; urgency=low
4897+
4898+ * qemu-system.links:
4899+ - Add link to usr/share/ovmf/OVMF.fd (LP: #1074207)
4900+ - Fix target of /etc/kvm/kvm-if{up,down} links
4901+
4902+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Jan 2013 10:52:22 -0600
4903+
4904+qemu (1.3.0+dfsg-1~exp3ubuntu7) raring; urgency=low
4905+
4906+ * debian/control: qemu-system should Recommend cpu-checker (LP: #1103982)
4907+
4908+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 28 Jan 2013 11:52:10 -0600
4909+
4910+qemu (1.3.0+dfsg-1~exp3ubuntu6) raring; urgency=low
4911+
4912+ * configure-opts: add audio-cards list (LP: #1102487)
4913+ * configure-opts: change order of audio-drv-list for ubuntu, putting pa
4914+ first.
4915+
4916+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 12:02:09 -0600
4917+
4918+qemu (1.3.0+dfsg-1~exp3ubuntu5) raring; urgency=low
4919+
4920+ * Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4921+ (i.e.) qemu-x86_64. (LP: #1102332)
4922+
4923+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 21 Jan 2013 08:58:07 -0600
4924+
4925+qemu (1.3.0+dfsg-1~exp3ubuntu4) raring; urgency=low
4926+
4927+ * Move three docs from qemu-system.install to qemu.docs (LP: #1101798)
4928+
4929+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 20:12:48 -0700
4930+
4931+qemu (1.3.0+dfsg-1~exp3ubuntu3) raring; urgency=low
4932+
4933+ * debian/patches/CVE-2012-6075.patch: Fix guest denial of service and
4934+ possible code execution in hw/e1000.c by dropping oversize packets.
4935+
4936+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 19 Jan 2013 07:31:50 -0700
4937+
4938+qemu (1.3.0+dfsg-1~exp3ubuntu2) raring; urgency=low
4939+
4940+ * debian/rules: empty MAKEFLAGS when building spapr-rtas.bin on powerpc, to
4941+ fix FTBFS due to parallel compile.
4942+
4943+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Jan 2013 15:51:09 -0600
4944+
4945+qemu (1.3.0+dfsg-1~exp3ubuntu1) raring; urgency=low
4946+
4947+ * Merge 1.3.0+dfsg-1~exp3. Remaining ubuntu delta:
4948+ - debian/control:
4949+ * update maintainer
4950+ * remove vde2 recommends
4951+ * build-deps: remove libusbredir, libvdeplug2-dev,
4952+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev,
4953+ and libxen-dev.
4954+ * qemu-keymaps: break/replace qemu-common
4955+ * qemu-system:
4956+ - break/replace qemu-common
4957+ - depend on udev
4958+ - remove openbios-ppc, openbios-sparc, and openhackware from
4959+ Depends. (Intend to add them back once we can build them.)
4960+ - provides: qemu-kvm
4961+ * qemu-utils: break/replace qemu-kvm
4962+ * set up transitional packages for qemu-kvm, qemu-common, and kvm.
4963+ - qemu-kvm.upstart:
4964+ - add qemu-system.qemu-kvm.upstart
4965+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4966+ - take the defaults from the old qemu-kvm.defaults, and move them into
4967+ the upstart job
4968+ - debian/patches:
4969+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4970+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4971+ - ifup/down:
4972+ - copy Debian qemu-kvm's kvm-ifup/down into debian/
4973+ - fix dh_install for kvm-ifup/down in debian/rules
4974+ - add links for qemu-ifup/down in qemu-system.links
4975+ - remove (debian's original) qemu-ifup from qemu-system.install
4976+ - debian/qemu-system.postinst
4977+ - udevadm trigger to fix up /dev/kvm perms
4978+ - make the 'qemu' symlink point to qemu-system-x86_64, not -i386.
4979+ - debian/qemu-system.links:
4980+ - point 'kvm' to qemu-system-x86_64
4981+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4982+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4983+ back to qemu-system at some point.
4984+ * Add note about kvm to qemu-system.README.debian.
4985+ * Copy kvm-ifup and kvm-ifdown from debian's qemu-kvm
4986+ * Remove TAPBR from qemu-kvm.conf.
4987+ * Make sure /dev/kvm gets its acls cleared:
4988+ - Add acl to qemu-system.depends
4989+ - update qemu-system.udev to run setfacl to set g::rw acl
4990+ * qemu-system.qemu-kvm.conf: don't rmmod at stop
4991+ * Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4992+ * Remove hugepages sysctl file - qemu now supports transparent hugepages.
4993+
4994+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Jan 2013 23:22:51 -0600
4995+
4996 qemu (1.3.0+dfsg-1~exp3) experimental; urgency=low
4997
4998 * enable vde on kFreebsd too (no idea why it was disabled)
4999@@ -2968,6 +7623,107 @@ qemu (1.3.0+dfsg-1~exp1) experimental; urgency=low
5000
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches