Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:merge-7.2-lunar into ubuntu/+source/qemu:debian/sid

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. merge-7.2-lunar
  4. Merge into debian/sid
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: caaae9d1a3fa849ffe2381ac5235b4e4b0717ea6
Proposed branch: ~paelzer/ubuntu/+source/qemu:merge-7.2-lunar
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 6922 lines (+6313/-13)
16 files modified
debian/changelog (+4885/-3)
debian/control (+55/-8)
debian/control-in (+5/-2)
debian/patches/series (+6/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+911/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/patches/ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch (+44/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/qemu-system-x86.NEWS (+80/-0)
debian/qemu-system-x86.README.Debian (+47/-0)
debian/rules (+11/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+435185@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~paelzer/+archive/ubuntu/lunar-virt-stack-updates/+packages

Branch and tags are pushed:
 + 4e0d9ad5a3...95cd0fa304 merge-7.2-lunar -> merge-7.2-lunar
 * [new tag] lp1993438/logical/1%2.6.1+dfsg-0ubuntu5 -> lp1993438/logical/1%2.6.1+dfsg-0ubuntu5
 * [new tag] lp1993438/old/debian -> lp1993438/old/debian
 * [new tag] lp1993438/reconstruct/1%7.0+dfsg-7ubuntu4 -> lp1993438/reconstruct/1%7.0+dfsg-7ubuntu4
 * [new tag] lp1993438/new/debian -> lp1993438/new/debian
 * [new tag] lp1993438/old/ubuntu -> lp1993438/old/ubuntu
 * [new tag] lp1993438/split/1%7.0+dfsg-7ubuntu4 -> lp1993438/split/1%7.0+dfsg-7ubuntu4

Extended testing on this will be done when libvirt is also ready, but we can prepare by reviewing this branch already to sort out anything we missed.

I'm usually asking to mostly pay attention to the cpu types as there we have most often mistakes,
Sadly last cycle one slipped all our eyes (using an old machine type 6_2 instead of 7_0).
So again - of all the things this is the one with the most need for an extra pair of eyes.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Claiming this review

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

I mostly did mechanical checks, for the split and logical tags (note the logical tag version is incorrect, but the content is correct). I also noticed the missing changelog entry about the headers update patch, but since this is being dropped from the delta, no further action needed.

I checked some other drops that were done because the changes were incorporated upstream, also fine.

The ubuntu machine type patch, I looked more closely, and didn't spot any changes different from the last time. Kinetic is no longer default, lunar is, version 7.2, it looks correct.

New nfs support, which is in main, also ok. Curious to experiment with it.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: paelzer, ahasenack
Uploaders: paelzer, ahasenack
MP auto-approved

review: Approve
~paelzer/ubuntu/+source/qemu:merge-7.2-lunar updated
9ead696... by Christian Ehrhardt 

changelog: one more bug to track as closed (LP: #1959966)

Signed-off-by: Christian Ehrhardt <email address hidden>

3fb9d8e... by Christian Ehrhardt 

changelog: one more bug to track as closed (LP: #1999885)

Signed-off-by: Christian Ehrhardt <email address hidden>

caaae9d... by Christian Ehrhardt 

changelog: one more bug to track as closed (LP: #1957924)

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Autopkgtest look good (althorugh superficial)

  - qemu/1:7.2+dfsg-1ubuntu1~lunarppa7
    + ✅ qemu on lunar for amd64 @ 01.02.23 07:16:56 Log️ 🗒️
    + ✅ qemu on lunar for arm64 @ 02.02.23 10:14:56 Log️ 🗒️
    + ✅ qemu on lunar for armhf @ 02.02.23 10:05:44 Log️ 🗒️
    + ✅ qemu on lunar for ppc64el @ 02.02.23 10:14:09 Log️ 🗒️
    + ✅ qemu on lunar for s390x @ 02.02.23 11:54:10 Log️ 🗒️

Regression tests now also look good (after several fixes to the tests, not the package)
But I'll rebase to the latest qemu upload, so they will need to re-run.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Retested with 1:7.2+dfsg-2ubuntu1~lunarppa1

prep (x86_64) : Pass 25 F/S/N 0/0/0 - RC 0 (16 min 52963 lin)
migrate (x86_64) : Pass 280 F/S/N 0/0/0 - RC 0 (63 min 230119 lin)
cross (x86_64) : Pass 78 F/S/N 0/0/1 - RC 0 (130 min 126999 lin)
misc (x86_64) : Pass 73 F/S/N 0/0/0 - RC 0 (31 min 44074 lin)

prep (s390x) : Pass 25 F/S/N 0/0/0 - RC 0 (61 min 43308 lin)
migrate (s390x) : Pass 260 F/S/N 0/5/0 - RC 0 (69 min 164891 lin)
cross (s390x) : Pass 78 F/S/N 0/0/1 - RC 0 (186 min 115421 lin)
misc (s390x) : Pass 67 F/S/N 0/0/0 - RC 0 (40 min 33311 lin)

prep (ppc64le) : Pass 25 F/S/N 0/0/0 - RC 0 (108 min 50837 lin)
migrate (ppc64le): Pass 256 F/S/N 0/0/12 - RC 0 (185 min 189198 lin)
cross (ppc64le) : Pass 40 F/S/N 0/0/8 - RC 0 (188 min 97032 lin)
misc (ppc64le) : Pass 48 F/S/N 0/1/0 - RC 0 (28 min 29371 lin)

So far here also all looks fine \o/

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Fully ready - but uploaded for a test rebuild in PPA against proposed (new libxen, new libc, new ...)

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Complete
Uploading ...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 1832c2f..0ade2b6 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,84 @@
6+qemu (1:7.2+dfsg-2ubuntu1) lunar; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #1993438), among many other fixes
9+ this resolvs these bugs:
10+ (LP: #1957924) - support for querying stats,
11+ (LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
12+ (LP: #1959966) - guest dump encryption with customer keys (s390x)
13+ (LP: #1999885) - pv: don't allow userspace to set the clock under PV
14+ (LP: #1957924) - add filtering of statistics by target vCPU
15+ remaining changes:
16+ - qemu-kvm to systemd unit
17+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
18+ hugepages and architecture specifics
19+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
20+ qemu-kvm-init
21+ - d/qemu-system-common.install: install helper script
22+ - d/qemu-system-common.qemu-kvm.default: defaults for
23+ /etc/default/qemu-kvm
24+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
25+ - Distribution specific machine type
26+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
27+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
28+ types containing release versioned machine attributes
29+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
30+ for host-phys-bits=true
31+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
32+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
33+ - Enable nesting by default
34+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
35+ in qemu64 on amd
36+ [ No more strictly needed, but required for backward compatibility ]
37+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
38+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
39+ reference 256k path
40+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
41+ handle incoming migrations from former releases.
42+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
43+ - Ease the use of module retention on upgrades (LP 1913421)
44+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
45+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
46+ landed in Debian but under a different name.
47+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
48+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
49+ fix qboot FTBFS with LTO
50+ + d/rules: disable LTO on non-amd64 builds (LP 1921664)
51+ * Dropped Changes [now part of upstream v7.2.0]
52+ - d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
53+ error 'migration was active, but no RAM info was set' (LP 1994002)
54+ - d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
55+ Fix FTBFS with libbpf 1.0.1-2.
56+ + Header updates that were added as part of the libbpf fixes
57+ but not mentioned in changelog
58+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
59+ - Fix I/O stalls when using NVMe storage (LP 1970737).
60+ + d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
61+ in laio_io_unplug.
62+ - SECURITY UPDATE: heap overflow in floppy disk emulator
63+ + debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
64+ hw/block/fdc.c.
65+ - SECURITY UPDATE: use-after-free vulnerability
66+ + debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
67+ lsi_do_msgout
68+ - SECURITY UPDATE: heap overflow vulnerability
69+ + debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
70+ memories
71+ - SECURITY UPDATE: integer underflow vulnerability
72+ + debian/patches/CVE-2022-3165.patch: fix integer underflow in
73+ vnc_client_cut_text_ext
74+ * Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
75+ [not all are needed in lunar]
76+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
77+ Silence -Warray-bounds false positive [no more needed]
78+ - d/rules: set -O1 for alpha firmware build
79+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
80+ further FTBFS fixup
81+ * Added Changes
82+ - d/control-in: libnfs is in main since focal, enable direct nfs
83+ storage support (LP: #1988704)
84+
85+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Jan 2023 13:18:43 +0100
86+
87 qemu (1:7.2+dfsg-2) unstable; urgency=medium
88
89 * d/rules: add -ffile-prefix-map when building skiboot
90@@ -100,6 +181,126 @@ qemu (1:7.1+dfsg-1) unstable; urgency=medium
91
92 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 12 Sep 2022 11:50:53 +0300
93
94+qemu (1:7.0+dfsg-7ubuntu4) lunar; urgency=medium
95+
96+ * SECURITY UPDATE: use-after-free vulnerability
97+ - debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
98+ lsi_do_msgout
99+ - CVE-2022-0216
100+ * SECURITY UPDATE: heap overflow vulnerability
101+ - debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
102+ memories
103+ - CVE-2022-2962
104+ * SECURITY UPDATE: integer underflow vulnerability
105+ - debian/patches/CVE-2022-3165.patch: fix integer underflow in
106+ vnc_client_cut_text_ext
107+ - CVE-2022-3165
108+
109+ -- Nishit Majithia <nishit.majithia@canonical.com> Fri, 09 Dec 2022 10:25:52 +0530
110+
111+qemu (1:7.0+dfsg-7ubuntu3) lunar; urgency=medium
112+
113+ [ Brett Milford ]
114+ * d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
115+ error 'migration was active, but no RAM info was set' (LP: #1994002)
116+
117+ [ Mauricio Faria de Oliveira ]
118+ * d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
119+ Fix FTBFS with libbpf 1.0.1-2.
120+
121+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 30 Nov 2022 12:17:51 -0300
122+
123+qemu (1:7.0+dfsg-7ubuntu2) kinetic; urgency=medium
124+
125+ [ Paride Legovini ]
126+ * d/rules: disable LTO on non-amd64 builds (LP: #1921664)
127+ * GCC-12 FTBFS (LP: #1988710)
128+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
129+ Silence -Warray-bounds false positive (treated as error)
130+
131+ [ Christian Ehrhardt ]
132+ * More on GCC-12 FTBFS (LP 1988710)
133+ - d/rules: set -O1 for alpha firmware build
134+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
135+ further FTBFS fixup
136+
137+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2022 08:07:24 +0200
138+
139+qemu (1:7.0+dfsg-7ubuntu1) kinetic; urgency=medium
140+
141+ * Merge with Debian unstable (LP: #1971315)(LP: #1980896), remaining changes:
142+ - qemu-kvm to systemd unit
143+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
144+ hugepages and architecture specifics
145+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
146+ qemu-kvm-init
147+ - d/qemu-system-common.install: install helper script
148+ - d/qemu-system-common.qemu-kvm.default: defaults for
149+ /etc/default/qemu-kvm
150+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
151+ - Distribution specific machine type
152+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
153+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
154+ types containing release versioned machine attributes
155+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
156+ for host-phys-bits=true
157+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
158+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
159+ - Enable nesting by default
160+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
161+ in qemu64 on amd
162+ [ No more strictly needed, but required for backward compatibility ]
163+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
164+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
165+ reference 256k path
166+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
167+ handle incoming migrations from former releases.
168+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
169+ - Ease the use of module retention on upgrades (LP 1913421)
170+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
171+ - Fix I/O stalls when using NVMe storage (LP 1970737).
172+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
173+ in laio_io_unplug.
174+ - SECURITY UPDATE: heap overflow in floppy disk emulator
175+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
176+ hw/block/fdc.c.
177+ - CVE-2021-3507
178+ * Dropped Changes [now part of 1:7.0+dfsg-7]:
179+ - d/rules: xen libexec dir is no more versioned
180+ - d/rules: ensure xen is built on x86
181+ - d/kvm-spice: fix when acceleration is already defined on the commandline
182+ - debian/control[-in]: no more disable glusterfs in Ubuntu (LP 1246924)
183+ * Dropped Changes [now part of upstream v7.0.0]
184+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
185+ Allow long kernel command lines for QEMU (LP 1959984)
186+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
187+ - d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
188+ tcg on s390x.
189+ - Fix diff handling on ceph that can cause data corruption (LP 1968258)
190+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
191+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
192+ - d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
193+ in vnc connections (LP 1970563)
194+ - All CVE fixes of 1:6.2+dfsg-2ubuntu8 except CVE-2021-3507
195+ * Dropped Changes
196+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
197+ add patch to workaround FTBFS when building against OpenSSL 3.0.
198+ [ now working with OpenSSL 3.0 ]
199+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
200+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
201+ [ fixed in compiler toolchain ]
202+ - Make qemu-system-x86-microvm a transitional package as the binary is now
203+ in qemu-system-x86 itself.
204+ [ no more needed]
205+ * Added Changes
206+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
207+ landed in Debian but under a different name.
208+ - d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch: fix qboot FTBFS
209+ with LTO
210+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP: #1981339)
211+
212+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jul 2022 12:07:19 +0200
213+
214 qemu (1:7.0+dfsg-7) unstable; urgency=medium
215
216 * d/tests/test-qemu-user: rework ls/glob test a bit
217@@ -234,6 +435,141 @@ qemu (1:6.2+dfsg-3) unstable; urgency=medium
218
219 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 25 Feb 2022 12:01:46 +0300
220
221+qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium
222+
223+ [ Marc Deslauriers ]
224+ * SECURITY UPDATE: heap overflow in floppy disk emulator
225+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
226+ hw/block/fdc.c.
227+ - CVE-2021-3507
228+ * SECURITY UPDATE: use-after-free in nvme
229+ - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
230+ device itself in hw/nvme/ctrl.c.
231+ - CVE-2021-3929
232+ * SECURITY UPDATE: integer overflow in QXL display device emulation
233+ - debian/patches/CVE-2021-4206.patch: check width and height in
234+ hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
235+ - CVE-2021-4206
236+ * SECURITY UPDATE: heap overflow in QXL display device emulation
237+ - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
238+ in hw/display/qxl-render.c.
239+ - CVE-2021-4207
240+ * SECURITY UPDATE: potential privilege escalation in virtiofsd
241+ - debian/patches/CVE-2022-0358.patch: Drop membership of all
242+ supplementary groups in tools/virtiofsd/passthrough_ll.c.
243+ - CVE-2022-0358
244+ * SECURITY UPDATE: memory leakage in virtio-net device
245+ - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
246+ receive in hw/net/virtio-net.c.
247+ - CVE-2022-26353
248+ * SECURITY UPDATE: memory leakage in vhost-vsock device
249+ - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
250+ case of error in hw/virtio/vhost-vsock-common.c.
251+ - CVE-2022-26354
252+
253+ [ Sergio Durigan Junior ]
254+ * Fix I/O stalls when using NVMe storage (LP: #1970737).
255+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
256+ in laio_io_unplug.
257+
258+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 22 Jun 2022 15:38:37 -0400
259+
260+qemu (1:6.2+dfsg-2ubuntu7) kinetic; urgency=medium
261+
262+ * d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
263+ in vnc connections (LP: #1970563)
264+
265+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 May 2022 08:25:20 +0200
266+
267+qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
268+
269+ * debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
270+ * Fix diff handling on ceph that can cause data corruption (LP: #1968258)
271+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
272+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
273+
274+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 08 Apr 2022 09:36:34 +0200
275+
276+qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium
277+
278+ * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
279+ tcg on s390x.
280+
281+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Feb 2022 09:54:36 +0100
282+
283+qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium
284+
285+ * No-change rebuild to update maintainer scripts, see LP: 1959054
286+
287+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:28:14 +0000
288+
289+qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium
290+
291+ * Merge with Debian unstable, remaining changes:
292+ - qemu-kvm to systemd unit
293+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
294+ hugepages and architecture specifics
295+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
296+ qemu-kvm-init
297+ - d/qemu-system-common.install: install helper script
298+ - d/qemu-system-common.qemu-kvm.default: defaults for
299+ /etc/default/qemu-kvm
300+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
301+ - Distribution specific machine type
302+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
303+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
304+ types containing release versioned machine attributes
305+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
306+ for host-phys-bits=true
307+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
308+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
309+ - Enable nesting by default
310+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
311+ in qemu64 on amd
312+ [ No more strictly needed, but required for backward compatibility ]
313+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
314+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
315+ reference 256k path
316+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
317+ handle incoming migrations from former releases.
318+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
319+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
320+ add patch to workaround FTBFS when building against OpenSSL 3.0.
321+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
322+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
323+ - Ease the use of module retention on upgrades (LP 1913421)
324+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
325+ - Make qemu-system-x86-microvm a transitional package as the binary is now
326+ in qemu-system-x86 itself.
327+ * Dropped Changes [now part of 1:6.1+dfsg-8]:
328+ - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
329+ (#993658) (LP 1947860)
330+ - improved dependencies
331+ - Make qemu-system-common depend on qemu-block-extra
332+ - Make qemu-utils depend on qemu-block-extra
333+ - d/control*, d/rules: disable xen by default, but provide universe
334+ package qemu-system-x86-xen as alternative
335+ [includes compat links changes of 5.0-5ubuntu4]
336+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
337+ * Dropped Changes [now part of upstream]
338+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
339+ and 3932 machines (LP 1932175)
340+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
341+ migration with audio devices present (LP 1940288)
342+ * Added changes:
343+ - update patches for qemu v6.2.0
344+ - d/p/u/enable-svm-by-default.patch
345+ - d/p/u/define-ubuntu-machine-types.patch
346+ - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
347+ - d/rules: xen libexec dir is no more versioned
348+ - d/rules: ensure xen is built on x86
349+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
350+ Allow long kernel command lines for QEMU (LP: #1959984)
351+ - d/kvm-spice: fix when acceleration is already defined on the commandline
352+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
353+
354+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Jan 2022 12:18:25 +0100
355+
356 qemu (1:6.2+dfsg-2) unstable; urgency=medium
357
358 * bump meson build-dep to 0.59.3
359@@ -455,6 +791,95 @@ qemu (1:6.0+dfsg-3) unstable; urgency=medium
360
361 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 17 Aug 2021 17:49:10 +0300
362
363+qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium
364+
365+ * d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
366+ add patch to workaround FTBFS when building against OpenSSL 3.0.
367+ Thanks to Christian Ehrhardt (LP: #1952448)
368+
369+ -- Paride Legovini <paride@ubuntu.com> Fri, 26 Nov 2021 15:47:51 +0100
370+
371+qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium
372+
373+ * No-change rebuild against liburing2
374+
375+ -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:00:26 +0100
376+
377+qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium
378+
379+ * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
380+ (#993658) (LP: #1947860)
381+
382+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 03 Nov 2021 14:10:56 +0100
383+
384+qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium
385+
386+ * Merge with Debian experimental, remaining changes:
387+ - qemu-kvm to systemd unit
388+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
389+ hugepages and architecture specifics
390+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
391+ qemu-kvm-init
392+ - d/qemu-system-common.install: install helper script
393+ - d/qemu-system-common.qemu-kvm.default: defaults for
394+ /etc/default/qemu-kvm
395+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
396+ - Distribution specific machine type
397+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
398+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
399+ types containing release versioned machine attributes
400+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
401+ for host-phys-bits=true
402+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
403+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
404+ - Enable nesting by default
405+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
406+ in qemu64 on amd
407+ [ No more strictly needed, but required for backward compatibility ]
408+ - improved dependencies
409+ - Make qemu-system-common depend on qemu-block-extra
410+ - Make qemu-utils depend on qemu-block-extra
411+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
412+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
413+ reference 256k path
414+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
415+ handle incoming migrations from former releases.
416+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
417+ - d/control*, d/rules: disable xen by default, but provide universe
418+ package qemu-system-x86-xen as alternative
419+ [includes compat links changes of 5.0-5ubuntu4]
420+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
421+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
422+ for v6.0
423+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
424+ - Ease the use of module retention on upgrades (LP 1913421)
425+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
426+ * Dropped Changes [in 1:6.0+dfsg-2exp]:
427+ - d/control-in: Disable capstone disassembler library support (universe)
428+ - Disable fuse export (universe dependency)
429+ - Ease the use of module retention on upgrades (LP 1913421)
430+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
431+ - d/rules: only save modules if /run/qemu isn't noexec
432+ - d/rules: clear all (current and former) modules on purge
433+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
434+ upgrade issues (LP 1932264)
435+ - Enable SDL as secondary UI backend (LP 1256185)
436+ - d/control: add build dependency libsdl2-dev
437+ - d/control: enable sdl graphics on build
438+ - d/qemu-system-gui.install: add ui-sdl.so
439+ - d/control: add runtime dependency to libgl1
440+ * Dropped Changes [no more needed]
441+ - let qemu-utils recommend sharutils
442+ * Added changes:
443+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
444+ -fcf-protection being unavailble on -march=i486 (LP: #1940029)
445+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
446+ and 3932 machines (LP: #1932175)
447+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
448+ migration with audio devices present (LP: #1940288)
449+
450+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Aug 2021 15:35:12 +0200
451+
452 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
453
454 [ Christian Ehrhardt ]
455@@ -492,6 +917,104 @@ qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
456
457 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jul 2021 19:43:37 +0300
458
459+qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium
460+
461+ * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch:
462+ fix TCG emulation for ppc64 (LP: #1935617)
463+
464+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 13 Jul 2021 09:34:55 +0200
465+
466+qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium
467+
468+ * d/control: remove fuse2 trial-build (LP 1934510)
469+
470+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Jul 2021 10:26:08 +0200
471+
472+qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium
473+
474+ * Merge with Debian experimental, Among many other things this fixes LP Bugs:
475+ (LP: #1907952) broken arrow keys in -display gtk on aarch64
476+ - qemu-kvm to systemd unit
477+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
478+ hugepages and architecture specifics
479+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
480+ qemu-kvm-init
481+ - d/qemu-system-common.install: install helper script
482+ - d/qemu-system-common.qemu-kvm.default: defaults for
483+ /etc/default/qemu-kvm
484+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
485+ - Distribution specific machine type
486+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
487+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
488+ types containing release versioned machine attributes
489+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
490+ for host-phys-bits=true
491+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
492+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
493+ - Enable nesting by default
494+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
495+ in qemu64 on amd
496+ [ No more strictly needed, but required for backward compatibility ]
497+ - improved dependencies
498+ - Make qemu-system-common depend on qemu-block-extra
499+ - Make qemu-utils depend on qemu-block-extra
500+ - Let qemu-utils recommend sharutils
501+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
502+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
503+ reference 256k path
504+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
505+ handle incoming migrations from former releases.
506+ - d/control-in: Disable capstone disassembler library support (universe)
507+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
508+ - d/control*, d/rules: disable xen by default, but provide universe
509+ package qemu-system-x86-xen as alternative
510+ [includes compat links changes of 5.0-5ubuntu4]
511+ - Fix upgrade module handling (LP 1905377)
512+ --enable-module-upgrades for qemu-xen which doesn't exist in Debian
513+ * Dropped Changes [in 6.0]:
514+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
515+ ld usage of -no-pie (LP 1907789)
516+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
517+ virtio-9p-ccw being missing (LP 1916230)
518+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
519+ to glib2.0 >=2.67.3 (LP 1916705)
520+ - d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
521+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
522+ (LP 1921754)
523+ - d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
524+ (LP 1921880)
525+ - d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*:
526+ fix go in qemu-s390x-static (LP 1922010)
527+ * Dropped Changes [in Debian]:
528+ - Allow qemu to load old modules post upgrade (LP 1847361)
529+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
530+ - d/rules: Drop generating package version into maintainer scripts
531+ * Dropped Changes [No more needed >21.04]:
532+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
533+ the bad old prerm (LP 1906245 1905377)
534+ * Added Changes
535+ - Disable fuse export (universe dependency)
536+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
537+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
538+ for v6.0
539+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926)
540+ - Ease the use of module retention on upgrades (LP: #1913421)
541+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
542+ - d/rules: only save modules if /run/qemu isn't noexec
543+ - d/rules: clear all (current and former) modules on purge
544+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
545+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
546+ upgrade issues (LP: #1932264)
547+ - Enable SDL as secondary UI backend (LP: #1256185)
548+ - d/control: add build dependency libsdl2-dev
549+ - d/control: enable sdl graphics on build
550+ - d/qemu-system-gui.install: add ui-sdl.so
551+ - d/control: add runtime dependency to libgl1
552+ - d/rules: qemu-system-x86-xen builds modules as well now (follows the
553+ other packages)
554+
555+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Jun 2021 12:41:33 +0200
556+
557 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium
558
559 * new upstream release
560@@ -544,6 +1067,75 @@ qemu (1:5.2+dfsg-10) unstable; urgency=medium
561
562 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 16 Apr 2021 12:43:36 +0300
563
564+qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium
565+
566+ * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
567+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
568+ (LP: #1921754)
569+ * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
570+ (LP: #1921880)
571+
572+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 11:58:29 +0200
573+
574+qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium
575+
576+ * d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch:
577+ fix go in qemu-s390x-static (LP: #1922010)
578+
579+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 Mar 2021 10:01:40 +0200
580+
581+qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium
582+
583+ * Merge with Debian unstable; Remaining changes:
584+ - qemu-kvm to systemd unit
585+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
586+ hugepages and architecture specifics
587+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
588+ qemu-kvm-init
589+ - d/qemu-system-common.install: install helper script
590+ - d/qemu-system-common.qemu-kvm.default: defaults for
591+ /etc/default/qemu-kvm
592+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
593+ - Distribution specific machine type (LP: 1304107 1621042)
594+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
595+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
596+ for host-phys-bits=true (LP: 1776189)
597+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
598+ - provide pseries-bionic-2.11-sxxm type as convenience with all
599+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
600+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
601+ - Enable nesting by default
602+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
603+ in qemu64 on amd
604+ [ No more strictly needed, but required for backward compatibility ]
605+ - improved dependencies
606+ - Make qemu-system-common depend on qemu-block-extra
607+ - Make qemu-utils depend on qemu-block-extra
608+ - let qemu-utils recommend sharutils
609+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
610+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
611+ reference 256k path
612+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
613+ handle incoming migrations from former releases.
614+ - d/control-in: Disable capstone disassembler library support (universe)
615+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
616+ - d/control*, d/rules: disable xen by default, but provide universe
617+ package qemu-system-x86-xen as alternative
618+ [includes compat links changes of 5.0-5ubuntu4]
619+ - allow qemu to load old modules post upgrade (LP 1847361)
620+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
621+ - d/rules: Drop generating package version into maintainer scripts
622+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
623+ the bad old prerm (LP 1906245 1905377)
624+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
625+ ld usage of -no-pie (LP 1907789)
626+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
627+ virtio-9p-ccw being missing (LP 1916230)
628+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
629+ to glib2.0 >=2.67.3 (LP 1916705)
630+
631+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Mar 2021 11:13:49 +0100
632+
633 qemu (1:5.2+dfsg-9) unstable; urgency=medium
634
635 * do not make qemu-system-data dependent on qemu-system-foo
636@@ -583,6 +1175,66 @@ qemu (1:5.2+dfsg-7) unstable; urgency=high
637
638 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Mar 2021 11:32:54 +0300
639
640+qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium
641+
642+ * d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
643+ to glib2.0 >=2.67.3 (LP: #1916705)
644+
645+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Feb 2021 08:39:09 +0100
646+
647+qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
648+
649+ * Merge with Debian unstable, includes fixes for
650+ - build operates differently if source is a git repo (LP: #1887535)
651+ Remaining changes:
652+ - qemu-kvm to systemd unit
653+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
654+ hugepages and architecture specifics
655+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
656+ qemu-kvm-init
657+ - d/qemu-system-common.install: install helper script
658+ - d/qemu-system-common.qemu-kvm.default: defaults for
659+ /etc/default/qemu-kvm
660+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
661+ - Distribution specific machine type (LP: 1304107 1621042)
662+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
663+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
664+ for host-phys-bits=true (LP: 1776189)
665+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
666+ - provide pseries-bionic-2.11-sxxm type as convenience with all
667+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
668+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
669+ - Enable nesting by default
670+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
671+ in qemu64 on amd
672+ [ No more strictly needed, but required for backward compatibility ]
673+ - improved dependencies
674+ - Make qemu-system-common depend on qemu-block-extra
675+ - Make qemu-utils depend on qemu-block-extra
676+ - let qemu-utils recommend sharutils
677+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
678+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
679+ reference 256k path
680+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
681+ handle incoming migrations from former releases.
682+ - d/control-in: Disable capstone disassembler library support (universe)
683+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
684+ - d/control*, d/rules: disable xen by default, but provide universe
685+ package qemu-system-x86-xen as alternative
686+ [includes compat links changes of 5.0-5ubuntu4]
687+ - allow qemu to load old modules post upgrade (LP 1847361)
688+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
689+ - d/rules: Drop generating package version into maintainer scripts
690+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
691+ the bad old prerm (LP 1906245 1905377)
692+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
693+ ld usage of -no-pie (LP 1907789)
694+ * Added changes
695+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
696+ virtio-9p-ccw being missing (LP: #1916230)
697+
698+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Feb 2021 11:40:36 +0100
699+
700 qemu (1:5.2+dfsg-6) unstable; urgency=medium
701
702 * deprecate qemu-debootstrap. It is not needed anymore with
703@@ -635,6 +1287,64 @@ qemu (1:5.2+dfsg-4) unstable; urgency=medium
704
705 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300
706
707+qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
708+
709+ * No change rebuild to pick up liburing. (LP: #1914145)
710+
711+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 19:44:54 -0300
712+
713+qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
714+
715+ * Merge with Debian unstable, includes fixes for
716+ - qemu-user-static are partially dynamically linked (LP: #1908331)
717+ - qemu crashing when using spice without qemu-system-gui being
718+ installed (LP: #1908577)
719+ Remaining changes:
720+ - qemu-kvm to systemd unit
721+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
722+ hugepages and architecture specifics
723+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
724+ qemu-kvm-init
725+ - d/qemu-system-common.install: install helper script
726+ - d/qemu-system-common.qemu-kvm.default: defaults for
727+ /etc/default/qemu-kvm
728+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
729+ - Distribution specific machine type (LP: 1304107 1621042)
730+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
731+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
732+ for host-phys-bits=true (LP: 1776189)
733+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
734+ - provide pseries-bionic-2.11-sxxm type as convenience with all
735+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
736+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
737+ - Enable nesting by default
738+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
739+ in qemu64 on amd
740+ [ No more strictly needed, but required for backward compatibility ]
741+ - improved dependencies
742+ - Make qemu-system-common depend on qemu-block-extra
743+ - Make qemu-utils depend on qemu-block-extra
744+ - let qemu-utils recommend sharutils
745+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
746+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
747+ reference 256k path
748+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
749+ handle incoming migrations from former releases.
750+ - d/control-in: Disable capstone disassembler library support (universe)
751+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
752+ - d/control*, d/rules: disable xen by default, but provide universe
753+ package qemu-system-x86-xen as alternative
754+ [includes compat links changes of 5.0-5ubuntu4]
755+ - allow qemu to load old modules post upgrade (LP 1847361)
756+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
757+ - d/rules: Drop generating package version into maintainer scripts
758+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
759+ the bad old prerm (LP 1906245 1905377)
760+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
761+ ld usage of -no-pie (LP 1907789)
762+
763+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
764+
765 qemu (1:5.2+dfsg-3) unstable; urgency=medium
766
767 [ Christian Ehrhardt ]
768@@ -651,6 +1361,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
769
770 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
771
772+qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
773+
774+ * Merge with Debian unstable
775+ - includes fix for CVE-2020-17380
776+ - includes a fix for s390x PCI device reset (LP: #1907656)
777+ Remaining changes:
778+ - qemu-kvm to systemd unit
779+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
780+ hugepages and architecture specifics
781+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
782+ qemu-kvm-init
783+ - d/qemu-system-common.install: install helper script
784+ - d/qemu-system-common.qemu-kvm.default: defaults for
785+ /etc/default/qemu-kvm
786+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
787+ - Distribution specific machine type (LP: 1304107 1621042)
788+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
789+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
790+ for host-phys-bits=true (LP: 1776189)
791+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
792+ - provide pseries-bionic-2.11-sxxm type as convenience with all
793+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
794+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
795+ - Enable nesting by default
796+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
797+ in qemu64 on amd
798+ [ No more strictly needed, but required for backward compatibility ]
799+ - improved dependencies
800+ - Make qemu-system-common depend on qemu-block-extra
801+ - Make qemu-utils depend on qemu-block-extra
802+ - let qemu-utils recommend sharutils
803+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
804+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
805+ reference 256k path
806+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
807+ handle incoming migrations from former releases.
808+ - d/control-in: Disable capstone disassembler library support (universe)
809+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
810+ - d/control*, d/rules: disable xen by default, but provide universe
811+ package qemu-system-x86-xen as alternative
812+ [includes compat links changes of 5.0-5ubuntu4]
813+ - allow qemu to load old modules post upgrade (LP 1847361)
814+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
815+ - d/rules: Drop generating package version into maintainer scripts
816+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
817+ the bad old prerm (LP 1906245 1905377)
818+ * Dropped Changes:
819+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
820+ resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
821+ fails]
822+ * Added Changes:
823+ - Refreshed ubuntu machine types for hirsute@5.2
824+ - d/control: regenerated from d/control-in
825+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
826+ ld usage of -no-pie (LP: #1907789)
827+
828+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
829+
830 qemu (1:5.2+dfsg-2) unstable; urgency=medium
831
832 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
833@@ -696,6 +1464,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
834
835 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
836
837+qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
838+
839+ * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
840+ the bad old prerm (LP: #1906245)
841+
842+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
843+
844+qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
845+
846+ * Fix upgrade module handling (LP: #1905377)
847+ This was accetped in a slightly different form in qemu_5.0-6 and therefore
848+ allows to drop some former delta that is now conflicting.
849+ Ubuntu still keeps enabling --enable-module-upgrades, but only for
850+ qemu-xen which doesn't exist in Debian
851+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
852+ - d/rules: Drop generating package version into maintainer scripts
853+
854+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
855+
856+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
857+
858+ * Merge with Debian testing, remaining changes:
859+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
860+ - qemu-kvm to systemd unit
861+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
862+ hugepages and architecture specifics
863+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
864+ qemu-kvm-init
865+ - d/qemu-system-common.install: install helper script
866+ - d/qemu-system-common.qemu-kvm.default: defaults for
867+ /etc/default/qemu-kvm
868+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
869+ - Distribution specific machine type (LP: 1304107 1621042)
870+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
871+ types
872+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
873+ for host-phys-bits=true (LP: 1776189)
874+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
875+ - provide pseries-bionic-2.11-sxxm type as convenience with all
876+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
877+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
878+ - Enable nesting by default
879+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
880+ in qemu64 on amd
881+ [ No more strictly needed, but required for backward compatibility ]
882+ - improved dependencies
883+ - Make qemu-system-common depend on qemu-block-extra
884+ - Make qemu-utils depend on qemu-block-extra
885+ - let qemu-utils recommend sharutils
886+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
887+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
888+ reference 256k path
889+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
890+ handle incoming migrations from former releases.
891+ - d/control-in: Disable capstone disassembler library support (universe)
892+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
893+ - d/control*, d/rules: disable xen by default, but provide universe
894+ package qemu-system-x86-xen as alternative
895+ [includes compat links changes of 5.0-5ubuntu4]
896+ - allow qemu to load old modules post upgrade (LP 1847361)
897+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
898+ upgrade
899+ - d/rules: generate maintainer scripts matching package version on build
900+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
901+ - d/control: regenerate debian/control out of control-in
902+ * Dropped changes [in Debian or no more needed]
903+ - d/control-in: disable pmem on ppc64 as it is currently considered
904+ experimental on that architecture (pmdk v1.8-1)
905+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
906+ - d/rules: report config log from the correct subdir
907+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
908+ - Pick further changes for groovy from debian/master since 5.0-5
909+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
910+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
911+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
912+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
913+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
914+ - megasas-fix-possible-out-of-bounds-array-access.patch
915+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
916+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
917+ - a few patches from the stable series:
918+ - fix-tulip-breakage.patch
919+ - 9p-lock-directory-streams-with-a-CoMutex.patch
920+ Prevent deadlocks in 9pfs readdir code
921+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
922+ Fix newline accidentally sneaked into id string of a nic
923+ - qemu-nbd-close-inherited-stderr.patch
924+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
925+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
926+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
927+ - acpi-tmr-allow-2-byte-reads.patch
928+ - reapply CVE-2020-13253 fixes from upstream
929+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
930+ - linux-user-add-netlink-RTM_SETLINK-command.patch
931+ - d/control: since qemu-system-data now contains module(s),
932+ it can't be multi-arch. Ditto for qemu-block-extra.
933+ - qemu-system-foo: depend on exact version of qemu-system-data,
934+ due to the latter having modules
935+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
936+ This is another incarnation of the recent bugfix which actually enabled
937+ memory access constraints, like #964247
938+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
939+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
940+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
941+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
942+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
943+ - do not install outdated (0.12 and before) Changelog
944+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
945+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
946+ Closes: CVE-2020-15863
947+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
948+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
949+ another fix for revert-memory-accept-.. CVE-2020-13754
950+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
951+ - d/control-in: build-dep libcap is no more needed
952+ - arch aware kvm wrappers
953+ [upstream now automatically enables KVM if available and called with
954+ kvm* name, provides KVM as before but with auto-fallback to tcg.
955+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
956+ * Dropped changes [upstream now]
957+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
958+ setup_len
959+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
960+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
961+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
962+ from vfio-ccw (LP 1887935)
963+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
964+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
965+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
966+ SQXBR (LP 1883984)
967+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
968+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
969+ environments (LP 1887763)
970+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
971+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
972+ crashes it on shutdown (LP 1878973)
973+ - update d/p/ubuntu/lp-1835546-* to the final versions
974+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
975+ FTBFS in groovy
976+ * Added Changes:
977+ - update ubuntu machine types for hirsute@5.1
978+ - d/control: regenerated from d/control-in
979+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
980+ resolved in gcc-10 (LP: 1890435)
981+
982+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
983+
984 qemu (1:5.1+dfsg-4) unstable; urgency=high
985
986 * mention closing of CVE-2020-16092 by 5.1
987@@ -937,6 +1852,298 @@ qemu (1:5.0-6) unstable; urgency=medium
988
989 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
990
991+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
992+
993+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
994+ machine type to match how it originally was released (LP: #1902654)
995+
996+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
997+
998+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
999+
1000+ * No-change rebuild for brltty soname change.
1001+
1002+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
1003+
1004+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
1005+
1006+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
1007+ setup_len
1008+ CVE-2020-14364
1009+
1010+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
1011+
1012+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
1013+
1014+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
1015+
1016+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
1017+
1018+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
1019+
1020+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
1021+
1022+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
1023+
1024+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
1025+
1026+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
1027+ from vfio-ccw (LP: #1887935)
1028+
1029+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
1030+
1031+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
1032+
1033+ * fix qemu-user-static initialization to allow executing systemd
1034+ (LP: #1890881)
1035+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
1036+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
1037+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
1038+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
1039+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
1040+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
1041+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
1042+ CVE-2020-16092
1043+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
1044+
1045+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
1046+
1047+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
1048+
1049+ * xen: provide compat links to what libxen-dev reports where to find
1050+ the binaries (LP: #1890005)
1051+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
1052+ SQXBR (LP: #1883984)
1053+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
1054+
1055+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
1056+
1057+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
1058+
1059+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
1060+ environments (LP: #1887763)
1061+ * Pick further changes for groovy from debian/master since 5.0-5
1062+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
1063+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
1064+ infinite recursion via a crafted mm_index value during
1065+ ati_mm_read or ati_mm_write call.
1066+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
1067+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
1068+ devices which uses min_access_size and max_access_size Memory API fields.
1069+ Also closes: CVE-2020-13791
1070+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
1071+ CVE-2020-13659: address_space_map in exec.c can trigger
1072+ a NULL pointer dereference related to BounceBuffer
1073+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
1074+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
1075+ has an OOB read via a crafted reply_queue_head field from a guest OS user
1076+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
1077+ fix other possible cases like in CVE-2020-13362 (#961887)
1078+ - megasas-fix-possible-out-of-bounds-array-access.patch
1079+ Some tracepoints use a guest-controlled value as an index into the
1080+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
1081+ impact OOB errors here
1082+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
1083+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
1084+ This flaw occurs when an nbd-client sends a spec-compliant request that is
1085+ near the boundary of maximum permitted request length. A remote nbd-client
1086+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
1087+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
1088+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
1089+ properly validate the frame count, which allows guest OS users to trigger
1090+ an out-of-bounds access during an es1370_write() operation
1091+ - a few patches from the stable series:
1092+ - fix-tulip-breakage.patch
1093+ The tulip network driver in a qemu-system-hppa emulation is broken in
1094+ the sense that bigger network packages aren't received any longer and
1095+ thus even running e.g. "apt update" inside the VM fails. Fix this.
1096+ - 9p-lock-directory-streams-with-a-CoMutex.patch
1097+ Prevent deadlocks in 9pfs readdir code
1098+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
1099+ Fix newline accidentally sneaked into id string of a nic
1100+ - qemu-nbd-close-inherited-stderr.patch
1101+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
1102+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
1103+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
1104+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
1105+ - reapply CVE-2020-13253 fixed from upstream:
1106+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
1107+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
1108+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
1109+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
1110+ Closes: #961297, CVE-2020-13253
1111+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
1112+ (Closes: #965109)
1113+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
1114+ - d/control: since qemu-system-data now contains module(s),
1115+ it can't be multi-arch. Ditto for qemu-block-extra.
1116+ - qemu-system-foo: depend on exact version of qemu-system-data,
1117+ due to the latter having modules
1118+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
1119+ This is another incarnation of the recent bugfix which actually enabled
1120+ memory access constraints, like #964247
1121+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
1122+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
1123+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
1124+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
1125+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
1126+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
1127+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
1128+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
1129+ Closes: CVE-2020-15863
1130+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
1131+ List of patches:
1132+ sm501-convert-printf-abort-to-qemu_log_mask.patch
1133+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
1134+ sm501-use-BIT-macro-to-shorten-constant.patch
1135+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
1136+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
1137+ Closes: #961451, CVE-2020-12829
1138+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1139+ another fix for revert-memory-accept-.. CVE-2020-13754
1140+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1141+
1142+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
1143+
1144+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
1145+
1146+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
1147+
1148+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
1149+
1150+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
1151+
1152+ * Merge with Debian testing (LP: #1749393), remaining changes:
1153+ - qemu-kvm to systemd unit
1154+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1155+ hugepages and architecture specifics
1156+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1157+ qemu-kvm-init
1158+ - d/qemu-system-common.install: install helper script
1159+ - d/qemu-system-common.qemu-kvm.default: defaults for
1160+ /etc/default/qemu-kvm
1161+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1162+ - Distribution specific machine type (LP: 1304107 1621042)
1163+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1164+ types
1165+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1166+ for host-phys-bits=true (LP: 1776189)
1167+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1168+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1169+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1170+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1171+ - Enable nesting by default
1172+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1173+ in qemu64 on amd
1174+ [ No more strictly needed, but required for backward compatibility ]
1175+ - improved dependencies
1176+ - Make qemu-system-common depend on qemu-block-extra
1177+ - Make qemu-utils depend on qemu-block-extra
1178+ - let qemu-utils recommend sharutils
1179+ - arch aware kvm wrappers
1180+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1181+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1182+ reference 256k path
1183+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1184+ handle incoming migrations from former releases.
1185+ - d/control-in: Disable capstone disassembler library support (universe)
1186+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1187+ - d/control*, d/rules: disable xen by default, but provide universe
1188+ package qemu-system-x86-xen as alternative
1189+ [includes --disable-xen for user-static builds]
1190+ - d/control-in: disable pmem on ppc64 as it is currently considered
1191+ experimental on that architecture (pmdk v1.8-1)
1192+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1193+ - d/rules: report config log from the correct subdir
1194+ - allow qemu to load old modules post upgrade (LP 1847361)
1195+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1196+ upgrade
1197+ - d/rules: generate maintainer scripts matching package version on build
1198+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1199+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1200+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1201+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1202+ crashes it on shutdown (LP 1878973)
1203+ * Dropped changes (no more needed)
1204+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1205+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1206+ in qemu64 cpu type.
1207+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
1208+ Debian. Fixed by bumping the related Breaks/Replaces to the
1209+ Version Ubuntu introduced the change (LP 1862287)
1210+ * Dropped changes (in Debian)
1211+ - improved s390x support
1212+ - d/binfmt-update-in: fix binfmt being called in some containers
1213+ (LP 1840956)
1214+ - qemu-system-x86-microvm package
1215+ In addition to the generic multi-purpose qemu also provide a minimal
1216+ feature binary that is loading faster for use cases with microvm machine
1217+ type and qboot bios
1218+ - d/control-in: add a new qemu-system-x86-microvm package
1219+ - d/rules: add an extra config/build step to get the minimal qemu
1220+ - Security and packaging fixes (LP 1872937)
1221+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1222+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1223+ CVE-2020-10702
1224+ CVE-2020-11102
1225+ - fix external spice UI
1226+ + install ui-spice-app.so in qemu-system-common
1227+ + install ui-spice-app.so only if built, spice is optional
1228+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1229+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1230+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1231+ - enable riscv build (LP 1872931)
1232+ [ changes picked from Debian ]
1233+ - enable support for riscv64 hosts
1234+ - only enable librbd on architectures where it is built
1235+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1236+ depends on the former
1237+ - seccomp grew up, no need in versioned build-dep
1238+ - enable seccomp only on architectures where it can be built
1239+ * Dropped changes (upstream)
1240+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1241+ (LP 1857033)
1242+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1243+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1244+ vhost-user-gpu
1245+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1246+ avoid unnecessary IOTLB transactions (LP 1866207)
1247+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1248+ patches @qemu-stable (LP 1867519)
1249+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1250+ to avoid broken nesting (LP 1868692)
1251+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1252+ (LP 1871830)
1253+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
1254+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1255+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1256+ and clobbered doubles (LP 1872945)
1257+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1258+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1259+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1260+ - CVE-2020-11869
1261+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1262+ - async: use explicit memory barriers (LP 1805256)
1263+ - aio-wait: delegate polling of main AioContext if BQL not held
1264+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1265+ supporting to set them (LP 1882774)
1266+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1267+ load to a versioned path
1268+ * Added Changes:
1269+ - d/control: regenerate debian/control out of control-in
1270+ - update d/p/ubuntu/lp-1835546-* to the final versions
1271+ - 11 patches dropped as they are in 5.0
1272+ - 20 patches updated to how they will be in 5.1
1273+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1274+ FTBFS in groovy
1275+ - Make qemu-system-x86-microvm a transitional package as the binary is now
1276+ in qemu-system-x86 itself.
1277+ - d/control-in: build-dep libcap is no more needed
1278+ - d/rules: update arch aware kvm wrappers
1279+ - d/qemu-system-x86.README.Debian: fix typo
1280+
1281+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
1282+
1283 qemu (1:5.0-5) unstable; urgency=medium
1284
1285 * more binfmt-install updates
1286@@ -1069,6 +2276,188 @@ qemu (1:4.2-4) unstable; urgency=medium
1287
1288 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
1289
1290+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
1291+
1292+ * No-change rebuild against libnettle8
1293+
1294+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
1295+
1296+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
1297+
1298+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1299+ crashes it on shutdown (LP: #1878973)
1300+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1301+ supporting to set them (LP: #1882774)
1302+
1303+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
1304+
1305+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1306+
1307+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1308+ - async: use explicit memory barriers (LP: #1805256)
1309+ - aio-wait: delegate polling of main AioContext if BQL not held
1310+
1311+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1312+
1313+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1314+
1315+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1316+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1317+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1318+ - CVE-2020-11869
1319+
1320+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1321+
1322+qemu (1:4.2-3ubuntu6) focal; urgency=medium
1323+
1324+ [ Christian Ehrhardt ]
1325+ * enable riscv build (LP: #1872931)
1326+ [ changes picked from Debian ]
1327+ - enable support for riscv64 hosts
1328+ - only enable librbd on architectures where it is built
1329+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1330+ depends on the former
1331+ - seccomp grew up, no need in versioned build-dep
1332+ - enable seccomp only on architectures where it can be built
1333+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1334+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1335+ and clobbered doubles (LP: #1872945)
1336+
1337+ [ William Grant ]
1338+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1339+
1340+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1341+
1342+qemu (1:4.2-3ubuntu5) focal; urgency=medium
1343+
1344+ [ Christian Ehrhardt ]
1345+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1346+ (LP: #1871830)
1347+ * Security and packaging fixes (LP: #1872937)
1348+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1349+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1350+ CVE-2020-10702
1351+ CVE-2020-11102
1352+ - fix external spice UI
1353+ + install ui-spice-app.so in qemu-system-common
1354+ + install ui-spice-app.so only if built, spice is optional
1355+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1356+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1357+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1358+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1359+
1360+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1361+
1362+qemu (1:4.2-3ubuntu4) focal; urgency=medium
1363+
1364+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1365+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1366+ to avoid broken nesting (LP: #1868692)
1367+
1368+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1369+
1370+qemu (1:4.2-3ubuntu3) focal; urgency=medium
1371+
1372+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1373+ patches @qemu-stable (LP: #1867519)
1374+
1375+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1376+
1377+qemu (1:4.2-3ubuntu2) focal; urgency=medium
1378+
1379+ * allow qemu to load old modules post upgrade (LP: #1847361)
1380+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1381+ load to a versioned path
1382+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1383+ upgrade
1384+ - d/rules: generate maintainer scripts matching package version on build
1385+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1386+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1387+ avoid unnecessary IOTLB transactions (LP: #1866207)
1388+
1389+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1390+
1391+qemu (1:4.2-3ubuntu1) focal; urgency=medium
1392+
1393+ * Merge with Debian testing, remaining changes:
1394+ - qemu-kvm to systemd unit
1395+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1396+ hugepages and architecture specifics
1397+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1398+ qemu-kvm-init
1399+ - d/qemu-system-common.install: install helper script
1400+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1401+ - d/qemu-system-common.qemu-kvm.default: defaults for
1402+ /etc/default/qemu-kvm
1403+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1404+ - Distribution specific machine type (LP: 1304107 1621042)
1405+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1406+ types
1407+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1408+ for host-phys-bits=true (LP: 1776189)
1409+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1410+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1411+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1412+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1413+ - Enable nesting by default
1414+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1415+ in qemu64 cpu type.
1416+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1417+ in qemu64 on amd
1418+ [ No more strictly needed, but required for backward compatibility ]
1419+ - improved dependencies
1420+ - Make qemu-system-common depend on qemu-block-extra
1421+ - Make qemu-utils depend on qemu-block-extra
1422+ - let qemu-utils recommend sharutils
1423+ - improved s390x support
1424+ - d/rules: build s390-ccw.img with upstream Makefile
1425+ - d/rules: build s390-netboot.img with upstream Makefile
1426+ - arch aware kvm wrappers
1427+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1428+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1429+ reference 256k path
1430+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1431+ handle incoming migrations from former releases.
1432+ - d/control-in: Disable capstone disassembler library support (universe)
1433+ - d/binfmt-update-in: fix binfmt being called in some containers
1434+ (LP 1840956)
1435+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1436+ (LP 1857033)
1437+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1438+ - d/control*, d/rules: disable xen by default, but provide universe
1439+ package qemu-system-x86-xen as alternative
1440+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1441+ - Dropped changes [ in Debian ]
1442+ - d/control: update VCS links
1443+ - d/control-in: bump debhelper build-dep for compat 12
1444+ - d/control: disable bluetooth being deprecated
1445+ - d/not-installed: ignore new interop docs and extra icons for now
1446+ - d/not-installed: do not install elf2dmp until namespaced
1447+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1448+ [ not needed ]
1449+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1450+ - s390x support
1451+ - Create qemu-system-s390x package
1452+ - Enable numa support for s390x
1453+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
1454+ * Added changes
1455+ - d/control: regenerate debian/control out of control-in
1456+ - qemu-system-x86-microvm package
1457+ In addition to the generic multi-purpose qemu also provide a minimal
1458+ feature binary that is loading faster for use cases with microvm machine
1459+ type and qboot bios
1460+ - d/control-in: add a new qemu-system-x86-microvm package
1461+ - d/rules: add an extra config/build step to get the minimal qemu
1462+ - d/control-in: disable pmem on ppc64 as it is currently considered
1463+ experimental on that architecture (pmdk v1.8-1)
1464+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1465+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1466+ vhost-user-gpu
1467+ - d/rules: report config log from the correct subdir
1468+ - d/rules: --disable-xen for user-static builds
1469+
1470+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1471+
1472 qemu (1:4.2-3) unstable; urgency=medium
1473
1474 * mention closing of #909743 in previous changelog (Closes: #909743)
1475@@ -1111,6 +2500,169 @@ qemu (1:4.2-2) unstable; urgency=medium
1476
1477 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
1478
1479+qemu (1:4.2-1ubuntu2) focal; urgency=medium
1480+
1481+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1482+ Debian. Fixed by by bumping the related Breaks/Replaces to the
1483+ Version Ubuntu introduced the change (LP: #1862287)
1484+
1485+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1486+
1487+qemu (1:4.2-1ubuntu1) focal; urgency=medium
1488+
1489+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1490+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1491+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1492+ LP: #1852744 - Crypto Passthrough Interrupt Support
1493+ LP: #1853316 - CCW IPL Support
1494+ Remaining changes:
1495+ - qemu-kvm to systemd unit
1496+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1497+ hugepages and architecture specifics
1498+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1499+ qemu-kvm-init
1500+ - d/qemu-system-common.install: install helper script
1501+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1502+ - d/qemu-system-common.qemu-kvm.default: defaults for
1503+ /etc/default/qemu-kvm
1504+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1505+ - Distribution specific machine type (LP: 1304107 1621042)
1506+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1507+ types
1508+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1509+ for host-phys-bits=true (LP: 1776189)
1510+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1511+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1512+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1513+ - Enable nesting by default
1514+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1515+ in qemu64 cpu type.
1516+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1517+ in qemu64 on amd
1518+ [ No more strictly needed, but required for backward compatibility ]
1519+ - improved dependencies
1520+ - Make qemu-system-common depend on qemu-block-extra
1521+ - Make qemu-utils depend on qemu-block-extra
1522+ - let qemu-utils recommend sharutils
1523+ - s390x support
1524+ - Create qemu-system-s390x package
1525+ - Enable numa support for s390x
1526+ - d/rules: build s390-ccw.img with upstream Makefile
1527+ - d/rules: build s390-netboot.img with upstream Makefile
1528+ - arch aware kvm wrappers
1529+ - d/control: update VCS links
1530+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1531+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1532+ reference 256k path
1533+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1534+ handle incoming migrations from former releases.
1535+ - d/control-in: Disable capstone disassembler library support (universe)
1536+ - d/control: disable bluetooth being deprecated
1537+ - d/not-installed: ignore new interop docs and extra icons for now
1538+ - d/not-installed: do not install elf2dmp until namespaced
1539+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1540+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1541+ - d/binfmt-update-in: fix binfmt being called in some containers
1542+ (LP 1840956)
1543+ - Dropped changes (in Debian)
1544+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1545+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1546+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1547+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1548+ - enable RDMA config option
1549+ - add libibumad-dev build-dep
1550+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1551+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1552+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1553+ replace it with a build-indep using the upstream makefiles.
1554+ This is less prone to miss future changes/fixes that are done to the
1555+ makefiles
1556+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1557+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1558+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1559+ - Refreshed patches for v4.0 context changes
1560+ - d/control*: remove sdlabi which was removed upstream
1561+ - d/control*: enable docs (now explicit) and provide new build-dep
1562+ python3-sphinx
1563+ - d/qemu-system-data.install: use new paths for formerly used icons
1564+ - Merge with Upstream release of qemu 4.0
1565+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1566+ - Dropped changes (Upstream)
1567+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1568+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1569+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1570+ fix i386 build error
1571+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1572+ fix naming of the new vector facitlity (LP 1836066)
1573+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1574+ for missing SIOCGSTAMP definition; final fix is still in discussion
1575+ upstream (LP: 1836159)
1576+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1577+ s390x machines (LP 1836154)
1578+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1579+ (LP 1841066)
1580+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1581+ update the z15 model name (LP 1842774)
1582+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1583+ fix a potential hang when qemu or qemu-img where accessing http backed
1584+ disks via libcurl (LP 1848556)
1585+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
1586+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
1587+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1588+ toleration for future machines (LP 1830704)
1589+ - SECURITY UPDATE: Add support for exposing md-clear functionality
1590+ to guests
1591+ - d/p/ubuntu/enable-md-clear.patch
1592+ - d/p/ubuntu/enable-md-no.patch
1593+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1594+ - SECURITY UPDATE: heap overflow when loading device tree blob
1595+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1596+ copy the device tree blob into is.
1597+ - CVE-2018-20815
1598+ - SECURITY UPDATE: device driver denial of service via NULL pointer
1599+ dereference
1600+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1601+ routine
1602+ - CVE-2019-5008
1603+ - SECURITY UPDATE: information leak in SLiRP
1604+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1605+ emulating ident.
1606+ - CVE-2019-9824
1607+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1608+ unimplement.patch: properly return architecture defined exception
1609+ on bad subcodes of diag 308 (LP 1812384)
1610+ * Dropped changes (no more needed)
1611+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1612+ mv_conffile since the new path is a directory in the old package
1613+ version which can not be handled by mv_conffile.
1614+ [ only needed between disco and eoan ]
1615+ - disable pvrdma
1616+ [ CVEs all fixed now ]
1617+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1618+ avoid misdetection of simplified nesting blocking all migrations
1619+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
1620+ - Enable nesting by default
1621+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1622+ (is default on amd)
1623+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1624+ without nested=1
1625+ [ nesting is default in kernel modules and default selected cpu types ]
1626+ * Added changes
1627+ - d/control: regenerate debian/control out of control-in
1628+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
1629+ - added ubuntu focal types for qemu 4.2
1630+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1631+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1632+ (LP: #1857033)
1633+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1634+ - d/control*, d/rules: disable xen by default, but provide universe
1635+ package qemu-system-x86-xen as alternative
1636+ - fix typos in changelog and d/qemu-system-x86.NEWS
1637+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
1638+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
1639+
1640+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
1641+
1642 qemu (1:4.2-1) unstable; urgency=medium
1643
1644 * new upstream release (4.2.0)
1645@@ -1187,6 +2739,205 @@ qemu (1:4.1-1) unstable; urgency=medium
1646
1647 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
1648
1649+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
1650+
1651+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1652+ fix a potential hang when qemu or qemu-img where accessing http backed
1653+ disks via libcurl (LP: #1848556)
1654+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
1655+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
1656+
1657+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
1658+
1659+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
1660+
1661+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1662+ update the z15 model name (LP: #1842774)
1663+
1664+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
1665+
1666+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
1667+
1668+ * d/binfmt-update-in: fix binfmt being called in some containers
1669+ (LP: #1840956)
1670+
1671+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
1672+
1673+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
1674+
1675+ * No-change upload with strops.h and sys/strops.h removed in glibc.
1676+
1677+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
1678+
1679+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
1680+
1681+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1682+ (LP: #1841066)
1683+
1684+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
1685+
1686+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
1687+
1688+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1689+ s390x machines (LP: #1836154)
1690+
1691+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
1692+
1693+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
1694+
1695+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
1696+ - pick Debian change for (#889885)
1697+ move ovmf to recommends on debian and update aarch ovmf refs
1698+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
1699+
1700+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
1701+
1702+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
1703+
1704+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1705+ for missing SIOCGSTAMP definition; final fix is still in discussion
1706+ upstream (LP: 1836159)
1707+
1708+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
1709+
1710+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
1711+
1712+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1713+ fix naming of the new vector facitlity (LP: #1836066)
1714+ * d/control-in: update VCS links in control template as well
1715+
1716+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
1717+
1718+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
1719+
1720+ * Merge with Upstream release of qemu 4.0.
1721+ Among many other things this fixes LP Bugs:
1722+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
1723+ LP: #1828038 - Update s390x CPU Model for more HW support
1724+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
1725+ Remaining Changes:
1726+ - qemu-kvm to systemd unit
1727+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1728+ hugepages and architecture specifics
1729+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1730+ qemu-kvm-init
1731+ - d/qemu-system-common.install: install helper script
1732+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1733+ - d/qemu-system-common.qemu-kvm.default: defaults for
1734+ /etc/default/qemu-kvm
1735+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1736+ - Enable nesting by default
1737+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1738+ (is default on amd)
1739+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1740+ without nested=1
1741+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1742+ in qemu64 cpu type.
1743+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1744+ in qemu64 on amd
1745+ - d/qemu-system-x86.README.Debian: document intention of nested being
1746+ default is comfort, not full support
1747+ - Distribution specific machine type (LP: 1304107 1621042)
1748+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1749+ types
1750+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1751+ for host-phys-bits=true (LP: 1776189)
1752+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1753+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1754+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1755+ - improved dependencies
1756+ - Make qemu-system-common depend on qemu-block-extra
1757+ - Make qemu-utils depend on qemu-block-extra
1758+ - let qemu-utils recommend sharutils
1759+ - s390x support
1760+ - Create qemu-system-s390x package
1761+ - Enable numa support for s390x
1762+ - arch aware kvm wrappers
1763+ - d/control: update VCS links
1764+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1765+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1766+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1767+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1768+ - enable RDMA config option
1769+ - add libibumad-dev build-dep
1770+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1771+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1772+ reference 256k path
1773+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1774+ handle incoming migrations from former releases.
1775+ - d/control-in: Disable capstone disassembler library support (universe)
1776+ - Move s390x roms to a new qemu-system-data-s390x
1777+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1778+ qemu-system-data
1779+ - d/rules: build s390-ccw.img with upstream Makefile
1780+ - d/rules: build s390-netboot.img with upstream Makefile
1781+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1782+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1783+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1784+ replace it with a build-indep using the upstream makefiles.
1785+ This is less prone to miss future changes/fixes that are done to the
1786+ makefiles
1787+ - d/control-in: add breaks/replaces for moving s390x roms from
1788+ qemu-system-s390x to qemu-system-data
1789+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1790+ [From not yet uploaded Debian branch]
1791+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1792+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1793+ - disable pvrdma - besides several security holes there are many other
1794+ bugs there as well
1795+ * Dropped patches that are upstream in v4.0
1796+ - d/p/do-not-link-everything-with-xen.patch
1797+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
1798+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
1799+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1800+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
1801+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
1802+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
1803+ (LP: 1759509)
1804+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
1805+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
1806+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
1807+ - d/p/ubuntu/CVE-2018-20815.patch
1808+ - d/p/ubuntu/CVE-2019-5008.patch
1809+ - d/p/ubuntu/CVE-2019-9824.patch
1810+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1811+ avoid misdetection of simplified nesting blocking all migrations
1812+ * Dropped further patches
1813+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
1814+ [upstream deprecated the whole subsystem instead of applying the fix]
1815+ * Added Changes
1816+ - updated ubuntu machine types for v4.0
1817+ - added eoan types
1818+ - fixed s390x issue of upstream types having a "v" prefix
1819+ - add back dropped machine types to avoid more issues like LP: 1802944
1820+ - fix kvm split irqchip default in ubuntu q35 machine type
1821+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
1822+ adapt updated CamelCase
1823+ - -hpb types now need to use GlobalProperties
1824+ - pc_compat_2_0 got a _fn suffix and slight changes
1825+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
1826+ SLOF of qemu 4.0
1827+ - Refreshed patches still needed for v4.0 context changes
1828+ - d/p/use-fixed-data-path.patch
1829+ - d/p/ubuntu/enable-svm-by-default.patch
1830+ - d/p/ubuntu/enable-md-clear.patch
1831+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
1832+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
1833+ (LP: #1830243)
1834+ - d/control: disable bluetooth being deprecated
1835+ - d/control*: remove sdlabi which was removed upstream
1836+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
1837+ - d/control*: enable docs (now explicit) and provide new build-dep
1838+ python3-sphinx
1839+ - d/not-installed: ignore new interop docs and extra icons for now
1840+ - d/not-installed: do not install elf2dmp until namespaced
1841+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1842+ - d/qemu-system-data.install: use new paths for formerly used icons
1843+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1844+ fix i386 build error
1845+
1846+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
1847+
1848 qemu (1:3.1+dfsg-8) unstable; urgency=high
1849
1850 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
1851@@ -1289,6 +3040,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
1852
1853 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
1854
1855+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
1856+
1857+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
1858+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
1859+ fix migrations from old machines (LP: #1829868).
1860+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1861+ toleration for future machines (LP: #1830704
1862+
1863+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
1864+
1865+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
1866+
1867+ * SECURITY UPDATE: Add support for exposing md-clear functionality
1868+ to guests
1869+ - d/p/ubuntu/enable-md-clear.patch
1870+ - d/p/ubuntu/enable-md-no.patch
1871+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1872+ * SECURITY UPDATE: heap overflow when loading device tree blob
1873+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1874+ copy the device tree blob into is.
1875+ - CVE-2018-20815
1876+ * SECURITY UPDATE: device driver denial of service via NULL pointer
1877+ dereference
1878+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1879+ routine
1880+ - CVE-2019-5008
1881+ * SECURITY UPDATE: information leak in SLiRP
1882+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1883+ emulating ident.
1884+ - CVE-2019-9824
1885+
1886+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
1887+
1888+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
1889+
1890+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
1891+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
1892+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1893+ mv_conffile since the new path is a directory in the old package
1894+ version which can not be handled by mv_conffile.
1895+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
1896+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
1897+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
1898+ CVE-2019-3812
1899+
1900+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
1901+
1902+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
1903+
1904+ * disable pvrdma - besides several security holes there are many other
1905+ bugs there as well, and the amount of patches applied upstream after
1906+ 3.1 release is large (Closes, or actuallymakes unimportant again)
1907+ - CVE-2018-20123
1908+ - CVE-2018-20124
1909+ - CVE-2018-20125
1910+ - CVE-2018-20126
1911+ - CVE-2018-20191
1912+ - CVE-2018-20216
1913+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1914+ - CVE-2019-6501
1915+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
1916+ - CVE-2019-6778
1917+
1918+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
1919+
1920+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
1921+
1922+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1923+ LP: #1806104 - fix misleading page size error on ppc64el
1924+ LP: #1782205 - SnowRidge enabled new ISAs
1925+ LP: #1786956 - upgrade to qemu >= 3.0
1926+ LP: #1809083 - Backward migration to Xenial on ppc64el
1927+ LP: #1803315 - s390x Huge page enablement
1928+ LP: #1657409 - enable virglrenderer
1929+ Remaining Changes:
1930+ - qemu-kvm to systemd unit
1931+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1932+ hugepages and architecture specifics
1933+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
1934+ - d/qemu-system-common.install: install systemd unit and helper script
1935+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1936+ - d/qemu-system-common.qemu-kvm.default: defaults for
1937+ /etc/default/qemu-kvm
1938+ - d/rules: install /etc/default/qemu-kvm
1939+ - Enable nesting by default
1940+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1941+ (is default on amd)
1942+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1943+ without nested=1
1944+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1945+ in qemu64 cpu type.
1946+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1947+ in qemu64 on amd
1948+ - d/qemu-system-x86.README.Debian: document intention of nested being
1949+ default is comfort, not full support
1950+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
1951+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1952+ types
1953+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1954+ for host-phys-bits=true (LP: 1776189)
1955+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1956+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
1957+ convenience with all meltdown/spectre workarounds enabled by default.
1958+ (LP: 1761372).
1959+ - improved dependencies
1960+ - Make qemu-system-common depend on qemu-block-extra
1961+ - Make qemu-utils depend on qemu-block-extra
1962+ - let qemu-utils recommend sharutils
1963+ - s390x support
1964+ - Create qemu-system-s390x package
1965+ - Enable numa support for s390x
1966+ - arch aware kvm wrappers
1967+ - d/control: update VCS links (updated to match latest Ubuntu)
1968+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1969+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1970+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1971+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1972+ - enable RDMA config option
1973+ - add libibumad-dev build-dep
1974+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1975+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1976+ reference 256k path
1977+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1978+ handle incoming migrations from former releases.
1979+ - d/control-in: Disable capstone disassembler library support (universe)
1980+ * Added Changes:
1981+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
1982+ for qemu 3.1 in the Ubuntu Disco release
1983+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
1984+ - Move s390x roms to a new qemu-system-data-s390x
1985+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1986+ qemu-system-data
1987+ - d/rules: build s390-ccw.img with upstream Makefile
1988+ - d/rules: build s390x-netboot.img with upstream Makefile
1989+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1990+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1991+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1992+ replace it with a build-indep using the upstream makefiles.
1993+ This is less prone to miss future changes/fixes that are done to the
1994+ makefiles
1995+ - d/control-in: add breaks/replaces for moving s390x roms from
1996+ qemu-system-s390x to qemu-system-data
1997+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1998+ [From not yet uploaded Debian branch]
1999+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
2000+ (Closes: #918378)
2001+ - d/rules: fix qemu-kvm service for debhelper compat >=12
2002+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2003+ avoid misdetection of simplified nesting blocking all migrations
2004+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
2005+ unimplement.patch: properly return archicture defined exception
2006+ on bad subcodes of diag 308 (LP: #1812384)
2007+ * Dropped Changes:
2008+ - Include s390-ccw.img firmware (old style native build)
2009+ - d/rules enable install s390x-netboot.img (old style native build)
2010+ - libvirt/qemu user/group support
2011+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2012+ trigger.
2013+ [ Droppable since logind properly sets ACLs now ]
2014+ - qemu-system-common.preinst: add kvm group if needed
2015+ [ Droppable because systemd/udev take care of it since 239-6]
2016+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
2017+ freeze-hook fixes (LP: 1484990)
2018+ [upstream]
2019+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2020+ merged upstream
2021+ [upstream]
2022+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2023+ computation while concatenating mbuf.
2024+ CVE-2018-11806
2025+ [upstream]
2026+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2027+ for powerpc64 to speed up translation (LP: 1781526)
2028+ [upstream]
2029+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2030+ cpu model for z14 ZR1 (LP: 1780773).
2031+ [upstream]
2032+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2033+ (Closes: 903562)
2034+ [in Debian]
2035+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2036+ unreleased Debian version)
2037+ [in Debian]
2038+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2039+ by migrations with UI frontends or frequent guest resolution changes
2040+ (LP #1755912)
2041+ [upstream]
2042+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2043+ extend eieio for POWER9 emulation (LP: 1787408).
2044+ [upstream]
2045+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2046+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
2047+ [upstream]
2048+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
2049+ [upstream]
2050+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
2051+ [upstream]
2052+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
2053+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
2054+ [in Debian]
2055+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2056+ Adapters on s390x (LP: 1787405)
2057+ [upstream]
2058+ - enable opengl for vfio-MDEV support (LP: 1804766)
2059+ [in Debian]
2060+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2061+ [upstream]
2062+ - SECURITY UPDATE: integer overflow via crafted QMP command
2063+ [upstream]
2064+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2065+ [upstream]
2066+ - SECURITY UPDATE: buffer overflow in rtl8139
2067+ [upstream]
2068+ - SECURITY UPDATE: buffer overflow in pcnet
2069+ [upstream]
2070+ - SECURITY UPDATE: DoS via large packet sizes
2071+ [upstream]
2072+ - SECURITY UPDATE: DoS in lsi53c895a
2073+ [upstream]
2074+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2075+ [upstream]
2076+ - SECURITY UPDATE: race condition in 9p
2077+ [upstream]
2078+
2079+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
2080+
2081 qemu (1:3.1+dfsg-2) unstable; urgency=medium
2082
2083 * d/rules: split arch and indep builds
2084@@ -1368,6 +3345,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
2085
2086 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
2087
2088+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
2089+
2090+ [ Marc Deslauriers ]
2091+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2092+ - debian/patches/CVE-2018-10839.patch: use proper type in
2093+ hw/net/ne2000.c.
2094+ - CVE-2018-10839
2095+ * SECURITY UPDATE: integer overflow via crafted QMP command
2096+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
2097+ guest-file-read in qga/commands-posix.c.
2098+ - CVE-2018-12617
2099+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2100+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
2101+ - CVE-2018-16847
2102+ * SECURITY UPDATE: buffer overflow in rtl8139
2103+ - debian/patches/CVE-2018-17958.patch: use proper type in
2104+ hw/net/rtl8139.c.
2105+ - CVE-2018-17958
2106+ * SECURITY UPDATE: buffer overflow in pcnet
2107+ - debian/patches/CVE-2018-17962.patch: use proper type in
2108+ hw/net/pcnet.c.
2109+ - CVE-2018-17962
2110+ * SECURITY UPDATE: DoS via large packet sizes
2111+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
2112+ - CVE-2018-17963
2113+ * SECURITY UPDATE: DoS in lsi53c895a
2114+ - debian/patches/CVE-2018-18849.patch: check message length value is
2115+ valid in hw/scsi/lsi53c895a.c.
2116+ - CVE-2018-18849
2117+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2118+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
2119+ access in hw/ppc/pnv_lpc.c.
2120+ - CVE-2018-18954
2121+ * SECURITY UPDATE: race condition in 9p
2122+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
2123+ hw/9pfs/cofile.c.
2124+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
2125+ hw/9pfs/9p.c.
2126+ - CVE-2018-19364
2127+
2128+ [ Christian Ehrhardt]
2129+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2130+ Adapters on s390x (LP: #1787405)
2131+ * enable opengl for vfio-MDEV support (LP: #1804766)
2132+ - d/control-in: set --enable-opengl
2133+ - d/control-in: add gl related build-dependencies
2134+
2135+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
2136+
2137+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
2138+
2139+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
2140+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
2141+
2142+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
2143+
2144+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
2145+
2146+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
2147+ The SLOF source pieces in src:qemu are only used for s390x netboot,
2148+ which are independent ROMs (no linking). All other binaries out of this
2149+ are part of src:slof and independent.
2150+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
2151+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
2152+ and related fixes
2153+
2154+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
2155+
2156+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
2157+
2158+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
2159+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
2160+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
2161+
2162+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
2163+
2164+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
2165+
2166+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2167+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
2168+ - CVE-2018-15746
2169+
2170+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
2171+
2172+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
2173+
2174+ [ Murilo Opsfelder Araujo ]
2175+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2176+ extend eieio for POWER9 emulation (LP: #1787408).
2177+
2178+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
2179+
2180+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
2181+
2182+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2183+ by migrations with UI frontends or frequent guest resolution changes
2184+ (LP: #1755912)
2185+
2186+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
2187+
2188+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
2189+
2190+ * Disable capstone disassembler library support (universe dependency)
2191+
2192+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
2193+
2194+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
2195+
2196+ * Merge with Debian testing, Remaining Changes:
2197+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
2198+ - qemu-kvm to systemd unit
2199+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2200+ hugepages and architecture specifics
2201+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2202+ - d/qemu-system-common.install: install systemd unit and helper script
2203+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2204+ - d/qemu-system-common.qemu-kvm.default: defaults for
2205+ /etc/default/qemu-kvm
2206+ - d/rules: install /etc/default/qemu-kvm
2207+ - Enable nesting by default
2208+ - set nested=1 module option on intel. (is default on amd)
2209+ - re-load kvm_intel.ko if it was loaded without nested=1
2210+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2211+ in qemu64 cpu type.
2212+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2213+ in qemu64 on amd
2214+ - d/qemu-system-x86.README.Debian: document intention of nested being
2215+ default is comfort, not full support
2216+ - libvirt/qemu user/group support
2217+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2218+ trigger.
2219+ - qemu-system-common.preinst: add kvm group if needed
2220+ - Distribution specific machine type
2221+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2222+ types to ease future live vm migration.
2223+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2224+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2225+ for host-phys-bits=true (LP: 1776189)
2226+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2227+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2228+ convenience with all meltdown/spectre workarounds enabled by default.
2229+ (LP: 1761372).
2230+ - improved dependencies
2231+ - Make qemu-system-common depend on qemu-block-extra
2232+ - Make qemu-utils depend on qemu-block-extra
2233+ - let qemu-utils recommend sharutils
2234+ - s390x support
2235+ - Create qemu-system-s390x package
2236+ - Include s390-ccw.img firmware
2237+ - Enable numa support for s390x
2238+ - arch aware kvm wrappers
2239+ - update VCS-git (updated to match cosmic)
2240+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2241+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2242+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2243+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2244+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2245+ - d/rules enable install s390x-netboot.img
2246+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2247+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2248+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2249+ reference 256k path
2250+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2251+ handle incoming migrations from former releases.
2252+ - SECURITY UPDATE: Speculative Store Bypass
2253+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2254+ CPUID feature bit in target/i386/cpu.*.
2255+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2256+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2257+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2258+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2259+ target/i386/machine.c.
2260+ - CVE-2018-3639
2261+ * Added Changes:
2262+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2263+ - add cosmic types for base and -hpb
2264+ - drop no more supported types (zesty and yakkety)
2265+ - d/p/series: group machine type changes
2266+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2267+ merged upstream
2268+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2269+ computation while concatenating mbuf.
2270+ CVE-2018-11806
2271+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2272+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2273+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2274+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2275+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2276+ to POWER8
2277+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2278+ is no more needed with systemd-detect-virt being more mature and always
2279+ present.
2280+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2281+ - d/control-in: add libibumad-dev which is now needed for rdma
2282+ - d/rules: update s390x delta to match new Debian packaging
2283+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2284+ for powerpc64 to speed up translation (LP: #1781526)
2285+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2286+ cpu model for z14 ZR1 (LP: #1780773).
2287+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2288+ (Closes: 903562)
2289+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2290+ unreleased Debian version)
2291+ * Dropped Changes:
2292+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2293+ (No more removed when building DFSG orig tarball in Debian)
2294+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2295+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2296+ so we revert related changes to stick with the proven for now:
2297+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2298+ depends on it)
2299+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2300+ (Debian switched to gtk which seems to work better and has all
2301+ dependencies in main.)
2302+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2303+ - Changes that are now upstream with qemu 2.12
2304+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2305+ newer versions of glibc >=2.27 (LP: 1753826)
2306+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2307+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2308+ SSE/AVX/AVX512 cpu features (LP: 1739665)
2309+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2310+ space+commpage continuous which avoids long startup times on
2311+ qemu-user-static (LP: 1740219)
2312+ - provide pseries-2.12-sxxm type (LP: 1761372)
2313+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2314+ filesystem-dax with pmem by backporting align and unarmed options
2315+ (LP: 1704312).
2316+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2317+ option to slirp's DHCP server (LP: 1762315)
2318+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2319+ Protection information (LP: 1762854).
2320+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2321+ migration (LP: 1763468).
2322+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
2323+ CVE-2017-16845
2324+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
2325+ CVE-2018-7550
2326+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2327+ CVE-2018-7858
2328+
2329+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2330+
2331 qemu (1:2.12+dfsg-3) unstable; urgency=medium
2332
2333 * make qemu-system-foo depending
2334@@ -1456,6 +3676,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
2335
2336 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
2337
2338+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2339+
2340+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2341+ for host-phys-bits=true (LP: #1776189)
2342+ - add an info about this change in debian/qemu-system-x86.NEWS
2343+
2344+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2345+
2346+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2347+
2348+ * SECURITY UPDATE: Speculative Store Bypass
2349+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2350+ CPUID feature bit in target/i386/cpu.*.
2351+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2352+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2353+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2354+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2355+ target/i386/machine.c.
2356+ - CVE-2018-3639
2357+
2358+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2359+
2360+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2361+
2362+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
2363+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2364+ in post_load routine in hw/input/ps2.c.
2365+ - CVE-2017-16845
2366+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
2367+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2368+ zero in hw/i386/multiboot.c.
2369+ - CVE-2018-7550
2370+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2371+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2372+ hw/display/vga.c.
2373+ - CVE-2018-7858
2374+
2375+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2376+
2377+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2378+
2379+ * No-change rebuild for ncurses soname changes.
2380+
2381+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2382+
2383+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2384+
2385+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2386+ information (LP: #1762854).
2387+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2388+ (LP: #1763468).
2389+
2390+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2391+
2392+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2393+
2394+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2395+ The Kernel fixes are preferred and already committed to the kernel.
2396+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
2397+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2398+ SSE/AVX/AVX512 cpu features (LP: #1739665)
2399+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2400+ space+commpage continuous which avoids long startup times on
2401+ qemu-user-static (LP: #1740219)
2402+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2403+ convenience with all meltdown/spectre workarounds enabled by default.
2404+ This is not the default type following upstream and x86 on that.
2405+ (LP: #1761372).
2406+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2407+ with pmem by backporting align and unarmed options (LP: #1704312).
2408+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2409+ option to slirp's DHCP server (LP: #1762315)
2410+
2411+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2412+
2413+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2414+
2415+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2416+ accepted to be better long term maintainable (LP: #1753938)
2417+
2418+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2419+
2420+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2421+
2422+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2423+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2424+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2425+ versions of glibc >=2.27 (LP: #1753826)
2426+
2427+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2428+
2429+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2430+
2431+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2432+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2433+ Add domainname option and classless static routes support to the user
2434+ networking's DHCP server
2435+
2436+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2437+
2438+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2439+
2440+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2441+ - among other fixes this adds code to:
2442+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2443+ However, enabling this functionality requires additional configuration
2444+ beyond just updating QEMU. Also migrations need special consideration.
2445+ Details about that can be found at:
2446+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2447+ - Power9 allocation of max 8 threads per core (LP: #1750526)
2448+ * Drop changes that are part of the upstream stable release
2449+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2450+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2451+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2452+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2453+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2454+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2455+ common compat.h header and add some extra info in the patch header.
2456+
2457+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2458+
2459+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2460+
2461+ * Merge with Debian testing, among other fixes this includes
2462+ - fix fatal error on negative maxcpus (LP: #1722495)
2463+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2464+ - linux user threading issues (LP: #1350435)
2465+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2466+ Remaining changes:
2467+ - qemu-kvm to systemd unit
2468+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2469+ hugepages and architecture specifics
2470+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2471+ - d/qemu-system-common.install: install systemd unit and helper script
2472+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2473+ - d/qemu-system-common.qemu-kvm.default: defaults for
2474+ /etc/default/qemu-kvm
2475+ - d/rules: install /etc/default/qemu-kvm
2476+ - Enable nesting by default
2477+ - set nested=1 module option on intel. (is default on amd)
2478+ - re-load kvm_intel.ko if it was loaded without nested=1
2479+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2480+ in qemu64 cpu type.
2481+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2482+ in qemu64 on amd
2483+ - libvirt/qemu user/group support
2484+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2485+ trigger.
2486+ - qemu-system-common.preinst: add kvm group if needed
2487+ - Distribution specific machine type
2488+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2489+ types to ease future live vm migration.
2490+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2491+ - improved dependencies
2492+ - Make qemu-system-common depend on qemu-block-extra
2493+ - Make qemu-utils depend on qemu-block-extra
2494+ - let qemu-utils recommend sharutils
2495+ - s390x support
2496+ - Create qemu-system-s390x package
2497+ - Include s390-ccw.img firmware
2498+ - Enable numa support for s390x
2499+ - ppc64[le] support
2500+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2501+ - arch aware kvm wrappers
2502+ * Added Changes
2503+ - update VCS-git to match the bionic branch
2504+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2505+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2506+ so we revert related changes to stick with the proven for now:
2507+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2508+ depends on it)
2509+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2510+ - d/qemu-system-x86.README.Debian: document intention of nested being
2511+ default is comfort, not full support
2512+ - update Ubuntu machine types for qemu 2.11
2513+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2514+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2515+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2516+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2517+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2518+ - d/rules enable install s390x-netboot.img
2519+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2520+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
2521+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2522+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2523+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2524+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2525+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2526+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2527+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2528+ reference 256k path
2529+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2530+ handle incoming migrations from former releases.
2531+ - d/control-in: enable seccomp on s390x
2532+ * Dropped changes (no more needed):
2533+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2534+ The functionality is retained for upgraders, but is deprecated.
2535+ Post 18.04 the implementation for these configurations will be removed.
2536+ * Dropped changes (in Debian now):
2537+ - ppc64[le] support
2538+ - Enable seccomp for ppc64el
2539+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2540+ - disable missing x32 architecture
2541+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2542+ - d/qemu-system-common.docs: new paths since (ac06724a)
2543+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2544+ by qapi-schema.json which is already packaged (since 4d8bb958)
2545+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2546+ to Debian patch to match qemu 2.10)
2547+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2548+ since 8508eee7
2549+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2550+ - make nios2/hppa not installed explicitly until further stablized
2551+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2552+ qemu-ga-ref
2553+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2554+ along the qapi intro
2555+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2556+ dh_missing that are already provided in other formats qemu-doc,
2557+ qemu-qmp-ref,qemu-ga-ref
2558+ * Dropped changes (integrated upstream):
2559+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2560+ on arm64 when doing suspend/resume and reboots due to older kernels not
2561+ supporting ITS (LP 1731051).
2562+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2563+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2564+ calls (LP 1726394)
2565+ - update to upstream 2.10.1 point release (LP 1722808)
2566+
2567+
2568+
2569+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2570+
2571 qemu (1:2.11+dfsg-1) unstable; urgency=medium
2572
2573 [ Michael Tokarev ]
2574@@ -1570,6 +4023,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
2575
2576 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
2577
2578+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
2579+
2580+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2581+ on arm64 when doing suspend/resume and reboots due to older kernels not
2582+ supporting ITS (LP: #1731051).
2583+
2584+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
2585+
2586+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
2587+
2588+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2589+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2590+ calls (LP: #1726394)
2591+
2592+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
2593+
2594+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
2595+
2596+ * fix enablement of qemu-kvm service (LP: #1720397)
2597+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
2598+ - d/rules: add proper enablement debhelper calls
2599+ - d/qemu-system-common.install: install covered by dh_installinit
2600+
2601+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
2602+
2603+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
2604+
2605+ * update to upstream 2.10.1 point release (LP: #1722808)
2606+
2607+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
2608+
2609+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
2610+
2611+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
2612+ Remaining changes:
2613+ - qemu-kvm to systemd unit
2614+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2615+ hugepages and architecture specifics
2616+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2617+ - d/qemu-system-common.install: install systemd unit and helper script
2618+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2619+ - d/qemu-system-common.qemu-kvm.default: defaults for
2620+ /etc/default/qemu-kvm
2621+ - d/rules: install /etc/default/qemu-kvm
2622+ - Enable nesting by default
2623+ - set nested=1 module option on intel. (is default on amd)
2624+ - re-load kvm_intel.ko if it was loaded without nested=1
2625+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2626+ in qemu64 cpu type.
2627+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2628+ in qemu64 on amd
2629+ - libvirt/qemu user/group support
2630+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2631+ trigger.
2632+ - qemu-system-common.preinst: add kvm group if needed
2633+ - Distribution specific machine type
2634+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2635+ types to ease future live vm migration.
2636+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2637+ - improved dependencies
2638+ - Make qemu-system-common depend on qemu-block-extra
2639+ - Make qemu-utils depend on qemu-block-extra
2640+ - let qemu-utils recommend sharutils
2641+ - s390x support
2642+ - Create qemu-system-s390x package
2643+ - Include s390-ccw.img firmware
2644+ - Enable numa support for s390x
2645+ - ppc64[le] support
2646+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2647+ - Enable seccomp for ppc64el
2648+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2649+ - arch aware kvm wrappers
2650+ - update VCS-git to match the Artful branch
2651+ - disable missing x32 architecture
2652+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2653+ - d/qemu-system-common.docs: new paths since (ac06724a)
2654+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2655+ by qapi-schema.json which is already packaged (since 4d8bb958)
2656+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2657+ to Debian patch to match qemu 2.10)
2658+ - s390x package now builds correctly on all architectures (LP 1710695)
2659+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2660+ since 8508eee7
2661+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2662+ - make nios2/hppa not installed explicitly until further stablized
2663+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2664+ qemu-ga-ref
2665+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2666+ along the qapi intro
2667+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2668+ dh_missing that are already provided in other formats qemu-doc,
2669+ qemu-qmp-ref,qemu-ga-ref
2670+
2671+
2672+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
2673+
2674+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
2675+
2676+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
2677+ Remaining changes:
2678+ - qemu-kvm to systemd unit
2679+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2680+ hugepages and architecture specifics
2681+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2682+ - d/qemu-system-common.install: install systemd unit and helper script
2683+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2684+ - d/qemu-system-common.qemu-kvm.default: defaults for
2685+ /etc/default/qemu-kvm
2686+ - d/rules: install /etc/default/qemu-kvm
2687+ - Enable nesting by default
2688+ - set nested=1 module option on intel. (is default on amd)
2689+ - re-load kvm_intel.ko if it was loaded without nested=1
2690+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2691+ in qemu64 cpu type.
2692+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2693+ in qemu64 on amd
2694+ - libvirt/qemu user/group support
2695+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2696+ trigger.
2697+ - qemu-system-common.preinst: add kvm group if needed
2698+ - Distribution specific machine type
2699+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2700+ types to ease future live vm migration.
2701+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2702+ - improved dependencies
2703+ - Make qemu-system-common depend on qemu-block-extra
2704+ - Make qemu-utils depend on qemu-block-extra
2705+ - let qemu-utils recommend sharutils
2706+ - s390x support
2707+ - Create qemu-system-s390x package
2708+ - Include s390-ccw.img firmware
2709+ - Enable numa support for s390x
2710+ - ppc64[le] support
2711+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2712+ - Enable seccomp for ppc64el
2713+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2714+ - arch aware kvm wrappers
2715+ - update VCS-git to match the Artful branch
2716+ - disable missing x32 architecture
2717+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2718+ - d/qemu-system-common.docs: new paths since (ac06724a)
2719+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2720+ by qapi-schema.json which is already packaged (since 4d8bb958)
2721+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2722+ to Debian patch to match qemu 2.10)
2723+ - s390x package now builds correctly on all architectures (LP 1710695)
2724+ * Added changes:
2725+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2726+ since 8508eee7
2727+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2728+ - make nios2/hppa not installed explicitly until further stablized
2729+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2730+ qemu-ga-ref
2731+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2732+ along the qapi intro
2733+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2734+ dh_missing that are already provided in other formats qemu-doc,
2735+ qemu-qmp-ref,qemu-ga-ref
2736+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
2737+ changes in 2.10-rc4
2738+
2739+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
2740+
2741+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
2742+
2743+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
2744+ a set of bugs
2745+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
2746+ - CPU hot unplug fails after migrating a CPU hotplugged guest
2747+ from source (LP: #1677552)
2748+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
2749+ - New KVM 288 Pass Through (LP: #1672447)
2750+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
2751+ * Remaining changes:
2752+ - qemu-kvm to systemd unit
2753+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2754+ hugepages and architecture specifics
2755+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2756+ - d/qemu-system-common.install: install systemd unit and helper script
2757+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2758+ - d/qemu-system-common.qemu-kvm.default: defaults for
2759+ /etc/default/qemu-kvm
2760+ - d/rules: install /etc/default/qemu-kvm
2761+ - Enable nesting by default
2762+ - set nested=1 module option on intel. (is default on amd)
2763+ - re-load kvm_intel.ko if it was loaded without nested=1
2764+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2765+ in qemu64 cpu type.
2766+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2767+ in qemu64 on amd
2768+ - libvirt/qemu user/group support
2769+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2770+ trigger.
2771+ - qemu-system-common.preinst: add kvm group if needed
2772+ - Distribution specific machine type
2773+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2774+ types to ease future live vm migration.
2775+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2776+ - improved dependencies
2777+ - Make qemu-system-common depend on qemu-block-extra
2778+ - Make qemu-utils depend on qemu-block-extra
2779+ - let qemu-utils recommend sharutils
2780+ - s390x support
2781+ - Create qemu-system-s390x package
2782+ - Include s390-ccw.img firmware
2783+ - Enable numa support for s390x
2784+ - ppc64[le] support
2785+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2786+ - Enable seccomp for ppc64el
2787+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2788+ - arch aware kvm wrappers
2789+ - disable missing x32 architecture
2790+ - update VCS links
2791+ * Added changes
2792+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2793+ - d/qemu-system-common.docs: new paths since (ac06724a)
2794+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2795+ by qapi-schema.json which is already packaged (since 4d8bb958)
2796+ - Updates in debian/patches to match qemu 2.10
2797+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
2798+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
2799+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
2800+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
2801+ - update VCS-git to match the Artful branch
2802+ - s390x package now builds correctly on all architectures (LP: #1710695)
2803+ * Dropped changes (integrated upstream):
2804+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2805+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
2806+ - All CVE fixes formerly applied are upstream and thereby dropped.
2807+
2808+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
2809+
2810 qemu (1:2.8+dfsg-7) unstable; urgency=medium
2811
2812 * uploading to unstable all fixes which went to stretch-security
2813@@ -1679,6 +4364,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
2814
2815 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
2816
2817+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
2818+
2819+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
2820+ This was inadvertently dropped on 2.8 merge.
2821+
2822+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
2823+
2824+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
2825+
2826+ * SECURITY UPDATE: denial of service via leak in virtFS
2827+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
2828+ hw/9pfs/9p.c.
2829+ - CVE-2017-7377
2830+ * SECURITY UPDATE: denial of service in cirrus_vga
2831+ - debian/patches/CVE-2017-7718.patch: check parameters in
2832+ hw/display/cirrus_vga_rop.h.
2833+ - CVE-2017-7718
2834+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
2835+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
2836+ hw/display/cirrus_vga.c.
2837+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
2838+ hw/display/cirrus_vga.c.
2839+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
2840+ in hw/display/cirrus_vga.c.
2841+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
2842+ hw/display/cirrus_vga.c.
2843+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
2844+ in hw/display/cirrus_vga.c.
2845+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
2846+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2847+ hw/display/cirrus_vga_rop2.h.
2848+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
2849+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
2850+ hw/display/cirrus_vga_rop2.h.
2851+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
2852+ hw/display/cirrus_vga_rop.h.
2853+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
2854+ hw/display/cirrus_vga.c.
2855+ - CVE-2017-7980
2856+ * SECURITY UPDATE: denial of service via memory leak in virtFS
2857+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
2858+ - CVE-2017-8086
2859+ * SECURITY UPDATE: denial of service via leak in audio
2860+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
2861+ audio/audio.c.
2862+ - CVE-2017-8309
2863+ * SECURITY UPDATE: denial of service via leak in keyboard
2864+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
2865+ ui/input.c.
2866+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
2867+ ui/input.c.
2868+ - CVE-2017-8379
2869+
2870+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
2871+
2872+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
2873+
2874+ * SECURITY UPDATE: DoS in virtio GPU device
2875+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
2876+ max_size in hw/display/virtio-gpu-3d.c.
2877+ - CVE-2016-10028
2878+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
2879+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
2880+ in hw/dma/rc4030.c.
2881+ - CVE-2016-8667
2882+ * SECURITY UPDATE: host filesystem access via virtFS
2883+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
2884+ hw/9pfs/*.
2885+ - CVE-2016-9602
2886+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
2887+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
2888+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
2889+ ui/console.c, ui/vnc.c.
2890+ - CVE-2016-9603
2891+ * SECURITY UPDATE: information leak in virtio GPU device
2892+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
2893+ hw/display/virtio-gpu-3d.c.
2894+ - CVE-2016-9908
2895+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2896+ - debian/patches/CVE-2016-9912.patch: properly free memory in
2897+ hw/display/virtio-gpu.c.
2898+ - CVE-2016-9912
2899+ * SECURITY UPDATE: DoS via virtFS
2900+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
2901+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
2902+ - CVE-2016-9914
2903+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2904+ - debian/patches/CVE-2017-5552.patch: check return value in
2905+ hw/display/virtio-gpu-3d.c.
2906+ - CVE-2017-5552
2907+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
2908+ - debian/patches/CVE-2017-5578.patch: check res->iov in
2909+ hw/display/virtio-gpu.c.
2910+ - CVE-2017-5578
2911+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
2912+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
2913+ handling in hw/sd/sdhci.c.
2914+ - CVE-2017-5987
2915+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
2916+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
2917+ hw/usb/hcd-ohci.c.
2918+ - CVE-2017-6505
2919+
2920+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
2921+
2922+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
2923+
2924+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2925+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
2926+
2927+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
2928+
2929+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
2930+
2931+ * Merge with Debian;
2932+ This fixes several CVEs that were reported against qemu 2.8 and also
2933+ includes a few important functional backports (LP: #1667033); remaining
2934+ changes:
2935+ - add qemu-kvm init script and defaults file
2936+ (d/qemu-system-common.qemu-kvm.*)
2937+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
2938+ modules and handling /etc/default/qemu-kvm
2939+ - qemu-system-common.preinst: add kvm group if needed
2940+ - Enable nesting by default on intel.
2941+ - set default module option
2942+ - re-load kvm_intel.ko if it was loaded without nested=1
2943+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
2944+ default in qemu64 cpu type.
2945+ - Enable svm by default for qemu64 on amd
2946+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
2947+ define distro machine types to ease future live vm migration (includes
2948+ all former follow up fixes).
2949+ - Make qemu-system-common depend on qemu-block-extra
2950+ - Make qemu-utils depend on qemu-block-extra
2951+ - s390x support
2952+ - Create qemu-system-s390x package
2953+ - Include s390-ccw.img firmware
2954+ - qemu-system-common.postinst:
2955+ - change acl placed by udev, and add udevadm trigger.
2956+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
2957+ - Several changes were applied but missing in the changelog so far
2958+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2959+ - arch aware kvm wrapper
2960+ - update VCS links
2961+ - let qemu-utils recommend sharutils
2962+ - disable x32 architecture
2963+ - Enable seccomp for ppc64el
2964+ - Enable numa support for s390x
2965+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
2966+ init.d-script-missing-dependency-on-remote_fs
2967+ - d/qemu-system-common.postinst: fix lintian error type
2968+ command-with-path-in-maintainer-script
2969+ - Transition qemu-kvm to a systemd unit
2970+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
2971+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
2972+ that it shows up where the user expects (sytemctl status, kvm stdout)
2973+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
2974+ - add arch aware kvm wrapper for s390x
2975+ * Dropped Changes (in Debian now):
2976+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
2977+ - d/control-in: change dependencies for fix of wrong acl for newly
2978+ created device node on ubuntu
2979+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
2980+ relationship, but qemu-efi is still in universe right now.
2981+ - Disable glusterfs (Universe dependency)
2982+ - no more skip disable libiscsi on Ubuntu
2983+ - d/rules, d/control-in: avoid people editing d/control
2984+ * Added Changes:
2985+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
2986+ power makes 2.3 the minimum level.
2987+
2988+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
2989+
2990 qemu (1:2.8+dfsg-3) unstable; urgency=high
2991
2992 * urgency high due to security fixes
2993@@ -1739,6 +4597,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
2994
2995 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
2996
2997+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
2998+
2999+ * Merge with Debian; remaining changes:
3000+ - add qemu-kvm init script and defaults file
3001+ (d/qemu-system-common.qemu-kvm.*)
3002+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
3003+ modules and handling /etc/default/qemu-kvm
3004+ - qemu-system-common.preinst: add kvm group if needed
3005+ - Enable nesting by default on intel.
3006+ - set default module option
3007+ - re-load kvm_intel.ko if it was loaded without nested=1
3008+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3009+ default in qemu64 cpu type.
3010+ - Enable svm by default for qemu64 on amd
3011+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3012+ types to ease future live vm migration.
3013+ - Make qemu-system-common depend on qemu-block-extra
3014+ - Make qemu-utils depend on qemu-block-extra
3015+ - s390x support
3016+ - Create qemu-system-s390x package
3017+ - Include s390-ccw.img firmware
3018+ - qemu-system-common.postinst:
3019+ - change acl placed by udev, and add udevadm trigger.
3020+ - d/control-in: change dependencies for fix of wrong acl for newly
3021+ created device node on ubuntu
3022+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3023+ relationship, but qemu-efi is still in universe right now.
3024+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3025+ - Several changes were applied but missing in the changelog so far
3026+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3027+ - arch aware kvm wrapper
3028+ - update VCS links
3029+ - no more skip disable libiscsi on Ubuntu
3030+ - let qemu-utils recommend sharutils
3031+ - disable x32 architecture
3032+ * Dropped Changes:
3033+ - Several changes were applied but missing in the changelog so far
3034+ but are no more needed
3035+ - no pie for relocatable LD calls, with toolchain defaulting to
3036+ pie (fixed upstream)
3037+ - enable libnuma-dev (now in Debian)
3038+ - transition for moved init scripts (can be dropped after LTS
3039+ containing >=2.5 which is Xenial)
3040+ - --enable-seccomp related whitespace change (had no effect)
3041+ - apport hook for qemu source package (In Debian)
3042+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
3043+ - d/qemu-system-x86.maintscript: transition off of
3044+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
3045+ - Enable pie by default, on ubuntu/s390x. (Is the default since
3046+ >=Xenial, no cloud archive backport <=Xenial to consider)
3047+ - no pie for relocatable LD calls (fixed upstream in commit
3048+ 7ecf44a5)
3049+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
3050+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3051+ (Improved fix included by upstream)
3052+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
3053+ - Fixed wrong migration blocker when vhost is used (is upstream in
3054+ qemu 2.8)
3055+ * Added Changes:
3056+ - d/rules, d/control-in: avoid people editing d/control by warning
3057+ header and non writable permissions
3058+ - fixed moving trusty machine type definition which made it
3059+ ambiguous (LP: #1641532)
3060+ - d/qemu-system-x86.NEWS describe the issue
3061+ - Enable seccomp for ppc64el (LP: #1644639)
3062+ - Enable numa support for s390x
3063+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3064+ init.d-script-missing-dependency-on-remote_fs
3065+ - d/qemu-system-common.postinst: fix lintian error type
3066+ command-with-path-in-maintainer-script
3067+ - Transition qemu-kvm to a systemd unit
3068+ - Disable glusterfs (Universe dependency)
3069+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3070+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3071+ that it shows up where the user expects (sytemctl status, kvm stdout)
3072+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3073+ - add arch aware kvm wrapper for s390x
3074+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3075+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
3076+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
3077+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
3078+
3079+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
3080+
3081 qemu (1:2.8+dfsg-2) unstable; urgency=medium
3082
3083 * Revert "update binfmt registration for mipsn32"
3084@@ -1857,6 +4799,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
3085
3086 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
3087
3088+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
3089+
3090+ * No-change rebuild to compile against new libxen version.
3091+
3092+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
3093+
3094+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
3095+
3096+ * retain older xenial machine type to avoid issues starting guests
3097+ created on xenial prior to the SRU for bug 1621042. In that regard the old
3098+ broken xenial machine type and the new fixed one have both to be considered
3099+ as valid LTS machine types (LP: #1626070).
3100+
3101+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
3102+
3103+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
3104+
3105+ * fix default ubuntu machine types. (LP: #1621042)
3106+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
3107+ - remove double default and double ubuntu alias
3108+ - drop former devel releases utopic, vivid, wily
3109+ - add xenial and yakkety machine types
3110+ - add q35 based ubuntu machine type starting at xenial
3111+ - add ubuntu machine types on ppc64el and s390x starting at xenial
3112+
3113+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
3114+
3115+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
3116+
3117+ * Enable GPU Passthru for ppc64le (LP: #1541902)
3118+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
3119+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
3120+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
3121+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
3122+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
3123+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
3124+ - 0007-spapr_iommu-Migrate-full-state.patch
3125+ - 0008-spapr_iommu-Add-root-memory-region.patch
3126+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
3127+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
3128+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
3129+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
3130+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
3131+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
3132+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
3133+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
3134+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
3135+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
3136+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
3137+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
3138+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
3139+
3140+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
3141+
3142+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
3143+
3144+ * New upstream release. LP: #1617055.
3145+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3146+
3147+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
3148+
3149 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3150
3151 * Non-maintainer upload.
3152@@ -1890,6 +4893,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3153
3154 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
3155
3156+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
3157+
3158+ * SECURITY UPDATE: DoS via unbounded memory allocation
3159+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
3160+ - CVE-2016-5403
3161+ * SECURITY UPDATE: oob write access while reading ESP command
3162+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
3163+ maximum CDB size and handle migration in hw/scsi/esp.c,
3164+ include/hw/scsi/esp.h, include/migration/vmstate.h.
3165+ - CVE-2016-6351
3166+ * SECURITY UPDATE: infinite loop in virtqueue_pop
3167+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
3168+ length in hw/virtio/virtio.c.
3169+ - CVE-2016-6490
3170+
3171+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
3172+
3173+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
3174+
3175+ * Merge with Debian; remaining changes:
3176+ - debian/rules: do not drop the init scripts loading kvm modules
3177+ (still needed in precise in cloud archive)
3178+ - qemu-system-common.postinst:
3179+ * remove acl placed by udev, and add udevadm trigger.
3180+ * reload kvm_intel if needed to set nested=1
3181+ - qemu-system-common.preinst: add kvm group if needed
3182+ - add qemu-kvm upstart job and defaults file (rules,
3183+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3184+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3185+ do not auto-load the kvm kernel module. Enable nesting by default
3186+ on intel.
3187+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3188+ in qemu64 cpu type.
3189+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3190+ types to ease future live vm migration.
3191+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3192+ d/qemu-system-common.install
3193+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3194+ to fix errors with missing block backends.
3195+ - s390x:
3196+ * Create qemu-system-s390x package
3197+ * Enable pie by default, on ubuntu/s390x.
3198+ * Enable svm by default for qemu64 on amd
3199+ * Include s390-ccw.img firmware
3200+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3201+ relationship, but qemu-efi is still in universe right now.
3202+
3203+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
3204+
3205 qemu (1:2.6+dfsg-3) unstable; urgency=high
3206
3207 * more security fixes picked from upstream:
3208@@ -1943,6 +4995,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
3209
3210 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
3211
3212+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
3213+
3214+ * Merge with Debian; remaining changes: (LP: #1583775)
3215+ - debian/rules: do not drop the init scripts loading kvm modules
3216+ (still needed in precise in cloud archive)
3217+ - qemu-system-common.postinst:
3218+ * remove acl placed by udev, and add udevadm trigger.
3219+ * reload kvm_intel if needed to set nested=1
3220+ - qemu-system-common.preinst: add kvm group if needed
3221+ - add qemu-kvm upstart job and defaults file (rules,
3222+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3223+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3224+ do not auto-load the kvm kernel module. Enable nesting by default
3225+ on intel.
3226+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3227+ in qemu64 cpu type.
3228+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3229+ types to ease future live vm migration.
3230+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3231+ d/qemu-system-common.install
3232+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3233+ to fix errors with missing block backends. (LP: #1495895)
3234+ - s390x:
3235+ * Create qemu-system-s390x package
3236+ * Enable pie by default, on ubuntu/s390x.
3237+ * Enable svm by default for qemu64 on amd
3238+ * Include s390-ccw.img firmware
3239+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3240+ relationship, but qemu-efi is still in universe right now.
3241+ * Drop patches which have been applied upstream:
3242+
3243+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3244+
3245 qemu (1:2.6+dfsg-1) unstable; urgency=medium
3246
3247 * new upstream release
3248@@ -1980,6 +5065,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
3249
3250 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
3251
3252+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3253+
3254+ * Cherrypick upstream patches to support the query-gic-version QMP command
3255+ (LP: #1566564)
3256+
3257+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3258+
3259+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3260+
3261+ [Stefan Bader]
3262+ * Enable svm by default for qemu64 on amd (LP: #1561019)
3263+
3264+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3265+
3266+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3267+
3268+ * qemu-system-s390x only available on s390x, so qemu-system should only
3269+ depend on it on this arch.
3270+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3271+ relationship, but qemu-efi is still in universe right now.
3272+
3273+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3274+
3275+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3276+
3277+ * And actually ship the right things in qemu-system-s390x.
3278+
3279+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3280+
3281+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3282+
3283+ * Create qemu-system-s390x package on ubuntu only.
3284+
3285+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3286+
3287+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3288+
3289+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3290+
3291+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3292+
3293+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3294+
3295+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3296+ (LP: #1556306)
3297+
3298+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3299+
3300+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3301+
3302+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3303+
3304+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3305+
3306+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3307+
3308+ * d/control{-in}: Re-generate and build with libiscsi-dev now
3309+ that its in Ubuntu main (LP: #1271653).
3310+
3311+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3312+
3313+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3314+
3315+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3316+
3317+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3318+
3319+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3320+
3321+ * No-change rebuild for gnutls transition.
3322+
3323+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3324+
3325+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3326+
3327+ * Merge with Debian; remaining changes:
3328+ - debian/rules: do not drop the init scripts loading kvm modules
3329+ (still needed in precise in cloud archive)
3330+ - qemu-system-common.postinst:
3331+ * remove acl placed by udev, and add udevadm trigger.
3332+ * reload kvm_intel if needed to set nested=1
3333+ - qemu-system-common.preinst: add kvm group if needed
3334+ - add qemu-kvm upstart job and defaults file (rules,
3335+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3336+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3337+ do not auto-load the kvm kernel module. Enable nesting by default
3338+ on intel.
3339+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3340+ in qemu64 cpu type.
3341+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3342+ types to ease future live vm migration.
3343+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3344+ d/qemu-system-common.install
3345+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3346+ to fix errors with missing block backends. (LP: #1495895)
3347+ - Enable pie by default, on ubuntu/s390x.
3348+ - Include s390-ccw.img firmware.
3349+
3350+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3351+
3352 qemu (1:2.5+dfsg-5) unstable; urgency=medium
3353
3354 * fix misspellings in previous debian/changelog entry
3355@@ -2037,6 +5222,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
3356
3357 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
3358
3359+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
3360+
3361+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
3362+ contents
3363+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
3364+ hw/block/xen_blkif.h.
3365+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
3366+ hw/display/xenfb.c.
3367+ - CVE-2015-8550
3368+ * SECURITY UPDATE: infinite loop in ehci_advance_state
3369+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
3370+ in hw/usb/hcd-ehci.c.
3371+ - CVE-2015-8558
3372+ * SECURITY UPDATE: host memory leakage in vmxnet3
3373+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
3374+ hw/net/vmxnet3.c.
3375+ - CVE-2015-8567
3376+ - CVE-2015-8568
3377+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
3378+ - debian/patches/CVE-2015-8613.patch: initialise info object with
3379+ appropriate size in hw/scsi/megasas.c.
3380+ - CVE-2015-8613
3381+ * SECURITY UPDATE: DoS via Human Monitor Interface
3382+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
3383+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
3384+ - CVE-2015-8619
3385+ * SECURITY UPDATE: incorrect array bounds check in rocker
3386+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
3387+ check in hw/net/rocker/rocker.c.
3388+ - CVE-2015-8701
3389+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
3390+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
3391+ operations in hw/net/ne2000.c.
3392+ - CVE-2015-8743
3393+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
3394+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
3395+ error in hw/ide/ahci.c.
3396+ - CVE-2016-1568
3397+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
3398+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
3399+ hw/i386/kvmvapic.c.
3400+ - CVE-2016-1922
3401+ * SECURITY UPDATE: e1000 infinite loop
3402+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
3403+ out-of-bounds transfer start in hw/net/e1000.c
3404+ - CVE-2016-1981
3405+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
3406+ engines
3407+ - debian/patches/CVE-2016-2197.patch: add check before calling
3408+ dma_memory_unmap in hw/ide/ahci.c.
3409+ - CVE-2016-2197
3410+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
3411+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
3412+ function in hw/usb/hcd-ehci.c.
3413+ - CVE-2016-2198
3414+
3415+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
3416+
3417+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
3418+
3419+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
3420+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
3421+
3422+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
3423+
3424+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
3425+
3426+ * Include s390-ccw.img firmware.
3427+
3428+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
3429+
3430+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
3431+
3432+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
3433+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
3434+ Thanks Simon. (LP: #1531191)
3435+
3436+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
3437+
3438+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
3439+
3440+ * Merge with Debian; remaining changes:
3441+ - debian/rules: do not drop the init scripts loading kvm modules
3442+ (still needed in precise in cloud archive)
3443+ - qemu-system-common.postinst:
3444+ * remove acl placed by udev, and add udevadm trigger.
3445+ * reload kvm_intel if needed to set nested=1
3446+ - qemu-system-common.preinst: add kvm group if needed
3447+ - add qemu-kvm upstart job and defaults file (rules,
3448+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3449+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3450+ do not auto-load the kvm kernel module. Enable nesting by default
3451+ on intel.
3452+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3453+ in qemu64 cpu type.
3454+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3455+ types to ease future live vm migration.
3456+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3457+ d/qemu-system-common.install
3458+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3459+ to fix errors with missing block backends. (LP: #1495895)
3460+ - Enable pie by default, on ubuntu/s390x.
3461+ * Drop vGICv3 support patches - all is now upstream
3462+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
3463+
3464+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
3465+
3466 qemu (1:2.5+dfsg-1) unstable; urgency=medium
3467
3468 * new upstream release
3469@@ -2063,6 +5355,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
3470
3471 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
3472
3473+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
3474+
3475+ * Enable pie by default, on ubuntu/s390x.
3476+
3477+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
3478+
3479+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
3480+
3481+ * undo the libseccomp delta from debian. libseccomp is indeed available
3482+ on other arches, but we need qemu's configure script to be fixed before
3483+ we can use it on anything other than amd64|i386. Fixes FTBFS.
3484+ (LP: #1522531)
3485+
3486+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
3487+
3488+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
3489+
3490+ * Merge with Debian; remaining changes:
3491+ - Update the ubuntu machine types patch to reflect upstream churn
3492+ - debian/rules: do not drop the init scripts loading kvm modules
3493+ (still needed in precise in cloud archive)
3494+ - qemu-system-common.postinst:
3495+ * remove acl placed by udev, and add udevadm trigger.
3496+ * reload kvm_intel if needed to set nested=1
3497+ - qemu-system-common.preinst: add kvm group if needed
3498+ - add qemu-kvm upstart job and defaults file (rules,
3499+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3500+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3501+ do not auto-load the kvm kernel module. Enable nesting by default
3502+ on intel.
3503+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3504+ in qemu64 cpu type.
3505+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3506+ machine type to ease future live vm migration.
3507+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3508+ d/qemu-system-common.install
3509+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3510+ to fix errors with missing block backends. (LP: #1495895)
3511+ - control-in: build with libseccomp an all architectures
3512+ - Add vGICv3 support
3513+
3514+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
3515+
3516 qemu (1:2.4+dfsg-5) unstable; urgency=medium
3517
3518 * trace-remove-malloc-tracing.patch from upstream.
3519@@ -2075,6 +5410,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
3520
3521 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
3522
3523+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
3524+
3525+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
3526+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
3527+ hw/net/pcnet.c.
3528+ - CVE-2015-7504
3529+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
3530+ - debian/patches/CVE-2015-7512.patch: check packet length in
3531+ hw/net/pcnet.c.
3532+ - CVE-2015-7512
3533+ * SECURITY UPDATE: infinite loop in eepro100
3534+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
3535+ hw/net/eepro100.c.
3536+ - CVE-2015-8345
3537+
3538+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
3539+
3540+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
3541+
3542+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
3543+
3544+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
3545+
3546+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
3547+
3548+ * Merge 2.4 from unstable. Remaining changes:
3549+ - Update the ubuntu machine types patch to reflect upstream churn
3550+ - debian/rules: do not drop the init scripts loading kvm modules
3551+ (still needed in precise in cloud archive)
3552+ - qemu-system-common.postinst:
3553+ * remove acl placed by udev, and add udevadm trigger.
3554+ * reload kvm_intel if needed to set nested=1
3555+ - qemu-system-common.preinst: add kvm group if needed
3556+ - add qemu-kvm upstart job and defaults file (rules,
3557+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3558+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3559+ do not auto-load the kvm kernel module. Enable nesting by default
3560+ on intel.
3561+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3562+ in qemu64 cpu type.
3563+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3564+ machine type to ease future live vm migration.
3565+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3566+ d/qemu-system-common.install
3567+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3568+ to fix errors with missing block backends. (LP: #1495895)
3569+ - control-in: build with libseccomp an all architectures.
3570+ * Add vGICv3 support
3571+
3572+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
3573+
3574 qemu (1:2.4+dfsg-4) unstable; urgency=medium
3575
3576 * applied 3 patches from upstream to fix virtio-net
3577@@ -2089,7 +5475,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
3578 fix for Heap overflow vulnerability in ne2000_receive() function
3579 (Closes: #799074 CVE-2015-5279)
3580 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
3581- (Closes: #799073 CVE-2015-5278)
3582+ (Closes: #799073 CVE-2015-5278)
3583 * some binfmt reorg:
3584 - extend aarch64 to include one more byte as other arches do
3585 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
3586@@ -2141,6 +5527,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
3587
3588 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
3589
3590+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
3591+
3592+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
3593+
3594+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
3595+
3596+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
3597+
3598+ * debian/patches/upstream-fix-irq-route-entries.patch
3599+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
3600+ (LP: #1465935)
3601+
3602+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
3603+
3604+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
3605+
3606+ * Build using libseccomp on all architectures.
3607+
3608+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
3609+
3610+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
3611+
3612+ * SECURITY UPDATE: denial of service via NE2000 driver
3613+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
3614+ hw/net/ne2000.c.
3615+ - CVE-2015-5278
3616+ * SECURITY UPDATE: denial of service and possible code execution via
3617+ heap overflow in NE2000 driver
3618+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
3619+ hw/net/ne2000.c.
3620+ - CVE-2015-5279
3621+ * SECURITY UPDATE: denial of service via e1000 infinite loop
3622+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
3623+ - CVE-2015-6815
3624+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
3625+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
3626+ hw/ide/core.c.
3627+ - CVE-2015-6855
3628+
3629+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
3630+
3631+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
3632+
3633+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
3634+ to fix errors with missing block backends. (LP: #1495895)
3635+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
3636+ * Apply fix for memory corruption during live-migration in tcg mode
3637+ (LP: #1493049)
3638+ * Apply tracing patch to remove use of custom vtable in newer glibc
3639+ (LP: #1491972)
3640+
3641+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
3642+
3643+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
3644+
3645+ * Import qcow2-handle-eagain-from-update_refcount from upstream
3646+ to fix errors when using qemu-img convert -c. (LP: #1491050)
3647+
3648+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
3649+
3650+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
3651+
3652+ * SECURITY UPDATE: process heap memory disclosure
3653+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
3654+ - CVE-2015-5165
3655+ * SECURITY UPDATE: privilege escalation via block device unplugging
3656+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
3657+ in hw/ide/piix.c.
3658+ - CVE-2015-5166
3659+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
3660+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
3661+ limits in ui/vnc.c.
3662+ - CVE-2015-5225
3663+ * SECURITY UPDATE: denial of service via virtio-serial
3664+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
3665+ for control messages in hw/char/virtio-serial-bus.c.
3666+ - CVE-2015-5745
3667+
3668+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
3669+
3670+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
3671+
3672+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
3673+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
3674+ - CVE-2015-3214
3675+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
3676+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
3677+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
3678+ - CVE-2015-5154
3679+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
3680+ - debian/patches/CVE-2015-5158.patch: check length in
3681+ hw/scsi/scsi-bus.c.
3682+ - CVE-2015-5158
3683+
3684+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
3685+
3686+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
3687+
3688+ * SECURITY UPDATE: heap overflow in PCNET controller
3689+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
3690+ - CVE-2015-3209
3691+
3692+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
3693+
3694+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
3695+
3696+ * Merge 1:2.3+dfsg-5 from Debian.
3697+ * Remaining changes:
3698+ - debian/rules: do not drop the init scripts loading kvm modules
3699+ (still needed in precise in cloud archive)
3700+ - qemu-system-common.postinst:
3701+ * remove acl placed by udev, and add udevadm trigger.
3702+ * reload kvm_intel if needed to set nested=1
3703+ - qemu-system-common.preinst: add kvm group if needed
3704+ - add qemu-kvm upstart job and defaults file (rules,
3705+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3706+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3707+ do not auto-load the kvm kernel module. Enable nesting by default
3708+ on intel.
3709+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3710+ in qemu64 cpu type.
3711+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3712+ machine type to ease future live vm migration.
3713+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3714+ d/qemu-system-common.install
3715+ * Refreshed patches:
3716+ - ubuntu/expose-vmx_qemu64cpu.patch
3717+ - ubuntu/define-ubuntu-machine-types.patch
3718+
3719+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
3720+
3721 qemu (1:2.3+dfsg-5) unstable; urgency=high
3722
3723 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
3724@@ -2152,6 +5669,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
3725
3726 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
3727
3728+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
3729+
3730+ * Merge 1:2.3+dfsg-4 from Debian.
3731+ * Remaining changes:
3732+ - debian/rules: do not drop the init scripts loading kvm modules
3733+ (still needed in precise in cloud archive)
3734+ - qemu-system-common.postinst:
3735+ * remove acl placed by udev, and add udevadm trigger.
3736+ * reload kvm_intel if needed to set nested=1
3737+ - qemu-system-common.preinst: add kvm group if needed
3738+ - add qemu-kvm upstart job and defaults file (rules,
3739+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3740+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3741+ do not auto-load the kvm kernel module. Enable nesting by default
3742+ on intel.
3743+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3744+ in qemu64 cpu type.
3745+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3746+ machine type to ease future live vm migration.
3747+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3748+ d/qemu-system-common.install
3749+ * Dropped all patches which are applied upstream
3750+ * Move the upstart jobs to a generic script
3751+ - add new qemu-kvm-init script
3752+ - call that from upstart and sysvrc qemu-kvm scripts
3753+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
3754+
3755+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
3756+
3757 qemu (1:2.3+dfsg-4) unstable; urgency=medium
3758
3759 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
3760@@ -2213,6 +5759,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
3761
3762 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
3763
3764+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
3765+
3766+ * SECURITY UPDATE: denial of service in vnc web
3767+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
3768+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
3769+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
3770+ websockets clients in ui/vnc-ws.c.
3771+ - CVE-2015-1779
3772+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
3773+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
3774+ bounds of the allocated buffer in hw/block/fdc.c.
3775+ - CVE-2015-3456
3776+
3777+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
3778+
3779+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
3780+
3781+ * CVE-2015-2756 / XSA-126
3782+ - xen: limit guest control of PCI command register
3783+
3784+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
3785+
3786+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
3787+
3788+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
3789+ accidentally create /1
3790+
3791+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
3792+
3793+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
3794+
3795+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
3796+
3797+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
3798+
3799+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
3800+
3801+ * No-change rebuild to pull in libxl-4.5.
3802+
3803+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
3804+
3805+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
3806+
3807+ * debian/control-in: enable numa on architectures where numa is built
3808+ (LP: #1417937)
3809+
3810+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
3811+
3812+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
3813+
3814+ [Scott Moser]
3815+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
3816+ profile when started by libvirt.
3817+
3818+ [Serge Hallyn]
3819+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
3820+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
3821+ (LP: #1419855)
3822+
3823+ [Chris J Arges]
3824+ * Determine if we are running inside a virtual environment. If running inside
3825+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
3826+
3827+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
3828+
3829+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
3830+
3831+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
3832+ - debian/rules: do not drop the init scripts loading kvm modules
3833+ (still needed in precise in cloud archive)
3834+ * Remaining changes:
3835+ - qemu-system-common.postinst:
3836+ * remove acl placed by udev, and add udevadm trigger.
3837+ * reload kvm_intel if needed to set nested=1
3838+ - qemu-system-common.preinst: add kvm group if needed
3839+ - add qemu-kvm upstart job and defaults file (rules,
3840+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3841+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3842+ do not auto-load the kvm kernel module. Enable nesting by default
3843+ on intel.
3844+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3845+ in qemu64 cpu type.
3846+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3847+ machine type to ease future live vm migration.
3848+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3849+ d/qemu-system-common.install
3850+ * Dropped all patches which are applied upstream
3851+ * Update ubuntu-vivid machine type to default to std graphics (following
3852+ upstream's lead for pc-i440fx-2.2 machine type)
3853+
3854+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
3855+
3856 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
3857
3858 * fix initscript removal once again
3859@@ -2262,6 +5900,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
3860
3861 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
3862
3863+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
3864+
3865+ * Cherrypick upstream patch needed to allow ESx hosts to run under
3866+ kvm (LP: #1411575)
3867+
3868+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
3869+
3870+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
3871+
3872+ * Merge 2.1+dfsg-11. Remaining changes:
3873+ - qemu-system-common.postinst:
3874+ * remove acl placed by udev, and add udevadm trigger.
3875+ * reload kvm_intel if needed to set nested=1
3876+ - qemu-system-common.preinst: add kvm group if needed
3877+ - add qemu-kvm upstart job and defaults file (rules,
3878+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3879+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3880+ do not auto-load the kvm kernel module. Enable nesting by default
3881+ on intel.
3882+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3883+ removed the alternatives bit later.
3884+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3885+ in qemu64 cpu type.
3886+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3887+ machine type to ease future live vm migration.
3888+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3889+ d/qemu-system-common.install
3890+ - debian/binfmt-update-in: support ppcle
3891+ * debian/binfmt-update-in
3892+ * Support-ppcle.patch
3893+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
3894+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3895+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3896+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3897+ * Dropped patches (upstream or now in debian's tree):
3898+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
3899+ - CVE-2014-7840.patch
3900+ - CVE-2014-8106.patch
3901+
3902+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
3903+
3904 qemu (1:2.1+dfsg-11) unstable; urgency=medium
3905
3906 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
3907@@ -2331,6 +6010,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
3908
3909 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
3910
3911+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
3912+
3913+ * SECURITY UPDATE: code execution via savevm data
3914+ - debian/patches/CVE-2014-7840.patch: validate parameters in
3915+ arch_init.c.
3916+ - CVE-2014-7840
3917+ * SECURITY UPDATE: code execution via cirrus vga blit regions
3918+ (LP: #1400775)
3919+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
3920+ hw/display/cirrus_vga.c.
3921+ - CVE-2014-8106
3922+
3923+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
3924+
3925+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
3926+
3927+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
3928+ dropped and VENDOR now will be all capital UBUNTU).
3929+
3930+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
3931+
3932+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
3933+
3934+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
3935+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
3936+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
3937+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
3938+ SPSel=0 in certain conditions. (LP: #1349277)
3939+
3940+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
3941+
3942+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
3943+
3944+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
3945+ Cherry-pick of qemu-upstream patch to fix issues with persistent
3946+ grants and the PV backend (Qdisk) (LP: #1394327).
3947+
3948+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
3949+
3950+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
3951+
3952+ * Merge 2.1+dfsg-7. Remaining changes:
3953+ - qemu-system-common.postinst:
3954+ * remove acl placed by udev, and add udevadm trigger.
3955+ * reload kvm_intel if needed to set nested=1
3956+ - qemu-system-common.preinst: add kvm group if needed
3957+ - add qemu-kvm upstart job and defaults file (rules,
3958+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3959+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3960+ do not auto-load the kvm kernel module. Enable nesting by default
3961+ on intel.
3962+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
3963+ removed the alternatives bit later.
3964+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3965+ in qemu64 cpu type.
3966+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3967+ machine type to ease future live vm migration.
3968+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3969+ d/qemu-system-common.install
3970+ - debian/binfmt-update-in: support ppcle
3971+ * debian/binfmt-update-in
3972+ * Support-ppcle.patch
3973+ * Dropped patches (upstream or now in debian's tree):
3974+ - pc-reserve-more-memory-for-acpi.patch
3975+ - CVE-2014-5388.patch
3976+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
3977+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
3978+ in debian)
3979+ - CVE-2014-3615.patch
3980+ - CVE-2014-3640.patch
3981+ - CVE-2014-3689.patch
3982+ - CVE-2014-7815.patch
3983+
3984+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
3985+
3986 qemu (2.1+dfsg-7) unstable; urgency=high
3987
3988 * urgency is high due to 2 security fixes
3989@@ -2382,6 +6136,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
3990
3991 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
3992
3993+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
3994+
3995+ * SECURITY UPDATE: information disclosure via vga driver
3996+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
3997+ sanity check register writes, and don't use fixed buffer sizes in
3998+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
3999+ ui/spice-display.c.
4000+ - CVE-2014-3615
4001+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
4002+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
4003+ stub in slirp/udp.c.
4004+ - CVE-2014-3640
4005+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
4006+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
4007+ hw/display/vmware_vga.c.
4008+ - CVE-2014-3689
4009+ * SECURITY UPDATE: denial of service via VNC console
4010+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
4011+ ui/vnc.c.
4012+ - CVE-2014-7815
4013+
4014+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
4015+
4016+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
4017+
4018+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
4019+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
4020+
4021+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
4022+
4023+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
4024+
4025+ * Apply two patches to fix intermittent qemu-img corruption
4026+ (LP: #1368815)
4027+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
4028+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
4029+
4030+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
4031+
4032+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
4033+
4034+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
4035+ debian does.
4036+
4037+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
4038+
4039+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
4040+
4041+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
4042+ versa.
4043+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
4044+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
4045+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
4046+ machine type for that.
4047+
4048+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
4049+
4050+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
4051+
4052+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
4053+ container. (LP: #1370199)
4054+ * load kvm module on ppc64le at boot (LP: #1369785)
4055+ - debian/rules: install qemu-kvm on ppc64el
4056+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
4057+ kvm-hv module if available
4058+ * qemu-system-x86.maintscript: remove accidentally installed
4059+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
4060+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
4061+ ubuntu.
4062+
4063+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
4064+
4065+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
4066+
4067+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
4068+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
4069+
4070+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
4071+
4072+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
4073+
4074+ * move kvm_intel nested setting to qemu-system-x86.postinst.
4075+
4076+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
4077+
4078+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
4079+
4080+ * Merge new debian release
4081+ * Remaining changes:
4082+ - qemu-system-common.postinst:
4083+ * remove acl placed by udev, and add udevadm trigger.
4084+ * reload kvm_intel if needed to set nested=1
4085+ - qemu-system-common.preinst: add kvm group if needed
4086+ - add qemu-kvm upstart job and defaults file (rules,
4087+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4088+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4089+ do not auto-load the kvm kernel module. Enable nesting by default
4090+ on intel.
4091+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4092+ removed the alternatives bit later.
4093+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4094+ in qemu64 cpu type.
4095+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4096+ machine type to ease future live vm migration.
4097+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4098+ d/qemu-system-common.install
4099+ - debian/binfmt-update-in: support ppcle
4100+ * debian/binfmt-update-in
4101+ * Support-ppcle.patch
4102+ - d/p/CVE-2014-5388.patch
4103+
4104+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
4105+
4106 qemu (2.1+dfsg-4) unstable; urgency=medium
4107
4108 * mention libnuma-dev but not enable for now
4109@@ -2399,6 +6266,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
4110
4111 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
4112
4113+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
4114+
4115+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
4116+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
4117+ - CVE-2014-5388
4118+
4119+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
4120+
4121+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
4122+
4123+ * replace d/p/revert-acpi-table-size-bump with
4124+ pc-reserve-more-memory-for-acpi.patch from upstream
4125+ * debian/binfmt-update-in
4126+ - don't run in a container
4127+ - add ppc64le as target (LP: #1358268)
4128+ * Add experimental ppcle support (LP: #1358268)
4129+
4130+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
4131+
4132+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
4133+
4134+ * revert-acpi-table-size-bump - get qemu -kernel working again.
4135+
4136+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
4137+
4138+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
4139+
4140+ * Merge new debian release
4141+ * Remaining changes:
4142+ - control-in: stick to libsdl1.2-dev.
4143+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4144+ qemu-bridge-helper
4145+ - qemu-system-common.postinst: remove acl placed by udev,
4146+ and add udevadm trigger.
4147+ - qemu-system-common.preinst: add kvm group if needed
4148+ - add qemu-kvm upstart job and defaults file (rules,
4149+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4150+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4151+ do not auto-load the kvm kernel module. Enable nesting by default
4152+ on intel.
4153+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4154+ removed the alternatives bit later.
4155+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4156+ in qemu64 cpu type.
4157+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4158+ machine type to ease future live vm migration.
4159+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4160+ d/qemu-system-common.install
4161+ * Upstart job: use getent group to check for kvm group
4162+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
4163+
4164+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
4165+
4166 qemu (2.1+dfsg-3) unstable; urgency=medium
4167
4168 * set SHELL = /bin/sh -e, so that more complex shell constructs
4169@@ -2425,6 +6345,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
4170
4171 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
4172
4173+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
4174+
4175+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
4176+
4177+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
4178+
4179+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
4180+
4181+ * Merge new debian release
4182+ * Remaining changes:
4183+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4184+ have in ipxe-qemu package.
4185+ - control-in: stick to libsdl1.2-dev.
4186+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4187+ qemu-bridge-helper
4188+ - qemu-system-common.postinst: remove acl placed by udev,
4189+ and add udevadm trigger.
4190+ - qemu-system-common.preinst: add kvm group if needed
4191+ - add qemu-kvm upstart job and defaults file (rules,
4192+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4193+ - debian/rules: add qemu-kvm-spice
4194+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4195+ do not auto-load the kvm kernel module. Enable nesting by default
4196+ on intel.
4197+ - binfmt-update-in: make sure to filter out compat arches.
4198+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4199+ removed the alternatives bit later.
4200+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4201+ in qemu64 cpu type.
4202+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4203+ machine type to ease future live vm migration.
4204+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4205+ d/qemu-system-common.install
4206+
4207+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
4208+
4209 qemu (2.1+dfsg-2) unstable; urgency=medium
4210
4211 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
4212@@ -2459,7 +6415,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
4213
4214 qemu (2.0.0+dfsg-7) unstable; urgency=medium
4215
4216- * clarify description of qemu-user-binfmt a bit
4217+ * clarify description of qemu-user-binfmt a bit
4218 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
4219 * remove qemu-keymaps package, since it is not used by other tools
4220 anymore, and ship keymaps in qemu-system-common.
4221@@ -2476,6 +6432,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
4222
4223 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
4224
4225+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
4226+
4227+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
4228+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
4229+
4230+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
4231+
4232+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
4233+
4234+ * Merge 2.0.0+dfsg-6. Remaining changes:
4235+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4236+ have in ipxe-qemu package.
4237+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
4238+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4239+ qemu-bridge-helper
4240+ - qemu-system-common.postinst: remove acl placed by udev,
4241+ and add udevadm trigger.
4242+ - qemu-system-common.preinst: add kvm group if needed
4243+ - add qemu-kvm upstart job and defaults file (rules,
4244+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4245+ - debian/rules: add qemu-kvm-spice
4246+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4247+ do not auto-load the kvm kernel module. Enable nesting by default
4248+ on intel.
4249+ - binfmt-update-in: make sure to filter out compat arches.
4250+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4251+ removed the alternatives bit later.
4252+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4253+ in qemu64 cpu type.
4254+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4255+ machine type to ease future live vm migration.
4256+ - re-introduce apport hook for qemu source package:
4257+ d/source_qemu-kvm.py, d/qemu-system-common.install
4258+ * enable-build-dep on libjpeg8-dev - which is now in main
4259+
4260+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
4261+
4262 qemu (2.0.0+dfsg-6) unstable; urgency=medium
4263
4264 * build-depend on libgnutls28-dev not libgnutls-dev
4265@@ -2519,6 +6512,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
4266
4267 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
4268
4269+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
4270+
4271+ * remove alternatives for qemu: different architectures
4272+ aren't really alternatives and never had been (LP: #1316829)
4273+
4274+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
4275+
4276+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
4277+
4278+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
4279+ * debian/control: drop the versioning requirement from libfdt-dev
4280+ build-dependency, as it is longer needed (LP: #1295072)
4281+
4282+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
4283+
4284+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
4285+
4286+ * Merge 2.0.0+dfsg-2
4287+ * Incorporates a fix for spice users (LP: #1309452)
4288+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
4289+ the regression requiring it was reverted for 2.0 upstream.
4290+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
4291+ * debian/qemu-debootstrap: add arm64
4292+ * Remaining changes from debian:
4293+ - keep qemu 'alternative' (not something to change in SRU)
4294+ - debian/control and debian/control-in:
4295+ * versioned libfdt-dev check, until libfdt is fixed in precise
4296+ * enable rbd
4297+ * remove ovmf Recommends, as it is in multiverse
4298+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
4299+ * add a qemu-system-aarch64 metapackage for transitions from trusty
4300+ development version. This can be removed after trusty.
4301+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4302+ qemu-bridge-helper
4303+ - qemu-system-common.postinst: fix /dev/kvm acls
4304+ - qemu-system-common.preinst: add kvm group if needed
4305+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4306+ have in ipxe-qemu package.
4307+ - qemu-system-x86.modprobe: set module options for older releases
4308+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
4309+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
4310+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
4311+ - debian/rules
4312+ * add legacy kvm-spice link
4313+ * fix ppc and arm slections
4314+ * add aarch64 to user_targets
4315+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
4316+ pc-i440fx-trusty machine type as the default.
4317+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
4318+ default in qemu64 cpu time.
4319+
4320+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
4321+
4322 qemu (2.0.0+dfsg-2) unstable; urgency=medium
4323
4324 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
4325@@ -2544,7 +6590,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
4326 * kmod dependency is linux-any
4327 * doc-grammify-allows-to.patch: fix some lintian warnings
4328 * remove alternatives for qemu: different architectures
4329- aren't really alternatives and never had been
4330+ aren't really alternatives and never had been
4331 * update Standards-Version to 3.9.5 (no changes needed)
4332 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
4333 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
4334@@ -2578,6 +6624,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
4335
4336 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
4337
4338+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
4339+
4340+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
4341+ don't abort() just because the kernel has no dirty bitmap.
4342+ (LP: #1303926)
4343+
4344+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
4345+
4346+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
4347+
4348+ * define-trusty-machine-type.patch: update the trusty machine type name to
4349+ pc-i440fx-trusty (LP: #1304107)
4350+
4351+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
4352+
4353+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
4354+
4355+ * Merge 2.0.0-rc1
4356+ * debian/rules: consolidate ppc filter entries.
4357+ * Move qemu-system-arch64 into qemu-system-arm
4358+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
4359+ type, currently the same as pc-i440fx-2.0, to put is in a better position
4360+ to enable live migrations from trusty onward. (LP: #1294823)
4361+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
4362+ * Merge latest upstream git to commit dc9528f
4363+ * Debian/rules:
4364+ - remove -enable-uname-release=2.6.32
4365+ - don't make the aarch64 target Ubuntu-specific.
4366+ * Remove patches which are now upstream:
4367+ - fix-smb-security-share.patch
4368+ - slirp-smb-redirect-port-445-too.patch
4369+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
4370+ - signal-added-a-wrapper-for-sigprocmask-function.patch
4371+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4372+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4373+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
4374+ * add link for /usr/share/qemu/bios-256k.bin
4375+ * Remove all linaro patches.
4376+ * Remove all arm64/ patches. Many but not all are upstream.
4377+ * Remove CVE-2013-4377.patch which is upstream.
4378+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
4379+
4380+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
4381+
4382 qemu (1.7.0+dfsg-9) unstable; urgency=medium
4383
4384 * remove rbd/rados/ceph support *again*, till they'll actually provide
4385@@ -2642,6 +6732,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
4386
4387 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
4388
4389+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
4390+
4391+ * No-change rebuild to build with libxen-4.4.
4392+
4393+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
4394+
4395+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
4396+
4397+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
4398+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
4399+
4400+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
4401+
4402+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
4403+
4404+ [ dann frazier ]
4405+ * Add patches from the susematz tree to avoid intermittent segfaults:
4406+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
4407+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4408+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4409+
4410+ [ Serge Hallyn ]
4411+ * Modify do_sigprocmask to only change behavior for aarch64.
4412+ (LP: #1285363)
4413+
4414+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
4415+
4416+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
4417+
4418+ [ Steve Langasek ]
4419+ * Merge debian/control with unreleased Debian branch: our architecture
4420+ lists should now be in sync.
4421+
4422+ [ Dann Frazier ]
4423+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
4424+ on arm64 and maybe others. (LP: #1284344)
4425+
4426+ [ Serge Hallyn ]
4427+ * Move the OVMF.fd link to the ovmf package.
4428+
4429+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
4430+
4431+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
4432+
4433+ * Add ppc64el to the architecture list (supposedly added in the previous
4434+ upload, but really wasn't).
4435+
4436+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
4437+
4438+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
4439+
4440+ * Backport changes to enable qemu-user-static support for aarch64
4441+ * debian/control: add ppc64el to Architectures
4442+ * debian/rules: only install qemu-system-aarch64 on arm64.
4443+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
4444+ debian/qemu-system-aarch64 directory
4445+
4446+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
4447+
4448+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
4449+
4450+ * Fix broken filter_binfmts
4451+ * Remove use of dpkg-version in postinsts, as we're not Depending on
4452+ dpkg-dev.
4453+
4454+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
4455+
4456+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
4457+
4458+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
4459+ - debian/patches/ubuntu:
4460+ * expose-vmx_qemu64cpu.patch
4461+ * linaro (omap3) and arm64 patches
4462+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
4463+ on ppc
4464+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
4465+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
4466+ - debian/control:
4467+ * add arm64 to Architectures
4468+ * add qemu-common and qemu-system-aarch64 packages
4469+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
4470+ - debian/qemu-system-common.preinst: add kvm group
4471+ - debian/qemu-system-common.postinst: remove acl placed by udev,
4472+ and add udevadm trigger.
4473+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
4474+ pxe-e1000 and pxe-rtl8139.
4475+ - add qemu-system-x86.qemu-kvm.upstart and .default
4476+ - qemu-user-static.postinst-in: remove arm64 binfmt
4477+ - debian/rules:
4478+ * allow parallel build
4479+ * add aarch64 to system_targets and sys_systems
4480+ * add qemu-kvm-spice links
4481+ * install qemu-system-x86.modprobe
4482+ - add debian/qemu-system-common.links for OVMF.fd link
4483+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
4484+
4485+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
4486+
4487 qemu (1.7.0+dfsg-3) unstable; urgency=low
4488
4489 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
4490@@ -2667,6 +6855,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
4491
4492 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
4493
4494+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
4495+
4496+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
4497+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
4498+
4499+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
4500+
4501+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
4502+
4503+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
4504+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
4505+ virtio device unplugging.
4506+ - CVE-2013-4377
4507+
4508+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
4509+
4510+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
4511+
4512+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
4513+ powerpc.
4514+
4515+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
4516+
4517+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
4518+
4519+ [ Serge Hallyn ]
4520+ * add arm64 patchset from upstream. The three arm virt patches previously
4521+ pushed are in that set, so drop them.
4522+
4523+ [ dann frazier ]
4524+ * Add packaging for qemu-system-aarch64. This package is currently only
4525+ available for arm64, as full software emulation is not yet supported.
4526+
4527+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
4528+
4529+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
4530+
4531+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
4532+ supported any longer.
4533+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
4534+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
4535+ churn caused by linaro patchset.
4536+ * debian/rules: enable parallel builds.
4537+
4538+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
4539+
4540+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
4541+
4542+ * d/control: enable usbredir (LP: 1126390)
4543+
4544+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
4545+
4546+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
4547+
4548+ * add missing arm virt patches from the mach-virt-v7 branch of
4549+ git://git.linaro.org/people/cdall/qemu-arm.git
4550+
4551+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
4552+
4553+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
4554+
4555+ * debian/control: add arm64 to list of architectures.
4556+
4557+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
4558+
4559+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
4560+
4561+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
4562+ - debian/control
4563+ * update maintainer
4564+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4565+ from build-deps
4566+ * enable rbd
4567+ * add qemu-system and qemu-common B/R to qemu-keymaps
4568+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4569+ qemu-system-common
4570+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4571+ - add qemu-common, qemu-kvm, kvm to B/R
4572+ - remove openbios-sparc from qemu-system-sparc D
4573+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4574+ * qemu-system-x86:
4575+ - add qemu-common to Breaks/Replaces.
4576+ - add cpu-checker to Recommends.
4577+ * qemu-user: add B/R:qemu-kvm
4578+ * qemu-kvm:
4579+ - add armhf armel powerpc sparc to Architecture
4580+ - C/R/P: qemu-kvm-spice
4581+ * add qemu-common package
4582+ * drop qemu-slof which is not packaged in ubuntu
4583+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4584+ - qemu-system-x86.links:
4585+ * remove pxe rom links which are in kvm-ipxe
4586+ - debian/rules
4587+ * add kvm-spice symlink to qemu-kvm
4588+ * call dh_installmodules for qemu-system-x86
4589+ * update dh_installinit to install upstart script
4590+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4591+ - Add qemu-utils.links for kvm-* symlinks.
4592+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4593+ - Add qemu-system-x86.modprobe to set nesting=1
4594+ - Add qemu-system-common.preinst to add kvm group
4595+ - qemu-system-common.postinst: remove bad group acl if there, then have
4596+ udev relabel /dev/kvm.
4597+ - New linaro patches from qemu-linaro rebasing branch
4598+ - Dropped patches:
4599+ * linaro patchset
4600+ * mach-virt patchset
4601+ - Kept patches:
4602+ * expose_vms_qemu64cpu.patch
4603+ * fix-pci-add
4604+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4605+ qemu-bridge-helper
4606+
4607+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 07 Dec 2013 06:08:11 +0000
4608+
4609 qemu (1.7.0+dfsg-2) unstable; urgency=low
4610
4611 * switch from vgabios to seavgabios
4612@@ -2696,6 +6999,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
4613
4614 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Nov 2013 03:14:21 +0400
4615
4616+qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
4617+
4618+ * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
4619+ to prevent lts-to-lts updates from breaking. (LP: #1243403)
4620+
4621+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:31:05 -0500
4622+
4623+qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
4624+
4625+ * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
4626+ - debian/control
4627+ * update maintainer
4628+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4629+ from build-deps
4630+ * enable rbd
4631+ * add qemu-system and qemu-common B/R to qemu-keymaps
4632+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4633+ qemu-system-common
4634+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4635+ - add qemu-kvm to Provides
4636+ - add qemu-common, qemu-kvm, kvm to B/R
4637+ - remove openbios-sparc from qemu-system-sparc D
4638+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4639+ * qemu-system-x86:
4640+ - add qemu-common to Breaks/Replaces.
4641+ - add cpu-checker to Recommends.
4642+ * qemu-user: add B/R:qemu-kvm
4643+ * qemu-kvm:
4644+ - add armhf armel powerpc sparc to Architecture
4645+ - C/R/P: qemu-kvm-spice
4646+ * add qemu-common package
4647+ * drop qemu-slof which is not packaged in ubuntu
4648+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4649+ - qemu-system-x86.links:
4650+ * remove pxe rom links which are in kvm-ipxe
4651+ * add symlink for kvm.1 manpage
4652+ - debian/rules
4653+ * add kvm-spice symlink to qemu-kvm
4654+ * call dh_installmodules for qemu-system-x86
4655+ * update dh_installinit to install upstart script
4656+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4657+ - Add qemu-utils.links for kvm-* symlinks.
4658+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4659+ - Add qemu-system-x86.modprobe to set nesting=1
4660+ - Add qemu-system-common.preinst to add kvm group
4661+ - qemu-system-common.postinst: remove bad group acl if there, then have
4662+ udev relabel /dev/kvm.
4663+ - New linaro patches from qemu-linaro rebasing branch
4664+ - Dropped patches:
4665+ * xen-simplify-xen_enabled.patch
4666+ * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
4667+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4668+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4669+ * virtio-rng-fix-crash
4670+ - Kept patches:
4671+ * expose_vms_qemu64cpu.patch - updated
4672+ * linaro arm patches from qemu-linaro rebasing branch
4673+ - New patches:
4674+ * fix-pci-add: change CONFIG variable in ifdef to make sure that
4675+ pci_add is defined.
4676+ * Add linaro patches
4677+ * Add experimental mach-virt patches for arm virtualization.
4678+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4679+ qemu-bridge-helper
4680+
4681+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 22 Oct 2013 22:47:07 -0500
4682+
4683 qemu (1.6.0+dfsg-2) unstable; urgency=low
4684
4685 * Build-depend in seccomp again once it is in -testing
4686@@ -2766,6 +7136,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium
4687
4688 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 06 Jun 2013 01:50:32 +0400
4689
4690+qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
4691+
4692+ * No change rebuild for new seccomp.
4693+
4694+ -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 18:34:50 -0400
4695+
4696+qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
4697+
4698+ * Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
4699+ - virtio-rng-fix-crash
4700+
4701+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Oct 2013 17:46:49 -0500
4702+
4703+qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low
4704+
4705+ * Re-introduce snippet in upstart job to load kvm modules if needed.
4706+ (LP: #1218459)
4707+
4708+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Sep 2013 22:43:52 +0000
4709+
4710+qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low
4711+
4712+ * Cherry-picking three Xen related patches targetted for qemu-stable:
4713+ * xen-simplify-xen_enabled.patch
4714+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4715+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4716+
4717+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 26 Jul 2013 15:01:44 +0200
4718+
4719+qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low
4720+
4721+ * Drop openbios-ppc and openhackware Depends to Suggests for now.
4722+
4723+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Jun 2013 03:23:56 -0600
4724+
4725+qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low
4726+
4727+ * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes:
4728+ - debian/control
4729+ * update maintainer
4730+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4731+ from build-deps
4732+ * enable rbd
4733+ * add qemu-system and qemu-common B/R to qemu-keymaps
4734+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4735+ qemu-system-common
4736+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4737+ - add qemu-kvm to Provides
4738+ - add qemu-common, qemu-kvm, kvm to B/R
4739+ - remove openbios-sparc from qemu-system-sparc D
4740+ * qemu-system-x86:
4741+ - add qemu-common to Breaks/Replaces.
4742+ - add cpu-checker to Recommends.
4743+ * qemu-user: add B/R:qemu-kvm
4744+ * qemu-kvm:
4745+ - add armhf armel powerpc sparc to Architecture
4746+ - C/R/P: qemu-kvm-spice
4747+ * add qemu-common package
4748+ * drop qemu-slof which is not packaged in ubuntu
4749+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4750+ - qemu-system-x86.links:
4751+ * remove pxe rom links which are in kvm-ipxe
4752+ * add symlink for kvm.1 manpage
4753+ - debian/rules
4754+ * add kvm-spice symlink to qemu-kvm
4755+ * call dh_installmodules for qemu-system-x86
4756+ * update dh_installinit to install upstart script
4757+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4758+ - Add qemu-utils.links for kvm-* symlinks.
4759+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4760+ - Add qemu-system-x86.modprobe to set nesting=1
4761+ - Add qemu-system-common.preinst to add kvm group
4762+ - qemu-system-common.postinst: remove bad group acl if there, then have
4763+ udev relabel /dev/kvm.
4764+ - Dropped patches:
4765+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4766+ - Kept patches:
4767+ * expose_vms_qemu64cpu.patch - updated
4768+ * gridcentric patch - updated
4769+ * linaro arm patches from qemu-linaro rebasing branch
4770+
4771+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Jun 2013 22:56:43 +0200
4772+
4773 qemu (1.5.0+dfsg-3) unstable; urgency=low
4774
4775 * fix sections: misc => otherosfs
4776@@ -2785,6 +7238,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low
4777
4778 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Jun 2013 01:49:47 +0400
4779
4780+qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low
4781+
4782+ * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes:
4783+ - debian/control
4784+ * update maintainer
4785+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4786+ from build-deps
4787+ * enable rbd
4788+ * add qemu-system and qemu-common B/R to qemu-keymaps
4789+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4790+ qemu-system-common
4791+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4792+ - add qemu-kvm to Provides
4793+ - add qemu-common, qemu-kvm, kvm to B/R
4794+ - remove openbios-sparc from qemu-system-sparc D
4795+ * qemu-system-x86:
4796+ - add qemu-common to Breaks/Replaces.
4797+ - add cpu-checker to Recommends.
4798+ * qemu-user: add B/R:qemu-kvm
4799+ * qemu-kvm:
4800+ - add armhf armel powerpc sparc to Architecture
4801+ - C/R/P: qemu-kvm-spice
4802+ * add qemu-common package
4803+ * drop qemu-slof which is not packaged in ubuntu
4804+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4805+ - qemu-system-x86.links:
4806+ * remove pxe rom links which are in kvm-ipxe
4807+ * add symlink for kvm.1 manpage
4808+ - debian/rules
4809+ * add kvm-spice symlink to qemu-kvm
4810+ * call dh_installmodules for qemu-system-x86
4811+ * update dh_installinit to install upstart script
4812+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4813+ - Add qemu-utils.links for kvm-* symlinks.
4814+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4815+ - Add qemu-system-x86.modprobe to set nesting=1
4816+ - Add qemu-system-common.preinst to add kvm group
4817+ - qemu-system-common.postinst: remove bad group acl if there, then have
4818+ udev relabel /dev/kvm.
4819+ - Dropped patches:
4820+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4821+ - Kept patches:
4822+ * expose_vms_qemu64cpu.patch - updated
4823+ * gridcentric patch - updated
4824+ * linaro arm patches from qemu-linaro rebasing branch
4825+
4826+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 May 2013 08:18:30 -0500
4827+
4828 qemu (1.5.0+dfsg-2) unstable; urgency=low
4829
4830 * merged development history of wheezy and experimental branches.
4831@@ -2852,6 +7353,76 @@ qemu (1.4.0+dfsg-2exp) experimental; urgency=low
4832
4833 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 18 Apr 2013 14:45:30 +0400
4834
4835+qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low
4836+
4837+ * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177)
4838+ * qemu-system-x86.qemu-kvm.upstart:
4839+ - remove NESTED workarounds from upstart file.
4840+ - remove loading of modules which is now always done
4841+ - remove TAPR define which is no longer used
4842+ * move customizable defines back to qemu-kvm.default
4843+ * copy creation of group kvm to preinst - the group must exist when the
4844+ kvm udev rule is installed (LP: #1103022) (LP: #1092715)
4845+ * add adduser to qemu-system-common Pre-Depends for use by preinst.
4846+
4847+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Mar 2013 14:21:53 -0500
4848+
4849+qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low
4850+
4851+ * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on
4852+ i386/amd64 targets. (LP: #1126258)
4853+
4854+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 28 Feb 2013 15:17:16 -0600
4855+
4856+qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low
4857+
4858+ * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing
4859+ tree.
4860+ * add qemu-common to qemu-system-common B/R (was accidentally dropped from
4861+ 1.3.0 in 1.4.0 merge).
4862+ * debian/control: fix kvm P/C/B/R:
4863+ - make all C/B/R against kvm versioned
4864+ - don't have any qemu-system-* other than x86 Provides: kvm
4865+
4866+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Feb 2013 13:34:07 -0600
4867+
4868+qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low
4869+
4870+ * Merge 1.4.0+dfsg-1exp from debian. Remaining changes:
4871+ - debian/control:
4872+ * update maintainer
4873+ * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps
4874+ * enable rbd
4875+ * add qemu-system and qemu-common B/R to qemu-keymaps
4876+ * add D:udev and R:qemu to qemu-system-common
4877+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4878+ - add qemu-kvm and kvm to Provides
4879+ - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc,
4880+ qemu-system-sparc:
4881+ - remove openbios-$arch from Depends
4882+ * qemu-system-x86:
4883+ - add qemu-common to Breaks/Replaces.
4884+ - add cpu-checker to Recommends.
4885+ * qemu-user:
4886+ - add B/R qemu-kvm
4887+ * qemu-utils:
4888+ - add B/R qemu-user and qemu-kvm
4889+ * qemu-kvm: add armhf armel powerpc sparc to Architecture
4890+ * add qemu-common package
4891+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4892+ - qemu-system-x86.links:
4893+ * remove pxe rom links which are in kvm-ipxe
4894+ * add symlink for kvm.1 manpage
4895+ - Add qemu-utils.links for kvm-* symlinks.
4896+ - Add qemu-kvm.conf upstart job to qemu-system
4897+ - Clear /dev/kvm acls on install
4898+ - Add linaro arm patches.
4899+ - Add gridcentric patches.
4900+ - Re-add expose_vms_qemu64cpu.patch (from Daviey)
4901+ * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4902+
4903+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 11:58:27 -0600
4904+
4905 qemu (1.4.0+dfsg-1exp) experimental; urgency=low
4906
4907 [ Michael Tokarev ]
4908@@ -2907,6 +7478,116 @@ qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low
4909
4910 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 02 Feb 2013 21:05:28 +0400
4911
4912+qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low
4913+
4914+ * qemu-system-common.postinst: only run setfacl when /dev/kvm exists.
4915+ (LP: #1130591)
4916+
4917+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 20 Feb 2013 08:58:53 -0600
4918+
4919+qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low
4920+
4921+ * Update workarounds for udev/inotify: (LP: #1092715)
4922+ - qemu-system-common.udev: go back to original, simple rule
4923+ - qemu-system-common.postinst: manually run setfacl
4924+ - (keep Depends: on acl as well)
4925+ - this can be removed once bug 1092715 is fixed.
4926+
4927+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 19 Feb 2013 12:41:22 -0600
4928+
4929+qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low
4930+
4931+ * Now that qemu provides spice support, and qemu-kvm-spice is removed from
4932+ the archive, have qemu-kvm (which qemu-kvm-spice always depended on)
4933+ P/C/R qemu-kvm-spice.
4934+
4935+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Feb 2013 13:43:27 -0600
4936+
4937+qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low
4938+
4939+ * Enable spice.
4940+ * Address lintian warning by adding ${misc:Depends} to qemu-common and
4941+ qemu-kvm.
4942+
4943+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 12 Feb 2013 16:07:04 -0600
4944+
4945+qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low
4946+
4947+ [ Serge Hallyn ]
4948+ * Merge 1.3.0+dfsg-5exp from Debian.
4949+ * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1:
4950+ - debian/control:
4951+ * update maintainer
4952+ * remove vde2 recommends
4953+ * build-deps: remove libusbredir, libvdeplug2-dev,
4954+ libspice-server-dev, libspice-protocol-dev, libiscsi-dev
4955+ * qemu-system:
4956+ - break/replace qemu-common
4957+ - depend on udev
4958+ - remove openbios-ppc, openbios-sparc, and openhackware from
4959+ Depends. (Intend to add them back once we can build them.)
4960+ * qemu-utils: break/replace qemu-kvm
4961+ - qemu-kvm.upstart:
4962+ - add qemu-system.qemu-kvm.upstart
4963+ - debian/rules: add dh_installinit to get qemu-system.upstart installed.
4964+ - take the defaults from the old qemu-kvm.defaults, and move them into
4965+ the upstart job
4966+ - debian/patches:
4967+ - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches
4968+ - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git
4969+ - add links for qemu-ifup/down in qemu-system-common.links
4970+ - debian/qemu-system-common.postinst
4971+ - udevadm trigger to fix up /dev/kvm perms
4972+ - debian/qemu-system.links:
4973+ - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict
4974+ with ones from kvm-ipxe). We may want to move the links from kvm-ipxe
4975+ back to qemu-system at some point.
4976+ * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1:
4977+ - qemu-system-common.links: add link for OVMF
4978+ - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages.
4979+ - qemu-system.links:
4980+ * Add link to usr/share/ovmf/OVMF.fd
4981+ * Fix target of /etc/kvm/kvm-if{up,down} links
4982+ - debian/control: qemu-system should Recommend cpu-checker
4983+ - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over
4984+ (i.e.) qemu-x86_64.
4985+ - add qemu-kvm, and qemu-common transitional packages.
4986+ - Add breaks/replaces to qemu-keymaps for qemu-system.
4987+ - Add provides: qemu-kvm and kvm to qemu-system-ppc.
4988+ - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common.
4989+ - Add breaks/replaces to qemu-kvm for qemu-common.
4990+ - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm.
4991+ - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional
4992+ package.
4993+ - Add qemu-common package.
4994+ - Make sure /dev/kvm gets its acls cleared:
4995+ * Add acl to qemu-system.depends
4996+ * update qemu-system.udev to run setfacl to set g::rw acl
4997+ - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts
4998+ * dropped debian/patches/CVE-2012-6075.patch (duplicate of
4999+ e1000-discard-oversize-packets-based-on-SBP_LPE.patch)
5000+ * debian/{control,configure-opts}: enable rbd (LP: #1118406)
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches