New changelog entries:
* d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
fix migrations from old machines (LP: #1829868).
* d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
toleration for future machines (LP: #1830704
New changelog entries:
* Add qemu-guest-agent Breaks: for unattended-upgrades versions not being
able to install it to avoid qemu-guest-agent blocking other security
updates. (LP: #1823872)
New changelog entries:
* SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- CVE-2018-20815
* SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
New changelog entries:
[ Marc Deslauriers ]
* SECURITY UPDATE: TOCTTOU in MTP
- debian/patches/CVE-2018-16872.patch: use O_NOFOLLOW and O_CLOEXEC in
hw/usb/dev-mtp.c.
- CVE-2018-16872
* SECURITY UPDATE: race during file renaming in v9fs_wstat
- debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
- CVE-2018-19489
* SECURITY UPDATE: out-of-bounds read via i2 commands
- debian/patches/CVE-2019-3812.patch: add bounds check to
hw/i2c/i2c-ddc.c.
- CVE-2019-3812
* SECURITY UPDATE: heap based buffer overflow in slirp
- debian/patches/CVE-2019-6778.patch: check data length while emulating
ident function in slirp/tcp_subr.c.
- CVE-2019-6778
[ Christian Ehrhardt ]
* fix crash when performing block pull on partial cluster (LP: #1818264)
- d/p/ubuntu/lp-1818264-block-Fix-copy-on-read-crash-with-partial.patch
* qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
- d/qemu-guest-agent.install: use correct path for fsfreeze-hook
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile
New changelog entries:
* SECURITY UPDATE: integer overflow in NE2000 NIC emulation
- debian/patches/CVE-2018-10839.patch: use proper type in
hw/net/ne2000.c.
- CVE-2018-10839
* SECURITY UPDATE: buffer overflow via incoming fragmented datagrams
- debian/patches/CVE-2018-11806.patch: correct size computation in
slirp/mbuf.c, slirp/mbuf.h.
- CVE-2018-11806
* SECURITY UPDATE: integer overflow via crafted QMP command
- debian/patches/CVE-2018-12617.patch: check bytes count read by
guest-file-read in qga/commands-posix.c.
- CVE-2018-12617
* SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
- debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
- CVE-2018-16847
* SECURITY UPDATE: buffer overflow in rtl8139
- debian/patches/CVE-2018-17958.patch: use proper type in
hw/net/rtl8139.c.
- CVE-2018-17958
* SECURITY UPDATE: buffer overflow in pcnet
- debian/patches/CVE-2018-17962.patch: use proper type in
hw/net/pcnet.c.
- CVE-2018-17962
* SECURITY UPDATE: DoS via large packet sizes
- debian/patches/CVE-2018-17963.patch: check size in net/net.c.
- CVE-2018-17963
* SECURITY UPDATE: DoS in lsi53c895a
- debian/patches/CVE-2018-18849.patch: check message length value is
valid in hw/scsi/lsi53c895a.c.
- CVE-2018-18849
* SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
- debian/patches/CVE-2018-18954.patch: check size before data buffer
access in hw/ppc/pnv_lpc.c.
- CVE-2018-18954
* SECURITY UPDATE: race condition in 9p
- debian/patches/CVE-2018-19364-1.patch: use write lock in
hw/9pfs/cofile.c.
- debian/patches/CVE-2018-19364-2.patch: use write lock in
hw/9pfs/9p.c.
- CVE-2018-19364
New changelog entries:
* Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
The SLOF source pieces in src:qemu are only used for s390x netboot,
which are independent ROMs (no linking). All other binaries out of this
are part of src:slof and independent.
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.11-to-3.0.patch
- d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
and related fixes