Last commit made on 2019-06-13
Get this branch:
git clone -b fix-1832622-ppc-spectre-eoan https://git.launchpad.net/~paelzer/ubuntu/+source/qemu
Only Christian Ehrhardt  can upload to this branch. If you are Christian Ehrhardt  please log in for upload directions.

Branch merges

Branch information


Recent commits

c9b543e... by Christian Ehrhardt  on 2019-06-13

changelog: count cache flush Spectre v2 mitigation for ppc64 (LP: #1832622)

Signed-off-by: Christian Ehrhardt <email address hidden>

910594e... by Christian Ehrhardt  on 2019-06-13

adapt LP: #1832622 fixes for qemu 3.0

Signed-off-by: Christian Ehrhardt <email address hidden>

21948e3... by Christian Ehrhardt  on 2019-06-13

adapt LP: #1832622 fixes for qemu 2.12

Signed-off-by: Christian Ehrhardt <email address hidden>

0452361... by Christian Ehrhardt  on 2019-06-13

d/p/ubuntu/lp-1832622-*: count cache flush Spectre v2 mitigation for ppc64 (LP: #1832622)

Signed-off-by: Christian Ehrhardt <email address hidden>

cfefa46... by Christian Ehrhardt  on 2019-05-28

Import patches-unapplied version 1:3.1+dfsg-2ubuntu5 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 1a5c0073806810c794c834e4e92a4299bc673f6b

New changelog entries:
  * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
    broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
    fix migrations from old machines (LP: #1829868).
  * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
    toleration for future machines (LP: #1830704

1a5c007... by Steve Beattie on 2019-05-08

Import patches-unapplied version 1:3.1+dfsg-2ubuntu4 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 032438c45a3f371ce4a34082ccff34928914bf81

New changelog entries:
  * SECURITY UPDATE: Add support for exposing md-clear functionality
    to guests
    - d/p/ubuntu/enable-md-clear.patch
    - d/p/ubuntu/enable-md-no.patch
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * SECURITY UPDATE: heap overflow when loading device tree blob
    - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
      copy the device tree blob into is.
    - CVE-2018-20815
  * SECURITY UPDATE: device driver denial of service via NULL pointer
    - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
    - CVE-2019-5008
  * SECURITY UPDATE: information leak in SLiRP
    - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
      emulating ident.
    - CVE-2019-9824

032438c... by Christian Ehrhardt  on 2019-03-18

Import patches-unapplied version 1:3.1+dfsg-2ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 994adb63a9522a7c30da2f0568193bd51ce9fa9d

New changelog entries:
  * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
    - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
    - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
      mv_conffile since the new path is a directory in the old package
      version which can not be handled by mv_conffile.
  * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
    OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
    Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)

994adb6... by Christian Ehrhardt  on 2019-02-19

Import patches-unapplied version 1:3.1+dfsg-2ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: cab537364b05118ea9d17ad3c98aacfeb701e390

New changelog entries:
  * disable pvrdma - besides several security holes there are many other
    bugs there as well, and the amount of patches applied upstream after
    3.1 release is large (Closes, or actuallymakes unimportant again)
    - CVE-2018-20123
    - CVE-2018-20124
    - CVE-2018-20125
    - CVE-2018-20126
    - CVE-2018-20191
    - CVE-2018-20216
  * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
    - CVE-2019-6501
  * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
    - CVE-2019-6778

cab5373... by Christian Ehrhardt  on 2019-01-08

Import patches-unapplied version 1:3.1+dfsg-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 24fe7dca8d1fc8422cac77a475c49e3a43a7fc78

New changelog entries:
  * Merge with Debian testing, Among many other things this fixes LP Bugs:
    LP: #1806104 - fix misleading page size error on ppc64el
    LP: #1782205 - SnowRidge enabled new ISAs
    LP: #1786956 - upgrade to qemu >= 3.0
    LP: #1809083 - Backward migration to Xenial on ppc64el
    LP: #1803315 - s390x Huge page enablement
    LP: #1657409 - enable virglrenderer
    Remaining Changes:
    - qemu-kvm to systemd unit
      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
        hugepages and architecture specifics
      - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
      - d/qemu-system-common.install: install systemd unit and helper script
      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
      - d/qemu-system-common.qemu-kvm.default: defaults for
      - d/rules: install /etc/default/qemu-kvm
    - Enable nesting by default
      - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
        (is default on amd)
      - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
        without nested=1
      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
        in qemu64 cpu type.
      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
        in qemu64 on amd
      - d/qemu-system-x86.README.Debian: document intention of nested being
        default is comfort, not full support
    - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
      - d/qemu-system-x86.NEWS Info on fixed machine type defintions
        for host-phys-bits=true (LP: 1776189)
      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
      - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
        convenience with all meltdown/spectre workarounds enabled by default.
        (LP: 1761372).
    - improved dependencies
      - Make qemu-system-common depend on qemu-block-extra
      - Make qemu-utils depend on qemu-block-extra
      - let qemu-utils recommend sharutils
    - s390x support
      - Create qemu-system-s390x package
      - Enable numa support for s390x
    - arch aware kvm wrappers
    - d/control: update VCS links (updated to match latest Ubuntu)
    - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
    - d/control-in: enable RDMA support in qemu (LP: 1692476)
        - enable RDMA config option
        - add libibumad-dev build-dep
    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.
    - d/control-in: Disable capstone disassembler library support (universe)
  * Added Changes:
    - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
      for qemu 3.1 in the Ubuntu Disco release
    - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
    - Move s390x roms to a new qemu-system-data-s390x
      - d/qemu-system-data.install: install s390x roms as architecture:all in
      - d/rules: build s390-ccw.img with upstream Makefile
      - d/rules: build s390x-netboot.img with upstream Makefile
      - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
        some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
        As that hack to build s390-ccw.img rom can't build s390x-netboot.img
        replace it with a build-indep using the upstream makefiles.
        This is less prone to miss future changes/fixes that are done to the
      - d/control-in: add breaks/replaces for moving s390x roms from
        qemu-system-s390x to qemu-system-data
    - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
      [From not yet uploaded Debian branch]
    - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
      (Closes: #918378)
    - d/rules: fix qemu-kvm service for debhelper compat >=12
    - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
      avoid misdetection of simplified nesting blocking all migrations
    - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
      unimplement.patch: properly return archicture defined exception
      on bad subcodes of diag 308 (LP: #1812384)
  * Dropped Changes:
    - Include s390-ccw.img firmware (old style native build)
    - d/rules enable install s390x-netboot.img (old style native build)
    - libvirt/qemu user/group support
      - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
        [ Droppable since logind properly sets ACLs now ]
      - qemu-system-common.preinst: add kvm group if needed
        [ Droppable because systemd/udev take care of it since 239-6]
    - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
      freeze-hook fixes (LP: 1484990)
    - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
      merged upstream
    - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
      computation while concatenating mbuf.
    - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
      for powerpc64 to speed up translation (LP: 1781526)
    - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
      cpu model for z14 ZR1 (LP: 1780773).
    - Mark qemu-system-data foreign to be able to install it e.g. on i386
      (Closes: 903562)
      [in Debian]
    - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
      unreleased Debian version)
      [in Debian]
    - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
      by migrations with UI frontends or frequent guest resolution changes
      (LP #1755912)
    - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
      extend eieio for POWER9 emulation (LP: 1787408).
    - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
      ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
    - improve s390x spectre mitigation with etoken facility (LP: 1790457)
    - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
    - d/control-in: our addition of a qemu-system-s390x package needs to follow
      the split of qemu-system-data by adding a dependency to it (LP: 1798084)
      [in Debian]
    - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
      Adapters on s390x (LP: 1787405)
    - enable opengl for vfio-MDEV support (LP: 1804766)
      [in Debian]
    - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
    - SECURITY UPDATE: integer overflow via crafted QMP command
    - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
    - SECURITY UPDATE: buffer overflow in rtl8139
    - SECURITY UPDATE: buffer overflow in pcnet
    - SECURITY UPDATE: DoS via large packet sizes
    - SECURITY UPDATE: DoS in lsi53c895a
    - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
    - SECURITY UPDATE: race condition in 9p

24fe7dc... by Michael Tokarev <email address hidden> on 2018-12-21

Import patches-unapplied version 1:3.1+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5240fe8443f6b29287f9a651f541183a420ad731

New changelog entries:
  * d/rules: split arch and indep builds
  * enable s390x cross-compiler and build s390-ccw.img (Closes: #684909)
  * build x86 optionrom in qemu-system-data (was in seabios/debian/)
  * qemu-system-data: Multi-Arch: allowed=>foreign (Closes: #903562)
  * fix Replaces: version for qemu-system-common (Closes: #916279)
  * add simple udev rules file for systemd guest agent (Closes: #916674)
  * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
    Race condition in usb_mtp implementation (Closes: #916397)
  * bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch
    Memory corruption in bluetooth subsystem (Closes: #916278)
  * hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch (Closes: #917007)
  * bump debhelper compat to 12 (>>11)
  * d/rules: use dh_missing instead of dh_install --list-missing (compat=12)
  * use dh_installsystemd for guest agent (Closes: #916625)
  * mention closing by 3.1: Closes: #912655, CVE-2018-16847
  * mention closing by 2.10:
    Closes: #849798, CVE-2016-10028
    Closes: CVE-2017-9060
    Closes: CVE-2017-8284