~paelzer/ubuntu/+source/qemu:focal-initial-fixups

Last commit made on 2020-02-07
Get this branch:
git clone -b focal-initial-fixups https://git.launchpad.net/~paelzer/ubuntu/+source/qemu
Only Christian Ehrhardt  can upload to this branch. If you are Christian Ehrhardt  please log in for upload directions.

Branch merges

Branch information

Name:
focal-initial-fixups
Repository:
lp:~paelzer/ubuntu/+source/qemu

Recent commits

344a873... by Christian Ehrhardt  on 2020-02-07

changelog: avoid upgrade issues by moving ivshmem tools later than Debian (LP: #1862287)

Signed-off-by: Christian Ehrhardt <email address hidden>

d4d4fe1... by Christian Ehrhardt  on 2020-02-07

d/control: avoid upgrade issues by moving ivshmem tools later than Debian (LP: #1862287)

This "just" bumps a break/conflicts that Debian added in qemu-3.1+dfsg-3~3
(=post disco) to the version that Ubuntu introduced it which is 1:4.2-1ubuntu1.

That shall ensure proper apt ordering on upgrades.

Can be dropped post 20.04 as upgrade paths there have to go "through
Focal".

Note: this never was an issue for Bionic->Focal upgrades, only
Focal-in-release and Eoan->Focal - and even on those you needed bad luck
as the ordering was not guranteed but still in most retries it didn't
trigger.

Signed-off-by: Christian Ehrhardt <email address hidden>

31e1724... by Christian Ehrhardt  on 2020-01-08

Import patches-unapplied version 1:4.2-1ubuntu1 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 578f23e99d9352a2120cbb921585471152134cfc

New changelog entries:
  * Merge with Debian testing, Among many other things this fixes LP Bugs:
    LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
    LP: #1812822 - avoid crashes on detaching vhost_net interfaces
    LP: #1852744 - Crypto Passthrough Interrupt Support
    LP: #1853316 - CCW IPL Support
    Remaining changes:
    - qemu-kvm to systemd unit
      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
        hugepages and architecture specifics
      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
        qemu-kvm-init
      - d/qemu-system-common.install: install helper script
      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
      - d/qemu-system-common.qemu-kvm.default: defaults for
        /etc/default/qemu-kvm
      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
    - Distribution specific machine type (LP: 1304107 1621042)
      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
        types
      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
        for host-phys-bits=true (LP: 1776189)
      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
      - provide pseries-bionic-2.11-sxxm type as convenience with all
        meltdown/spectre workarounds enabled by default. (LP: 1761372).
    - Enable nesting by default
      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
        in qemu64 cpu type.
      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
        in qemu64 on amd
        [ No more strictly needed, but required for backward compatibility ]
    - improved dependencies
      - Make qemu-system-common depend on qemu-block-extra
      - Make qemu-utils depend on qemu-block-extra
      - let qemu-utils recommend sharutils
    - s390x support
      - Create qemu-system-s390x package
      - Enable numa support for s390x
      - d/rules: build s390-ccw.img with upstream Makefile
      - d/rules: build s390-netboot.img with upstream Makefile
    - arch aware kvm wrappers
    - d/control: update VCS links
    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.
    - d/control-in: Disable capstone disassembler library support (universe)
    - d/control: disable bluetooth being deprecated
    - d/not-installed: ignore new interop docs and extra icons for now
    - d/not-installed: do not install elf2dmp until namespaced
    - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
    - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
    - d/binfmt-update-in: fix binfmt being called in some containers
      (LP 1840956)
  - Dropped changes (in Debian)
    - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
    - d/control-in: enable RDMA support in qemu (LP: 1692476)
        - enable RDMA config option
        - add libibumad-dev build-dep
    - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
      some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
      As that hack to build s390-ccw.img rom can't build s390x-netboot.img
      replace it with a build-indep using the upstream makefiles.
      This is less prone to miss future changes/fixes that are done to the
      makefiles
    - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
    - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
    - d/rules: fix qemu-kvm service for debhelper compat >=12
    - Refreshed patches for v4.0 context changes
    - d/control*: remove sdlabi which was removed upstream
    - d/control*: enable docs (now explicit) and provide new build-dep
      python3-sphinx
    - d/qemu-system-data.install: use new paths for formerly used icons
    - Merge with Upstream release of qemu 4.0
    - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
  - Dropped changes (Upstream)
    - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
    - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
    - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
      fix i386 build error
    - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
      fix naming of the new vector facitlity (LP 1836066)
    - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
      for missing SIOCGSTAMP definition; final fix is still in discussion
      upstream (LP: 1836159)
    - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
      s390x machines (LP 1836154)
    - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
      (LP 1841066)
    - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
      update the z15 model name (LP 1842774)
    - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
      fix a potential hang when qemu or qemu-img where accessing http backed
      disks via libcurl (LP 1848556)
    - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
      fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
    - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
      toleration for future machines (LP 1830704)
    - SECURITY UPDATE: Add support for exposing md-clear functionality
      to guests
      - d/p/ubuntu/enable-md-clear.patch
      - d/p/ubuntu/enable-md-no.patch
      - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
    - SECURITY UPDATE: heap overflow when loading device tree blob
      - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
        copy the device tree blob into is.
      - CVE-2018-20815
    - SECURITY UPDATE: device driver denial of service via NULL pointer
      dereference
      - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
        routine
      - CVE-2019-5008
    - SECURITY UPDATE: information leak in SLiRP
      - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
        emulating ident.
      - CVE-2019-9824
    - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
      unimplement.patch: properly return architecture defined exception
      on bad subcodes of diag 308 (LP 1812384)
  * Dropped changes (no more needed)
    - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
      mv_conffile since the new path is a directory in the old package
      version which can not be handled by mv_conffile.
      [ only needed between disco and eoan ]
    - disable pvrdma
      [ CVEs all fixed now ]
    - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
      avoid misdetection of simplified nesting blocking all migrations
      [ qemu now detects and handles nesting - needs kernel >=4.20 ]
    - Enable nesting by default
      - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
        (is default on amd)
      - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
        without nested=1
        [ nesting is default in kernel modules and default selected cpu types ]
  * Added changes
    - d/control: regenerate debian/control out of control-in
    - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
      - added ubuntu focal types for qemu 4.2
      - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
    - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
      (LP: #1857033)
    - d/qemu-system-x86.README.Debian: add info about updated nesting changes
    - d/control*, d/rules: disable xen by default, but provide universe
      package qemu-system-x86-xen as alternative
    - fix typos in changelog and d/qemu-system-x86.NEWS
    - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
    - d/control*: enable libpmem support for nvdimms (LP: #1790856)

578f23e... by Michael Tokarev <email address hidden> on 2019-12-14

Import patches-unapplied version 1:4.2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b7a6e4a100447ae2beb39826a3d0de02e046c5d

New changelog entries:
  * new upstream release (4.2.0)
  * removed patches: v4.1.1.diff, enable-pschange-mc-no.patch
  * do not make sgabios.bin executable (lintian)
  * add s390-netboot.img lintian overrides for qemu-system-data
  * build qboot (bios-microvm.bin)
  * build-depend-indep on libc6-dev-i386 for qboot
    (includes some system headers)

8b7a6e4... by Michael Tokarev <email address hidden> on 2019-12-02

Import patches-unapplied version 1:4.1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1f7f6949100b210a575f0b86ee24198dd72b9f75

New changelog entries:
  * mention #939869 (CVE-2019-15890) in previous changelog entry
  * add Provides: sgabios to qemu-data (Closes: #945924)
  * fix qemu-debootsrtap (add hppa arch, print correct error message)
    thanks to Helge Deller (Closes: #923410)
  * enable long binfmt masks again for mips/mips32 (Closes: #829243)

1f7f694... by Michael Tokarev <email address hidden> on 2019-11-25

Import patches-unapplied version 1:4.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 55beb01fa07bbbdf54507ca8c421faec35f0cbc5

New changelog entries:
  * build sgabios in build-indep, conflict with sgabios package
  * qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb
  * remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog
  * move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img
  * imported v4.1.1.diff - upstream stable branch
    Closes: CVE-2019-12068
    Closes: #945258, #945072
  * enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature
    to allow disabling ITLB multihit mitigations in nested hypervisors
    Closes: #944623
  * build-depend on nettle-dev, enable nettle, and clarify --enable-lzo
  * switch to system libslirp, build-depend on libslirp-dev
    Closes: CVE-2019-15890

55beb01... by Michael Tokarev <email address hidden> on 2019-08-27

Import patches-unapplied version 1:4.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fbe68525979819d5cca5a0b57fa97a656a077ace

New changelog entries:
  * new upstream release v4.1
    Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly)
     (use internal slirp copy for now)
    Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME)
    Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity)
    Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug)
    Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE)
    Closes: #927924 (new upstream version)
    Closes: #897054 (AMD Zen CPU support)
    Closes: #935324 (FTBFS due to gluster API change)
    Closes: #916442, CVE-2018-20123 (pvrdma: memleak after init error)
    Closes: #922461, CVE-2018-20124 (pvrdma: OOB access with large num_sge)
    Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings)
    Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings)
    Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.)
    Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c)
  * remove patches which are applied upstream, refresh remaining patches
    (bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream,
    bluetooth subsystem is going to be removed, we keep it for now)
  * debian/source/options: ignore slirp/ submodule
  * use python3 for building, not python
  * debian/optionrom.mk: add pvh.bin
  * switch from libssh2 to libssh, and enable libssh support in ubuntu
  * bump spice version requiriment to 0.12.5
  * enable pvrdma
  * debian/control-in: remove reference to libsdl
  * debian/rules: add new objects for s390-ccw fw
  * debian/control: add build dependency on python3-sphinx for docs
  * install ui/icons/qemu.svg and qemu.desktop
  * debian/rules: remove pc-bios/bamboo.dtb before building it
  * install vhost-user-gpu binary and 50-qemu-gpu.json
  * debian/rules: remove old maintscript-helper invocations, not needed anymore
  * remove +dfsg for now, upload whole upstream source, will trim it later

fbe6852... by Michael Tokarev <email address hidden> on 2019-05-27

Import patches-unapplied version 1:3.1+dfsg-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 24545cedafcc1c7ee539972a89146c80668b0188

New changelog entries:
  * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
    fixes a null-pointer dereference in sparc/sun4u emulated hw
    Closes: #927439, CVE-2019-5008
  * enable-md-no.patch & enable-md-clear.patch
    mitigation for MDS (Microarchitectural Data Sampling) issues
    Closes: #929067,
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * qxl-check-release-info-object-CVE-2019-12155.patch
    fixes null-pointer deref in qxl cleanup code
    Closes: #929353, CVE-2019-12155
  * aarch32-exception-return-to-switch-from-hyp-mon.patch
    fixes booting U-Boot in UEFI mode on aarch32
    Closes: #927763
  * stop qemu-system-common pre-depending on adduser
    Closes: #929261

24545ce... by Michael Tokarev <email address hidden> on 2019-03-27

Import patches-unapplied version 1:3.1+dfsg-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ee8739a8f3c6acf449648717055a2e9bb22d23d8

New changelog entries:
  [ Michael Tokarev ]
  * device_tree-don-t-use-load_image-CVE-2018-20815.patch
    fix heap buffer overflow while loading device tree blob
    (Closes: CVE-2018-20815)
  [ Christian Ehrhardt ]
  * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
   - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
   - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
     mv_conffile since the new path is a directory in the old package
     version which can not be handled by mv_conffile.

ee8739a... by Michael Tokarev <email address hidden> on 2019-03-18

Import patches-unapplied version 1:3.1+dfsg-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a307cb3033f078d320557b90942056a58dd5ef27

New changelog entries:
  * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
    fix information leakage in slirp code (Closes: CVE-2019-9824)