New changelog entries:
* Restore patches that caused regression
- d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch
- d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch
* Fix regression introduced by above patches (LP: #1829380)
- d/p/lp1829380.patch
[ Rafael David Tinoco ]
* d/p/lp1828288/target-i386-Set-AMD-alias-bits-after-filtering-CPUID.patch
- Fix issues with CPUID_EXT2_AMD_ALIASES allowing guests using
cpu passthrough to boot. (LP: #1828288)
New changelog entries:
* SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- CVE-2018-20815
* SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
* Add support for exposing md-clear functionality to guests
- d/u/enable-md-clear.patch
New changelog entries:
* d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch,
d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch:
- Prevent crash due to race condition on shutdown;
this is fixed differently upstream (starting in Bionic), but
the change is too large to backport into Xenial. These two very
small patches work around the problem in an unintrusive way.
(LP: #1823458)
New changelog entries:
* Spectre/Meltdown fixes for ppc64 (LP: #1765364)
- debian/patches/lp1765364/*.patches: add backported capabilities and
spectre/meltdown commits.
* SECURITY UPDATE: race during file renaming in v9fs_wstat
- debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
- CVE-2018-19489
* SECURITY UPDATE: heap based buffer overflow in slirp
- debian/patches/CVE-2019-6778.patch: check data length while emulating
ident function in slirp/tcp_subr.c.
- CVE-2019-6778
New changelog entries:
* Fix deadlock when detaching network interface (LP: #1818880)
Fixed by upstream patch:
- d/p/lp-1818880-rcu-disable-atfork.patch: rcu: completely disable
pthread_atfork callbacks as soon as possible