Ubuntu
qemu package

Merge ~sergiodj/ubuntu/+source/qemu:merge-8.0.3-dfsg-4-mantic into ubuntu/+source/qemu:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/qemu
  3. merge-8.0.3-dfsg-4-mantic
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: bef64a9f6ee1e9d79fb679dd83e2d4b10f320c46
Proposed branch: ~sergiodj/ubuntu/+source/qemu:merge-8.0.3-dfsg-4-mantic
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 6946 lines (+6379/-10)
14 files modified
debian/changelog (+5035/-3)
debian/control (+51/-7)
debian/control-in (+3/-0)
debian/patches/series (+6/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+967/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+62/-0)
debian/patches/ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch (+44/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/rules (+4/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Lucas Kanashiro (community) Approve
Canonical Server Reporter Pending
Review via email: mp+448111@code.launchpad.net

Description of the change

This is the merge of qemu 8.0.3+dfsg-4 from Debian unstable.

It contains some changes to the downstream patches (some were dropped because they've since been incorporated by qemu, while others were cherry picked from upstream's next branch).

A few interesting/important changes:

- Fix for CVE-2023-2861, which affects 9pfs.

- Restrict glusterfs support to 64-bit (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039604).

- Make sure qemu-guest-agent is restarted when upgraded (LP #2028124).

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/qemu/+packages

I'll post the results for the dep8 & the qemu-migration tests tomorrow.

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for this MP Sergio! I know you mentioned the qemu migration would be blocked by the glibc issue but I am already taking a look at the package changes.

I have on (dumb?) question about this part of the delta:

    - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.

Is this supposed to be carried over indefinitely? I took a quick look on the LP and Debian bugs but did not find info about removing this in the future.

Other than that, LGTM, +1.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, lucaskanashiro
Uploaders: sergiodj, lucaskanashiro
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the review, Lucas.

As I mentioned during standup, I have to wait for schopin to upload glibc 2.38 before I can proceed with the tests and upload. Once glibc 2.38 is available, I'll post the test results here.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Feature Freeze is coming, so I decided to upload the package as is even though there is still an armhf issue that I need to look into, and I still don't have results from qemu-migration-test due to some problems with horsea/eagle. I will work on the remaining issues later.

Uploaded:

$ dput qemu_8.0.3+dfsg-4ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/qemu/qemu_8.0.3+dfsg-4ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/qemu/qemu_8.0.3+dfsg-4ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading qemu_8.0.3+dfsg-4ubuntu1.dsc: done.
  Uploading qemu_8.0.3+dfsg.orig.tar.xz: done.
  Uploading qemu_8.0.3+dfsg-4ubuntu1.debian.tar.xz: done.
  Uploading qemu_8.0.3+dfsg-4ubuntu1_source.buildinfo: done.
  Uploading qemu_8.0.3+dfsg-4ubuntu1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 0417c35..1af12d2 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,38 @@
6+qemu (1:8.0.3+dfsg-4ubuntu1) mantic; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #2028873, #2028124). Remaining changes:
9+ - qemu-kvm to systemd unit
10+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
11+ hugepages and architecture specifics
12+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
13+ qemu-kvm-init
14+ - d/qemu-system-common.install: install helper script
15+ - d/qemu-system-common.qemu-kvm.default: defaults for
16+ /etc/default/qemu-kvm
17+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
18+ - Distribution specific machine type
19+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
20+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
21+ types containing release versioned machine attributes
22+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
23+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
24+ - Enable nesting by default
25+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
26+ in qemu64 on amd
27+ [ No more strictly needed, but required for backward compatibility ]
28+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
29+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
30+ reference 256k path
31+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
32+ handle incoming migrations from former releases.
33+ - Ease the use of module retention on upgrades (LP 1913421)
34+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
35+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
36+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
37+ fix qboot FTBFS with LTO
38+
39+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 31 Jul 2023 23:09:27 -0400
40+
41 qemu (1:8.0.3+dfsg-4) unstable; urgency=medium
42
43 * more linux-user address fixes from Helge Deller
44@@ -70,6 +105,59 @@ qemu (1:8.0.2+dfsg-3) unstable; urgency=medium
45
46 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 29 Jun 2023 18:36:33 +0300
47
48+qemu (1:8.0.2+dfsg-2ubuntu1) mantic; urgency=medium
49+
50+ * Merge with Debian unstable (LP: #2018103). Remaining changes:
51+ - qemu-kvm to systemd unit
52+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
53+ hugepages and architecture specifics
54+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
55+ qemu-kvm-init
56+ - d/qemu-system-common.install: install helper script
57+ - d/qemu-system-common.qemu-kvm.default: defaults for
58+ /etc/default/qemu-kvm
59+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
60+ - Distribution specific machine type
61+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
62+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
63+ types containing release versioned machine attributes
64+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
65+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
66+ - Enable nesting by default
67+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
68+ in qemu64 on amd
69+ [ No more strictly needed, but required for backward compatibility ]
70+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
71+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
72+ reference 256k path
73+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
74+ handle incoming migrations from former releases.
75+ - Ease the use of module retention on upgrades (LP 1913421)
76+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
77+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
78+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
79+ fix qboot FTBFS with LTO
80+ * Drop changes:
81+ - d/control-in: libnfs is in main since focal, enable direct nfs
82+ storage support (LP 1988704)
83+ [ Adopted by Debian. ]
84+ - d/control-in: libsndio is in universe in ubuntu
85+ [ Adopted by Debian. ]
86+ - Fix FTBFS with glibc >= 2.36. (LP #2015418)
87+ + d/p/fix-ftbfs-glibc-*.patch: Revert now-unnecessary
88+ upstream commits that were working around a glibc issue.
89+ [ Incorporated upstream. ]
90+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
91+ [ Debian linked the qemu-system-x86 documentation with the
92+ qemu-system-common package, rendering this README file not
93+ applicable. ]
94+ - d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
95+ hot-unplug requests by making ACPI PCI able to requeue them.
96+ (LP #2018733)
97+ [ Applied upstream. ]
98+
99+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 19 Jun 2023 15:45:09 -0400
100+
101 qemu (1:8.0.2+dfsg-2) unstable; urgency=medium
102
103 * d/rules: --enable-libusb for xen build (Closes: #1037341)
104@@ -295,6 +383,66 @@ qemu (1:8.0~rc2+dfsg-1) experimental; urgency=medium
105
106 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Mar 2023 15:44:21 +0300
107
108+qemu (1:7.2+dfsg-5ubuntu3) mantic; urgency=medium
109+
110+ * d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
111+ hot-unplug requests by making ACPI PCI able to requeue them.
112+ (LP: #2018733)
113+
114+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 18 May 2023 15:13:14 -0400
115+
116+qemu (1:7.2+dfsg-5ubuntu2) lunar; urgency=medium
117+
118+ * Fix FTBFS with glibc >= 2.36. (LP: #2015418)
119+ - d/p/fix-ftbfs-glibc-*.patch: Revert now-unnecessary
120+ upstream commits that were working around a glibc issue.
121+
122+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 05 Apr 2023 20:10:13 -0400
123+
124+qemu (1:7.2+dfsg-5ubuntu1) lunar; urgency=medium
125+
126+ * Re-merge with Debian unstable to pick up stabilization fixes
127+ remaining changes:
128+ - qemu-kvm to systemd unit
129+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
130+ hugepages and architecture specifics
131+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
132+ qemu-kvm-init
133+ - d/qemu-system-common.install: install helper script
134+ - d/qemu-system-common.qemu-kvm.default: defaults for
135+ /etc/default/qemu-kvm
136+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
137+ - Distribution specific machine type
138+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
139+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
140+ types containing release versioned machine attributes
141+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
142+ for host-phys-bits=true
143+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
144+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
145+ - Enable nesting by default
146+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
147+ in qemu64 on amd
148+ [ No more strictly needed, but required for backward compatibility ]
149+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
150+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
151+ reference 256k path
152+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
153+ handle incoming migrations from former releases.
154+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
155+ - Ease the use of module retention on upgrades (LP 1913421)
156+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
157+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
158+ landed in Debian but under a different name.
159+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
160+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
161+ fix qboot FTBFS with LTO
162+ - d/control-in: libnfs is in main since focal, enable direct nfs
163+ storage support (LP 1988704)
164+ - d/control-in: libsndio is in universe in ubuntu
165+
166+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2023 08:50:45 +0100
167+
168 qemu (1:7.2+dfsg-5) unstable; urgency=medium
169
170 * d/qemu-guest-agent.udev: fix missing comma
171@@ -334,6 +482,89 @@ qemu (1:7.2+dfsg-5) unstable; urgency=medium
172
173 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 05 Mar 2023 20:09:04 +0300
174
175+qemu (1:7.2+dfsg-4ubuntu1) lunar; urgency=medium
176+
177+ * Merge with Debian unstable (LP: #1993438), among many other fixes
178+ this resolvs these bugs:
179+ (LP: #1957924) - support for querying stats,
180+ (LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
181+ (LP: #1959966) - guest dump encryption with customer keys (s390x)
182+ (LP: #1999885) - pv: don't allow userspace to set the clock under PV
183+ (LP: #1957924) - add filtering of statistics by target vCPU
184+ remaining changes:
185+ - qemu-kvm to systemd unit
186+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
187+ hugepages and architecture specifics
188+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
189+ qemu-kvm-init
190+ - d/qemu-system-common.install: install helper script
191+ - d/qemu-system-common.qemu-kvm.default: defaults for
192+ /etc/default/qemu-kvm
193+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
194+ - Distribution specific machine type
195+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
196+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
197+ types containing release versioned machine attributes
198+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
199+ for host-phys-bits=true
200+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
201+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
202+ - Enable nesting by default
203+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
204+ in qemu64 on amd
205+ [ No more strictly needed, but required for backward compatibility ]
206+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
207+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
208+ reference 256k path
209+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
210+ handle incoming migrations from former releases.
211+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
212+ - Ease the use of module retention on upgrades (LP 1913421)
213+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
214+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
215+ landed in Debian but under a different name.
216+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
217+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
218+ fix qboot FTBFS with LTO
219+ * Dropped Changes [now part of upstream v7.2.0]
220+ - d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
221+ error 'migration was active, but no RAM info was set' (LP 1994002)
222+ - d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
223+ Fix FTBFS with libbpf 1.0.1-2.
224+ + Header updates that were added as part of the libbpf fixes
225+ but not mentioned in changelog
226+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
227+ - Fix I/O stalls when using NVMe storage (LP 1970737).
228+ + d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
229+ in laio_io_unplug.
230+ - SECURITY UPDATE: heap overflow in floppy disk emulator
231+ + debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
232+ hw/block/fdc.c.
233+ - SECURITY UPDATE: use-after-free vulnerability
234+ + debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
235+ lsi_do_msgout
236+ - SECURITY UPDATE: heap overflow vulnerability
237+ + debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
238+ memories
239+ - SECURITY UPDATE: integer underflow vulnerability
240+ + debian/patches/CVE-2022-3165.patch: fix integer underflow in
241+ vnc_client_cut_text_ext
242+ * Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
243+ [not all are needed in lunar]
244+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
245+ Silence -Warray-bounds false positive [no more needed]
246+ - d/rules: set -O1 for alpha firmware build
247+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
248+ further FTBFS fixup
249+ * Dropped Changes [in Debian 1:7.2+dfsg-3]
250+ - d/rules: disable LTO on non-amd64 builds (LP 1921664)
251+ * Added Changes
252+ - d/control-in: libnfs is in main since focal, enable direct nfs
253+ storage support (LP: #1988704)
254+ - d/control-in: libsndio is in universe in ubuntu
255+
256+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Jan 2023 13:18:43 +0100
257+
258 qemu (1:7.2+dfsg-4) unstable; urgency=medium
259
260 * block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch:
261@@ -471,6 +702,126 @@ qemu (1:7.1+dfsg-1) unstable; urgency=medium
262
263 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 12 Sep 2022 11:50:53 +0300
264
265+qemu (1:7.0+dfsg-7ubuntu4) lunar; urgency=medium
266+
267+ * SECURITY UPDATE: use-after-free vulnerability
268+ - debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
269+ lsi_do_msgout
270+ - CVE-2022-0216
271+ * SECURITY UPDATE: heap overflow vulnerability
272+ - debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
273+ memories
274+ - CVE-2022-2962
275+ * SECURITY UPDATE: integer underflow vulnerability
276+ - debian/patches/CVE-2022-3165.patch: fix integer underflow in
277+ vnc_client_cut_text_ext
278+ - CVE-2022-3165
279+
280+ -- Nishit Majithia <nishit.majithia@canonical.com> Fri, 09 Dec 2022 10:25:52 +0530
281+
282+qemu (1:7.0+dfsg-7ubuntu3) lunar; urgency=medium
283+
284+ [ Brett Milford ]
285+ * d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
286+ error 'migration was active, but no RAM info was set' (LP: #1994002)
287+
288+ [ Mauricio Faria de Oliveira ]
289+ * d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
290+ Fix FTBFS with libbpf 1.0.1-2.
291+
292+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 30 Nov 2022 12:17:51 -0300
293+
294+qemu (1:7.0+dfsg-7ubuntu2) kinetic; urgency=medium
295+
296+ [ Paride Legovini ]
297+ * d/rules: disable LTO on non-amd64 builds (LP: #1921664)
298+ * GCC-12 FTBFS (LP: #1988710)
299+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
300+ Silence -Warray-bounds false positive (treated as error)
301+
302+ [ Christian Ehrhardt ]
303+ * More on GCC-12 FTBFS (LP 1988710)
304+ - d/rules: set -O1 for alpha firmware build
305+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
306+ further FTBFS fixup
307+
308+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2022 08:07:24 +0200
309+
310+qemu (1:7.0+dfsg-7ubuntu1) kinetic; urgency=medium
311+
312+ * Merge with Debian unstable (LP: #1971315)(LP: #1980896), remaining changes:
313+ - qemu-kvm to systemd unit
314+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
315+ hugepages and architecture specifics
316+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
317+ qemu-kvm-init
318+ - d/qemu-system-common.install: install helper script
319+ - d/qemu-system-common.qemu-kvm.default: defaults for
320+ /etc/default/qemu-kvm
321+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
322+ - Distribution specific machine type
323+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
324+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
325+ types containing release versioned machine attributes
326+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
327+ for host-phys-bits=true
328+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
329+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
330+ - Enable nesting by default
331+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
332+ in qemu64 on amd
333+ [ No more strictly needed, but required for backward compatibility ]
334+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
335+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
336+ reference 256k path
337+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
338+ handle incoming migrations from former releases.
339+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
340+ - Ease the use of module retention on upgrades (LP 1913421)
341+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
342+ - Fix I/O stalls when using NVMe storage (LP 1970737).
343+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
344+ in laio_io_unplug.
345+ - SECURITY UPDATE: heap overflow in floppy disk emulator
346+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
347+ hw/block/fdc.c.
348+ - CVE-2021-3507
349+ * Dropped Changes [now part of 1:7.0+dfsg-7]:
350+ - d/rules: xen libexec dir is no more versioned
351+ - d/rules: ensure xen is built on x86
352+ - d/kvm-spice: fix when acceleration is already defined on the commandline
353+ - debian/control[-in]: no more disable glusterfs in Ubuntu (LP 1246924)
354+ * Dropped Changes [now part of upstream v7.0.0]
355+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
356+ Allow long kernel command lines for QEMU (LP 1959984)
357+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
358+ - d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
359+ tcg on s390x.
360+ - Fix diff handling on ceph that can cause data corruption (LP 1968258)
361+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
362+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
363+ - d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
364+ in vnc connections (LP 1970563)
365+ - All CVE fixes of 1:6.2+dfsg-2ubuntu8 except CVE-2021-3507
366+ * Dropped Changes
367+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
368+ add patch to workaround FTBFS when building against OpenSSL 3.0.
369+ [ now working with OpenSSL 3.0 ]
370+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
371+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
372+ [ fixed in compiler toolchain ]
373+ - Make qemu-system-x86-microvm a transitional package as the binary is now
374+ in qemu-system-x86 itself.
375+ [ no more needed]
376+ * Added Changes
377+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
378+ landed in Debian but under a different name.
379+ - d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch: fix qboot FTBFS
380+ with LTO
381+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP: #1981339)
382+
383+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jul 2022 12:07:19 +0200
384+
385 qemu (1:7.0+dfsg-7) unstable; urgency=medium
386
387 * d/tests/test-qemu-user: rework ls/glob test a bit
388@@ -605,6 +956,141 @@ qemu (1:6.2+dfsg-3) unstable; urgency=medium
389
390 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 25 Feb 2022 12:01:46 +0300
391
392+qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium
393+
394+ [ Marc Deslauriers ]
395+ * SECURITY UPDATE: heap overflow in floppy disk emulator
396+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
397+ hw/block/fdc.c.
398+ - CVE-2021-3507
399+ * SECURITY UPDATE: use-after-free in nvme
400+ - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
401+ device itself in hw/nvme/ctrl.c.
402+ - CVE-2021-3929
403+ * SECURITY UPDATE: integer overflow in QXL display device emulation
404+ - debian/patches/CVE-2021-4206.patch: check width and height in
405+ hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
406+ - CVE-2021-4206
407+ * SECURITY UPDATE: heap overflow in QXL display device emulation
408+ - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
409+ in hw/display/qxl-render.c.
410+ - CVE-2021-4207
411+ * SECURITY UPDATE: potential privilege escalation in virtiofsd
412+ - debian/patches/CVE-2022-0358.patch: Drop membership of all
413+ supplementary groups in tools/virtiofsd/passthrough_ll.c.
414+ - CVE-2022-0358
415+ * SECURITY UPDATE: memory leakage in virtio-net device
416+ - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
417+ receive in hw/net/virtio-net.c.
418+ - CVE-2022-26353
419+ * SECURITY UPDATE: memory leakage in vhost-vsock device
420+ - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
421+ case of error in hw/virtio/vhost-vsock-common.c.
422+ - CVE-2022-26354
423+
424+ [ Sergio Durigan Junior ]
425+ * Fix I/O stalls when using NVMe storage (LP: #1970737).
426+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
427+ in laio_io_unplug.
428+
429+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 22 Jun 2022 15:38:37 -0400
430+
431+qemu (1:6.2+dfsg-2ubuntu7) kinetic; urgency=medium
432+
433+ * d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
434+ in vnc connections (LP: #1970563)
435+
436+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 May 2022 08:25:20 +0200
437+
438+qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
439+
440+ * debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
441+ * Fix diff handling on ceph that can cause data corruption (LP: #1968258)
442+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
443+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
444+
445+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 08 Apr 2022 09:36:34 +0200
446+
447+qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium
448+
449+ * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
450+ tcg on s390x.
451+
452+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Feb 2022 09:54:36 +0100
453+
454+qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium
455+
456+ * No-change rebuild to update maintainer scripts, see LP: 1959054
457+
458+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:28:14 +0000
459+
460+qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium
461+
462+ * Merge with Debian unstable, remaining changes:
463+ - qemu-kvm to systemd unit
464+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
465+ hugepages and architecture specifics
466+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
467+ qemu-kvm-init
468+ - d/qemu-system-common.install: install helper script
469+ - d/qemu-system-common.qemu-kvm.default: defaults for
470+ /etc/default/qemu-kvm
471+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
472+ - Distribution specific machine type
473+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
474+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
475+ types containing release versioned machine attributes
476+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
477+ for host-phys-bits=true
478+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
479+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
480+ - Enable nesting by default
481+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
482+ in qemu64 on amd
483+ [ No more strictly needed, but required for backward compatibility ]
484+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
485+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
486+ reference 256k path
487+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
488+ handle incoming migrations from former releases.
489+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
490+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
491+ add patch to workaround FTBFS when building against OpenSSL 3.0.
492+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
493+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
494+ - Ease the use of module retention on upgrades (LP 1913421)
495+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
496+ - Make qemu-system-x86-microvm a transitional package as the binary is now
497+ in qemu-system-x86 itself.
498+ * Dropped Changes [now part of 1:6.1+dfsg-8]:
499+ - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
500+ (#993658) (LP 1947860)
501+ - improved dependencies
502+ - Make qemu-system-common depend on qemu-block-extra
503+ - Make qemu-utils depend on qemu-block-extra
504+ - d/control*, d/rules: disable xen by default, but provide universe
505+ package qemu-system-x86-xen as alternative
506+ [includes compat links changes of 5.0-5ubuntu4]
507+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
508+ * Dropped Changes [now part of upstream]
509+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
510+ and 3932 machines (LP 1932175)
511+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
512+ migration with audio devices present (LP 1940288)
513+ * Added changes:
514+ - update patches for qemu v6.2.0
515+ - d/p/u/enable-svm-by-default.patch
516+ - d/p/u/define-ubuntu-machine-types.patch
517+ - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
518+ - d/rules: xen libexec dir is no more versioned
519+ - d/rules: ensure xen is built on x86
520+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
521+ Allow long kernel command lines for QEMU (LP: #1959984)
522+ - d/kvm-spice: fix when acceleration is already defined on the commandline
523+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
524+
525+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Jan 2022 12:18:25 +0100
526+
527 qemu (1:6.2+dfsg-2) unstable; urgency=medium
528
529 * bump meson build-dep to 0.59.3
530@@ -826,6 +1312,95 @@ qemu (1:6.0+dfsg-3) unstable; urgency=medium
531
532 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 17 Aug 2021 17:49:10 +0300
533
534+qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium
535+
536+ * d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
537+ add patch to workaround FTBFS when building against OpenSSL 3.0.
538+ Thanks to Christian Ehrhardt (LP: #1952448)
539+
540+ -- Paride Legovini <paride@ubuntu.com> Fri, 26 Nov 2021 15:47:51 +0100
541+
542+qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium
543+
544+ * No-change rebuild against liburing2
545+
546+ -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:00:26 +0100
547+
548+qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium
549+
550+ * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
551+ (#993658) (LP: #1947860)
552+
553+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 03 Nov 2021 14:10:56 +0100
554+
555+qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium
556+
557+ * Merge with Debian experimental, remaining changes:
558+ - qemu-kvm to systemd unit
559+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
560+ hugepages and architecture specifics
561+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
562+ qemu-kvm-init
563+ - d/qemu-system-common.install: install helper script
564+ - d/qemu-system-common.qemu-kvm.default: defaults for
565+ /etc/default/qemu-kvm
566+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
567+ - Distribution specific machine type
568+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
569+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
570+ types containing release versioned machine attributes
571+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
572+ for host-phys-bits=true
573+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
574+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
575+ - Enable nesting by default
576+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
577+ in qemu64 on amd
578+ [ No more strictly needed, but required for backward compatibility ]
579+ - improved dependencies
580+ - Make qemu-system-common depend on qemu-block-extra
581+ - Make qemu-utils depend on qemu-block-extra
582+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
583+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
584+ reference 256k path
585+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
586+ handle incoming migrations from former releases.
587+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
588+ - d/control*, d/rules: disable xen by default, but provide universe
589+ package qemu-system-x86-xen as alternative
590+ [includes compat links changes of 5.0-5ubuntu4]
591+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
592+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
593+ for v6.0
594+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
595+ - Ease the use of module retention on upgrades (LP 1913421)
596+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
597+ * Dropped Changes [in 1:6.0+dfsg-2exp]:
598+ - d/control-in: Disable capstone disassembler library support (universe)
599+ - Disable fuse export (universe dependency)
600+ - Ease the use of module retention on upgrades (LP 1913421)
601+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
602+ - d/rules: only save modules if /run/qemu isn't noexec
603+ - d/rules: clear all (current and former) modules on purge
604+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
605+ upgrade issues (LP 1932264)
606+ - Enable SDL as secondary UI backend (LP 1256185)
607+ - d/control: add build dependency libsdl2-dev
608+ - d/control: enable sdl graphics on build
609+ - d/qemu-system-gui.install: add ui-sdl.so
610+ - d/control: add runtime dependency to libgl1
611+ * Dropped Changes [no more needed]
612+ - let qemu-utils recommend sharutils
613+ * Added changes:
614+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
615+ -fcf-protection being unavailble on -march=i486 (LP: #1940029)
616+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
617+ and 3932 machines (LP: #1932175)
618+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
619+ migration with audio devices present (LP: #1940288)
620+
621+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Aug 2021 15:35:12 +0200
622+
623 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
624
625 [ Christian Ehrhardt ]
626@@ -863,6 +1438,104 @@ qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
627
628 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jul 2021 19:43:37 +0300
629
630+qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium
631+
632+ * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch:
633+ fix TCG emulation for ppc64 (LP: #1935617)
634+
635+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 13 Jul 2021 09:34:55 +0200
636+
637+qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium
638+
639+ * d/control: remove fuse2 trial-build (LP 1934510)
640+
641+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Jul 2021 10:26:08 +0200
642+
643+qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium
644+
645+ * Merge with Debian experimental, Among many other things this fixes LP Bugs:
646+ (LP: #1907952) broken arrow keys in -display gtk on aarch64
647+ - qemu-kvm to systemd unit
648+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
649+ hugepages and architecture specifics
650+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
651+ qemu-kvm-init
652+ - d/qemu-system-common.install: install helper script
653+ - d/qemu-system-common.qemu-kvm.default: defaults for
654+ /etc/default/qemu-kvm
655+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
656+ - Distribution specific machine type
657+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
658+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
659+ types containing release versioned machine attributes
660+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
661+ for host-phys-bits=true
662+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
663+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
664+ - Enable nesting by default
665+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
666+ in qemu64 on amd
667+ [ No more strictly needed, but required for backward compatibility ]
668+ - improved dependencies
669+ - Make qemu-system-common depend on qemu-block-extra
670+ - Make qemu-utils depend on qemu-block-extra
671+ - Let qemu-utils recommend sharutils
672+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
673+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
674+ reference 256k path
675+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
676+ handle incoming migrations from former releases.
677+ - d/control-in: Disable capstone disassembler library support (universe)
678+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
679+ - d/control*, d/rules: disable xen by default, but provide universe
680+ package qemu-system-x86-xen as alternative
681+ [includes compat links changes of 5.0-5ubuntu4]
682+ - Fix upgrade module handling (LP 1905377)
683+ --enable-module-upgrades for qemu-xen which doesn't exist in Debian
684+ * Dropped Changes [in 6.0]:
685+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
686+ ld usage of -no-pie (LP 1907789)
687+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
688+ virtio-9p-ccw being missing (LP 1916230)
689+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
690+ to glib2.0 >=2.67.3 (LP 1916705)
691+ - d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
692+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
693+ (LP 1921754)
694+ - d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
695+ (LP 1921880)
696+ - d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*:
697+ fix go in qemu-s390x-static (LP 1922010)
698+ * Dropped Changes [in Debian]:
699+ - Allow qemu to load old modules post upgrade (LP 1847361)
700+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
701+ - d/rules: Drop generating package version into maintainer scripts
702+ * Dropped Changes [No more needed >21.04]:
703+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
704+ the bad old prerm (LP 1906245 1905377)
705+ * Added Changes
706+ - Disable fuse export (universe dependency)
707+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
708+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
709+ for v6.0
710+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926)
711+ - Ease the use of module retention on upgrades (LP: #1913421)
712+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
713+ - d/rules: only save modules if /run/qemu isn't noexec
714+ - d/rules: clear all (current and former) modules on purge
715+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
716+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
717+ upgrade issues (LP: #1932264)
718+ - Enable SDL as secondary UI backend (LP: #1256185)
719+ - d/control: add build dependency libsdl2-dev
720+ - d/control: enable sdl graphics on build
721+ - d/qemu-system-gui.install: add ui-sdl.so
722+ - d/control: add runtime dependency to libgl1
723+ - d/rules: qemu-system-x86-xen builds modules as well now (follows the
724+ other packages)
725+
726+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Jun 2021 12:41:33 +0200
727+
728 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium
729
730 * new upstream release
731@@ -915,6 +1588,75 @@ qemu (1:5.2+dfsg-10) unstable; urgency=medium
732
733 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 16 Apr 2021 12:43:36 +0300
734
735+qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium
736+
737+ * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
738+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
739+ (LP: #1921754)
740+ * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
741+ (LP: #1921880)
742+
743+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 11:58:29 +0200
744+
745+qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium
746+
747+ * d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch:
748+ fix go in qemu-s390x-static (LP: #1922010)
749+
750+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 Mar 2021 10:01:40 +0200
751+
752+qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium
753+
754+ * Merge with Debian unstable; Remaining changes:
755+ - qemu-kvm to systemd unit
756+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
757+ hugepages and architecture specifics
758+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
759+ qemu-kvm-init
760+ - d/qemu-system-common.install: install helper script
761+ - d/qemu-system-common.qemu-kvm.default: defaults for
762+ /etc/default/qemu-kvm
763+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
764+ - Distribution specific machine type (LP: 1304107 1621042)
765+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
766+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
767+ for host-phys-bits=true (LP: 1776189)
768+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
769+ - provide pseries-bionic-2.11-sxxm type as convenience with all
770+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
771+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
772+ - Enable nesting by default
773+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
774+ in qemu64 on amd
775+ [ No more strictly needed, but required for backward compatibility ]
776+ - improved dependencies
777+ - Make qemu-system-common depend on qemu-block-extra
778+ - Make qemu-utils depend on qemu-block-extra
779+ - let qemu-utils recommend sharutils
780+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
781+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
782+ reference 256k path
783+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
784+ handle incoming migrations from former releases.
785+ - d/control-in: Disable capstone disassembler library support (universe)
786+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
787+ - d/control*, d/rules: disable xen by default, but provide universe
788+ package qemu-system-x86-xen as alternative
789+ [includes compat links changes of 5.0-5ubuntu4]
790+ - allow qemu to load old modules post upgrade (LP 1847361)
791+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
792+ - d/rules: Drop generating package version into maintainer scripts
793+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
794+ the bad old prerm (LP 1906245 1905377)
795+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
796+ ld usage of -no-pie (LP 1907789)
797+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
798+ virtio-9p-ccw being missing (LP 1916230)
799+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
800+ to glib2.0 >=2.67.3 (LP 1916705)
801+
802+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Mar 2021 11:13:49 +0100
803+
804 qemu (1:5.2+dfsg-9) unstable; urgency=medium
805
806 * do not make qemu-system-data dependent on qemu-system-foo
807@@ -954,6 +1696,66 @@ qemu (1:5.2+dfsg-7) unstable; urgency=high
808
809 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Mar 2021 11:32:54 +0300
810
811+qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium
812+
813+ * d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
814+ to glib2.0 >=2.67.3 (LP: #1916705)
815+
816+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Feb 2021 08:39:09 +0100
817+
818+qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
819+
820+ * Merge with Debian unstable, includes fixes for
821+ - build operates differently if source is a git repo (LP: #1887535)
822+ Remaining changes:
823+ - qemu-kvm to systemd unit
824+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
825+ hugepages and architecture specifics
826+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
827+ qemu-kvm-init
828+ - d/qemu-system-common.install: install helper script
829+ - d/qemu-system-common.qemu-kvm.default: defaults for
830+ /etc/default/qemu-kvm
831+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
832+ - Distribution specific machine type (LP: 1304107 1621042)
833+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
834+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
835+ for host-phys-bits=true (LP: 1776189)
836+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
837+ - provide pseries-bionic-2.11-sxxm type as convenience with all
838+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
839+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
840+ - Enable nesting by default
841+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
842+ in qemu64 on amd
843+ [ No more strictly needed, but required for backward compatibility ]
844+ - improved dependencies
845+ - Make qemu-system-common depend on qemu-block-extra
846+ - Make qemu-utils depend on qemu-block-extra
847+ - let qemu-utils recommend sharutils
848+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
849+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
850+ reference 256k path
851+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
852+ handle incoming migrations from former releases.
853+ - d/control-in: Disable capstone disassembler library support (universe)
854+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
855+ - d/control*, d/rules: disable xen by default, but provide universe
856+ package qemu-system-x86-xen as alternative
857+ [includes compat links changes of 5.0-5ubuntu4]
858+ - allow qemu to load old modules post upgrade (LP 1847361)
859+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
860+ - d/rules: Drop generating package version into maintainer scripts
861+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
862+ the bad old prerm (LP 1906245 1905377)
863+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
864+ ld usage of -no-pie (LP 1907789)
865+ * Added changes
866+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
867+ virtio-9p-ccw being missing (LP: #1916230)
868+
869+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Feb 2021 11:40:36 +0100
870+
871 qemu (1:5.2+dfsg-6) unstable; urgency=medium
872
873 * deprecate qemu-debootstrap. It is not needed anymore with
874@@ -1006,6 +1808,64 @@ qemu (1:5.2+dfsg-4) unstable; urgency=medium
875
876 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300
877
878+qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
879+
880+ * No change rebuild to pick up liburing. (LP: #1914145)
881+
882+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 19:44:54 -0300
883+
884+qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
885+
886+ * Merge with Debian unstable, includes fixes for
887+ - qemu-user-static are partially dynamically linked (LP: #1908331)
888+ - qemu crashing when using spice without qemu-system-gui being
889+ installed (LP: #1908577)
890+ Remaining changes:
891+ - qemu-kvm to systemd unit
892+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
893+ hugepages and architecture specifics
894+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
895+ qemu-kvm-init
896+ - d/qemu-system-common.install: install helper script
897+ - d/qemu-system-common.qemu-kvm.default: defaults for
898+ /etc/default/qemu-kvm
899+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
900+ - Distribution specific machine type (LP: 1304107 1621042)
901+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
902+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
903+ for host-phys-bits=true (LP: 1776189)
904+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
905+ - provide pseries-bionic-2.11-sxxm type as convenience with all
906+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
907+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
908+ - Enable nesting by default
909+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
910+ in qemu64 on amd
911+ [ No more strictly needed, but required for backward compatibility ]
912+ - improved dependencies
913+ - Make qemu-system-common depend on qemu-block-extra
914+ - Make qemu-utils depend on qemu-block-extra
915+ - let qemu-utils recommend sharutils
916+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
917+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
918+ reference 256k path
919+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
920+ handle incoming migrations from former releases.
921+ - d/control-in: Disable capstone disassembler library support (universe)
922+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
923+ - d/control*, d/rules: disable xen by default, but provide universe
924+ package qemu-system-x86-xen as alternative
925+ [includes compat links changes of 5.0-5ubuntu4]
926+ - allow qemu to load old modules post upgrade (LP 1847361)
927+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
928+ - d/rules: Drop generating package version into maintainer scripts
929+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
930+ the bad old prerm (LP 1906245 1905377)
931+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
932+ ld usage of -no-pie (LP 1907789)
933+
934+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
935+
936 qemu (1:5.2+dfsg-3) unstable; urgency=medium
937
938 [ Christian Ehrhardt ]
939@@ -1022,6 +1882,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
940
941 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
942
943+qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
944+
945+ * Merge with Debian unstable
946+ - includes fix for CVE-2020-17380
947+ - includes a fix for s390x PCI device reset (LP: #1907656)
948+ Remaining changes:
949+ - qemu-kvm to systemd unit
950+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
951+ hugepages and architecture specifics
952+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
953+ qemu-kvm-init
954+ - d/qemu-system-common.install: install helper script
955+ - d/qemu-system-common.qemu-kvm.default: defaults for
956+ /etc/default/qemu-kvm
957+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
958+ - Distribution specific machine type (LP: 1304107 1621042)
959+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
960+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
961+ for host-phys-bits=true (LP: 1776189)
962+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
963+ - provide pseries-bionic-2.11-sxxm type as convenience with all
964+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
965+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
966+ - Enable nesting by default
967+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
968+ in qemu64 on amd
969+ [ No more strictly needed, but required for backward compatibility ]
970+ - improved dependencies
971+ - Make qemu-system-common depend on qemu-block-extra
972+ - Make qemu-utils depend on qemu-block-extra
973+ - let qemu-utils recommend sharutils
974+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
975+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
976+ reference 256k path
977+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
978+ handle incoming migrations from former releases.
979+ - d/control-in: Disable capstone disassembler library support (universe)
980+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
981+ - d/control*, d/rules: disable xen by default, but provide universe
982+ package qemu-system-x86-xen as alternative
983+ [includes compat links changes of 5.0-5ubuntu4]
984+ - allow qemu to load old modules post upgrade (LP 1847361)
985+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
986+ - d/rules: Drop generating package version into maintainer scripts
987+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
988+ the bad old prerm (LP 1906245 1905377)
989+ * Dropped Changes:
990+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
991+ resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
992+ fails]
993+ * Added Changes:
994+ - Refreshed ubuntu machine types for hirsute@5.2
995+ - d/control: regenerated from d/control-in
996+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
997+ ld usage of -no-pie (LP: #1907789)
998+
999+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
1000+
1001 qemu (1:5.2+dfsg-2) unstable; urgency=medium
1002
1003 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
1004@@ -1067,6 +1985,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
1005
1006 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
1007
1008+qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
1009+
1010+ * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1011+ the bad old prerm (LP: #1906245)
1012+
1013+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
1014+
1015+qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
1016+
1017+ * Fix upgrade module handling (LP: #1905377)
1018+ This was accetped in a slightly different form in qemu_5.0-6 and therefore
1019+ allows to drop some former delta that is now conflicting.
1020+ Ubuntu still keeps enabling --enable-module-upgrades, but only for
1021+ qemu-xen which doesn't exist in Debian
1022+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1023+ - d/rules: Drop generating package version into maintainer scripts
1024+
1025+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
1026+
1027+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
1028+
1029+ * Merge with Debian testing, remaining changes:
1030+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
1031+ - qemu-kvm to systemd unit
1032+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1033+ hugepages and architecture specifics
1034+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1035+ qemu-kvm-init
1036+ - d/qemu-system-common.install: install helper script
1037+ - d/qemu-system-common.qemu-kvm.default: defaults for
1038+ /etc/default/qemu-kvm
1039+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1040+ - Distribution specific machine type (LP: 1304107 1621042)
1041+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1042+ types
1043+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1044+ for host-phys-bits=true (LP: 1776189)
1045+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1046+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1047+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1048+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1049+ - Enable nesting by default
1050+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1051+ in qemu64 on amd
1052+ [ No more strictly needed, but required for backward compatibility ]
1053+ - improved dependencies
1054+ - Make qemu-system-common depend on qemu-block-extra
1055+ - Make qemu-utils depend on qemu-block-extra
1056+ - let qemu-utils recommend sharutils
1057+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1058+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1059+ reference 256k path
1060+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1061+ handle incoming migrations from former releases.
1062+ - d/control-in: Disable capstone disassembler library support (universe)
1063+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1064+ - d/control*, d/rules: disable xen by default, but provide universe
1065+ package qemu-system-x86-xen as alternative
1066+ [includes compat links changes of 5.0-5ubuntu4]
1067+ - allow qemu to load old modules post upgrade (LP 1847361)
1068+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1069+ upgrade
1070+ - d/rules: generate maintainer scripts matching package version on build
1071+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1072+ - d/control: regenerate debian/control out of control-in
1073+ * Dropped changes [in Debian or no more needed]
1074+ - d/control-in: disable pmem on ppc64 as it is currently considered
1075+ experimental on that architecture (pmdk v1.8-1)
1076+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1077+ - d/rules: report config log from the correct subdir
1078+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1079+ - Pick further changes for groovy from debian/master since 5.0-5
1080+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
1081+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
1082+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
1083+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
1084+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
1085+ - megasas-fix-possible-out-of-bounds-array-access.patch
1086+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
1087+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
1088+ - a few patches from the stable series:
1089+ - fix-tulip-breakage.patch
1090+ - 9p-lock-directory-streams-with-a-CoMutex.patch
1091+ Prevent deadlocks in 9pfs readdir code
1092+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
1093+ Fix newline accidentally sneaked into id string of a nic
1094+ - qemu-nbd-close-inherited-stderr.patch
1095+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
1096+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
1097+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
1098+ - acpi-tmr-allow-2-byte-reads.patch
1099+ - reapply CVE-2020-13253 fixes from upstream
1100+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
1101+ - linux-user-add-netlink-RTM_SETLINK-command.patch
1102+ - d/control: since qemu-system-data now contains module(s),
1103+ it can't be multi-arch. Ditto for qemu-block-extra.
1104+ - qemu-system-foo: depend on exact version of qemu-system-data,
1105+ due to the latter having modules
1106+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
1107+ This is another incarnation of the recent bugfix which actually enabled
1108+ memory access constraints, like #964247
1109+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
1110+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
1111+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
1112+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
1113+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
1114+ - do not install outdated (0.12 and before) Changelog
1115+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
1116+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
1117+ Closes: CVE-2020-15863
1118+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
1119+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1120+ another fix for revert-memory-accept-.. CVE-2020-13754
1121+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1122+ - d/control-in: build-dep libcap is no more needed
1123+ - arch aware kvm wrappers
1124+ [upstream now automatically enables KVM if available and called with
1125+ kvm* name, provides KVM as before but with auto-fallback to tcg.
1126+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
1127+ * Dropped changes [upstream now]
1128+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
1129+ setup_len
1130+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
1131+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
1132+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
1133+ from vfio-ccw (LP 1887935)
1134+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
1135+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
1136+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
1137+ SQXBR (LP 1883984)
1138+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
1139+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
1140+ environments (LP 1887763)
1141+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1142+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1143+ crashes it on shutdown (LP 1878973)
1144+ - update d/p/ubuntu/lp-1835546-* to the final versions
1145+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1146+ FTBFS in groovy
1147+ * Added Changes:
1148+ - update ubuntu machine types for hirsute@5.1
1149+ - d/control: regenerated from d/control-in
1150+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
1151+ resolved in gcc-10 (LP: 1890435)
1152+
1153+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
1154+
1155 qemu (1:5.1+dfsg-4) unstable; urgency=high
1156
1157 * mention closing of CVE-2020-16092 by 5.1
1158@@ -1308,6 +2373,298 @@ qemu (1:5.0-6) unstable; urgency=medium
1159
1160 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
1161
1162+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
1163+
1164+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
1165+ machine type to match how it originally was released (LP: #1902654)
1166+
1167+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
1168+
1169+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
1170+
1171+ * No-change rebuild for brltty soname change.
1172+
1173+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
1174+
1175+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
1176+
1177+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
1178+ setup_len
1179+ CVE-2020-14364
1180+
1181+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
1182+
1183+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
1184+
1185+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
1186+
1187+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
1188+
1189+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
1190+
1191+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
1192+
1193+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
1194+
1195+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
1196+
1197+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
1198+ from vfio-ccw (LP: #1887935)
1199+
1200+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
1201+
1202+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
1203+
1204+ * fix qemu-user-static initialization to allow executing systemd
1205+ (LP: #1890881)
1206+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
1207+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
1208+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
1209+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
1210+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
1211+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
1212+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
1213+ CVE-2020-16092
1214+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
1215+
1216+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
1217+
1218+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
1219+
1220+ * xen: provide compat links to what libxen-dev reports where to find
1221+ the binaries (LP: #1890005)
1222+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
1223+ SQXBR (LP: #1883984)
1224+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
1225+
1226+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
1227+
1228+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
1229+
1230+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
1231+ environments (LP: #1887763)
1232+ * Pick further changes for groovy from debian/master since 5.0-5
1233+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
1234+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
1235+ infinite recursion via a crafted mm_index value during
1236+ ati_mm_read or ati_mm_write call.
1237+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
1238+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
1239+ devices which uses min_access_size and max_access_size Memory API fields.
1240+ Also closes: CVE-2020-13791
1241+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
1242+ CVE-2020-13659: address_space_map in exec.c can trigger
1243+ a NULL pointer dereference related to BounceBuffer
1244+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
1245+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
1246+ has an OOB read via a crafted reply_queue_head field from a guest OS user
1247+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
1248+ fix other possible cases like in CVE-2020-13362 (#961887)
1249+ - megasas-fix-possible-out-of-bounds-array-access.patch
1250+ Some tracepoints use a guest-controlled value as an index into the
1251+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
1252+ impact OOB errors here
1253+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
1254+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
1255+ This flaw occurs when an nbd-client sends a spec-compliant request that is
1256+ near the boundary of maximum permitted request length. A remote nbd-client
1257+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
1258+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
1259+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
1260+ properly validate the frame count, which allows guest OS users to trigger
1261+ an out-of-bounds access during an es1370_write() operation
1262+ - a few patches from the stable series:
1263+ - fix-tulip-breakage.patch
1264+ The tulip network driver in a qemu-system-hppa emulation is broken in
1265+ the sense that bigger network packages aren't received any longer and
1266+ thus even running e.g. "apt update" inside the VM fails. Fix this.
1267+ - 9p-lock-directory-streams-with-a-CoMutex.patch
1268+ Prevent deadlocks in 9pfs readdir code
1269+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
1270+ Fix newline accidentally sneaked into id string of a nic
1271+ - qemu-nbd-close-inherited-stderr.patch
1272+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
1273+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
1274+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
1275+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
1276+ - reapply CVE-2020-13253 fixed from upstream:
1277+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
1278+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
1279+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
1280+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
1281+ Closes: #961297, CVE-2020-13253
1282+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
1283+ (Closes: #965109)
1284+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
1285+ - d/control: since qemu-system-data now contains module(s),
1286+ it can't be multi-arch. Ditto for qemu-block-extra.
1287+ - qemu-system-foo: depend on exact version of qemu-system-data,
1288+ due to the latter having modules
1289+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
1290+ This is another incarnation of the recent bugfix which actually enabled
1291+ memory access constraints, like #964247
1292+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
1293+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
1294+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
1295+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
1296+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
1297+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
1298+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
1299+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
1300+ Closes: CVE-2020-15863
1301+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
1302+ List of patches:
1303+ sm501-convert-printf-abort-to-qemu_log_mask.patch
1304+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
1305+ sm501-use-BIT-macro-to-shorten-constant.patch
1306+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
1307+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
1308+ Closes: #961451, CVE-2020-12829
1309+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1310+ another fix for revert-memory-accept-.. CVE-2020-13754
1311+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1312+
1313+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
1314+
1315+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
1316+
1317+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
1318+
1319+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
1320+
1321+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
1322+
1323+ * Merge with Debian testing (LP: #1749393), remaining changes:
1324+ - qemu-kvm to systemd unit
1325+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1326+ hugepages and architecture specifics
1327+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1328+ qemu-kvm-init
1329+ - d/qemu-system-common.install: install helper script
1330+ - d/qemu-system-common.qemu-kvm.default: defaults for
1331+ /etc/default/qemu-kvm
1332+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1333+ - Distribution specific machine type (LP: 1304107 1621042)
1334+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1335+ types
1336+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1337+ for host-phys-bits=true (LP: 1776189)
1338+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1339+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1340+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1341+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1342+ - Enable nesting by default
1343+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1344+ in qemu64 on amd
1345+ [ No more strictly needed, but required for backward compatibility ]
1346+ - improved dependencies
1347+ - Make qemu-system-common depend on qemu-block-extra
1348+ - Make qemu-utils depend on qemu-block-extra
1349+ - let qemu-utils recommend sharutils
1350+ - arch aware kvm wrappers
1351+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1352+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1353+ reference 256k path
1354+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1355+ handle incoming migrations from former releases.
1356+ - d/control-in: Disable capstone disassembler library support (universe)
1357+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1358+ - d/control*, d/rules: disable xen by default, but provide universe
1359+ package qemu-system-x86-xen as alternative
1360+ [includes --disable-xen for user-static builds]
1361+ - d/control-in: disable pmem on ppc64 as it is currently considered
1362+ experimental on that architecture (pmdk v1.8-1)
1363+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1364+ - d/rules: report config log from the correct subdir
1365+ - allow qemu to load old modules post upgrade (LP 1847361)
1366+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1367+ upgrade
1368+ - d/rules: generate maintainer scripts matching package version on build
1369+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1370+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1371+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1372+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1373+ crashes it on shutdown (LP 1878973)
1374+ * Dropped changes (no more needed)
1375+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1376+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1377+ in qemu64 cpu type.
1378+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
1379+ Debian. Fixed by bumping the related Breaks/Replaces to the
1380+ Version Ubuntu introduced the change (LP 1862287)
1381+ * Dropped changes (in Debian)
1382+ - improved s390x support
1383+ - d/binfmt-update-in: fix binfmt being called in some containers
1384+ (LP 1840956)
1385+ - qemu-system-x86-microvm package
1386+ In addition to the generic multi-purpose qemu also provide a minimal
1387+ feature binary that is loading faster for use cases with microvm machine
1388+ type and qboot bios
1389+ - d/control-in: add a new qemu-system-x86-microvm package
1390+ - d/rules: add an extra config/build step to get the minimal qemu
1391+ - Security and packaging fixes (LP 1872937)
1392+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1393+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1394+ CVE-2020-10702
1395+ CVE-2020-11102
1396+ - fix external spice UI
1397+ + install ui-spice-app.so in qemu-system-common
1398+ + install ui-spice-app.so only if built, spice is optional
1399+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1400+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1401+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1402+ - enable riscv build (LP 1872931)
1403+ [ changes picked from Debian ]
1404+ - enable support for riscv64 hosts
1405+ - only enable librbd on architectures where it is built
1406+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1407+ depends on the former
1408+ - seccomp grew up, no need in versioned build-dep
1409+ - enable seccomp only on architectures where it can be built
1410+ * Dropped changes (upstream)
1411+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1412+ (LP 1857033)
1413+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1414+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1415+ vhost-user-gpu
1416+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1417+ avoid unnecessary IOTLB transactions (LP 1866207)
1418+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1419+ patches @qemu-stable (LP 1867519)
1420+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1421+ to avoid broken nesting (LP 1868692)
1422+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1423+ (LP 1871830)
1424+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
1425+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1426+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1427+ and clobbered doubles (LP 1872945)
1428+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1429+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1430+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1431+ - CVE-2020-11869
1432+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1433+ - async: use explicit memory barriers (LP 1805256)
1434+ - aio-wait: delegate polling of main AioContext if BQL not held
1435+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1436+ supporting to set them (LP 1882774)
1437+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1438+ load to a versioned path
1439+ * Added Changes:
1440+ - d/control: regenerate debian/control out of control-in
1441+ - update d/p/ubuntu/lp-1835546-* to the final versions
1442+ - 11 patches dropped as they are in 5.0
1443+ - 20 patches updated to how they will be in 5.1
1444+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1445+ FTBFS in groovy
1446+ - Make qemu-system-x86-microvm a transitional package as the binary is now
1447+ in qemu-system-x86 itself.
1448+ - d/control-in: build-dep libcap is no more needed
1449+ - d/rules: update arch aware kvm wrappers
1450+ - d/qemu-system-x86.README.Debian: fix typo
1451+
1452+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
1453+
1454 qemu (1:5.0-5) unstable; urgency=medium
1455
1456 * more binfmt-install updates
1457@@ -1440,6 +2797,188 @@ qemu (1:4.2-4) unstable; urgency=medium
1458
1459 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
1460
1461+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
1462+
1463+ * No-change rebuild against libnettle8
1464+
1465+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
1466+
1467+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
1468+
1469+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1470+ crashes it on shutdown (LP: #1878973)
1471+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1472+ supporting to set them (LP: #1882774)
1473+
1474+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
1475+
1476+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1477+
1478+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1479+ - async: use explicit memory barriers (LP: #1805256)
1480+ - aio-wait: delegate polling of main AioContext if BQL not held
1481+
1482+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1483+
1484+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1485+
1486+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1487+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1488+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1489+ - CVE-2020-11869
1490+
1491+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1492+
1493+qemu (1:4.2-3ubuntu6) focal; urgency=medium
1494+
1495+ [ Christian Ehrhardt ]
1496+ * enable riscv build (LP: #1872931)
1497+ [ changes picked from Debian ]
1498+ - enable support for riscv64 hosts
1499+ - only enable librbd on architectures where it is built
1500+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1501+ depends on the former
1502+ - seccomp grew up, no need in versioned build-dep
1503+ - enable seccomp only on architectures where it can be built
1504+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1505+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1506+ and clobbered doubles (LP: #1872945)
1507+
1508+ [ William Grant ]
1509+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1510+
1511+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1512+
1513+qemu (1:4.2-3ubuntu5) focal; urgency=medium
1514+
1515+ [ Christian Ehrhardt ]
1516+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1517+ (LP: #1871830)
1518+ * Security and packaging fixes (LP: #1872937)
1519+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1520+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1521+ CVE-2020-10702
1522+ CVE-2020-11102
1523+ - fix external spice UI
1524+ + install ui-spice-app.so in qemu-system-common
1525+ + install ui-spice-app.so only if built, spice is optional
1526+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1527+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1528+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1529+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1530+
1531+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1532+
1533+qemu (1:4.2-3ubuntu4) focal; urgency=medium
1534+
1535+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1536+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1537+ to avoid broken nesting (LP: #1868692)
1538+
1539+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1540+
1541+qemu (1:4.2-3ubuntu3) focal; urgency=medium
1542+
1543+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1544+ patches @qemu-stable (LP: #1867519)
1545+
1546+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1547+
1548+qemu (1:4.2-3ubuntu2) focal; urgency=medium
1549+
1550+ * allow qemu to load old modules post upgrade (LP: #1847361)
1551+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1552+ load to a versioned path
1553+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1554+ upgrade
1555+ - d/rules: generate maintainer scripts matching package version on build
1556+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1557+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1558+ avoid unnecessary IOTLB transactions (LP: #1866207)
1559+
1560+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1561+
1562+qemu (1:4.2-3ubuntu1) focal; urgency=medium
1563+
1564+ * Merge with Debian testing, remaining changes:
1565+ - qemu-kvm to systemd unit
1566+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1567+ hugepages and architecture specifics
1568+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1569+ qemu-kvm-init
1570+ - d/qemu-system-common.install: install helper script
1571+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1572+ - d/qemu-system-common.qemu-kvm.default: defaults for
1573+ /etc/default/qemu-kvm
1574+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1575+ - Distribution specific machine type (LP: 1304107 1621042)
1576+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1577+ types
1578+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1579+ for host-phys-bits=true (LP: 1776189)
1580+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1581+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1582+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1583+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1584+ - Enable nesting by default
1585+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1586+ in qemu64 cpu type.
1587+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1588+ in qemu64 on amd
1589+ [ No more strictly needed, but required for backward compatibility ]
1590+ - improved dependencies
1591+ - Make qemu-system-common depend on qemu-block-extra
1592+ - Make qemu-utils depend on qemu-block-extra
1593+ - let qemu-utils recommend sharutils
1594+ - improved s390x support
1595+ - d/rules: build s390-ccw.img with upstream Makefile
1596+ - d/rules: build s390-netboot.img with upstream Makefile
1597+ - arch aware kvm wrappers
1598+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1599+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1600+ reference 256k path
1601+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1602+ handle incoming migrations from former releases.
1603+ - d/control-in: Disable capstone disassembler library support (universe)
1604+ - d/binfmt-update-in: fix binfmt being called in some containers
1605+ (LP 1840956)
1606+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1607+ (LP 1857033)
1608+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1609+ - d/control*, d/rules: disable xen by default, but provide universe
1610+ package qemu-system-x86-xen as alternative
1611+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1612+ - Dropped changes [ in Debian ]
1613+ - d/control: update VCS links
1614+ - d/control-in: bump debhelper build-dep for compat 12
1615+ - d/control: disable bluetooth being deprecated
1616+ - d/not-installed: ignore new interop docs and extra icons for now
1617+ - d/not-installed: do not install elf2dmp until namespaced
1618+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1619+ [ not needed ]
1620+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1621+ - s390x support
1622+ - Create qemu-system-s390x package
1623+ - Enable numa support for s390x
1624+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
1625+ * Added changes
1626+ - d/control: regenerate debian/control out of control-in
1627+ - qemu-system-x86-microvm package
1628+ In addition to the generic multi-purpose qemu also provide a minimal
1629+ feature binary that is loading faster for use cases with microvm machine
1630+ type and qboot bios
1631+ - d/control-in: add a new qemu-system-x86-microvm package
1632+ - d/rules: add an extra config/build step to get the minimal qemu
1633+ - d/control-in: disable pmem on ppc64 as it is currently considered
1634+ experimental on that architecture (pmdk v1.8-1)
1635+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1636+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1637+ vhost-user-gpu
1638+ - d/rules: report config log from the correct subdir
1639+ - d/rules: --disable-xen for user-static builds
1640+
1641+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1642+
1643 qemu (1:4.2-3) unstable; urgency=medium
1644
1645 * mention closing of #909743 in previous changelog (Closes: #909743)
1646@@ -1482,6 +3021,169 @@ qemu (1:4.2-2) unstable; urgency=medium
1647
1648 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
1649
1650+qemu (1:4.2-1ubuntu2) focal; urgency=medium
1651+
1652+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1653+ Debian. Fixed by by bumping the related Breaks/Replaces to the
1654+ Version Ubuntu introduced the change (LP: #1862287)
1655+
1656+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1657+
1658+qemu (1:4.2-1ubuntu1) focal; urgency=medium
1659+
1660+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1661+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1662+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1663+ LP: #1852744 - Crypto Passthrough Interrupt Support
1664+ LP: #1853316 - CCW IPL Support
1665+ Remaining changes:
1666+ - qemu-kvm to systemd unit
1667+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1668+ hugepages and architecture specifics
1669+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1670+ qemu-kvm-init
1671+ - d/qemu-system-common.install: install helper script
1672+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1673+ - d/qemu-system-common.qemu-kvm.default: defaults for
1674+ /etc/default/qemu-kvm
1675+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1676+ - Distribution specific machine type (LP: 1304107 1621042)
1677+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1678+ types
1679+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1680+ for host-phys-bits=true (LP: 1776189)
1681+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1682+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1683+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1684+ - Enable nesting by default
1685+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1686+ in qemu64 cpu type.
1687+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1688+ in qemu64 on amd
1689+ [ No more strictly needed, but required for backward compatibility ]
1690+ - improved dependencies
1691+ - Make qemu-system-common depend on qemu-block-extra
1692+ - Make qemu-utils depend on qemu-block-extra
1693+ - let qemu-utils recommend sharutils
1694+ - s390x support
1695+ - Create qemu-system-s390x package
1696+ - Enable numa support for s390x
1697+ - d/rules: build s390-ccw.img with upstream Makefile
1698+ - d/rules: build s390-netboot.img with upstream Makefile
1699+ - arch aware kvm wrappers
1700+ - d/control: update VCS links
1701+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1702+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1703+ reference 256k path
1704+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1705+ handle incoming migrations from former releases.
1706+ - d/control-in: Disable capstone disassembler library support (universe)
1707+ - d/control: disable bluetooth being deprecated
1708+ - d/not-installed: ignore new interop docs and extra icons for now
1709+ - d/not-installed: do not install elf2dmp until namespaced
1710+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1711+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1712+ - d/binfmt-update-in: fix binfmt being called in some containers
1713+ (LP 1840956)
1714+ - Dropped changes (in Debian)
1715+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1716+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1717+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1718+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1719+ - enable RDMA config option
1720+ - add libibumad-dev build-dep
1721+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1722+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1723+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1724+ replace it with a build-indep using the upstream makefiles.
1725+ This is less prone to miss future changes/fixes that are done to the
1726+ makefiles
1727+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1728+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1729+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1730+ - Refreshed patches for v4.0 context changes
1731+ - d/control*: remove sdlabi which was removed upstream
1732+ - d/control*: enable docs (now explicit) and provide new build-dep
1733+ python3-sphinx
1734+ - d/qemu-system-data.install: use new paths for formerly used icons
1735+ - Merge with Upstream release of qemu 4.0
1736+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1737+ - Dropped changes (Upstream)
1738+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1739+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1740+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1741+ fix i386 build error
1742+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1743+ fix naming of the new vector facitlity (LP 1836066)
1744+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1745+ for missing SIOCGSTAMP definition; final fix is still in discussion
1746+ upstream (LP: 1836159)
1747+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1748+ s390x machines (LP 1836154)
1749+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1750+ (LP 1841066)
1751+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1752+ update the z15 model name (LP 1842774)
1753+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1754+ fix a potential hang when qemu or qemu-img where accessing http backed
1755+ disks via libcurl (LP 1848556)
1756+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
1757+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
1758+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1759+ toleration for future machines (LP 1830704)
1760+ - SECURITY UPDATE: Add support for exposing md-clear functionality
1761+ to guests
1762+ - d/p/ubuntu/enable-md-clear.patch
1763+ - d/p/ubuntu/enable-md-no.patch
1764+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1765+ - SECURITY UPDATE: heap overflow when loading device tree blob
1766+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1767+ copy the device tree blob into is.
1768+ - CVE-2018-20815
1769+ - SECURITY UPDATE: device driver denial of service via NULL pointer
1770+ dereference
1771+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1772+ routine
1773+ - CVE-2019-5008
1774+ - SECURITY UPDATE: information leak in SLiRP
1775+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1776+ emulating ident.
1777+ - CVE-2019-9824
1778+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1779+ unimplement.patch: properly return architecture defined exception
1780+ on bad subcodes of diag 308 (LP 1812384)
1781+ * Dropped changes (no more needed)
1782+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1783+ mv_conffile since the new path is a directory in the old package
1784+ version which can not be handled by mv_conffile.
1785+ [ only needed between disco and eoan ]
1786+ - disable pvrdma
1787+ [ CVEs all fixed now ]
1788+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1789+ avoid misdetection of simplified nesting blocking all migrations
1790+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
1791+ - Enable nesting by default
1792+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1793+ (is default on amd)
1794+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1795+ without nested=1
1796+ [ nesting is default in kernel modules and default selected cpu types ]
1797+ * Added changes
1798+ - d/control: regenerate debian/control out of control-in
1799+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
1800+ - added ubuntu focal types for qemu 4.2
1801+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1802+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1803+ (LP: #1857033)
1804+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1805+ - d/control*, d/rules: disable xen by default, but provide universe
1806+ package qemu-system-x86-xen as alternative
1807+ - fix typos in changelog and d/qemu-system-x86.NEWS
1808+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
1809+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
1810+
1811+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
1812+
1813 qemu (1:4.2-1) unstable; urgency=medium
1814
1815 * new upstream release (4.2.0)
1816@@ -1558,6 +3260,205 @@ qemu (1:4.1-1) unstable; urgency=medium
1817
1818 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
1819
1820+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
1821+
1822+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1823+ fix a potential hang when qemu or qemu-img where accessing http backed
1824+ disks via libcurl (LP: #1848556)
1825+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
1826+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
1827+
1828+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
1829+
1830+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
1831+
1832+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1833+ update the z15 model name (LP: #1842774)
1834+
1835+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
1836+
1837+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
1838+
1839+ * d/binfmt-update-in: fix binfmt being called in some containers
1840+ (LP: #1840956)
1841+
1842+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
1843+
1844+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
1845+
1846+ * No-change upload with strops.h and sys/strops.h removed in glibc.
1847+
1848+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
1849+
1850+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
1851+
1852+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1853+ (LP: #1841066)
1854+
1855+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
1856+
1857+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
1858+
1859+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1860+ s390x machines (LP: #1836154)
1861+
1862+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
1863+
1864+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
1865+
1866+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
1867+ - pick Debian change for (#889885)
1868+ move ovmf to recommends on debian and update aarch ovmf refs
1869+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
1870+
1871+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
1872+
1873+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
1874+
1875+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1876+ for missing SIOCGSTAMP definition; final fix is still in discussion
1877+ upstream (LP: 1836159)
1878+
1879+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
1880+
1881+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
1882+
1883+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1884+ fix naming of the new vector facitlity (LP: #1836066)
1885+ * d/control-in: update VCS links in control template as well
1886+
1887+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
1888+
1889+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
1890+
1891+ * Merge with Upstream release of qemu 4.0.
1892+ Among many other things this fixes LP Bugs:
1893+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
1894+ LP: #1828038 - Update s390x CPU Model for more HW support
1895+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
1896+ Remaining Changes:
1897+ - qemu-kvm to systemd unit
1898+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1899+ hugepages and architecture specifics
1900+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1901+ qemu-kvm-init
1902+ - d/qemu-system-common.install: install helper script
1903+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1904+ - d/qemu-system-common.qemu-kvm.default: defaults for
1905+ /etc/default/qemu-kvm
1906+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1907+ - Enable nesting by default
1908+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1909+ (is default on amd)
1910+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1911+ without nested=1
1912+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1913+ in qemu64 cpu type.
1914+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1915+ in qemu64 on amd
1916+ - d/qemu-system-x86.README.Debian: document intention of nested being
1917+ default is comfort, not full support
1918+ - Distribution specific machine type (LP: 1304107 1621042)
1919+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1920+ types
1921+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1922+ for host-phys-bits=true (LP: 1776189)
1923+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1924+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1925+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1926+ - improved dependencies
1927+ - Make qemu-system-common depend on qemu-block-extra
1928+ - Make qemu-utils depend on qemu-block-extra
1929+ - let qemu-utils recommend sharutils
1930+ - s390x support
1931+ - Create qemu-system-s390x package
1932+ - Enable numa support for s390x
1933+ - arch aware kvm wrappers
1934+ - d/control: update VCS links
1935+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1936+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1937+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1938+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1939+ - enable RDMA config option
1940+ - add libibumad-dev build-dep
1941+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1942+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1943+ reference 256k path
1944+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1945+ handle incoming migrations from former releases.
1946+ - d/control-in: Disable capstone disassembler library support (universe)
1947+ - Move s390x roms to a new qemu-system-data-s390x
1948+ - d/qemu-system-data.install: install s390x roms as architecture:all in
1949+ qemu-system-data
1950+ - d/rules: build s390-ccw.img with upstream Makefile
1951+ - d/rules: build s390-netboot.img with upstream Makefile
1952+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1953+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1954+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1955+ replace it with a build-indep using the upstream makefiles.
1956+ This is less prone to miss future changes/fixes that are done to the
1957+ makefiles
1958+ - d/control-in: add breaks/replaces for moving s390x roms from
1959+ qemu-system-s390x to qemu-system-data
1960+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1961+ [From not yet uploaded Debian branch]
1962+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1963+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1964+ - disable pvrdma - besides several security holes there are many other
1965+ bugs there as well
1966+ * Dropped patches that are upstream in v4.0
1967+ - d/p/do-not-link-everything-with-xen.patch
1968+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
1969+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
1970+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
1971+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
1972+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
1973+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
1974+ (LP: 1759509)
1975+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
1976+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
1977+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
1978+ - d/p/ubuntu/CVE-2018-20815.patch
1979+ - d/p/ubuntu/CVE-2019-5008.patch
1980+ - d/p/ubuntu/CVE-2019-9824.patch
1981+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1982+ avoid misdetection of simplified nesting blocking all migrations
1983+ * Dropped further patches
1984+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
1985+ [upstream deprecated the whole subsystem instead of applying the fix]
1986+ * Added Changes
1987+ - updated ubuntu machine types for v4.0
1988+ - added eoan types
1989+ - fixed s390x issue of upstream types having a "v" prefix
1990+ - add back dropped machine types to avoid more issues like LP: 1802944
1991+ - fix kvm split irqchip default in ubuntu q35 machine type
1992+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
1993+ adapt updated CamelCase
1994+ - -hpb types now need to use GlobalProperties
1995+ - pc_compat_2_0 got a _fn suffix and slight changes
1996+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
1997+ SLOF of qemu 4.0
1998+ - Refreshed patches still needed for v4.0 context changes
1999+ - d/p/use-fixed-data-path.patch
2000+ - d/p/ubuntu/enable-svm-by-default.patch
2001+ - d/p/ubuntu/enable-md-clear.patch
2002+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
2003+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
2004+ (LP: #1830243)
2005+ - d/control: disable bluetooth being deprecated
2006+ - d/control*: remove sdlabi which was removed upstream
2007+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
2008+ - d/control*: enable docs (now explicit) and provide new build-dep
2009+ python3-sphinx
2010+ - d/not-installed: ignore new interop docs and extra icons for now
2011+ - d/not-installed: do not install elf2dmp until namespaced
2012+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
2013+ - d/qemu-system-data.install: use new paths for formerly used icons
2014+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
2015+ fix i386 build error
2016+
2017+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
2018+
2019 qemu (1:3.1+dfsg-8) unstable; urgency=high
2020
2021 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
2022@@ -1660,6 +3561,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
2023
2024 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
2025
2026+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
2027+
2028+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
2029+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
2030+ fix migrations from old machines (LP: #1829868).
2031+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
2032+ toleration for future machines (LP: #1830704
2033+
2034+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
2035+
2036+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
2037+
2038+ * SECURITY UPDATE: Add support for exposing md-clear functionality
2039+ to guests
2040+ - d/p/ubuntu/enable-md-clear.patch
2041+ - d/p/ubuntu/enable-md-no.patch
2042+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
2043+ * SECURITY UPDATE: heap overflow when loading device tree blob
2044+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
2045+ copy the device tree blob into is.
2046+ - CVE-2018-20815
2047+ * SECURITY UPDATE: device driver denial of service via NULL pointer
2048+ dereference
2049+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
2050+ routine
2051+ - CVE-2019-5008
2052+ * SECURITY UPDATE: information leak in SLiRP
2053+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
2054+ emulating ident.
2055+ - CVE-2019-9824
2056+
2057+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
2058+
2059+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
2060+
2061+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
2062+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
2063+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
2064+ mv_conffile since the new path is a directory in the old package
2065+ version which can not be handled by mv_conffile.
2066+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
2067+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
2068+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
2069+ CVE-2019-3812
2070+
2071+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
2072+
2073+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
2074+
2075+ * disable pvrdma - besides several security holes there are many other
2076+ bugs there as well, and the amount of patches applied upstream after
2077+ 3.1 release is large (Closes, or actuallymakes unimportant again)
2078+ - CVE-2018-20123
2079+ - CVE-2018-20124
2080+ - CVE-2018-20125
2081+ - CVE-2018-20126
2082+ - CVE-2018-20191
2083+ - CVE-2018-20216
2084+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
2085+ - CVE-2019-6501
2086+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
2087+ - CVE-2019-6778
2088+
2089+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
2090+
2091+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
2092+
2093+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
2094+ LP: #1806104 - fix misleading page size error on ppc64el
2095+ LP: #1782205 - SnowRidge enabled new ISAs
2096+ LP: #1786956 - upgrade to qemu >= 3.0
2097+ LP: #1809083 - Backward migration to Xenial on ppc64el
2098+ LP: #1803315 - s390x Huge page enablement
2099+ LP: #1657409 - enable virglrenderer
2100+ Remaining Changes:
2101+ - qemu-kvm to systemd unit
2102+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2103+ hugepages and architecture specifics
2104+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2105+ - d/qemu-system-common.install: install systemd unit and helper script
2106+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2107+ - d/qemu-system-common.qemu-kvm.default: defaults for
2108+ /etc/default/qemu-kvm
2109+ - d/rules: install /etc/default/qemu-kvm
2110+ - Enable nesting by default
2111+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
2112+ (is default on amd)
2113+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
2114+ without nested=1
2115+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2116+ in qemu64 cpu type.
2117+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2118+ in qemu64 on amd
2119+ - d/qemu-system-x86.README.Debian: document intention of nested being
2120+ default is comfort, not full support
2121+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
2122+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2123+ types
2124+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2125+ for host-phys-bits=true (LP: 1776189)
2126+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2127+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2128+ convenience with all meltdown/spectre workarounds enabled by default.
2129+ (LP: 1761372).
2130+ - improved dependencies
2131+ - Make qemu-system-common depend on qemu-block-extra
2132+ - Make qemu-utils depend on qemu-block-extra
2133+ - let qemu-utils recommend sharutils
2134+ - s390x support
2135+ - Create qemu-system-s390x package
2136+ - Enable numa support for s390x
2137+ - arch aware kvm wrappers
2138+ - d/control: update VCS links (updated to match latest Ubuntu)
2139+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2140+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2141+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2142+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2143+ - enable RDMA config option
2144+ - add libibumad-dev build-dep
2145+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2146+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2147+ reference 256k path
2148+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2149+ handle incoming migrations from former releases.
2150+ - d/control-in: Disable capstone disassembler library support (universe)
2151+ * Added Changes:
2152+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
2153+ for qemu 3.1 in the Ubuntu Disco release
2154+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
2155+ - Move s390x roms to a new qemu-system-data-s390x
2156+ - d/qemu-system-data.install: install s390x roms as architecture:all in
2157+ qemu-system-data
2158+ - d/rules: build s390-ccw.img with upstream Makefile
2159+ - d/rules: build s390x-netboot.img with upstream Makefile
2160+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
2161+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
2162+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
2163+ replace it with a build-indep using the upstream makefiles.
2164+ This is less prone to miss future changes/fixes that are done to the
2165+ makefiles
2166+ - d/control-in: add breaks/replaces for moving s390x roms from
2167+ qemu-system-s390x to qemu-system-data
2168+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
2169+ [From not yet uploaded Debian branch]
2170+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
2171+ (Closes: #918378)
2172+ - d/rules: fix qemu-kvm service for debhelper compat >=12
2173+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2174+ avoid misdetection of simplified nesting blocking all migrations
2175+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
2176+ unimplement.patch: properly return archicture defined exception
2177+ on bad subcodes of diag 308 (LP: #1812384)
2178+ * Dropped Changes:
2179+ - Include s390-ccw.img firmware (old style native build)
2180+ - d/rules enable install s390x-netboot.img (old style native build)
2181+ - libvirt/qemu user/group support
2182+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2183+ trigger.
2184+ [ Droppable since logind properly sets ACLs now ]
2185+ - qemu-system-common.preinst: add kvm group if needed
2186+ [ Droppable because systemd/udev take care of it since 239-6]
2187+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
2188+ freeze-hook fixes (LP: 1484990)
2189+ [upstream]
2190+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2191+ merged upstream
2192+ [upstream]
2193+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2194+ computation while concatenating mbuf.
2195+ CVE-2018-11806
2196+ [upstream]
2197+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2198+ for powerpc64 to speed up translation (LP: 1781526)
2199+ [upstream]
2200+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2201+ cpu model for z14 ZR1 (LP: 1780773).
2202+ [upstream]
2203+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2204+ (Closes: 903562)
2205+ [in Debian]
2206+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2207+ unreleased Debian version)
2208+ [in Debian]
2209+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2210+ by migrations with UI frontends or frequent guest resolution changes
2211+ (LP #1755912)
2212+ [upstream]
2213+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2214+ extend eieio for POWER9 emulation (LP: 1787408).
2215+ [upstream]
2216+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2217+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
2218+ [upstream]
2219+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
2220+ [upstream]
2221+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
2222+ [upstream]
2223+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
2224+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
2225+ [in Debian]
2226+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2227+ Adapters on s390x (LP: 1787405)
2228+ [upstream]
2229+ - enable opengl for vfio-MDEV support (LP: 1804766)
2230+ [in Debian]
2231+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2232+ [upstream]
2233+ - SECURITY UPDATE: integer overflow via crafted QMP command
2234+ [upstream]
2235+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2236+ [upstream]
2237+ - SECURITY UPDATE: buffer overflow in rtl8139
2238+ [upstream]
2239+ - SECURITY UPDATE: buffer overflow in pcnet
2240+ [upstream]
2241+ - SECURITY UPDATE: DoS via large packet sizes
2242+ [upstream]
2243+ - SECURITY UPDATE: DoS in lsi53c895a
2244+ [upstream]
2245+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2246+ [upstream]
2247+ - SECURITY UPDATE: race condition in 9p
2248+ [upstream]
2249+
2250+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
2251+
2252 qemu (1:3.1+dfsg-2) unstable; urgency=medium
2253
2254 * d/rules: split arch and indep builds
2255@@ -1739,6 +3866,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
2256
2257 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
2258
2259+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
2260+
2261+ [ Marc Deslauriers ]
2262+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2263+ - debian/patches/CVE-2018-10839.patch: use proper type in
2264+ hw/net/ne2000.c.
2265+ - CVE-2018-10839
2266+ * SECURITY UPDATE: integer overflow via crafted QMP command
2267+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
2268+ guest-file-read in qga/commands-posix.c.
2269+ - CVE-2018-12617
2270+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2271+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
2272+ - CVE-2018-16847
2273+ * SECURITY UPDATE: buffer overflow in rtl8139
2274+ - debian/patches/CVE-2018-17958.patch: use proper type in
2275+ hw/net/rtl8139.c.
2276+ - CVE-2018-17958
2277+ * SECURITY UPDATE: buffer overflow in pcnet
2278+ - debian/patches/CVE-2018-17962.patch: use proper type in
2279+ hw/net/pcnet.c.
2280+ - CVE-2018-17962
2281+ * SECURITY UPDATE: DoS via large packet sizes
2282+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
2283+ - CVE-2018-17963
2284+ * SECURITY UPDATE: DoS in lsi53c895a
2285+ - debian/patches/CVE-2018-18849.patch: check message length value is
2286+ valid in hw/scsi/lsi53c895a.c.
2287+ - CVE-2018-18849
2288+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2289+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
2290+ access in hw/ppc/pnv_lpc.c.
2291+ - CVE-2018-18954
2292+ * SECURITY UPDATE: race condition in 9p
2293+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
2294+ hw/9pfs/cofile.c.
2295+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
2296+ hw/9pfs/9p.c.
2297+ - CVE-2018-19364
2298+
2299+ [ Christian Ehrhardt]
2300+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2301+ Adapters on s390x (LP: #1787405)
2302+ * enable opengl for vfio-MDEV support (LP: #1804766)
2303+ - d/control-in: set --enable-opengl
2304+ - d/control-in: add gl related build-dependencies
2305+
2306+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
2307+
2308+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
2309+
2310+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
2311+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
2312+
2313+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
2314+
2315+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
2316+
2317+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
2318+ The SLOF source pieces in src:qemu are only used for s390x netboot,
2319+ which are independent ROMs (no linking). All other binaries out of this
2320+ are part of src:slof and independent.
2321+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
2322+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
2323+ and related fixes
2324+
2325+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
2326+
2327+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
2328+
2329+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
2330+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
2331+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
2332+
2333+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
2334+
2335+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
2336+
2337+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2338+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
2339+ - CVE-2018-15746
2340+
2341+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
2342+
2343+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
2344+
2345+ [ Murilo Opsfelder Araujo ]
2346+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2347+ extend eieio for POWER9 emulation (LP: #1787408).
2348+
2349+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
2350+
2351+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
2352+
2353+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2354+ by migrations with UI frontends or frequent guest resolution changes
2355+ (LP: #1755912)
2356+
2357+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
2358+
2359+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
2360+
2361+ * Disable capstone disassembler library support (universe dependency)
2362+
2363+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
2364+
2365+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
2366+
2367+ * Merge with Debian testing, Remaining Changes:
2368+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
2369+ - qemu-kvm to systemd unit
2370+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2371+ hugepages and architecture specifics
2372+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2373+ - d/qemu-system-common.install: install systemd unit and helper script
2374+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2375+ - d/qemu-system-common.qemu-kvm.default: defaults for
2376+ /etc/default/qemu-kvm
2377+ - d/rules: install /etc/default/qemu-kvm
2378+ - Enable nesting by default
2379+ - set nested=1 module option on intel. (is default on amd)
2380+ - re-load kvm_intel.ko if it was loaded without nested=1
2381+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2382+ in qemu64 cpu type.
2383+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2384+ in qemu64 on amd
2385+ - d/qemu-system-x86.README.Debian: document intention of nested being
2386+ default is comfort, not full support
2387+ - libvirt/qemu user/group support
2388+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2389+ trigger.
2390+ - qemu-system-common.preinst: add kvm group if needed
2391+ - Distribution specific machine type
2392+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2393+ types to ease future live vm migration.
2394+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2395+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2396+ for host-phys-bits=true (LP: 1776189)
2397+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2398+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2399+ convenience with all meltdown/spectre workarounds enabled by default.
2400+ (LP: 1761372).
2401+ - improved dependencies
2402+ - Make qemu-system-common depend on qemu-block-extra
2403+ - Make qemu-utils depend on qemu-block-extra
2404+ - let qemu-utils recommend sharutils
2405+ - s390x support
2406+ - Create qemu-system-s390x package
2407+ - Include s390-ccw.img firmware
2408+ - Enable numa support for s390x
2409+ - arch aware kvm wrappers
2410+ - update VCS-git (updated to match cosmic)
2411+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2412+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2413+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2414+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2415+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2416+ - d/rules enable install s390x-netboot.img
2417+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2418+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2419+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2420+ reference 256k path
2421+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2422+ handle incoming migrations from former releases.
2423+ - SECURITY UPDATE: Speculative Store Bypass
2424+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2425+ CPUID feature bit in target/i386/cpu.*.
2426+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2427+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2428+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2429+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2430+ target/i386/machine.c.
2431+ - CVE-2018-3639
2432+ * Added Changes:
2433+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2434+ - add cosmic types for base and -hpb
2435+ - drop no more supported types (zesty and yakkety)
2436+ - d/p/series: group machine type changes
2437+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2438+ merged upstream
2439+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2440+ computation while concatenating mbuf.
2441+ CVE-2018-11806
2442+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2443+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2444+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2445+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2446+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2447+ to POWER8
2448+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2449+ is no more needed with systemd-detect-virt being more mature and always
2450+ present.
2451+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2452+ - d/control-in: add libibumad-dev which is now needed for rdma
2453+ - d/rules: update s390x delta to match new Debian packaging
2454+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2455+ for powerpc64 to speed up translation (LP: #1781526)
2456+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2457+ cpu model for z14 ZR1 (LP: #1780773).
2458+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2459+ (Closes: 903562)
2460+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2461+ unreleased Debian version)
2462+ * Dropped Changes:
2463+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2464+ (No more removed when building DFSG orig tarball in Debian)
2465+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2466+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2467+ so we revert related changes to stick with the proven for now:
2468+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2469+ depends on it)
2470+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2471+ (Debian switched to gtk which seems to work better and has all
2472+ dependencies in main.)
2473+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2474+ - Changes that are now upstream with qemu 2.12
2475+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2476+ newer versions of glibc >=2.27 (LP: 1753826)
2477+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2478+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2479+ SSE/AVX/AVX512 cpu features (LP: 1739665)
2480+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2481+ space+commpage continuous which avoids long startup times on
2482+ qemu-user-static (LP: 1740219)
2483+ - provide pseries-2.12-sxxm type (LP: 1761372)
2484+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2485+ filesystem-dax with pmem by backporting align and unarmed options
2486+ (LP: 1704312).
2487+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2488+ option to slirp's DHCP server (LP: 1762315)
2489+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2490+ Protection information (LP: 1762854).
2491+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2492+ migration (LP: 1763468).
2493+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
2494+ CVE-2017-16845
2495+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
2496+ CVE-2018-7550
2497+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2498+ CVE-2018-7858
2499+
2500+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2501+
2502 qemu (1:2.12+dfsg-3) unstable; urgency=medium
2503
2504 * make qemu-system-foo depending
2505@@ -1827,6 +4197,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
2506
2507 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
2508
2509+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2510+
2511+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2512+ for host-phys-bits=true (LP: #1776189)
2513+ - add an info about this change in debian/qemu-system-x86.NEWS
2514+
2515+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2516+
2517+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2518+
2519+ * SECURITY UPDATE: Speculative Store Bypass
2520+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2521+ CPUID feature bit in target/i386/cpu.*.
2522+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2523+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2524+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2525+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2526+ target/i386/machine.c.
2527+ - CVE-2018-3639
2528+
2529+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2530+
2531+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2532+
2533+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
2534+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2535+ in post_load routine in hw/input/ps2.c.
2536+ - CVE-2017-16845
2537+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
2538+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2539+ zero in hw/i386/multiboot.c.
2540+ - CVE-2018-7550
2541+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2542+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2543+ hw/display/vga.c.
2544+ - CVE-2018-7858
2545+
2546+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2547+
2548+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2549+
2550+ * No-change rebuild for ncurses soname changes.
2551+
2552+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2553+
2554+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2555+
2556+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2557+ information (LP: #1762854).
2558+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2559+ (LP: #1763468).
2560+
2561+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2562+
2563+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2564+
2565+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2566+ The Kernel fixes are preferred and already committed to the kernel.
2567+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
2568+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2569+ SSE/AVX/AVX512 cpu features (LP: #1739665)
2570+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2571+ space+commpage continuous which avoids long startup times on
2572+ qemu-user-static (LP: #1740219)
2573+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2574+ convenience with all meltdown/spectre workarounds enabled by default.
2575+ This is not the default type following upstream and x86 on that.
2576+ (LP: #1761372).
2577+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2578+ with pmem by backporting align and unarmed options (LP: #1704312).
2579+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2580+ option to slirp's DHCP server (LP: #1762315)
2581+
2582+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2583+
2584+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2585+
2586+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2587+ accepted to be better long term maintainable (LP: #1753938)
2588+
2589+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2590+
2591+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2592+
2593+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2594+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2595+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2596+ versions of glibc >=2.27 (LP: #1753826)
2597+
2598+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2599+
2600+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2601+
2602+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2603+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2604+ Add domainname option and classless static routes support to the user
2605+ networking's DHCP server
2606+
2607+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2608+
2609+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2610+
2611+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2612+ - among other fixes this adds code to:
2613+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2614+ However, enabling this functionality requires additional configuration
2615+ beyond just updating QEMU. Also migrations need special consideration.
2616+ Details about that can be found at:
2617+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2618+ - Power9 allocation of max 8 threads per core (LP: #1750526)
2619+ * Drop changes that are part of the upstream stable release
2620+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2621+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2622+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2623+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2624+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2625+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2626+ common compat.h header and add some extra info in the patch header.
2627+
2628+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2629+
2630+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2631+
2632+ * Merge with Debian testing, among other fixes this includes
2633+ - fix fatal error on negative maxcpus (LP: #1722495)
2634+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2635+ - linux user threading issues (LP: #1350435)
2636+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2637+ Remaining changes:
2638+ - qemu-kvm to systemd unit
2639+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2640+ hugepages and architecture specifics
2641+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2642+ - d/qemu-system-common.install: install systemd unit and helper script
2643+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2644+ - d/qemu-system-common.qemu-kvm.default: defaults for
2645+ /etc/default/qemu-kvm
2646+ - d/rules: install /etc/default/qemu-kvm
2647+ - Enable nesting by default
2648+ - set nested=1 module option on intel. (is default on amd)
2649+ - re-load kvm_intel.ko if it was loaded without nested=1
2650+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2651+ in qemu64 cpu type.
2652+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2653+ in qemu64 on amd
2654+ - libvirt/qemu user/group support
2655+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2656+ trigger.
2657+ - qemu-system-common.preinst: add kvm group if needed
2658+ - Distribution specific machine type
2659+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2660+ types to ease future live vm migration.
2661+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2662+ - improved dependencies
2663+ - Make qemu-system-common depend on qemu-block-extra
2664+ - Make qemu-utils depend on qemu-block-extra
2665+ - let qemu-utils recommend sharutils
2666+ - s390x support
2667+ - Create qemu-system-s390x package
2668+ - Include s390-ccw.img firmware
2669+ - Enable numa support for s390x
2670+ - ppc64[le] support
2671+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2672+ - arch aware kvm wrappers
2673+ * Added Changes
2674+ - update VCS-git to match the bionic branch
2675+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2676+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2677+ so we revert related changes to stick with the proven for now:
2678+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2679+ depends on it)
2680+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2681+ - d/qemu-system-x86.README.Debian: document intention of nested being
2682+ default is comfort, not full support
2683+ - update Ubuntu machine types for qemu 2.11
2684+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2685+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2686+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2687+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2688+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2689+ - d/rules enable install s390x-netboot.img
2690+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2691+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
2692+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2693+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2694+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2695+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2696+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2697+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2698+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2699+ reference 256k path
2700+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2701+ handle incoming migrations from former releases.
2702+ - d/control-in: enable seccomp on s390x
2703+ * Dropped changes (no more needed):
2704+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2705+ The functionality is retained for upgraders, but is deprecated.
2706+ Post 18.04 the implementation for these configurations will be removed.
2707+ * Dropped changes (in Debian now):
2708+ - ppc64[le] support
2709+ - Enable seccomp for ppc64el
2710+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2711+ - disable missing x32 architecture
2712+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2713+ - d/qemu-system-common.docs: new paths since (ac06724a)
2714+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2715+ by qapi-schema.json which is already packaged (since 4d8bb958)
2716+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2717+ to Debian patch to match qemu 2.10)
2718+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2719+ since 8508eee7
2720+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2721+ - make nios2/hppa not installed explicitly until further stablized
2722+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2723+ qemu-ga-ref
2724+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2725+ along the qapi intro
2726+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2727+ dh_missing that are already provided in other formats qemu-doc,
2728+ qemu-qmp-ref,qemu-ga-ref
2729+ * Dropped changes (integrated upstream):
2730+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2731+ on arm64 when doing suspend/resume and reboots due to older kernels not
2732+ supporting ITS (LP 1731051).
2733+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2734+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2735+ calls (LP 1726394)
2736+ - update to upstream 2.10.1 point release (LP 1722808)
2737+
2738+
2739+
2740+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2741+
2742 qemu (1:2.11+dfsg-1) unstable; urgency=medium
2743
2744 [ Michael Tokarev ]
2745@@ -1941,6 +4544,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
2746
2747 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
2748
2749+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
2750+
2751+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2752+ on arm64 when doing suspend/resume and reboots due to older kernels not
2753+ supporting ITS (LP: #1731051).
2754+
2755+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
2756+
2757+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
2758+
2759+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2760+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2761+ calls (LP: #1726394)
2762+
2763+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
2764+
2765+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
2766+
2767+ * fix enablement of qemu-kvm service (LP: #1720397)
2768+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
2769+ - d/rules: add proper enablement debhelper calls
2770+ - d/qemu-system-common.install: install covered by dh_installinit
2771+
2772+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
2773+
2774+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
2775+
2776+ * update to upstream 2.10.1 point release (LP: #1722808)
2777+
2778+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
2779+
2780+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
2781+
2782+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
2783+ Remaining changes:
2784+ - qemu-kvm to systemd unit
2785+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2786+ hugepages and architecture specifics
2787+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2788+ - d/qemu-system-common.install: install systemd unit and helper script
2789+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2790+ - d/qemu-system-common.qemu-kvm.default: defaults for
2791+ /etc/default/qemu-kvm
2792+ - d/rules: install /etc/default/qemu-kvm
2793+ - Enable nesting by default
2794+ - set nested=1 module option on intel. (is default on amd)
2795+ - re-load kvm_intel.ko if it was loaded without nested=1
2796+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2797+ in qemu64 cpu type.
2798+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2799+ in qemu64 on amd
2800+ - libvirt/qemu user/group support
2801+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2802+ trigger.
2803+ - qemu-system-common.preinst: add kvm group if needed
2804+ - Distribution specific machine type
2805+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2806+ types to ease future live vm migration.
2807+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2808+ - improved dependencies
2809+ - Make qemu-system-common depend on qemu-block-extra
2810+ - Make qemu-utils depend on qemu-block-extra
2811+ - let qemu-utils recommend sharutils
2812+ - s390x support
2813+ - Create qemu-system-s390x package
2814+ - Include s390-ccw.img firmware
2815+ - Enable numa support for s390x
2816+ - ppc64[le] support
2817+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2818+ - Enable seccomp for ppc64el
2819+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2820+ - arch aware kvm wrappers
2821+ - update VCS-git to match the Artful branch
2822+ - disable missing x32 architecture
2823+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2824+ - d/qemu-system-common.docs: new paths since (ac06724a)
2825+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2826+ by qapi-schema.json which is already packaged (since 4d8bb958)
2827+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2828+ to Debian patch to match qemu 2.10)
2829+ - s390x package now builds correctly on all architectures (LP 1710695)
2830+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2831+ since 8508eee7
2832+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2833+ - make nios2/hppa not installed explicitly until further stablized
2834+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2835+ qemu-ga-ref
2836+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2837+ along the qapi intro
2838+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2839+ dh_missing that are already provided in other formats qemu-doc,
2840+ qemu-qmp-ref,qemu-ga-ref
2841+
2842+
2843+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
2844+
2845+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
2846+
2847+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
2848+ Remaining changes:
2849+ - qemu-kvm to systemd unit
2850+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2851+ hugepages and architecture specifics
2852+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2853+ - d/qemu-system-common.install: install systemd unit and helper script
2854+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2855+ - d/qemu-system-common.qemu-kvm.default: defaults for
2856+ /etc/default/qemu-kvm
2857+ - d/rules: install /etc/default/qemu-kvm
2858+ - Enable nesting by default
2859+ - set nested=1 module option on intel. (is default on amd)
2860+ - re-load kvm_intel.ko if it was loaded without nested=1
2861+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2862+ in qemu64 cpu type.
2863+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2864+ in qemu64 on amd
2865+ - libvirt/qemu user/group support
2866+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2867+ trigger.
2868+ - qemu-system-common.preinst: add kvm group if needed
2869+ - Distribution specific machine type
2870+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2871+ types to ease future live vm migration.
2872+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2873+ - improved dependencies
2874+ - Make qemu-system-common depend on qemu-block-extra
2875+ - Make qemu-utils depend on qemu-block-extra
2876+ - let qemu-utils recommend sharutils
2877+ - s390x support
2878+ - Create qemu-system-s390x package
2879+ - Include s390-ccw.img firmware
2880+ - Enable numa support for s390x
2881+ - ppc64[le] support
2882+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2883+ - Enable seccomp for ppc64el
2884+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2885+ - arch aware kvm wrappers
2886+ - update VCS-git to match the Artful branch
2887+ - disable missing x32 architecture
2888+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2889+ - d/qemu-system-common.docs: new paths since (ac06724a)
2890+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2891+ by qapi-schema.json which is already packaged (since 4d8bb958)
2892+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2893+ to Debian patch to match qemu 2.10)
2894+ - s390x package now builds correctly on all architectures (LP 1710695)
2895+ * Added changes:
2896+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2897+ since 8508eee7
2898+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2899+ - make nios2/hppa not installed explicitly until further stablized
2900+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2901+ qemu-ga-ref
2902+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2903+ along the qapi intro
2904+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2905+ dh_missing that are already provided in other formats qemu-doc,
2906+ qemu-qmp-ref,qemu-ga-ref
2907+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
2908+ changes in 2.10-rc4
2909+
2910+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
2911+
2912+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
2913+
2914+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
2915+ a set of bugs
2916+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
2917+ - CPU hot unplug fails after migrating a CPU hotplugged guest
2918+ from source (LP: #1677552)
2919+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
2920+ - New KVM 288 Pass Through (LP: #1672447)
2921+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
2922+ * Remaining changes:
2923+ - qemu-kvm to systemd unit
2924+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2925+ hugepages and architecture specifics
2926+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2927+ - d/qemu-system-common.install: install systemd unit and helper script
2928+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2929+ - d/qemu-system-common.qemu-kvm.default: defaults for
2930+ /etc/default/qemu-kvm
2931+ - d/rules: install /etc/default/qemu-kvm
2932+ - Enable nesting by default
2933+ - set nested=1 module option on intel. (is default on amd)
2934+ - re-load kvm_intel.ko if it was loaded without nested=1
2935+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2936+ in qemu64 cpu type.
2937+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2938+ in qemu64 on amd
2939+ - libvirt/qemu user/group support
2940+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2941+ trigger.
2942+ - qemu-system-common.preinst: add kvm group if needed
2943+ - Distribution specific machine type
2944+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2945+ types to ease future live vm migration.
2946+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2947+ - improved dependencies
2948+ - Make qemu-system-common depend on qemu-block-extra
2949+ - Make qemu-utils depend on qemu-block-extra
2950+ - let qemu-utils recommend sharutils
2951+ - s390x support
2952+ - Create qemu-system-s390x package
2953+ - Include s390-ccw.img firmware
2954+ - Enable numa support for s390x
2955+ - ppc64[le] support
2956+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2957+ - Enable seccomp for ppc64el
2958+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2959+ - arch aware kvm wrappers
2960+ - disable missing x32 architecture
2961+ - update VCS links
2962+ * Added changes
2963+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2964+ - d/qemu-system-common.docs: new paths since (ac06724a)
2965+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2966+ by qapi-schema.json which is already packaged (since 4d8bb958)
2967+ - Updates in debian/patches to match qemu 2.10
2968+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
2969+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
2970+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
2971+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
2972+ - update VCS-git to match the Artful branch
2973+ - s390x package now builds correctly on all architectures (LP: #1710695)
2974+ * Dropped changes (integrated upstream):
2975+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
2976+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
2977+ - All CVE fixes formerly applied are upstream and thereby dropped.
2978+
2979+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
2980+
2981 qemu (1:2.8+dfsg-7) unstable; urgency=medium
2982
2983 * uploading to unstable all fixes which went to stretch-security
2984@@ -2050,6 +4885,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
2985
2986 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
2987
2988+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
2989+
2990+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
2991+ This was inadvertently dropped on 2.8 merge.
2992+
2993+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
2994+
2995+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
2996+
2997+ * SECURITY UPDATE: denial of service via leak in virtFS
2998+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
2999+ hw/9pfs/9p.c.
3000+ - CVE-2017-7377
3001+ * SECURITY UPDATE: denial of service in cirrus_vga
3002+ - debian/patches/CVE-2017-7718.patch: check parameters in
3003+ hw/display/cirrus_vga_rop.h.
3004+ - CVE-2017-7718
3005+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
3006+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
3007+ hw/display/cirrus_vga.c.
3008+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
3009+ hw/display/cirrus_vga.c.
3010+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
3011+ in hw/display/cirrus_vga.c.
3012+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
3013+ hw/display/cirrus_vga.c.
3014+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
3015+ in hw/display/cirrus_vga.c.
3016+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
3017+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3018+ hw/display/cirrus_vga_rop2.h.
3019+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
3020+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3021+ hw/display/cirrus_vga_rop2.h.
3022+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
3023+ hw/display/cirrus_vga_rop.h.
3024+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
3025+ hw/display/cirrus_vga.c.
3026+ - CVE-2017-7980
3027+ * SECURITY UPDATE: denial of service via memory leak in virtFS
3028+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
3029+ - CVE-2017-8086
3030+ * SECURITY UPDATE: denial of service via leak in audio
3031+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
3032+ audio/audio.c.
3033+ - CVE-2017-8309
3034+ * SECURITY UPDATE: denial of service via leak in keyboard
3035+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
3036+ ui/input.c.
3037+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
3038+ ui/input.c.
3039+ - CVE-2017-8379
3040+
3041+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
3042+
3043+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
3044+
3045+ * SECURITY UPDATE: DoS in virtio GPU device
3046+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
3047+ max_size in hw/display/virtio-gpu-3d.c.
3048+ - CVE-2016-10028
3049+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
3050+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
3051+ in hw/dma/rc4030.c.
3052+ - CVE-2016-8667
3053+ * SECURITY UPDATE: host filesystem access via virtFS
3054+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
3055+ hw/9pfs/*.
3056+ - CVE-2016-9602
3057+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
3058+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
3059+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
3060+ ui/console.c, ui/vnc.c.
3061+ - CVE-2016-9603
3062+ * SECURITY UPDATE: information leak in virtio GPU device
3063+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
3064+ hw/display/virtio-gpu-3d.c.
3065+ - CVE-2016-9908
3066+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3067+ - debian/patches/CVE-2016-9912.patch: properly free memory in
3068+ hw/display/virtio-gpu.c.
3069+ - CVE-2016-9912
3070+ * SECURITY UPDATE: DoS via virtFS
3071+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
3072+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
3073+ - CVE-2016-9914
3074+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3075+ - debian/patches/CVE-2017-5552.patch: check return value in
3076+ hw/display/virtio-gpu-3d.c.
3077+ - CVE-2017-5552
3078+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3079+ - debian/patches/CVE-2017-5578.patch: check res->iov in
3080+ hw/display/virtio-gpu.c.
3081+ - CVE-2017-5578
3082+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
3083+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
3084+ handling in hw/sd/sdhci.c.
3085+ - CVE-2017-5987
3086+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
3087+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
3088+ hw/usb/hcd-ohci.c.
3089+ - CVE-2017-6505
3090+
3091+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
3092+
3093+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
3094+
3095+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3096+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
3097+
3098+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
3099+
3100+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
3101+
3102+ * Merge with Debian;
3103+ This fixes several CVEs that were reported against qemu 2.8 and also
3104+ includes a few important functional backports (LP: #1667033); remaining
3105+ changes:
3106+ - add qemu-kvm init script and defaults file
3107+ (d/qemu-system-common.qemu-kvm.*)
3108+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
3109+ modules and handling /etc/default/qemu-kvm
3110+ - qemu-system-common.preinst: add kvm group if needed
3111+ - Enable nesting by default on intel.
3112+ - set default module option
3113+ - re-load kvm_intel.ko if it was loaded without nested=1
3114+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3115+ default in qemu64 cpu type.
3116+ - Enable svm by default for qemu64 on amd
3117+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
3118+ define distro machine types to ease future live vm migration (includes
3119+ all former follow up fixes).
3120+ - Make qemu-system-common depend on qemu-block-extra
3121+ - Make qemu-utils depend on qemu-block-extra
3122+ - s390x support
3123+ - Create qemu-system-s390x package
3124+ - Include s390-ccw.img firmware
3125+ - qemu-system-common.postinst:
3126+ - change acl placed by udev, and add udevadm trigger.
3127+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3128+ - Several changes were applied but missing in the changelog so far
3129+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3130+ - arch aware kvm wrapper
3131+ - update VCS links
3132+ - let qemu-utils recommend sharutils
3133+ - disable x32 architecture
3134+ - Enable seccomp for ppc64el
3135+ - Enable numa support for s390x
3136+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3137+ init.d-script-missing-dependency-on-remote_fs
3138+ - d/qemu-system-common.postinst: fix lintian error type
3139+ command-with-path-in-maintainer-script
3140+ - Transition qemu-kvm to a systemd unit
3141+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3142+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3143+ that it shows up where the user expects (sytemctl status, kvm stdout)
3144+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3145+ - add arch aware kvm wrapper for s390x
3146+ * Dropped Changes (in Debian now):
3147+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3148+ - d/control-in: change dependencies for fix of wrong acl for newly
3149+ created device node on ubuntu
3150+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3151+ relationship, but qemu-efi is still in universe right now.
3152+ - Disable glusterfs (Universe dependency)
3153+ - no more skip disable libiscsi on Ubuntu
3154+ - d/rules, d/control-in: avoid people editing d/control
3155+ * Added Changes:
3156+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
3157+ power makes 2.3 the minimum level.
3158+
3159+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
3160+
3161 qemu (1:2.8+dfsg-3) unstable; urgency=high
3162
3163 * urgency high due to security fixes
3164@@ -2110,6 +5118,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
3165
3166 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
3167
3168+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
3169+
3170+ * Merge with Debian; remaining changes:
3171+ - add qemu-kvm init script and defaults file
3172+ (d/qemu-system-common.qemu-kvm.*)
3173+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
3174+ modules and handling /etc/default/qemu-kvm
3175+ - qemu-system-common.preinst: add kvm group if needed
3176+ - Enable nesting by default on intel.
3177+ - set default module option
3178+ - re-load kvm_intel.ko if it was loaded without nested=1
3179+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3180+ default in qemu64 cpu type.
3181+ - Enable svm by default for qemu64 on amd
3182+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3183+ types to ease future live vm migration.
3184+ - Make qemu-system-common depend on qemu-block-extra
3185+ - Make qemu-utils depend on qemu-block-extra
3186+ - s390x support
3187+ - Create qemu-system-s390x package
3188+ - Include s390-ccw.img firmware
3189+ - qemu-system-common.postinst:
3190+ - change acl placed by udev, and add udevadm trigger.
3191+ - d/control-in: change dependencies for fix of wrong acl for newly
3192+ created device node on ubuntu
3193+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3194+ relationship, but qemu-efi is still in universe right now.
3195+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3196+ - Several changes were applied but missing in the changelog so far
3197+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3198+ - arch aware kvm wrapper
3199+ - update VCS links
3200+ - no more skip disable libiscsi on Ubuntu
3201+ - let qemu-utils recommend sharutils
3202+ - disable x32 architecture
3203+ * Dropped Changes:
3204+ - Several changes were applied but missing in the changelog so far
3205+ but are no more needed
3206+ - no pie for relocatable LD calls, with toolchain defaulting to
3207+ pie (fixed upstream)
3208+ - enable libnuma-dev (now in Debian)
3209+ - transition for moved init scripts (can be dropped after LTS
3210+ containing >=2.5 which is Xenial)
3211+ - --enable-seccomp related whitespace change (had no effect)
3212+ - apport hook for qemu source package (In Debian)
3213+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
3214+ - d/qemu-system-x86.maintscript: transition off of
3215+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
3216+ - Enable pie by default, on ubuntu/s390x. (Is the default since
3217+ >=Xenial, no cloud archive backport <=Xenial to consider)
3218+ - no pie for relocatable LD calls (fixed upstream in commit
3219+ 7ecf44a5)
3220+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
3221+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3222+ (Improved fix included by upstream)
3223+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
3224+ - Fixed wrong migration blocker when vhost is used (is upstream in
3225+ qemu 2.8)
3226+ * Added Changes:
3227+ - d/rules, d/control-in: avoid people editing d/control by warning
3228+ header and non writable permissions
3229+ - fixed moving trusty machine type definition which made it
3230+ ambiguous (LP: #1641532)
3231+ - d/qemu-system-x86.NEWS describe the issue
3232+ - Enable seccomp for ppc64el (LP: #1644639)
3233+ - Enable numa support for s390x
3234+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3235+ init.d-script-missing-dependency-on-remote_fs
3236+ - d/qemu-system-common.postinst: fix lintian error type
3237+ command-with-path-in-maintainer-script
3238+ - Transition qemu-kvm to a systemd unit
3239+ - Disable glusterfs (Universe dependency)
3240+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3241+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3242+ that it shows up where the user expects (sytemctl status, kvm stdout)
3243+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3244+ - add arch aware kvm wrapper for s390x
3245+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3246+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
3247+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
3248+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
3249+
3250+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
3251+
3252 qemu (1:2.8+dfsg-2) unstable; urgency=medium
3253
3254 * Revert "update binfmt registration for mipsn32"
3255@@ -2228,6 +5320,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
3256
3257 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
3258
3259+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
3260+
3261+ * No-change rebuild to compile against new libxen version.
3262+
3263+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
3264+
3265+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
3266+
3267+ * retain older xenial machine type to avoid issues starting guests
3268+ created on xenial prior to the SRU for bug 1621042. In that regard the old
3269+ broken xenial machine type and the new fixed one have both to be considered
3270+ as valid LTS machine types (LP: #1626070).
3271+
3272+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
3273+
3274+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
3275+
3276+ * fix default ubuntu machine types. (LP: #1621042)
3277+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
3278+ - remove double default and double ubuntu alias
3279+ - drop former devel releases utopic, vivid, wily
3280+ - add xenial and yakkety machine types
3281+ - add q35 based ubuntu machine type starting at xenial
3282+ - add ubuntu machine types on ppc64el and s390x starting at xenial
3283+
3284+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
3285+
3286+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
3287+
3288+ * Enable GPU Passthru for ppc64le (LP: #1541902)
3289+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
3290+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
3291+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
3292+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
3293+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
3294+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
3295+ - 0007-spapr_iommu-Migrate-full-state.patch
3296+ - 0008-spapr_iommu-Add-root-memory-region.patch
3297+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
3298+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
3299+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
3300+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
3301+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
3302+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
3303+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
3304+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
3305+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
3306+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
3307+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
3308+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
3309+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
3310+
3311+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
3312+
3313+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
3314+
3315+ * New upstream release. LP: #1617055.
3316+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3317+
3318+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
3319+
3320 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3321
3322 * Non-maintainer upload.
3323@@ -2261,6 +5414,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3324
3325 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
3326
3327+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
3328+
3329+ * SECURITY UPDATE: DoS via unbounded memory allocation
3330+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
3331+ - CVE-2016-5403
3332+ * SECURITY UPDATE: oob write access while reading ESP command
3333+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
3334+ maximum CDB size and handle migration in hw/scsi/esp.c,
3335+ include/hw/scsi/esp.h, include/migration/vmstate.h.
3336+ - CVE-2016-6351
3337+ * SECURITY UPDATE: infinite loop in virtqueue_pop
3338+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
3339+ length in hw/virtio/virtio.c.
3340+ - CVE-2016-6490
3341+
3342+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
3343+
3344+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
3345+
3346+ * Merge with Debian; remaining changes:
3347+ - debian/rules: do not drop the init scripts loading kvm modules
3348+ (still needed in precise in cloud archive)
3349+ - qemu-system-common.postinst:
3350+ * remove acl placed by udev, and add udevadm trigger.
3351+ * reload kvm_intel if needed to set nested=1
3352+ - qemu-system-common.preinst: add kvm group if needed
3353+ - add qemu-kvm upstart job and defaults file (rules,
3354+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3355+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3356+ do not auto-load the kvm kernel module. Enable nesting by default
3357+ on intel.
3358+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3359+ in qemu64 cpu type.
3360+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3361+ types to ease future live vm migration.
3362+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3363+ d/qemu-system-common.install
3364+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3365+ to fix errors with missing block backends.
3366+ - s390x:
3367+ * Create qemu-system-s390x package
3368+ * Enable pie by default, on ubuntu/s390x.
3369+ * Enable svm by default for qemu64 on amd
3370+ * Include s390-ccw.img firmware
3371+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3372+ relationship, but qemu-efi is still in universe right now.
3373+
3374+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
3375+
3376 qemu (1:2.6+dfsg-3) unstable; urgency=high
3377
3378 * more security fixes picked from upstream:
3379@@ -2314,6 +5516,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
3380
3381 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
3382
3383+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
3384+
3385+ * Merge with Debian; remaining changes: (LP: #1583775)
3386+ - debian/rules: do not drop the init scripts loading kvm modules
3387+ (still needed in precise in cloud archive)
3388+ - qemu-system-common.postinst:
3389+ * remove acl placed by udev, and add udevadm trigger.
3390+ * reload kvm_intel if needed to set nested=1
3391+ - qemu-system-common.preinst: add kvm group if needed
3392+ - add qemu-kvm upstart job and defaults file (rules,
3393+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3394+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3395+ do not auto-load the kvm kernel module. Enable nesting by default
3396+ on intel.
3397+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3398+ in qemu64 cpu type.
3399+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3400+ types to ease future live vm migration.
3401+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3402+ d/qemu-system-common.install
3403+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3404+ to fix errors with missing block backends. (LP: #1495895)
3405+ - s390x:
3406+ * Create qemu-system-s390x package
3407+ * Enable pie by default, on ubuntu/s390x.
3408+ * Enable svm by default for qemu64 on amd
3409+ * Include s390-ccw.img firmware
3410+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3411+ relationship, but qemu-efi is still in universe right now.
3412+ * Drop patches which have been applied upstream:
3413+
3414+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3415+
3416 qemu (1:2.6+dfsg-1) unstable; urgency=medium
3417
3418 * new upstream release
3419@@ -2351,6 +5586,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
3420
3421 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
3422
3423+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3424+
3425+ * Cherrypick upstream patches to support the query-gic-version QMP command
3426+ (LP: #1566564)
3427+
3428+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3429+
3430+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3431+
3432+ [Stefan Bader]
3433+ * Enable svm by default for qemu64 on amd (LP: #1561019)
3434+
3435+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3436+
3437+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3438+
3439+ * qemu-system-s390x only available on s390x, so qemu-system should only
3440+ depend on it on this arch.
3441+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3442+ relationship, but qemu-efi is still in universe right now.
3443+
3444+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3445+
3446+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3447+
3448+ * And actually ship the right things in qemu-system-s390x.
3449+
3450+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3451+
3452+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3453+
3454+ * Create qemu-system-s390x package on ubuntu only.
3455+
3456+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3457+
3458+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3459+
3460+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3461+
3462+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3463+
3464+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3465+
3466+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3467+ (LP: #1556306)
3468+
3469+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3470+
3471+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3472+
3473+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3474+
3475+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3476+
3477+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3478+
3479+ * d/control{-in}: Re-generate and build with libiscsi-dev now
3480+ that its in Ubuntu main (LP: #1271653).
3481+
3482+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3483+
3484+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3485+
3486+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3487+
3488+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3489+
3490+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3491+
3492+ * No-change rebuild for gnutls transition.
3493+
3494+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3495+
3496+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3497+
3498+ * Merge with Debian; remaining changes:
3499+ - debian/rules: do not drop the init scripts loading kvm modules
3500+ (still needed in precise in cloud archive)
3501+ - qemu-system-common.postinst:
3502+ * remove acl placed by udev, and add udevadm trigger.
3503+ * reload kvm_intel if needed to set nested=1
3504+ - qemu-system-common.preinst: add kvm group if needed
3505+ - add qemu-kvm upstart job and defaults file (rules,
3506+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3507+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3508+ do not auto-load the kvm kernel module. Enable nesting by default
3509+ on intel.
3510+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3511+ in qemu64 cpu type.
3512+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3513+ types to ease future live vm migration.
3514+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3515+ d/qemu-system-common.install
3516+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3517+ to fix errors with missing block backends. (LP: #1495895)
3518+ - Enable pie by default, on ubuntu/s390x.
3519+ - Include s390-ccw.img firmware.
3520+
3521+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3522+
3523 qemu (1:2.5+dfsg-5) unstable; urgency=medium
3524
3525 * fix misspellings in previous debian/changelog entry
3526@@ -2408,6 +5743,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
3527
3528 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
3529
3530+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
3531+
3532+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
3533+ contents
3534+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
3535+ hw/block/xen_blkif.h.
3536+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
3537+ hw/display/xenfb.c.
3538+ - CVE-2015-8550
3539+ * SECURITY UPDATE: infinite loop in ehci_advance_state
3540+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
3541+ in hw/usb/hcd-ehci.c.
3542+ - CVE-2015-8558
3543+ * SECURITY UPDATE: host memory leakage in vmxnet3
3544+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
3545+ hw/net/vmxnet3.c.
3546+ - CVE-2015-8567
3547+ - CVE-2015-8568
3548+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
3549+ - debian/patches/CVE-2015-8613.patch: initialise info object with
3550+ appropriate size in hw/scsi/megasas.c.
3551+ - CVE-2015-8613
3552+ * SECURITY UPDATE: DoS via Human Monitor Interface
3553+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
3554+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
3555+ - CVE-2015-8619
3556+ * SECURITY UPDATE: incorrect array bounds check in rocker
3557+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
3558+ check in hw/net/rocker/rocker.c.
3559+ - CVE-2015-8701
3560+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
3561+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
3562+ operations in hw/net/ne2000.c.
3563+ - CVE-2015-8743
3564+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
3565+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
3566+ error in hw/ide/ahci.c.
3567+ - CVE-2016-1568
3568+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
3569+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
3570+ hw/i386/kvmvapic.c.
3571+ - CVE-2016-1922
3572+ * SECURITY UPDATE: e1000 infinite loop
3573+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
3574+ out-of-bounds transfer start in hw/net/e1000.c
3575+ - CVE-2016-1981
3576+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
3577+ engines
3578+ - debian/patches/CVE-2016-2197.patch: add check before calling
3579+ dma_memory_unmap in hw/ide/ahci.c.
3580+ - CVE-2016-2197
3581+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
3582+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
3583+ function in hw/usb/hcd-ehci.c.
3584+ - CVE-2016-2198
3585+
3586+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
3587+
3588+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
3589+
3590+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
3591+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
3592+
3593+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
3594+
3595+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
3596+
3597+ * Include s390-ccw.img firmware.
3598+
3599+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
3600+
3601+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
3602+
3603+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
3604+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
3605+ Thanks Simon. (LP: #1531191)
3606+
3607+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
3608+
3609+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
3610+
3611+ * Merge with Debian; remaining changes:
3612+ - debian/rules: do not drop the init scripts loading kvm modules
3613+ (still needed in precise in cloud archive)
3614+ - qemu-system-common.postinst:
3615+ * remove acl placed by udev, and add udevadm trigger.
3616+ * reload kvm_intel if needed to set nested=1
3617+ - qemu-system-common.preinst: add kvm group if needed
3618+ - add qemu-kvm upstart job and defaults file (rules,
3619+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3620+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3621+ do not auto-load the kvm kernel module. Enable nesting by default
3622+ on intel.
3623+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3624+ in qemu64 cpu type.
3625+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3626+ types to ease future live vm migration.
3627+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3628+ d/qemu-system-common.install
3629+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3630+ to fix errors with missing block backends. (LP: #1495895)
3631+ - Enable pie by default, on ubuntu/s390x.
3632+ * Drop vGICv3 support patches - all is now upstream
3633+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
3634+
3635+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
3636+
3637 qemu (1:2.5+dfsg-1) unstable; urgency=medium
3638
3639 * new upstream release
3640@@ -2434,6 +5876,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
3641
3642 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
3643
3644+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
3645+
3646+ * Enable pie by default, on ubuntu/s390x.
3647+
3648+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
3649+
3650+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
3651+
3652+ * undo the libseccomp delta from debian. libseccomp is indeed available
3653+ on other arches, but we need qemu's configure script to be fixed before
3654+ we can use it on anything other than amd64|i386. Fixes FTBFS.
3655+ (LP: #1522531)
3656+
3657+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
3658+
3659+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
3660+
3661+ * Merge with Debian; remaining changes:
3662+ - Update the ubuntu machine types patch to reflect upstream churn
3663+ - debian/rules: do not drop the init scripts loading kvm modules
3664+ (still needed in precise in cloud archive)
3665+ - qemu-system-common.postinst:
3666+ * remove acl placed by udev, and add udevadm trigger.
3667+ * reload kvm_intel if needed to set nested=1
3668+ - qemu-system-common.preinst: add kvm group if needed
3669+ - add qemu-kvm upstart job and defaults file (rules,
3670+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3671+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3672+ do not auto-load the kvm kernel module. Enable nesting by default
3673+ on intel.
3674+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3675+ in qemu64 cpu type.
3676+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3677+ machine type to ease future live vm migration.
3678+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3679+ d/qemu-system-common.install
3680+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3681+ to fix errors with missing block backends. (LP: #1495895)
3682+ - control-in: build with libseccomp an all architectures
3683+ - Add vGICv3 support
3684+
3685+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
3686+
3687 qemu (1:2.4+dfsg-5) unstable; urgency=medium
3688
3689 * trace-remove-malloc-tracing.patch from upstream.
3690@@ -2446,6 +5931,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
3691
3692 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
3693
3694+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
3695+
3696+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
3697+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
3698+ hw/net/pcnet.c.
3699+ - CVE-2015-7504
3700+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
3701+ - debian/patches/CVE-2015-7512.patch: check packet length in
3702+ hw/net/pcnet.c.
3703+ - CVE-2015-7512
3704+ * SECURITY UPDATE: infinite loop in eepro100
3705+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
3706+ hw/net/eepro100.c.
3707+ - CVE-2015-8345
3708+
3709+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
3710+
3711+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
3712+
3713+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
3714+
3715+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
3716+
3717+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
3718+
3719+ * Merge 2.4 from unstable. Remaining changes:
3720+ - Update the ubuntu machine types patch to reflect upstream churn
3721+ - debian/rules: do not drop the init scripts loading kvm modules
3722+ (still needed in precise in cloud archive)
3723+ - qemu-system-common.postinst:
3724+ * remove acl placed by udev, and add udevadm trigger.
3725+ * reload kvm_intel if needed to set nested=1
3726+ - qemu-system-common.preinst: add kvm group if needed
3727+ - add qemu-kvm upstart job and defaults file (rules,
3728+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3729+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3730+ do not auto-load the kvm kernel module. Enable nesting by default
3731+ on intel.
3732+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3733+ in qemu64 cpu type.
3734+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3735+ machine type to ease future live vm migration.
3736+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3737+ d/qemu-system-common.install
3738+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3739+ to fix errors with missing block backends. (LP: #1495895)
3740+ - control-in: build with libseccomp an all architectures.
3741+ * Add vGICv3 support
3742+
3743+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
3744+
3745 qemu (1:2.4+dfsg-4) unstable; urgency=medium
3746
3747 * applied 3 patches from upstream to fix virtio-net
3748@@ -2460,7 +5996,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
3749 fix for Heap overflow vulnerability in ne2000_receive() function
3750 (Closes: #799074 CVE-2015-5279)
3751 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
3752- (Closes: #799073 CVE-2015-5278)
3753+ (Closes: #799073 CVE-2015-5278)
3754 * some binfmt reorg:
3755 - extend aarch64 to include one more byte as other arches do
3756 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
3757@@ -2512,6 +6048,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
3758
3759 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
3760
3761+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
3762+
3763+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
3764+
3765+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
3766+
3767+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
3768+
3769+ * debian/patches/upstream-fix-irq-route-entries.patch
3770+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
3771+ (LP: #1465935)
3772+
3773+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
3774+
3775+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
3776+
3777+ * Build using libseccomp on all architectures.
3778+
3779+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
3780+
3781+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
3782+
3783+ * SECURITY UPDATE: denial of service via NE2000 driver
3784+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
3785+ hw/net/ne2000.c.
3786+ - CVE-2015-5278
3787+ * SECURITY UPDATE: denial of service and possible code execution via
3788+ heap overflow in NE2000 driver
3789+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
3790+ hw/net/ne2000.c.
3791+ - CVE-2015-5279
3792+ * SECURITY UPDATE: denial of service via e1000 infinite loop
3793+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
3794+ - CVE-2015-6815
3795+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
3796+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
3797+ hw/ide/core.c.
3798+ - CVE-2015-6855
3799+
3800+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
3801+
3802+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
3803+
3804+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
3805+ to fix errors with missing block backends. (LP: #1495895)
3806+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
3807+ * Apply fix for memory corruption during live-migration in tcg mode
3808+ (LP: #1493049)
3809+ * Apply tracing patch to remove use of custom vtable in newer glibc
3810+ (LP: #1491972)
3811+
3812+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
3813+
3814+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
3815+
3816+ * Import qcow2-handle-eagain-from-update_refcount from upstream
3817+ to fix errors when using qemu-img convert -c. (LP: #1491050)
3818+
3819+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
3820+
3821+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
3822+
3823+ * SECURITY UPDATE: process heap memory disclosure
3824+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
3825+ - CVE-2015-5165
3826+ * SECURITY UPDATE: privilege escalation via block device unplugging
3827+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
3828+ in hw/ide/piix.c.
3829+ - CVE-2015-5166
3830+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
3831+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
3832+ limits in ui/vnc.c.
3833+ - CVE-2015-5225
3834+ * SECURITY UPDATE: denial of service via virtio-serial
3835+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
3836+ for control messages in hw/char/virtio-serial-bus.c.
3837+ - CVE-2015-5745
3838+
3839+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
3840+
3841+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
3842+
3843+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
3844+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
3845+ - CVE-2015-3214
3846+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
3847+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
3848+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
3849+ - CVE-2015-5154
3850+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
3851+ - debian/patches/CVE-2015-5158.patch: check length in
3852+ hw/scsi/scsi-bus.c.
3853+ - CVE-2015-5158
3854+
3855+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
3856+
3857+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
3858+
3859+ * SECURITY UPDATE: heap overflow in PCNET controller
3860+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
3861+ - CVE-2015-3209
3862+
3863+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
3864+
3865+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
3866+
3867+ * Merge 1:2.3+dfsg-5 from Debian.
3868+ * Remaining changes:
3869+ - debian/rules: do not drop the init scripts loading kvm modules
3870+ (still needed in precise in cloud archive)
3871+ - qemu-system-common.postinst:
3872+ * remove acl placed by udev, and add udevadm trigger.
3873+ * reload kvm_intel if needed to set nested=1
3874+ - qemu-system-common.preinst: add kvm group if needed
3875+ - add qemu-kvm upstart job and defaults file (rules,
3876+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3877+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3878+ do not auto-load the kvm kernel module. Enable nesting by default
3879+ on intel.
3880+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3881+ in qemu64 cpu type.
3882+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3883+ machine type to ease future live vm migration.
3884+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3885+ d/qemu-system-common.install
3886+ * Refreshed patches:
3887+ - ubuntu/expose-vmx_qemu64cpu.patch
3888+ - ubuntu/define-ubuntu-machine-types.patch
3889+
3890+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
3891+
3892 qemu (1:2.3+dfsg-5) unstable; urgency=high
3893
3894 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
3895@@ -2523,6 +6190,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
3896
3897 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
3898
3899+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
3900+
3901+ * Merge 1:2.3+dfsg-4 from Debian.
3902+ * Remaining changes:
3903+ - debian/rules: do not drop the init scripts loading kvm modules
3904+ (still needed in precise in cloud archive)
3905+ - qemu-system-common.postinst:
3906+ * remove acl placed by udev, and add udevadm trigger.
3907+ * reload kvm_intel if needed to set nested=1
3908+ - qemu-system-common.preinst: add kvm group if needed
3909+ - add qemu-kvm upstart job and defaults file (rules,
3910+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3911+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3912+ do not auto-load the kvm kernel module. Enable nesting by default
3913+ on intel.
3914+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3915+ in qemu64 cpu type.
3916+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3917+ machine type to ease future live vm migration.
3918+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3919+ d/qemu-system-common.install
3920+ * Dropped all patches which are applied upstream
3921+ * Move the upstart jobs to a generic script
3922+ - add new qemu-kvm-init script
3923+ - call that from upstart and sysvrc qemu-kvm scripts
3924+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
3925+
3926+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
3927+
3928 qemu (1:2.3+dfsg-4) unstable; urgency=medium
3929
3930 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
3931@@ -2584,6 +6280,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
3932
3933 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
3934
3935+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
3936+
3937+ * SECURITY UPDATE: denial of service in vnc web
3938+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
3939+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
3940+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
3941+ websockets clients in ui/vnc-ws.c.
3942+ - CVE-2015-1779
3943+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
3944+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
3945+ bounds of the allocated buffer in hw/block/fdc.c.
3946+ - CVE-2015-3456
3947+
3948+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
3949+
3950+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
3951+
3952+ * CVE-2015-2756 / XSA-126
3953+ - xen: limit guest control of PCI command register
3954+
3955+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
3956+
3957+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
3958+
3959+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
3960+ accidentally create /1
3961+
3962+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
3963+
3964+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
3965+
3966+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
3967+
3968+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
3969+
3970+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
3971+
3972+ * No-change rebuild to pull in libxl-4.5.
3973+
3974+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
3975+
3976+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
3977+
3978+ * debian/control-in: enable numa on architectures where numa is built
3979+ (LP: #1417937)
3980+
3981+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
3982+
3983+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
3984+
3985+ [Scott Moser]
3986+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
3987+ profile when started by libvirt.
3988+
3989+ [Serge Hallyn]
3990+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
3991+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
3992+ (LP: #1419855)
3993+
3994+ [Chris J Arges]
3995+ * Determine if we are running inside a virtual environment. If running inside
3996+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
3997+
3998+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
3999+
4000+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
4001+
4002+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
4003+ - debian/rules: do not drop the init scripts loading kvm modules
4004+ (still needed in precise in cloud archive)
4005+ * Remaining changes:
4006+ - qemu-system-common.postinst:
4007+ * remove acl placed by udev, and add udevadm trigger.
4008+ * reload kvm_intel if needed to set nested=1
4009+ - qemu-system-common.preinst: add kvm group if needed
4010+ - add qemu-kvm upstart job and defaults file (rules,
4011+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4012+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4013+ do not auto-load the kvm kernel module. Enable nesting by default
4014+ on intel.
4015+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4016+ in qemu64 cpu type.
4017+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4018+ machine type to ease future live vm migration.
4019+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4020+ d/qemu-system-common.install
4021+ * Dropped all patches which are applied upstream
4022+ * Update ubuntu-vivid machine type to default to std graphics (following
4023+ upstream's lead for pc-i440fx-2.2 machine type)
4024+
4025+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
4026+
4027 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
4028
4029 * fix initscript removal once again
4030@@ -2633,6 +6421,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
4031
4032 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
4033
4034+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
4035+
4036+ * Cherrypick upstream patch needed to allow ESx hosts to run under
4037+ kvm (LP: #1411575)
4038+
4039+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
4040+
4041+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
4042+
4043+ * Merge 2.1+dfsg-11. Remaining changes:
4044+ - qemu-system-common.postinst:
4045+ * remove acl placed by udev, and add udevadm trigger.
4046+ * reload kvm_intel if needed to set nested=1
4047+ - qemu-system-common.preinst: add kvm group if needed
4048+ - add qemu-kvm upstart job and defaults file (rules,
4049+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4050+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4051+ do not auto-load the kvm kernel module. Enable nesting by default
4052+ on intel.
4053+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4054+ removed the alternatives bit later.
4055+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4056+ in qemu64 cpu type.
4057+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4058+ machine type to ease future live vm migration.
4059+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4060+ d/qemu-system-common.install
4061+ - debian/binfmt-update-in: support ppcle
4062+ * debian/binfmt-update-in
4063+ * Support-ppcle.patch
4064+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
4065+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4066+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4067+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4068+ * Dropped patches (upstream or now in debian's tree):
4069+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
4070+ - CVE-2014-7840.patch
4071+ - CVE-2014-8106.patch
4072+
4073+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
4074+
4075 qemu (1:2.1+dfsg-11) unstable; urgency=medium
4076
4077 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
4078@@ -2702,6 +6531,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
4079
4080 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
4081
4082+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
4083+
4084+ * SECURITY UPDATE: code execution via savevm data
4085+ - debian/patches/CVE-2014-7840.patch: validate parameters in
4086+ arch_init.c.
4087+ - CVE-2014-7840
4088+ * SECURITY UPDATE: code execution via cirrus vga blit regions
4089+ (LP: #1400775)
4090+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
4091+ hw/display/cirrus_vga.c.
4092+ - CVE-2014-8106
4093+
4094+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
4095+
4096+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
4097+
4098+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
4099+ dropped and VENDOR now will be all capital UBUNTU).
4100+
4101+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
4102+
4103+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
4104+
4105+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4106+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4107+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4108+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
4109+ SPSel=0 in certain conditions. (LP: #1349277)
4110+
4111+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
4112+
4113+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
4114+
4115+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
4116+ Cherry-pick of qemu-upstream patch to fix issues with persistent
4117+ grants and the PV backend (Qdisk) (LP: #1394327).
4118+
4119+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
4120+
4121+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
4122+
4123+ * Merge 2.1+dfsg-7. Remaining changes:
4124+ - qemu-system-common.postinst:
4125+ * remove acl placed by udev, and add udevadm trigger.
4126+ * reload kvm_intel if needed to set nested=1
4127+ - qemu-system-common.preinst: add kvm group if needed
4128+ - add qemu-kvm upstart job and defaults file (rules,
4129+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4130+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4131+ do not auto-load the kvm kernel module. Enable nesting by default
4132+ on intel.
4133+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4134+ removed the alternatives bit later.
4135+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4136+ in qemu64 cpu type.
4137+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4138+ machine type to ease future live vm migration.
4139+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4140+ d/qemu-system-common.install
4141+ - debian/binfmt-update-in: support ppcle
4142+ * debian/binfmt-update-in
4143+ * Support-ppcle.patch
4144+ * Dropped patches (upstream or now in debian's tree):
4145+ - pc-reserve-more-memory-for-acpi.patch
4146+ - CVE-2014-5388.patch
4147+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
4148+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
4149+ in debian)
4150+ - CVE-2014-3615.patch
4151+ - CVE-2014-3640.patch
4152+ - CVE-2014-3689.patch
4153+ - CVE-2014-7815.patch
4154+
4155+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
4156+
4157 qemu (2.1+dfsg-7) unstable; urgency=high
4158
4159 * urgency is high due to 2 security fixes
4160@@ -2753,6 +6657,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
4161
4162 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
4163
4164+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
4165+
4166+ * SECURITY UPDATE: information disclosure via vga driver
4167+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
4168+ sanity check register writes, and don't use fixed buffer sizes in
4169+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
4170+ ui/spice-display.c.
4171+ - CVE-2014-3615
4172+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
4173+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
4174+ stub in slirp/udp.c.
4175+ - CVE-2014-3640
4176+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
4177+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
4178+ hw/display/vmware_vga.c.
4179+ - CVE-2014-3689
4180+ * SECURITY UPDATE: denial of service via VNC console
4181+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
4182+ ui/vnc.c.
4183+ - CVE-2014-7815
4184+
4185+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
4186+
4187+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
4188+
4189+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
4190+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
4191+
4192+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
4193+
4194+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
4195+
4196+ * Apply two patches to fix intermittent qemu-img corruption
4197+ (LP: #1368815)
4198+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
4199+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
4200+
4201+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
4202+
4203+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
4204+
4205+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
4206+ debian does.
4207+
4208+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
4209+
4210+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
4211+
4212+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
4213+ versa.
4214+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
4215+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
4216+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
4217+ machine type for that.
4218+
4219+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
4220+
4221+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
4222+
4223+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
4224+ container. (LP: #1370199)
4225+ * load kvm module on ppc64le at boot (LP: #1369785)
4226+ - debian/rules: install qemu-kvm on ppc64el
4227+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
4228+ kvm-hv module if available
4229+ * qemu-system-x86.maintscript: remove accidentally installed
4230+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
4231+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
4232+ ubuntu.
4233+
4234+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
4235+
4236+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
4237+
4238+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
4239+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
4240+
4241+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
4242+
4243+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
4244+
4245+ * move kvm_intel nested setting to qemu-system-x86.postinst.
4246+
4247+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
4248+
4249+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
4250+
4251+ * Merge new debian release
4252+ * Remaining changes:
4253+ - qemu-system-common.postinst:
4254+ * remove acl placed by udev, and add udevadm trigger.
4255+ * reload kvm_intel if needed to set nested=1
4256+ - qemu-system-common.preinst: add kvm group if needed
4257+ - add qemu-kvm upstart job and defaults file (rules,
4258+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4259+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4260+ do not auto-load the kvm kernel module. Enable nesting by default
4261+ on intel.
4262+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4263+ removed the alternatives bit later.
4264+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4265+ in qemu64 cpu type.
4266+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4267+ machine type to ease future live vm migration.
4268+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4269+ d/qemu-system-common.install
4270+ - debian/binfmt-update-in: support ppcle
4271+ * debian/binfmt-update-in
4272+ * Support-ppcle.patch
4273+ - d/p/CVE-2014-5388.patch
4274+
4275+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
4276+
4277 qemu (2.1+dfsg-4) unstable; urgency=medium
4278
4279 * mention libnuma-dev but not enable for now
4280@@ -2770,6 +6787,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
4281
4282 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
4283
4284+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
4285+
4286+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
4287+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
4288+ - CVE-2014-5388
4289+
4290+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
4291+
4292+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
4293+
4294+ * replace d/p/revert-acpi-table-size-bump with
4295+ pc-reserve-more-memory-for-acpi.patch from upstream
4296+ * debian/binfmt-update-in
4297+ - don't run in a container
4298+ - add ppc64le as target (LP: #1358268)
4299+ * Add experimental ppcle support (LP: #1358268)
4300+
4301+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
4302+
4303+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
4304+
4305+ * revert-acpi-table-size-bump - get qemu -kernel working again.
4306+
4307+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
4308+
4309+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
4310+
4311+ * Merge new debian release
4312+ * Remaining changes:
4313+ - control-in: stick to libsdl1.2-dev.
4314+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4315+ qemu-bridge-helper
4316+ - qemu-system-common.postinst: remove acl placed by udev,
4317+ and add udevadm trigger.
4318+ - qemu-system-common.preinst: add kvm group if needed
4319+ - add qemu-kvm upstart job and defaults file (rules,
4320+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4321+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4322+ do not auto-load the kvm kernel module. Enable nesting by default
4323+ on intel.
4324+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4325+ removed the alternatives bit later.
4326+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4327+ in qemu64 cpu type.
4328+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4329+ machine type to ease future live vm migration.
4330+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4331+ d/qemu-system-common.install
4332+ * Upstart job: use getent group to check for kvm group
4333+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
4334+
4335+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
4336+
4337 qemu (2.1+dfsg-3) unstable; urgency=medium
4338
4339 * set SHELL = /bin/sh -e, so that more complex shell constructs
4340@@ -2796,6 +6866,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
4341
4342 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
4343
4344+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
4345+
4346+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
4347+
4348+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
4349+
4350+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
4351+
4352+ * Merge new debian release
4353+ * Remaining changes:
4354+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4355+ have in ipxe-qemu package.
4356+ - control-in: stick to libsdl1.2-dev.
4357+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4358+ qemu-bridge-helper
4359+ - qemu-system-common.postinst: remove acl placed by udev,
4360+ and add udevadm trigger.
4361+ - qemu-system-common.preinst: add kvm group if needed
4362+ - add qemu-kvm upstart job and defaults file (rules,
4363+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4364+ - debian/rules: add qemu-kvm-spice
4365+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4366+ do not auto-load the kvm kernel module. Enable nesting by default
4367+ on intel.
4368+ - binfmt-update-in: make sure to filter out compat arches.
4369+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4370+ removed the alternatives bit later.
4371+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4372+ in qemu64 cpu type.
4373+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4374+ machine type to ease future live vm migration.
4375+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4376+ d/qemu-system-common.install
4377+
4378+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
4379+
4380 qemu (2.1+dfsg-2) unstable; urgency=medium
4381
4382 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
4383@@ -2830,7 +6936,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
4384
4385 qemu (2.0.0+dfsg-7) unstable; urgency=medium
4386
4387- * clarify description of qemu-user-binfmt a bit
4388+ * clarify description of qemu-user-binfmt a bit
4389 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
4390 * remove qemu-keymaps package, since it is not used by other tools
4391 anymore, and ship keymaps in qemu-system-common.
4392@@ -2847,6 +6953,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
4393
4394 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
4395
4396+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
4397+
4398+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
4399+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
4400+
4401+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
4402+
4403+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
4404+
4405+ * Merge 2.0.0+dfsg-6. Remaining changes:
4406+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4407+ have in ipxe-qemu package.
4408+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
4409+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4410+ qemu-bridge-helper
4411+ - qemu-system-common.postinst: remove acl placed by udev,
4412+ and add udevadm trigger.
4413+ - qemu-system-common.preinst: add kvm group if needed
4414+ - add qemu-kvm upstart job and defaults file (rules,
4415+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4416+ - debian/rules: add qemu-kvm-spice
4417+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4418+ do not auto-load the kvm kernel module. Enable nesting by default
4419+ on intel.
4420+ - binfmt-update-in: make sure to filter out compat arches.
4421+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4422+ removed the alternatives bit later.
4423+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4424+ in qemu64 cpu type.
4425+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4426+ machine type to ease future live vm migration.
4427+ - re-introduce apport hook for qemu source package:
4428+ d/source_qemu-kvm.py, d/qemu-system-common.install
4429+ * enable-build-dep on libjpeg8-dev - which is now in main
4430+
4431+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
4432+
4433 qemu (2.0.0+dfsg-6) unstable; urgency=medium
4434
4435 * build-depend on libgnutls28-dev not libgnutls-dev
4436@@ -2890,6 +7033,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
4437
4438 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
4439
4440+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
4441+
4442+ * remove alternatives for qemu: different architectures
4443+ aren't really alternatives and never had been (LP: #1316829)
4444+
4445+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
4446+
4447+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
4448+
4449+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
4450+ * debian/control: drop the versioning requirement from libfdt-dev
4451+ build-dependency, as it is longer needed (LP: #1295072)
4452+
4453+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
4454+
4455+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
4456+
4457+ * Merge 2.0.0+dfsg-2
4458+ * Incorporates a fix for spice users (LP: #1309452)
4459+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
4460+ the regression requiring it was reverted for 2.0 upstream.
4461+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
4462+ * debian/qemu-debootstrap: add arm64
4463+ * Remaining changes from debian:
4464+ - keep qemu 'alternative' (not something to change in SRU)
4465+ - debian/control and debian/control-in:
4466+ * versioned libfdt-dev check, until libfdt is fixed in precise
4467+ * enable rbd
4468+ * remove ovmf Recommends, as it is in multiverse
4469+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
4470+ * add a qemu-system-aarch64 metapackage for transitions from trusty
4471+ development version. This can be removed after trusty.
4472+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4473+ qemu-bridge-helper
4474+ - qemu-system-common.postinst: fix /dev/kvm acls
4475+ - qemu-system-common.preinst: add kvm group if needed
4476+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4477+ have in ipxe-qemu package.
4478+ - qemu-system-x86.modprobe: set module options for older releases
4479+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
4480+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
4481+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
4482+ - debian/rules
4483+ * add legacy kvm-spice link
4484+ * fix ppc and arm slections
4485+ * add aarch64 to user_targets
4486+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
4487+ pc-i440fx-trusty machine type as the default.
4488+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
4489+ default in qemu64 cpu time.
4490+
4491+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
4492+
4493 qemu (2.0.0+dfsg-2) unstable; urgency=medium
4494
4495 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
4496@@ -2915,7 +7111,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
4497 * kmod dependency is linux-any
4498 * doc-grammify-allows-to.patch: fix some lintian warnings
4499 * remove alternatives for qemu: different architectures
4500- aren't really alternatives and never had been
4501+ aren't really alternatives and never had been
4502 * update Standards-Version to 3.9.5 (no changes needed)
4503 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
4504 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
4505@@ -2949,6 +7145,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
4506
4507 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
4508
4509+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
4510+
4511+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
4512+ don't abort() just because the kernel has no dirty bitmap.
4513+ (LP: #1303926)
4514+
4515+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
4516+
4517+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
4518+
4519+ * define-trusty-machine-type.patch: update the trusty machine type name to
4520+ pc-i440fx-trusty (LP: #1304107)
4521+
4522+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
4523+
4524+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
4525+
4526+ * Merge 2.0.0-rc1
4527+ * debian/rules: consolidate ppc filter entries.
4528+ * Move qemu-system-arch64 into qemu-system-arm
4529+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
4530+ type, currently the same as pc-i440fx-2.0, to put is in a better position
4531+ to enable live migrations from trusty onward. (LP: #1294823)
4532+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
4533+ * Merge latest upstream git to commit dc9528f
4534+ * Debian/rules:
4535+ - remove -enable-uname-release=2.6.32
4536+ - don't make the aarch64 target Ubuntu-specific.
4537+ * Remove patches which are now upstream:
4538+ - fix-smb-security-share.patch
4539+ - slirp-smb-redirect-port-445-too.patch
4540+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
4541+ - signal-added-a-wrapper-for-sigprocmask-function.patch
4542+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4543+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4544+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
4545+ * add link for /usr/share/qemu/bios-256k.bin
4546+ * Remove all linaro patches.
4547+ * Remove all arm64/ patches. Many but not all are upstream.
4548+ * Remove CVE-2013-4377.patch which is upstream.
4549+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
4550+
4551+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
4552+
4553 qemu (1.7.0+dfsg-9) unstable; urgency=medium
4554
4555 * remove rbd/rados/ceph support *again*, till they'll actually provide
4556@@ -3013,6 +7253,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
4557
4558 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
4559
4560+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
4561+
4562+ * No-change rebuild to build with libxen-4.4.
4563+
4564+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
4565+
4566+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
4567+
4568+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
4569+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
4570+
4571+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
4572+
4573+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
4574+
4575+ [ dann frazier ]
4576+ * Add patches from the susematz tree to avoid intermittent segfaults:
4577+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
4578+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4579+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4580+
4581+ [ Serge Hallyn ]
4582+ * Modify do_sigprocmask to only change behavior for aarch64.
4583+ (LP: #1285363)
4584+
4585+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
4586+
4587+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
4588+
4589+ [ Steve Langasek ]
4590+ * Merge debian/control with unreleased Debian branch: our architecture
4591+ lists should now be in sync.
4592+
4593+ [ Dann Frazier ]
4594+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
4595+ on arm64 and maybe others. (LP: #1284344)
4596+
4597+ [ Serge Hallyn ]
4598+ * Move the OVMF.fd link to the ovmf package.
4599+
4600+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
4601+
4602+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
4603+
4604+ * Add ppc64el to the architecture list (supposedly added in the previous
4605+ upload, but really wasn't).
4606+
4607+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
4608+
4609+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
4610+
4611+ * Backport changes to enable qemu-user-static support for aarch64
4612+ * debian/control: add ppc64el to Architectures
4613+ * debian/rules: only install qemu-system-aarch64 on arm64.
4614+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
4615+ debian/qemu-system-aarch64 directory
4616+
4617+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
4618+
4619+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
4620+
4621+ * Fix broken filter_binfmts
4622+ * Remove use of dpkg-version in postinsts, as we're not Depending on
4623+ dpkg-dev.
4624+
4625+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
4626+
4627+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
4628+
4629+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
4630+ - debian/patches/ubuntu:
4631+ * expose-vmx_qemu64cpu.patch
4632+ * linaro (omap3) and arm64 patches
4633+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
4634+ on ppc
4635+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
4636+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
4637+ - debian/control:
4638+ * add arm64 to Architectures
4639+ * add qemu-common and qemu-system-aarch64 packages
4640+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
4641+ - debian/qemu-system-common.preinst: add kvm group
4642+ - debian/qemu-system-common.postinst: remove acl placed by udev,
4643+ and add udevadm trigger.
4644+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
4645+ pxe-e1000 and pxe-rtl8139.
4646+ - add qemu-system-x86.qemu-kvm.upstart and .default
4647+ - qemu-user-static.postinst-in: remove arm64 binfmt
4648+ - debian/rules:
4649+ * allow parallel build
4650+ * add aarch64 to system_targets and sys_systems
4651+ * add qemu-kvm-spice links
4652+ * install qemu-system-x86.modprobe
4653+ - add debian/qemu-system-common.links for OVMF.fd link
4654+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
4655+
4656+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
4657+
4658 qemu (1.7.0+dfsg-3) unstable; urgency=low
4659
4660 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
4661@@ -3038,6 +7376,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
4662
4663 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
4664
4665+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
4666+
4667+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
4668+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
4669+
4670+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
4671+
4672+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
4673+
4674+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
4675+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
4676+ virtio device unplugging.
4677+ - CVE-2013-4377
4678+
4679+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
4680+
4681+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
4682+
4683+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
4684+ powerpc.
4685+
4686+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
4687+
4688+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
4689+
4690+ [ Serge Hallyn ]
4691+ * add arm64 patchset from upstream. The three arm virt patches previously
4692+ pushed are in that set, so drop them.
4693+
4694+ [ dann frazier ]
4695+ * Add packaging for qemu-system-aarch64. This package is currently only
4696+ available for arm64, as full software emulation is not yet supported.
4697+
4698+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
4699+
4700+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
4701+
4702+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
4703+ supported any longer.
4704+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
4705+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
4706+ churn caused by linaro patchset.
4707+ * debian/rules: enable parallel builds.
4708+
4709+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
4710+
4711+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
4712+
4713+ * d/control: enable usbredir (LP: 1126390)
4714+
4715+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
4716+
4717+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
4718+
4719+ * add missing arm virt patches from the mach-virt-v7 branch of
4720+ git://git.linaro.org/people/cdall/qemu-arm.git
4721+
4722+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
4723+
4724+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
4725+
4726+ * debian/control: add arm64 to list of architectures.
4727+
4728+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
4729+
4730+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
4731+
4732+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
4733+ - debian/control
4734+ * update maintainer
4735+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4736+ from build-deps
4737+ * enable rbd
4738+ * add qemu-system and qemu-common B/R to qemu-keymaps
4739+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4740+ qemu-system-common
4741+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4742+ - add qemu-common, qemu-kvm, kvm to B/R
4743+ - remove openbios-sparc from qemu-system-sparc D
4744+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4745+ * qemu-system-x86:
4746+ - add qemu-common to Breaks/Replaces.
4747+ - add cpu-checker to Recommends.
4748+ * qemu-user: add B/R:qemu-kvm
4749+ * qemu-kvm:
4750+ - add armhf armel powerpc sparc to Architecture
4751+ - C/R/P: qemu-kvm-spice
4752+ * add qemu-common package
4753+ * drop qemu-slof which is not packaged in ubuntu
4754+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4755+ - qemu-system-x86.links:
4756+ * remove pxe rom links which are in kvm-ipxe
4757+ - debian/rules
4758+ * add kvm-spice symlink to qemu-kvm
4759+ * call dh_installmodules for qemu-system-x86
4760+ * update dh_installinit to install upstart script
4761+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4762+ - Add qemu-utils.links for kvm-* symlinks.
4763+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4764+ - Add qemu-system-x86.modprobe to set nesting=1
4765+ - Add qemu-system-common.preinst to add kvm group
4766+ - qemu-system-common.postinst: remove bad group acl if there, then have
4767+ udev relabel /dev/kvm.
4768+ - New linaro patches from qemu-linaro rebasing branch
4769+ - Dropped patches:
4770+ * linaro patchset
4771+ * mach-virt patchset
4772+ - Kept patches:
4773+ * expose_vms_qemu64cpu.patch
4774+ * fix-pci-add
4775+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4776+ qemu-bridge-helper
4777+
4778+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 07 Dec 2013 06:08:11 +0000
4779+
4780 qemu (1.7.0+dfsg-2) unstable; urgency=low
4781
4782 * switch from vgabios to seavgabios
4783@@ -3067,6 +7520,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
4784
4785 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Nov 2013 03:14:21 +0400
4786
4787+qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
4788+
4789+ * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
4790+ to prevent lts-to-lts updates from breaking. (LP: #1243403)
4791+
4792+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:31:05 -0500
4793+
4794+qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
4795+
4796+ * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
4797+ - debian/control
4798+ * update maintainer
4799+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4800+ from build-deps
4801+ * enable rbd
4802+ * add qemu-system and qemu-common B/R to qemu-keymaps
4803+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4804+ qemu-system-common
4805+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4806+ - add qemu-kvm to Provides
4807+ - add qemu-common, qemu-kvm, kvm to B/R
4808+ - remove openbios-sparc from qemu-system-sparc D
4809+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4810+ * qemu-system-x86:
4811+ - add qemu-common to Breaks/Replaces.
4812+ - add cpu-checker to Recommends.
4813+ * qemu-user: add B/R:qemu-kvm
4814+ * qemu-kvm:
4815+ - add armhf armel powerpc sparc to Architecture
4816+ - C/R/P: qemu-kvm-spice
4817+ * add qemu-common package
4818+ * drop qemu-slof which is not packaged in ubuntu
4819+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4820+ - qemu-system-x86.links:
4821+ * remove pxe rom links which are in kvm-ipxe
4822+ * add symlink for kvm.1 manpage
4823+ - debian/rules
4824+ * add kvm-spice symlink to qemu-kvm
4825+ * call dh_installmodules for qemu-system-x86
4826+ * update dh_installinit to install upstart script
4827+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4828+ - Add qemu-utils.links for kvm-* symlinks.
4829+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4830+ - Add qemu-system-x86.modprobe to set nesting=1
4831+ - Add qemu-system-common.preinst to add kvm group
4832+ - qemu-system-common.postinst: remove bad group acl if there, then have
4833+ udev relabel /dev/kvm.
4834+ - New linaro patches from qemu-linaro rebasing branch
4835+ - Dropped patches:
4836+ * xen-simplify-xen_enabled.patch
4837+ * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
4838+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4839+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4840+ * virtio-rng-fix-crash
4841+ - Kept patches:
4842+ * expose_vms_qemu64cpu.patch - updated
4843+ * linaro arm patches from qemu-linaro rebasing branch
4844+ - New patches:
4845+ * fix-pci-add: change CONFIG variable in ifdef to make sure that
4846+ pci_add is defined.
4847+ * Add linaro patches
4848+ * Add experimental mach-virt patches for arm virtualization.
4849+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4850+ qemu-bridge-helper
4851+
4852+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 22 Oct 2013 22:47:07 -0500
4853+
4854 qemu (1.6.0+dfsg-2) unstable; urgency=low
4855
4856 * Build-depend in seccomp again once it is in -testing
4857@@ -3137,6 +7657,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium
4858
4859 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 06 Jun 2013 01:50:32 +0400
4860
4861+qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
4862+
4863+ * No change rebuild for new seccomp.
4864+
4865+ -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 18:34:50 -0400
4866+
4867+qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
4868+
4869+ * Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
4870+ - virtio-rng-fix-crash
4871+
4872+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Oct 2013 17:46:49 -0500
4873+
4874+qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low
4875+
4876+ * Re-introduce snippet in upstart job to load kvm modules if needed.
4877+ (LP: #1218459)
4878+
4879+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Sep 2013 22:43:52 +0000
4880+
4881+qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low
4882+
4883+ * Cherry-picking three Xen related patches targetted for qemu-stable:
4884+ * xen-simplify-xen_enabled.patch
4885+ * main_loop-do-not-set-nonblocking-if-xen_enabled.patch
4886+ * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
4887+
4888+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 26 Jul 2013 15:01:44 +0200
4889+
4890+qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low
4891+
4892+ * Drop openbios-ppc and openhackware Depends to Suggests for now.
4893+
4894+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 05 Jun 2013 03:23:56 -0600
4895+
4896+qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low
4897+
4898+ * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes:
4899+ - debian/control
4900+ * update maintainer
4901+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4902+ from build-deps
4903+ * enable rbd
4904+ * add qemu-system and qemu-common B/R to qemu-keymaps
4905+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4906+ qemu-system-common
4907+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4908+ - add qemu-kvm to Provides
4909+ - add qemu-common, qemu-kvm, kvm to B/R
4910+ - remove openbios-sparc from qemu-system-sparc D
4911+ * qemu-system-x86:
4912+ - add qemu-common to Breaks/Replaces.
4913+ - add cpu-checker to Recommends.
4914+ * qemu-user: add B/R:qemu-kvm
4915+ * qemu-kvm:
4916+ - add armhf armel powerpc sparc to Architecture
4917+ - C/R/P: qemu-kvm-spice
4918+ * add qemu-common package
4919+ * drop qemu-slof which is not packaged in ubuntu
4920+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4921+ - qemu-system-x86.links:
4922+ * remove pxe rom links which are in kvm-ipxe
4923+ * add symlink for kvm.1 manpage
4924+ - debian/rules
4925+ * add kvm-spice symlink to qemu-kvm
4926+ * call dh_installmodules for qemu-system-x86
4927+ * update dh_installinit to install upstart script
4928+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4929+ - Add qemu-utils.links for kvm-* symlinks.
4930+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4931+ - Add qemu-system-x86.modprobe to set nesting=1
4932+ - Add qemu-system-common.preinst to add kvm group
4933+ - qemu-system-common.postinst: remove bad group acl if there, then have
4934+ udev relabel /dev/kvm.
4935+ - Dropped patches:
4936+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4937+ - Kept patches:
4938+ * expose_vms_qemu64cpu.patch - updated
4939+ * gridcentric patch - updated
4940+ * linaro arm patches from qemu-linaro rebasing branch
4941+
4942+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Jun 2013 22:56:43 +0200
4943+
4944 qemu (1.5.0+dfsg-3) unstable; urgency=low
4945
4946 * fix sections: misc => otherosfs
4947@@ -3156,6 +7759,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low
4948
4949 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Jun 2013 01:49:47 +0400
4950
4951+qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low
4952+
4953+ * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes:
4954+ - debian/control
4955+ * update maintainer
4956+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4957+ from build-deps
4958+ * enable rbd
4959+ * add qemu-system and qemu-common B/R to qemu-keymaps
4960+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4961+ qemu-system-common
4962+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4963+ - add qemu-kvm to Provides
4964+ - add qemu-common, qemu-kvm, kvm to B/R
4965+ - remove openbios-sparc from qemu-system-sparc D
4966+ * qemu-system-x86:
4967+ - add qemu-common to Breaks/Replaces.
4968+ - add cpu-checker to Recommends.
4969+ * qemu-user: add B/R:qemu-kvm
4970+ * qemu-kvm:
4971+ - add armhf armel powerpc sparc to Architecture
4972+ - C/R/P: qemu-kvm-spice
4973+ * add qemu-common package
4974+ * drop qemu-slof which is not packaged in ubuntu
4975+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4976+ - qemu-system-x86.links:
4977+ * remove pxe rom links which are in kvm-ipxe
4978+ * add symlink for kvm.1 manpage
4979+ - debian/rules
4980+ * add kvm-spice symlink to qemu-kvm
4981+ * call dh_installmodules for qemu-system-x86
4982+ * update dh_installinit to install upstart script
4983+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4984+ - Add qemu-utils.links for kvm-* symlinks.
4985+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4986+ - Add qemu-system-x86.modprobe to set nesting=1
4987+ - Add qemu-system-common.preinst to add kvm group
4988+ - qemu-system-common.postinst: remove bad group acl if there, then have
4989+ udev relabel /dev/kvm.
4990+ - Dropped patches:
4991+ * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch
4992+ - Kept patches:
4993+ * expose_vms_qemu64cpu.patch - updated
4994+ * gridcentric patch - updated
4995+ * linaro arm patches from qemu-linaro rebasing branch
4996+
4997+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 May 2013 08:18:30 -0500
4998+
4999 qemu (1.5.0+dfsg-2) unstable; urgency=low
5000
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches