Ubuntu
qemu package

Merge ~sergiodj/ubuntu/+source/qemu:merge-8.2.0-ds-4-noble into ubuntu/+source/qemu:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/qemu
  3. merge-8.2.0-ds-4-noble
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 55057d92acbb5cf22f018434fc1691288c71c4d6
Proposed branch: ~sergiodj/ubuntu/+source/qemu:merge-8.2.0-ds-4-noble
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 7203 lines (+6597/-11)
14 files modified
debian/changelog (+5204/-3)
debian/control (+54/-7)
debian/control-in (+3/-0)
debian/patches/series (+6/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+1005/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+64/-0)
debian/patches/ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch (+44/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/rules (+10/-1)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+458278@code.launchpad.net

Description of the change

This is the merge of qemu 8.2.0 from Debian unstable.

Overall, a trivial merge. Noteworthy changes:

- Adjusted the machine types patch to update Noble machine type to 8.2.

- Squashed a commit which dropped -hpb machine types along with the general machine types patch, since they're logically related.

- Dropped the s390x delta we'd been carrying because everything is now part of 8.2.

- This new release also brings a fix for bug #2048776 (which I couldn't reproduce locally, but here it is anyway).

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/qemu/+packages

dep8 & migration test results are pending.

To post a comment you must log in.
~sergiodj/ubuntu/+source/qemu:merge-8.2.0-ds-4-noble updated
c50c430... by Sergio Durigan Junior

  * Add changes:
    - d/rules: Enable/disable extra features on microvm
      variant. (LP: #2045594)

3307c94... by Sergio Durigan Junior

merge-changelogs

7b86bb3... by Sergio Durigan Junior

reconstruct-changelog

55057d9... by Sergio Durigan Junior

update-maintainer

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

dep8 results:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-qemu/?format=plain)
  qemu @ amd64:
    11.01.24 19:22:53 Log 🗒️ ✅ Triggers: qemu/1:8.2.0+ds-4ubuntu1~ppa3
  qemu @ arm64:
    11.01.24 22:02:26 Log 🗒️ ✅ Triggers: qemu/1:8.2.0+ds-4ubuntu1~ppa3
  qemu @ armhf:
    11.01.24 22:02:21 Log 🗒️ ✅ Triggers: qemu/1:8.2.0+ds-4ubuntu1~ppa3
  qemu @ ppc64el:
    11.01.24 21:47:25 Log 🗒️ ✅ Triggers: qemu/1:8.2.0+ds-4ubuntu1~ppa3
  qemu @ s390x:
    11.01.24 18:58:48 Log 🗒️ ✅ Triggers: qemu/1:8.2.0+ds-4ubuntu1~ppa3

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'll look at this today

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Did you also run the jenkins tests?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'm not finding the merge tags, I even used git fetch --force. Did you push them?

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Tags updated now, sorry about that.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Friday, January 12 2024, Andreas Hasenack wrote:

> Did you also run the jenkins tests?

Do you mean the qemu-migration-test? I'm still running them (they take
a long time, and sometimes I need to run them more than once due to
flakiness). I'll post the results soon.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> - Adjusted the machine types patch to update Noble machine type to 8.2.

ack

> - Squashed a commit which dropped -hpb machine types along with the general machine types patch, since
> they're logically related.

Saw it, that was introduced in the 1:8.1.3+ds-1ubuntu2 upload and makes sense to squash

> - Dropped the s390x delta we'd been carrying because everything is now part of 8.2.

ack, some of that was dropped in the previous upload(s), and now goes the rest. It's also mentioned in the upstream release notes (https://www.qemu.org/2023/12/20/qemu-8-2-0/)

> - This new release also brings a fix for bug #2048776 (which I couldn't reproduce locally, but here it
> is anyway).

Thanks for mentioning it in the changelog

Rest of delta carried over.

No troubling highlights in the new upstream release.

Noticed a new versioned depends on seabios >>1.16.3-1 introduced in qemu-1:8.2.0+ds-1; noble has -2, so it's fine, although might be a problem for backports.

+1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Friday, January 12 2024, Andreas Hasenack wrote:

> Review: Approve

Thanks, Andreas.

I went ahead and uploaded it. I'm not entirely satisfied with the s390x
results for the migration tests, but I can continue investigating them
in parallel. Other people are blocked on this upload, so I'd like to
unblock them.

$ dput qemu_8.2.0+ds-4ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/qemu/qemu_8.2.0+ds-4ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/qemu/qemu_8.2.0+ds-4ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading qemu_8.2.0+ds-4ubuntu1.dsc: done.
  Uploading qemu_8.2.0+ds.orig.tar.xz: done.
  Uploading qemu_8.2.0+ds-4ubuntu1.debian.tar.xz: done.
  Uploading qemu_8.2.0+ds-4ubuntu1_source.buildinfo: done.
  Uploading qemu_8.2.0+ds-4ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 0850fbf..dbafc80 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,45 @@
6+qemu (1:8.2.0+ds-4ubuntu1) noble; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #2048802, #2048776). Remaining changes:
9+ - qemu-kvm to systemd unit
10+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
11+ hugepages and architecture specifics
12+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
13+ qemu-kvm-init
14+ - d/qemu-system-common.install: install helper script
15+ - d/qemu-system-common.qemu-kvm.default: defaults for
16+ /etc/default/qemu-kvm
17+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
18+ - Distribution specific machine type
19+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
20+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
21+ types containing release versioned machine attributes
22+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
23+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
24+ - Enable nesting by default
25+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
26+ in qemu64 on amd
27+ [ No more strictly needed, but required for backward compatibility ]
28+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
29+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
30+ reference 256k path
31+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
32+ handle incoming migrations from former releases.
33+ - Ease the use of module retention on upgrades (LP 1913421)
34+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
35+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
36+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
37+ fix qboot FTBFS with LTO
38+ * Drop changes:
39+ - d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto
40+ hardware to Secure Execution guests. (LP #2003673)
41+ [ Incorporated by upstream on version 8.2.0. ]
42+ * Add changes:
43+ - d/rules: Enable/disable extra features on microvm
44+ variant. (LP: #2045594)
45+
46+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 10 Jan 2024 19:10:46 -0500
47+
48 qemu (1:8.2.0+ds-4) unstable; urgency=medium
49
50 * d/rules: fix "tail -20" usage
51@@ -60,6 +102,67 @@ qemu (1:8.2.0+ds-1) unstable; urgency=medium
52
53 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 20 Dec 2023 18:21:19 +0300
54
55+qemu (1:8.1.3+ds-1ubuntu2) noble; urgency=medium
56+
57+ * d/p/u/define-ubuntu-machine-types.patch: Remove -hpb Noble machine
58+ types, as they are not needed by OpenStack anymore. (LP: #2045592)
59+
60+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 04 Dec 2023 16:44:44 -0500
61+
62+qemu (1:8.1.3+ds-1ubuntu1) noble; urgency=medium
63+
64+ * Merge with Debian unstable (LP: #2044425, #2039700). Remaining changes:
65+ - qemu-kvm to systemd unit
66+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
67+ hugepages and architecture specifics
68+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
69+ qemu-kvm-init
70+ - d/qemu-system-common.install: install helper script
71+ - d/qemu-system-common.qemu-kvm.default: defaults for
72+ /etc/default/qemu-kvm
73+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
74+ - Distribution specific machine type
75+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
76+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
77+ types containing release versioned machine attributes
78+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
79+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
80+ - Enable nesting by default
81+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
82+ in qemu64 on amd
83+ [ No more strictly needed, but required for backward compatibility ]
84+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
85+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
86+ reference 256k path
87+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
88+ handle incoming migrations from former releases.
89+ - Ease the use of module retention on upgrades (LP 1913421)
90+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
91+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
92+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
93+ fix qboot FTBFS with LTO
94+ - d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto
95+ hardware to Secure Execution guests. (LP #2003673)
96+ * Drop changes:
97+ - d/rules: Incorporate the following changes from Debian unstable, in
98+ order to fix the FTBFS caused by -fcf-protection:
99+ + d/rules: move icons install rules to install-misc section
100+ + d/rules: stop running whole thing with dh, take back *-indep sequence
101+ + d/rules: implement arch-dependent install/build targets without dh too
102+ [ Fixed in Debian. ]
103+ - d/rules: Get rid of binary-helper target; explicitly invoke its
104+ commands under binary-{arch,indep}. This makes the build succeed
105+ again in Ubuntu, where binary-helper wasn't being properly invoked.
106+ [ Fixed in Debian. ]
107+ - d/p/u/lp2003673-update-linux-headers-6.3rc5.patch,
108+ d/p/u/lp2003673-update-linux-headers-6.5rc1.patch,
109+ d/p/u/lp2003673-s390x-fix-missing-subsystem-reset-registration.patch:
110+ Drop some of the patches to Enable passthrough of IBM Z crypto
111+ hardware to Secure Execution guests. (LP #2003673)
112+ [ Applied upstream. ]
113+
114+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 22 Nov 2023 21:34:19 -0500
115+
116 qemu (1:8.1.3+ds-1) unstable; urgency=medium
117
118 * new upstream stable/bugfix release
119@@ -271,6 +374,72 @@ qemu (1:8.0.4+dfsg-2) unstable; urgency=medium
120
121 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Aug 2023 09:57:59 +0300
122
123+qemu (1:8.0.4+dfsg-1ubuntu5) noble; urgency=medium
124+
125+ * d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto
126+ hardware to Secure Execution guests. (LP: #2003673)
127+
128+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 16 Nov 2023 10:35:58 -0500
129+
130+qemu (1:8.0.4+dfsg-1ubuntu4) noble; urgency=medium
131+
132+ * Rebuild against new libnfs14.
133+
134+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 27 Oct 2023 10:46:01 +0200
135+
136+qemu (1:8.0.4+dfsg-1ubuntu3) mantic; urgency=medium
137+
138+ * d/rules: Get rid of binary-helper target; explicitly invoke its
139+ commands under binary-{arch,indep}. This makes the build succeed
140+ again in Ubuntu, where binary-helper wasn't being properly invoked.
141+
142+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 03 Oct 2023 18:13:20 -0400
143+
144+qemu (1:8.0.4+dfsg-1ubuntu2) mantic; urgency=medium
145+
146+ * d/rules: Incorporate the following changes from Debian unstable, in
147+ order to fix the FTBFS caused by -fcf-protection:
148+ - d/rules: implement arch-dependent install/build targets without dh too
149+ - d/rules: stop running whole thing with dh, take back *-indep sequence
150+ - d/rules: move icons install rules to install-misc section
151+
152+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 27 Sep 2023 14:53:27 -0400
153+
154+qemu (1:8.0.4+dfsg-1ubuntu1) mantic; urgency=medium
155+
156+ * Merge with Debian unstable. Remaining changes:
157+ - qemu-kvm to systemd unit
158+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
159+ hugepages and architecture specifics
160+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
161+ qemu-kvm-init
162+ - d/qemu-system-common.install: install helper script
163+ - d/qemu-system-common.qemu-kvm.default: defaults for
164+ /etc/default/qemu-kvm
165+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
166+ - Distribution specific machine type
167+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
168+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
169+ types containing release versioned machine attributes
170+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
171+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
172+ - Enable nesting by default
173+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
174+ in qemu64 on amd
175+ [ No more strictly needed, but required for backward compatibility ]
176+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
177+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
178+ reference 256k path
179+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
180+ handle incoming migrations from former releases.
181+ - Ease the use of module retention on upgrades (LP 1913421)
182+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
183+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
184+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
185+ fix qboot FTBFS with LTO
186+
187+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 14 Aug 2023 16:28:34 -0400
188+
189 qemu (1:8.0.4+dfsg-1) unstable; urgency=medium
190
191 * new upstream stable/bugfix release
192@@ -297,6 +466,41 @@ qemu (1:8.0.3+dfsg-5) unstable; urgency=medium
193
194 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 02 Aug 2023 10:55:50 +0300
195
196+qemu (1:8.0.3+dfsg-4ubuntu1) mantic; urgency=medium
197+
198+ * Merge with Debian unstable (LP: #2028873, #2028124). Remaining changes:
199+ - qemu-kvm to systemd unit
200+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
201+ hugepages and architecture specifics
202+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
203+ qemu-kvm-init
204+ - d/qemu-system-common.install: install helper script
205+ - d/qemu-system-common.qemu-kvm.default: defaults for
206+ /etc/default/qemu-kvm
207+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
208+ - Distribution specific machine type
209+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
210+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
211+ types containing release versioned machine attributes
212+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
213+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
214+ - Enable nesting by default
215+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
216+ in qemu64 on amd
217+ [ No more strictly needed, but required for backward compatibility ]
218+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
219+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
220+ reference 256k path
221+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
222+ handle incoming migrations from former releases.
223+ - Ease the use of module retention on upgrades (LP 1913421)
224+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
225+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
226+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
227+ fix qboot FTBFS with LTO
228+
229+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 31 Jul 2023 23:09:27 -0400
230+
231 qemu (1:8.0.3+dfsg-4) unstable; urgency=medium
232
233 * more linux-user address fixes from Helge Deller
234@@ -369,6 +573,59 @@ qemu (1:8.0.2+dfsg-3) unstable; urgency=medium
235
236 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 29 Jun 2023 18:36:33 +0300
237
238+qemu (1:8.0.2+dfsg-2ubuntu1) mantic; urgency=medium
239+
240+ * Merge with Debian unstable (LP: #2018103). Remaining changes:
241+ - qemu-kvm to systemd unit
242+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
243+ hugepages and architecture specifics
244+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
245+ qemu-kvm-init
246+ - d/qemu-system-common.install: install helper script
247+ - d/qemu-system-common.qemu-kvm.default: defaults for
248+ /etc/default/qemu-kvm
249+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
250+ - Distribution specific machine type
251+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
252+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
253+ types containing release versioned machine attributes
254+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
255+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
256+ - Enable nesting by default
257+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
258+ in qemu64 on amd
259+ [ No more strictly needed, but required for backward compatibility ]
260+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
261+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
262+ reference 256k path
263+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
264+ handle incoming migrations from former releases.
265+ - Ease the use of module retention on upgrades (LP 1913421)
266+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
267+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
268+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
269+ fix qboot FTBFS with LTO
270+ * Drop changes:
271+ - d/control-in: libnfs is in main since focal, enable direct nfs
272+ storage support (LP 1988704)
273+ [ Adopted by Debian. ]
274+ - d/control-in: libsndio is in universe in ubuntu
275+ [ Adopted by Debian. ]
276+ - Fix FTBFS with glibc >= 2.36. (LP #2015418)
277+ + d/p/fix-ftbfs-glibc-*.patch: Revert now-unnecessary
278+ upstream commits that were working around a glibc issue.
279+ [ Incorporated upstream. ]
280+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
281+ [ Debian linked the qemu-system-x86 documentation with the
282+ qemu-system-common package, rendering this README file not
283+ applicable. ]
284+ - d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
285+ hot-unplug requests by making ACPI PCI able to requeue them.
286+ (LP #2018733)
287+ [ Applied upstream. ]
288+
289+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 19 Jun 2023 15:45:09 -0400
290+
291 qemu (1:8.0.2+dfsg-2) unstable; urgency=medium
292
293 * d/rules: --enable-libusb for xen build (Closes: #1037341)
294@@ -594,6 +851,66 @@ qemu (1:8.0~rc2+dfsg-1) experimental; urgency=medium
295
296 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Mar 2023 15:44:21 +0300
297
298+qemu (1:7.2+dfsg-5ubuntu3) mantic; urgency=medium
299+
300+ * d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
301+ hot-unplug requests by making ACPI PCI able to requeue them.
302+ (LP: #2018733)
303+
304+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 18 May 2023 15:13:14 -0400
305+
306+qemu (1:7.2+dfsg-5ubuntu2) lunar; urgency=medium
307+
308+ * Fix FTBFS with glibc >= 2.36. (LP: #2015418)
309+ - d/p/fix-ftbfs-glibc-*.patch: Revert now-unnecessary
310+ upstream commits that were working around a glibc issue.
311+
312+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 05 Apr 2023 20:10:13 -0400
313+
314+qemu (1:7.2+dfsg-5ubuntu1) lunar; urgency=medium
315+
316+ * Re-merge with Debian unstable to pick up stabilization fixes
317+ remaining changes:
318+ - qemu-kvm to systemd unit
319+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
320+ hugepages and architecture specifics
321+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
322+ qemu-kvm-init
323+ - d/qemu-system-common.install: install helper script
324+ - d/qemu-system-common.qemu-kvm.default: defaults for
325+ /etc/default/qemu-kvm
326+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
327+ - Distribution specific machine type
328+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
329+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
330+ types containing release versioned machine attributes
331+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
332+ for host-phys-bits=true
333+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
334+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
335+ - Enable nesting by default
336+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
337+ in qemu64 on amd
338+ [ No more strictly needed, but required for backward compatibility ]
339+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
340+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
341+ reference 256k path
342+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
343+ handle incoming migrations from former releases.
344+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
345+ - Ease the use of module retention on upgrades (LP 1913421)
346+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
347+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
348+ landed in Debian but under a different name.
349+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
350+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
351+ fix qboot FTBFS with LTO
352+ - d/control-in: libnfs is in main since focal, enable direct nfs
353+ storage support (LP 1988704)
354+ - d/control-in: libsndio is in universe in ubuntu
355+
356+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2023 08:50:45 +0100
357+
358 qemu (1:7.2+dfsg-5) unstable; urgency=medium
359
360 * d/qemu-guest-agent.udev: fix missing comma
361@@ -633,6 +950,89 @@ qemu (1:7.2+dfsg-5) unstable; urgency=medium
362
363 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 05 Mar 2023 20:09:04 +0300
364
365+qemu (1:7.2+dfsg-4ubuntu1) lunar; urgency=medium
366+
367+ * Merge with Debian unstable (LP: #1993438), among many other fixes
368+ this resolvs these bugs:
369+ (LP: #1957924) - support for querying stats,
370+ (LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
371+ (LP: #1959966) - guest dump encryption with customer keys (s390x)
372+ (LP: #1999885) - pv: don't allow userspace to set the clock under PV
373+ (LP: #1957924) - add filtering of statistics by target vCPU
374+ remaining changes:
375+ - qemu-kvm to systemd unit
376+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
377+ hugepages and architecture specifics
378+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
379+ qemu-kvm-init
380+ - d/qemu-system-common.install: install helper script
381+ - d/qemu-system-common.qemu-kvm.default: defaults for
382+ /etc/default/qemu-kvm
383+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
384+ - Distribution specific machine type
385+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
386+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
387+ types containing release versioned machine attributes
388+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
389+ for host-phys-bits=true
390+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
391+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
392+ - Enable nesting by default
393+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
394+ in qemu64 on amd
395+ [ No more strictly needed, but required for backward compatibility ]
396+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
397+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
398+ reference 256k path
399+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
400+ handle incoming migrations from former releases.
401+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
402+ - Ease the use of module retention on upgrades (LP 1913421)
403+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
404+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
405+ landed in Debian but under a different name.
406+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
407+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
408+ fix qboot FTBFS with LTO
409+ * Dropped Changes [now part of upstream v7.2.0]
410+ - d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
411+ error 'migration was active, but no RAM info was set' (LP 1994002)
412+ - d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
413+ Fix FTBFS with libbpf 1.0.1-2.
414+ + Header updates that were added as part of the libbpf fixes
415+ but not mentioned in changelog
416+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
417+ - Fix I/O stalls when using NVMe storage (LP 1970737).
418+ + d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
419+ in laio_io_unplug.
420+ - SECURITY UPDATE: heap overflow in floppy disk emulator
421+ + debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
422+ hw/block/fdc.c.
423+ - SECURITY UPDATE: use-after-free vulnerability
424+ + debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
425+ lsi_do_msgout
426+ - SECURITY UPDATE: heap overflow vulnerability
427+ + debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
428+ memories
429+ - SECURITY UPDATE: integer underflow vulnerability
430+ + debian/patches/CVE-2022-3165.patch: fix integer underflow in
431+ vnc_client_cut_text_ext
432+ * Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
433+ [not all are needed in lunar]
434+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
435+ Silence -Warray-bounds false positive [no more needed]
436+ - d/rules: set -O1 for alpha firmware build
437+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
438+ further FTBFS fixup
439+ * Dropped Changes [in Debian 1:7.2+dfsg-3]
440+ - d/rules: disable LTO on non-amd64 builds (LP 1921664)
441+ * Added Changes
442+ - d/control-in: libnfs is in main since focal, enable direct nfs
443+ storage support (LP: #1988704)
444+ - d/control-in: libsndio is in universe in ubuntu
445+
446+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Jan 2023 13:18:43 +0100
447+
448 qemu (1:7.2+dfsg-4) unstable; urgency=medium
449
450 * block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch:
451@@ -770,6 +1170,126 @@ qemu (1:7.1+dfsg-1) unstable; urgency=medium
452
453 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 12 Sep 2022 11:50:53 +0300
454
455+qemu (1:7.0+dfsg-7ubuntu4) lunar; urgency=medium
456+
457+ * SECURITY UPDATE: use-after-free vulnerability
458+ - debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
459+ lsi_do_msgout
460+ - CVE-2022-0216
461+ * SECURITY UPDATE: heap overflow vulnerability
462+ - debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
463+ memories
464+ - CVE-2022-2962
465+ * SECURITY UPDATE: integer underflow vulnerability
466+ - debian/patches/CVE-2022-3165.patch: fix integer underflow in
467+ vnc_client_cut_text_ext
468+ - CVE-2022-3165
469+
470+ -- Nishit Majithia <nishit.majithia@canonical.com> Fri, 09 Dec 2022 10:25:52 +0530
471+
472+qemu (1:7.0+dfsg-7ubuntu3) lunar; urgency=medium
473+
474+ [ Brett Milford ]
475+ * d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
476+ error 'migration was active, but no RAM info was set' (LP: #1994002)
477+
478+ [ Mauricio Faria de Oliveira ]
479+ * d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
480+ Fix FTBFS with libbpf 1.0.1-2.
481+
482+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 30 Nov 2022 12:17:51 -0300
483+
484+qemu (1:7.0+dfsg-7ubuntu2) kinetic; urgency=medium
485+
486+ [ Paride Legovini ]
487+ * d/rules: disable LTO on non-amd64 builds (LP: #1921664)
488+ * GCC-12 FTBFS (LP: #1988710)
489+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
490+ Silence -Warray-bounds false positive (treated as error)
491+
492+ [ Christian Ehrhardt ]
493+ * More on GCC-12 FTBFS (LP 1988710)
494+ - d/rules: set -O1 for alpha firmware build
495+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
496+ further FTBFS fixup
497+
498+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2022 08:07:24 +0200
499+
500+qemu (1:7.0+dfsg-7ubuntu1) kinetic; urgency=medium
501+
502+ * Merge with Debian unstable (LP: #1971315)(LP: #1980896), remaining changes:
503+ - qemu-kvm to systemd unit
504+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
505+ hugepages and architecture specifics
506+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
507+ qemu-kvm-init
508+ - d/qemu-system-common.install: install helper script
509+ - d/qemu-system-common.qemu-kvm.default: defaults for
510+ /etc/default/qemu-kvm
511+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
512+ - Distribution specific machine type
513+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
514+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
515+ types containing release versioned machine attributes
516+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
517+ for host-phys-bits=true
518+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
519+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
520+ - Enable nesting by default
521+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
522+ in qemu64 on amd
523+ [ No more strictly needed, but required for backward compatibility ]
524+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
525+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
526+ reference 256k path
527+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
528+ handle incoming migrations from former releases.
529+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
530+ - Ease the use of module retention on upgrades (LP 1913421)
531+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
532+ - Fix I/O stalls when using NVMe storage (LP 1970737).
533+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
534+ in laio_io_unplug.
535+ - SECURITY UPDATE: heap overflow in floppy disk emulator
536+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
537+ hw/block/fdc.c.
538+ - CVE-2021-3507
539+ * Dropped Changes [now part of 1:7.0+dfsg-7]:
540+ - d/rules: xen libexec dir is no more versioned
541+ - d/rules: ensure xen is built on x86
542+ - d/kvm-spice: fix when acceleration is already defined on the commandline
543+ - debian/control[-in]: no more disable glusterfs in Ubuntu (LP 1246924)
544+ * Dropped Changes [now part of upstream v7.0.0]
545+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
546+ Allow long kernel command lines for QEMU (LP 1959984)
547+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
548+ - d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
549+ tcg on s390x.
550+ - Fix diff handling on ceph that can cause data corruption (LP 1968258)
551+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
552+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
553+ - d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
554+ in vnc connections (LP 1970563)
555+ - All CVE fixes of 1:6.2+dfsg-2ubuntu8 except CVE-2021-3507
556+ * Dropped Changes
557+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
558+ add patch to workaround FTBFS when building against OpenSSL 3.0.
559+ [ now working with OpenSSL 3.0 ]
560+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
561+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
562+ [ fixed in compiler toolchain ]
563+ - Make qemu-system-x86-microvm a transitional package as the binary is now
564+ in qemu-system-x86 itself.
565+ [ no more needed]
566+ * Added Changes
567+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
568+ landed in Debian but under a different name.
569+ - d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch: fix qboot FTBFS
570+ with LTO
571+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP: #1981339)
572+
573+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jul 2022 12:07:19 +0200
574+
575 qemu (1:7.0+dfsg-7) unstable; urgency=medium
576
577 * d/tests/test-qemu-user: rework ls/glob test a bit
578@@ -904,6 +1424,141 @@ qemu (1:6.2+dfsg-3) unstable; urgency=medium
579
580 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 25 Feb 2022 12:01:46 +0300
581
582+qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium
583+
584+ [ Marc Deslauriers ]
585+ * SECURITY UPDATE: heap overflow in floppy disk emulator
586+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
587+ hw/block/fdc.c.
588+ - CVE-2021-3507
589+ * SECURITY UPDATE: use-after-free in nvme
590+ - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
591+ device itself in hw/nvme/ctrl.c.
592+ - CVE-2021-3929
593+ * SECURITY UPDATE: integer overflow in QXL display device emulation
594+ - debian/patches/CVE-2021-4206.patch: check width and height in
595+ hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
596+ - CVE-2021-4206
597+ * SECURITY UPDATE: heap overflow in QXL display device emulation
598+ - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
599+ in hw/display/qxl-render.c.
600+ - CVE-2021-4207
601+ * SECURITY UPDATE: potential privilege escalation in virtiofsd
602+ - debian/patches/CVE-2022-0358.patch: Drop membership of all
603+ supplementary groups in tools/virtiofsd/passthrough_ll.c.
604+ - CVE-2022-0358
605+ * SECURITY UPDATE: memory leakage in virtio-net device
606+ - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
607+ receive in hw/net/virtio-net.c.
608+ - CVE-2022-26353
609+ * SECURITY UPDATE: memory leakage in vhost-vsock device
610+ - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
611+ case of error in hw/virtio/vhost-vsock-common.c.
612+ - CVE-2022-26354
613+
614+ [ Sergio Durigan Junior ]
615+ * Fix I/O stalls when using NVMe storage (LP: #1970737).
616+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
617+ in laio_io_unplug.
618+
619+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 22 Jun 2022 15:38:37 -0400
620+
621+qemu (1:6.2+dfsg-2ubuntu7) kinetic; urgency=medium
622+
623+ * d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
624+ in vnc connections (LP: #1970563)
625+
626+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 May 2022 08:25:20 +0200
627+
628+qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
629+
630+ * debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
631+ * Fix diff handling on ceph that can cause data corruption (LP: #1968258)
632+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
633+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
634+
635+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 08 Apr 2022 09:36:34 +0200
636+
637+qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium
638+
639+ * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
640+ tcg on s390x.
641+
642+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Feb 2022 09:54:36 +0100
643+
644+qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium
645+
646+ * No-change rebuild to update maintainer scripts, see LP: 1959054
647+
648+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:28:14 +0000
649+
650+qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium
651+
652+ * Merge with Debian unstable, remaining changes:
653+ - qemu-kvm to systemd unit
654+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
655+ hugepages and architecture specifics
656+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
657+ qemu-kvm-init
658+ - d/qemu-system-common.install: install helper script
659+ - d/qemu-system-common.qemu-kvm.default: defaults for
660+ /etc/default/qemu-kvm
661+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
662+ - Distribution specific machine type
663+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
664+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
665+ types containing release versioned machine attributes
666+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
667+ for host-phys-bits=true
668+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
669+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
670+ - Enable nesting by default
671+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
672+ in qemu64 on amd
673+ [ No more strictly needed, but required for backward compatibility ]
674+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
675+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
676+ reference 256k path
677+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
678+ handle incoming migrations from former releases.
679+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
680+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
681+ add patch to workaround FTBFS when building against OpenSSL 3.0.
682+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
683+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
684+ - Ease the use of module retention on upgrades (LP 1913421)
685+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
686+ - Make qemu-system-x86-microvm a transitional package as the binary is now
687+ in qemu-system-x86 itself.
688+ * Dropped Changes [now part of 1:6.1+dfsg-8]:
689+ - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
690+ (#993658) (LP 1947860)
691+ - improved dependencies
692+ - Make qemu-system-common depend on qemu-block-extra
693+ - Make qemu-utils depend on qemu-block-extra
694+ - d/control*, d/rules: disable xen by default, but provide universe
695+ package qemu-system-x86-xen as alternative
696+ [includes compat links changes of 5.0-5ubuntu4]
697+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
698+ * Dropped Changes [now part of upstream]
699+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
700+ and 3932 machines (LP 1932175)
701+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
702+ migration with audio devices present (LP 1940288)
703+ * Added changes:
704+ - update patches for qemu v6.2.0
705+ - d/p/u/enable-svm-by-default.patch
706+ - d/p/u/define-ubuntu-machine-types.patch
707+ - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
708+ - d/rules: xen libexec dir is no more versioned
709+ - d/rules: ensure xen is built on x86
710+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
711+ Allow long kernel command lines for QEMU (LP: #1959984)
712+ - d/kvm-spice: fix when acceleration is already defined on the commandline
713+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
714+
715+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Jan 2022 12:18:25 +0100
716+
717 qemu (1:6.2+dfsg-2) unstable; urgency=medium
718
719 * bump meson build-dep to 0.59.3
720@@ -1125,6 +1780,95 @@ qemu (1:6.0+dfsg-3) unstable; urgency=medium
721
722 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 17 Aug 2021 17:49:10 +0300
723
724+qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium
725+
726+ * d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
727+ add patch to workaround FTBFS when building against OpenSSL 3.0.
728+ Thanks to Christian Ehrhardt (LP: #1952448)
729+
730+ -- Paride Legovini <paride@ubuntu.com> Fri, 26 Nov 2021 15:47:51 +0100
731+
732+qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium
733+
734+ * No-change rebuild against liburing2
735+
736+ -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:00:26 +0100
737+
738+qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium
739+
740+ * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
741+ (#993658) (LP: #1947860)
742+
743+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 03 Nov 2021 14:10:56 +0100
744+
745+qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium
746+
747+ * Merge with Debian experimental, remaining changes:
748+ - qemu-kvm to systemd unit
749+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
750+ hugepages and architecture specifics
751+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
752+ qemu-kvm-init
753+ - d/qemu-system-common.install: install helper script
754+ - d/qemu-system-common.qemu-kvm.default: defaults for
755+ /etc/default/qemu-kvm
756+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
757+ - Distribution specific machine type
758+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
759+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
760+ types containing release versioned machine attributes
761+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
762+ for host-phys-bits=true
763+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
764+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
765+ - Enable nesting by default
766+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
767+ in qemu64 on amd
768+ [ No more strictly needed, but required for backward compatibility ]
769+ - improved dependencies
770+ - Make qemu-system-common depend on qemu-block-extra
771+ - Make qemu-utils depend on qemu-block-extra
772+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
773+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
774+ reference 256k path
775+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
776+ handle incoming migrations from former releases.
777+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
778+ - d/control*, d/rules: disable xen by default, but provide universe
779+ package qemu-system-x86-xen as alternative
780+ [includes compat links changes of 5.0-5ubuntu4]
781+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
782+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
783+ for v6.0
784+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
785+ - Ease the use of module retention on upgrades (LP 1913421)
786+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
787+ * Dropped Changes [in 1:6.0+dfsg-2exp]:
788+ - d/control-in: Disable capstone disassembler library support (universe)
789+ - Disable fuse export (universe dependency)
790+ - Ease the use of module retention on upgrades (LP 1913421)
791+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
792+ - d/rules: only save modules if /run/qemu isn't noexec
793+ - d/rules: clear all (current and former) modules on purge
794+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
795+ upgrade issues (LP 1932264)
796+ - Enable SDL as secondary UI backend (LP 1256185)
797+ - d/control: add build dependency libsdl2-dev
798+ - d/control: enable sdl graphics on build
799+ - d/qemu-system-gui.install: add ui-sdl.so
800+ - d/control: add runtime dependency to libgl1
801+ * Dropped Changes [no more needed]
802+ - let qemu-utils recommend sharutils
803+ * Added changes:
804+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
805+ -fcf-protection being unavailble on -march=i486 (LP: #1940029)
806+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
807+ and 3932 machines (LP: #1932175)
808+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
809+ migration with audio devices present (LP: #1940288)
810+
811+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Aug 2021 15:35:12 +0200
812+
813 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
814
815 [ Christian Ehrhardt ]
816@@ -1162,6 +1906,104 @@ qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
817
818 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jul 2021 19:43:37 +0300
819
820+qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium
821+
822+ * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch:
823+ fix TCG emulation for ppc64 (LP: #1935617)
824+
825+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 13 Jul 2021 09:34:55 +0200
826+
827+qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium
828+
829+ * d/control: remove fuse2 trial-build (LP 1934510)
830+
831+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Jul 2021 10:26:08 +0200
832+
833+qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium
834+
835+ * Merge with Debian experimental, Among many other things this fixes LP Bugs:
836+ (LP: #1907952) broken arrow keys in -display gtk on aarch64
837+ - qemu-kvm to systemd unit
838+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
839+ hugepages and architecture specifics
840+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
841+ qemu-kvm-init
842+ - d/qemu-system-common.install: install helper script
843+ - d/qemu-system-common.qemu-kvm.default: defaults for
844+ /etc/default/qemu-kvm
845+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
846+ - Distribution specific machine type
847+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
848+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
849+ types containing release versioned machine attributes
850+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
851+ for host-phys-bits=true
852+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
853+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
854+ - Enable nesting by default
855+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
856+ in qemu64 on amd
857+ [ No more strictly needed, but required for backward compatibility ]
858+ - improved dependencies
859+ - Make qemu-system-common depend on qemu-block-extra
860+ - Make qemu-utils depend on qemu-block-extra
861+ - Let qemu-utils recommend sharutils
862+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
863+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
864+ reference 256k path
865+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
866+ handle incoming migrations from former releases.
867+ - d/control-in: Disable capstone disassembler library support (universe)
868+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
869+ - d/control*, d/rules: disable xen by default, but provide universe
870+ package qemu-system-x86-xen as alternative
871+ [includes compat links changes of 5.0-5ubuntu4]
872+ - Fix upgrade module handling (LP 1905377)
873+ --enable-module-upgrades for qemu-xen which doesn't exist in Debian
874+ * Dropped Changes [in 6.0]:
875+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
876+ ld usage of -no-pie (LP 1907789)
877+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
878+ virtio-9p-ccw being missing (LP 1916230)
879+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
880+ to glib2.0 >=2.67.3 (LP 1916705)
881+ - d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
882+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
883+ (LP 1921754)
884+ - d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
885+ (LP 1921880)
886+ - d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*:
887+ fix go in qemu-s390x-static (LP 1922010)
888+ * Dropped Changes [in Debian]:
889+ - Allow qemu to load old modules post upgrade (LP 1847361)
890+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
891+ - d/rules: Drop generating package version into maintainer scripts
892+ * Dropped Changes [No more needed >21.04]:
893+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
894+ the bad old prerm (LP 1906245 1905377)
895+ * Added Changes
896+ - Disable fuse export (universe dependency)
897+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
898+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
899+ for v6.0
900+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926)
901+ - Ease the use of module retention on upgrades (LP: #1913421)
902+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
903+ - d/rules: only save modules if /run/qemu isn't noexec
904+ - d/rules: clear all (current and former) modules on purge
905+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
906+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
907+ upgrade issues (LP: #1932264)
908+ - Enable SDL as secondary UI backend (LP: #1256185)
909+ - d/control: add build dependency libsdl2-dev
910+ - d/control: enable sdl graphics on build
911+ - d/qemu-system-gui.install: add ui-sdl.so
912+ - d/control: add runtime dependency to libgl1
913+ - d/rules: qemu-system-x86-xen builds modules as well now (follows the
914+ other packages)
915+
916+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Jun 2021 12:41:33 +0200
917+
918 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium
919
920 * new upstream release
921@@ -1214,6 +2056,75 @@ qemu (1:5.2+dfsg-10) unstable; urgency=medium
922
923 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 16 Apr 2021 12:43:36 +0300
924
925+qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium
926+
927+ * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
928+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
929+ (LP: #1921754)
930+ * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
931+ (LP: #1921880)
932+
933+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 11:58:29 +0200
934+
935+qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium
936+
937+ * d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch:
938+ fix go in qemu-s390x-static (LP: #1922010)
939+
940+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 Mar 2021 10:01:40 +0200
941+
942+qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium
943+
944+ * Merge with Debian unstable; Remaining changes:
945+ - qemu-kvm to systemd unit
946+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
947+ hugepages and architecture specifics
948+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
949+ qemu-kvm-init
950+ - d/qemu-system-common.install: install helper script
951+ - d/qemu-system-common.qemu-kvm.default: defaults for
952+ /etc/default/qemu-kvm
953+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
954+ - Distribution specific machine type (LP: 1304107 1621042)
955+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
956+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
957+ for host-phys-bits=true (LP: 1776189)
958+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
959+ - provide pseries-bionic-2.11-sxxm type as convenience with all
960+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
961+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
962+ - Enable nesting by default
963+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
964+ in qemu64 on amd
965+ [ No more strictly needed, but required for backward compatibility ]
966+ - improved dependencies
967+ - Make qemu-system-common depend on qemu-block-extra
968+ - Make qemu-utils depend on qemu-block-extra
969+ - let qemu-utils recommend sharutils
970+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
971+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
972+ reference 256k path
973+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
974+ handle incoming migrations from former releases.
975+ - d/control-in: Disable capstone disassembler library support (universe)
976+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
977+ - d/control*, d/rules: disable xen by default, but provide universe
978+ package qemu-system-x86-xen as alternative
979+ [includes compat links changes of 5.0-5ubuntu4]
980+ - allow qemu to load old modules post upgrade (LP 1847361)
981+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
982+ - d/rules: Drop generating package version into maintainer scripts
983+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
984+ the bad old prerm (LP 1906245 1905377)
985+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
986+ ld usage of -no-pie (LP 1907789)
987+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
988+ virtio-9p-ccw being missing (LP 1916230)
989+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
990+ to glib2.0 >=2.67.3 (LP 1916705)
991+
992+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Mar 2021 11:13:49 +0100
993+
994 qemu (1:5.2+dfsg-9) unstable; urgency=medium
995
996 * do not make qemu-system-data dependent on qemu-system-foo
997@@ -1253,6 +2164,66 @@ qemu (1:5.2+dfsg-7) unstable; urgency=high
998
999 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Mar 2021 11:32:54 +0300
1000
1001+qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium
1002+
1003+ * d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
1004+ to glib2.0 >=2.67.3 (LP: #1916705)
1005+
1006+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Feb 2021 08:39:09 +0100
1007+
1008+qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
1009+
1010+ * Merge with Debian unstable, includes fixes for
1011+ - build operates differently if source is a git repo (LP: #1887535)
1012+ Remaining changes:
1013+ - qemu-kvm to systemd unit
1014+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1015+ hugepages and architecture specifics
1016+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1017+ qemu-kvm-init
1018+ - d/qemu-system-common.install: install helper script
1019+ - d/qemu-system-common.qemu-kvm.default: defaults for
1020+ /etc/default/qemu-kvm
1021+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1022+ - Distribution specific machine type (LP: 1304107 1621042)
1023+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
1024+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1025+ for host-phys-bits=true (LP: 1776189)
1026+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1027+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1028+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1029+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1030+ - Enable nesting by default
1031+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1032+ in qemu64 on amd
1033+ [ No more strictly needed, but required for backward compatibility ]
1034+ - improved dependencies
1035+ - Make qemu-system-common depend on qemu-block-extra
1036+ - Make qemu-utils depend on qemu-block-extra
1037+ - let qemu-utils recommend sharutils
1038+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1039+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1040+ reference 256k path
1041+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1042+ handle incoming migrations from former releases.
1043+ - d/control-in: Disable capstone disassembler library support (universe)
1044+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1045+ - d/control*, d/rules: disable xen by default, but provide universe
1046+ package qemu-system-x86-xen as alternative
1047+ [includes compat links changes of 5.0-5ubuntu4]
1048+ - allow qemu to load old modules post upgrade (LP 1847361)
1049+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1050+ - d/rules: Drop generating package version into maintainer scripts
1051+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1052+ the bad old prerm (LP 1906245 1905377)
1053+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
1054+ ld usage of -no-pie (LP 1907789)
1055+ * Added changes
1056+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
1057+ virtio-9p-ccw being missing (LP: #1916230)
1058+
1059+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Feb 2021 11:40:36 +0100
1060+
1061 qemu (1:5.2+dfsg-6) unstable; urgency=medium
1062
1063 * deprecate qemu-debootstrap. It is not needed anymore with
1064@@ -1305,6 +2276,64 @@ qemu (1:5.2+dfsg-4) unstable; urgency=medium
1065
1066 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300
1067
1068+qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
1069+
1070+ * No change rebuild to pick up liburing. (LP: #1914145)
1071+
1072+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 19:44:54 -0300
1073+
1074+qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
1075+
1076+ * Merge with Debian unstable, includes fixes for
1077+ - qemu-user-static are partially dynamically linked (LP: #1908331)
1078+ - qemu crashing when using spice without qemu-system-gui being
1079+ installed (LP: #1908577)
1080+ Remaining changes:
1081+ - qemu-kvm to systemd unit
1082+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1083+ hugepages and architecture specifics
1084+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1085+ qemu-kvm-init
1086+ - d/qemu-system-common.install: install helper script
1087+ - d/qemu-system-common.qemu-kvm.default: defaults for
1088+ /etc/default/qemu-kvm
1089+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1090+ - Distribution specific machine type (LP: 1304107 1621042)
1091+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
1092+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1093+ for host-phys-bits=true (LP: 1776189)
1094+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1095+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1096+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1097+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1098+ - Enable nesting by default
1099+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1100+ in qemu64 on amd
1101+ [ No more strictly needed, but required for backward compatibility ]
1102+ - improved dependencies
1103+ - Make qemu-system-common depend on qemu-block-extra
1104+ - Make qemu-utils depend on qemu-block-extra
1105+ - let qemu-utils recommend sharutils
1106+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1107+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1108+ reference 256k path
1109+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1110+ handle incoming migrations from former releases.
1111+ - d/control-in: Disable capstone disassembler library support (universe)
1112+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1113+ - d/control*, d/rules: disable xen by default, but provide universe
1114+ package qemu-system-x86-xen as alternative
1115+ [includes compat links changes of 5.0-5ubuntu4]
1116+ - allow qemu to load old modules post upgrade (LP 1847361)
1117+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1118+ - d/rules: Drop generating package version into maintainer scripts
1119+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1120+ the bad old prerm (LP 1906245 1905377)
1121+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
1122+ ld usage of -no-pie (LP 1907789)
1123+
1124+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
1125+
1126 qemu (1:5.2+dfsg-3) unstable; urgency=medium
1127
1128 [ Christian Ehrhardt ]
1129@@ -1321,6 +2350,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
1130
1131 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
1132
1133+qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
1134+
1135+ * Merge with Debian unstable
1136+ - includes fix for CVE-2020-17380
1137+ - includes a fix for s390x PCI device reset (LP: #1907656)
1138+ Remaining changes:
1139+ - qemu-kvm to systemd unit
1140+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1141+ hugepages and architecture specifics
1142+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1143+ qemu-kvm-init
1144+ - d/qemu-system-common.install: install helper script
1145+ - d/qemu-system-common.qemu-kvm.default: defaults for
1146+ /etc/default/qemu-kvm
1147+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1148+ - Distribution specific machine type (LP: 1304107 1621042)
1149+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
1150+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1151+ for host-phys-bits=true (LP: 1776189)
1152+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1153+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1154+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1155+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1156+ - Enable nesting by default
1157+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1158+ in qemu64 on amd
1159+ [ No more strictly needed, but required for backward compatibility ]
1160+ - improved dependencies
1161+ - Make qemu-system-common depend on qemu-block-extra
1162+ - Make qemu-utils depend on qemu-block-extra
1163+ - let qemu-utils recommend sharutils
1164+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1165+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1166+ reference 256k path
1167+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1168+ handle incoming migrations from former releases.
1169+ - d/control-in: Disable capstone disassembler library support (universe)
1170+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1171+ - d/control*, d/rules: disable xen by default, but provide universe
1172+ package qemu-system-x86-xen as alternative
1173+ [includes compat links changes of 5.0-5ubuntu4]
1174+ - allow qemu to load old modules post upgrade (LP 1847361)
1175+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1176+ - d/rules: Drop generating package version into maintainer scripts
1177+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1178+ the bad old prerm (LP 1906245 1905377)
1179+ * Dropped Changes:
1180+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
1181+ resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
1182+ fails]
1183+ * Added Changes:
1184+ - Refreshed ubuntu machine types for hirsute@5.2
1185+ - d/control: regenerated from d/control-in
1186+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
1187+ ld usage of -no-pie (LP: #1907789)
1188+
1189+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
1190+
1191 qemu (1:5.2+dfsg-2) unstable; urgency=medium
1192
1193 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
1194@@ -1366,6 +2453,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
1195
1196 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
1197
1198+qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
1199+
1200+ * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1201+ the bad old prerm (LP: #1906245)
1202+
1203+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
1204+
1205+qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
1206+
1207+ * Fix upgrade module handling (LP: #1905377)
1208+ This was accetped in a slightly different form in qemu_5.0-6 and therefore
1209+ allows to drop some former delta that is now conflicting.
1210+ Ubuntu still keeps enabling --enable-module-upgrades, but only for
1211+ qemu-xen which doesn't exist in Debian
1212+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1213+ - d/rules: Drop generating package version into maintainer scripts
1214+
1215+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
1216+
1217+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
1218+
1219+ * Merge with Debian testing, remaining changes:
1220+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
1221+ - qemu-kvm to systemd unit
1222+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1223+ hugepages and architecture specifics
1224+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1225+ qemu-kvm-init
1226+ - d/qemu-system-common.install: install helper script
1227+ - d/qemu-system-common.qemu-kvm.default: defaults for
1228+ /etc/default/qemu-kvm
1229+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1230+ - Distribution specific machine type (LP: 1304107 1621042)
1231+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1232+ types
1233+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1234+ for host-phys-bits=true (LP: 1776189)
1235+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1236+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1237+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1238+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1239+ - Enable nesting by default
1240+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1241+ in qemu64 on amd
1242+ [ No more strictly needed, but required for backward compatibility ]
1243+ - improved dependencies
1244+ - Make qemu-system-common depend on qemu-block-extra
1245+ - Make qemu-utils depend on qemu-block-extra
1246+ - let qemu-utils recommend sharutils
1247+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1248+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1249+ reference 256k path
1250+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1251+ handle incoming migrations from former releases.
1252+ - d/control-in: Disable capstone disassembler library support (universe)
1253+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1254+ - d/control*, d/rules: disable xen by default, but provide universe
1255+ package qemu-system-x86-xen as alternative
1256+ [includes compat links changes of 5.0-5ubuntu4]
1257+ - allow qemu to load old modules post upgrade (LP 1847361)
1258+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1259+ upgrade
1260+ - d/rules: generate maintainer scripts matching package version on build
1261+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1262+ - d/control: regenerate debian/control out of control-in
1263+ * Dropped changes [in Debian or no more needed]
1264+ - d/control-in: disable pmem on ppc64 as it is currently considered
1265+ experimental on that architecture (pmdk v1.8-1)
1266+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1267+ - d/rules: report config log from the correct subdir
1268+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1269+ - Pick further changes for groovy from debian/master since 5.0-5
1270+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
1271+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
1272+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
1273+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
1274+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
1275+ - megasas-fix-possible-out-of-bounds-array-access.patch
1276+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
1277+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
1278+ - a few patches from the stable series:
1279+ - fix-tulip-breakage.patch
1280+ - 9p-lock-directory-streams-with-a-CoMutex.patch
1281+ Prevent deadlocks in 9pfs readdir code
1282+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
1283+ Fix newline accidentally sneaked into id string of a nic
1284+ - qemu-nbd-close-inherited-stderr.patch
1285+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
1286+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
1287+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
1288+ - acpi-tmr-allow-2-byte-reads.patch
1289+ - reapply CVE-2020-13253 fixes from upstream
1290+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
1291+ - linux-user-add-netlink-RTM_SETLINK-command.patch
1292+ - d/control: since qemu-system-data now contains module(s),
1293+ it can't be multi-arch. Ditto for qemu-block-extra.
1294+ - qemu-system-foo: depend on exact version of qemu-system-data,
1295+ due to the latter having modules
1296+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
1297+ This is another incarnation of the recent bugfix which actually enabled
1298+ memory access constraints, like #964247
1299+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
1300+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
1301+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
1302+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
1303+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
1304+ - do not install outdated (0.12 and before) Changelog
1305+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
1306+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
1307+ Closes: CVE-2020-15863
1308+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
1309+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1310+ another fix for revert-memory-accept-.. CVE-2020-13754
1311+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1312+ - d/control-in: build-dep libcap is no more needed
1313+ - arch aware kvm wrappers
1314+ [upstream now automatically enables KVM if available and called with
1315+ kvm* name, provides KVM as before but with auto-fallback to tcg.
1316+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
1317+ * Dropped changes [upstream now]
1318+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
1319+ setup_len
1320+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
1321+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
1322+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
1323+ from vfio-ccw (LP 1887935)
1324+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
1325+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
1326+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
1327+ SQXBR (LP 1883984)
1328+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
1329+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
1330+ environments (LP 1887763)
1331+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1332+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1333+ crashes it on shutdown (LP 1878973)
1334+ - update d/p/ubuntu/lp-1835546-* to the final versions
1335+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1336+ FTBFS in groovy
1337+ * Added Changes:
1338+ - update ubuntu machine types for hirsute@5.1
1339+ - d/control: regenerated from d/control-in
1340+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
1341+ resolved in gcc-10 (LP: 1890435)
1342+
1343+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
1344+
1345 qemu (1:5.1+dfsg-4) unstable; urgency=high
1346
1347 * mention closing of CVE-2020-16092 by 5.1
1348@@ -1607,6 +2841,298 @@ qemu (1:5.0-6) unstable; urgency=medium
1349
1350 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
1351
1352+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
1353+
1354+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
1355+ machine type to match how it originally was released (LP: #1902654)
1356+
1357+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
1358+
1359+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
1360+
1361+ * No-change rebuild for brltty soname change.
1362+
1363+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
1364+
1365+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
1366+
1367+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
1368+ setup_len
1369+ CVE-2020-14364
1370+
1371+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
1372+
1373+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
1374+
1375+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
1376+
1377+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
1378+
1379+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
1380+
1381+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
1382+
1383+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
1384+
1385+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
1386+
1387+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
1388+ from vfio-ccw (LP: #1887935)
1389+
1390+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
1391+
1392+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
1393+
1394+ * fix qemu-user-static initialization to allow executing systemd
1395+ (LP: #1890881)
1396+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
1397+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
1398+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
1399+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
1400+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
1401+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
1402+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
1403+ CVE-2020-16092
1404+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
1405+
1406+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
1407+
1408+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
1409+
1410+ * xen: provide compat links to what libxen-dev reports where to find
1411+ the binaries (LP: #1890005)
1412+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
1413+ SQXBR (LP: #1883984)
1414+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
1415+
1416+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
1417+
1418+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
1419+
1420+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
1421+ environments (LP: #1887763)
1422+ * Pick further changes for groovy from debian/master since 5.0-5
1423+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
1424+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
1425+ infinite recursion via a crafted mm_index value during
1426+ ati_mm_read or ati_mm_write call.
1427+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
1428+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
1429+ devices which uses min_access_size and max_access_size Memory API fields.
1430+ Also closes: CVE-2020-13791
1431+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
1432+ CVE-2020-13659: address_space_map in exec.c can trigger
1433+ a NULL pointer dereference related to BounceBuffer
1434+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
1435+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
1436+ has an OOB read via a crafted reply_queue_head field from a guest OS user
1437+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
1438+ fix other possible cases like in CVE-2020-13362 (#961887)
1439+ - megasas-fix-possible-out-of-bounds-array-access.patch
1440+ Some tracepoints use a guest-controlled value as an index into the
1441+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
1442+ impact OOB errors here
1443+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
1444+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
1445+ This flaw occurs when an nbd-client sends a spec-compliant request that is
1446+ near the boundary of maximum permitted request length. A remote nbd-client
1447+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
1448+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
1449+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
1450+ properly validate the frame count, which allows guest OS users to trigger
1451+ an out-of-bounds access during an es1370_write() operation
1452+ - a few patches from the stable series:
1453+ - fix-tulip-breakage.patch
1454+ The tulip network driver in a qemu-system-hppa emulation is broken in
1455+ the sense that bigger network packages aren't received any longer and
1456+ thus even running e.g. "apt update" inside the VM fails. Fix this.
1457+ - 9p-lock-directory-streams-with-a-CoMutex.patch
1458+ Prevent deadlocks in 9pfs readdir code
1459+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
1460+ Fix newline accidentally sneaked into id string of a nic
1461+ - qemu-nbd-close-inherited-stderr.patch
1462+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
1463+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
1464+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
1465+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
1466+ - reapply CVE-2020-13253 fixed from upstream:
1467+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
1468+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
1469+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
1470+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
1471+ Closes: #961297, CVE-2020-13253
1472+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
1473+ (Closes: #965109)
1474+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
1475+ - d/control: since qemu-system-data now contains module(s),
1476+ it can't be multi-arch. Ditto for qemu-block-extra.
1477+ - qemu-system-foo: depend on exact version of qemu-system-data,
1478+ due to the latter having modules
1479+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
1480+ This is another incarnation of the recent bugfix which actually enabled
1481+ memory access constraints, like #964247
1482+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
1483+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
1484+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
1485+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
1486+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
1487+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
1488+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
1489+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
1490+ Closes: CVE-2020-15863
1491+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
1492+ List of patches:
1493+ sm501-convert-printf-abort-to-qemu_log_mask.patch
1494+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
1495+ sm501-use-BIT-macro-to-shorten-constant.patch
1496+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
1497+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
1498+ Closes: #961451, CVE-2020-12829
1499+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1500+ another fix for revert-memory-accept-.. CVE-2020-13754
1501+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1502+
1503+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
1504+
1505+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
1506+
1507+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
1508+
1509+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
1510+
1511+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
1512+
1513+ * Merge with Debian testing (LP: #1749393), remaining changes:
1514+ - qemu-kvm to systemd unit
1515+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1516+ hugepages and architecture specifics
1517+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1518+ qemu-kvm-init
1519+ - d/qemu-system-common.install: install helper script
1520+ - d/qemu-system-common.qemu-kvm.default: defaults for
1521+ /etc/default/qemu-kvm
1522+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1523+ - Distribution specific machine type (LP: 1304107 1621042)
1524+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1525+ types
1526+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1527+ for host-phys-bits=true (LP: 1776189)
1528+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1529+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1530+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1531+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1532+ - Enable nesting by default
1533+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1534+ in qemu64 on amd
1535+ [ No more strictly needed, but required for backward compatibility ]
1536+ - improved dependencies
1537+ - Make qemu-system-common depend on qemu-block-extra
1538+ - Make qemu-utils depend on qemu-block-extra
1539+ - let qemu-utils recommend sharutils
1540+ - arch aware kvm wrappers
1541+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1542+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1543+ reference 256k path
1544+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1545+ handle incoming migrations from former releases.
1546+ - d/control-in: Disable capstone disassembler library support (universe)
1547+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1548+ - d/control*, d/rules: disable xen by default, but provide universe
1549+ package qemu-system-x86-xen as alternative
1550+ [includes --disable-xen for user-static builds]
1551+ - d/control-in: disable pmem on ppc64 as it is currently considered
1552+ experimental on that architecture (pmdk v1.8-1)
1553+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1554+ - d/rules: report config log from the correct subdir
1555+ - allow qemu to load old modules post upgrade (LP 1847361)
1556+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1557+ upgrade
1558+ - d/rules: generate maintainer scripts matching package version on build
1559+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1560+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1561+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1562+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1563+ crashes it on shutdown (LP 1878973)
1564+ * Dropped changes (no more needed)
1565+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1566+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1567+ in qemu64 cpu type.
1568+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
1569+ Debian. Fixed by bumping the related Breaks/Replaces to the
1570+ Version Ubuntu introduced the change (LP 1862287)
1571+ * Dropped changes (in Debian)
1572+ - improved s390x support
1573+ - d/binfmt-update-in: fix binfmt being called in some containers
1574+ (LP 1840956)
1575+ - qemu-system-x86-microvm package
1576+ In addition to the generic multi-purpose qemu also provide a minimal
1577+ feature binary that is loading faster for use cases with microvm machine
1578+ type and qboot bios
1579+ - d/control-in: add a new qemu-system-x86-microvm package
1580+ - d/rules: add an extra config/build step to get the minimal qemu
1581+ - Security and packaging fixes (LP 1872937)
1582+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1583+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1584+ CVE-2020-10702
1585+ CVE-2020-11102
1586+ - fix external spice UI
1587+ + install ui-spice-app.so in qemu-system-common
1588+ + install ui-spice-app.so only if built, spice is optional
1589+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1590+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1591+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1592+ - enable riscv build (LP 1872931)
1593+ [ changes picked from Debian ]
1594+ - enable support for riscv64 hosts
1595+ - only enable librbd on architectures where it is built
1596+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1597+ depends on the former
1598+ - seccomp grew up, no need in versioned build-dep
1599+ - enable seccomp only on architectures where it can be built
1600+ * Dropped changes (upstream)
1601+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1602+ (LP 1857033)
1603+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1604+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1605+ vhost-user-gpu
1606+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1607+ avoid unnecessary IOTLB transactions (LP 1866207)
1608+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1609+ patches @qemu-stable (LP 1867519)
1610+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1611+ to avoid broken nesting (LP 1868692)
1612+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1613+ (LP 1871830)
1614+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
1615+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1616+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1617+ and clobbered doubles (LP 1872945)
1618+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1619+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1620+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1621+ - CVE-2020-11869
1622+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1623+ - async: use explicit memory barriers (LP 1805256)
1624+ - aio-wait: delegate polling of main AioContext if BQL not held
1625+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1626+ supporting to set them (LP 1882774)
1627+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1628+ load to a versioned path
1629+ * Added Changes:
1630+ - d/control: regenerate debian/control out of control-in
1631+ - update d/p/ubuntu/lp-1835546-* to the final versions
1632+ - 11 patches dropped as they are in 5.0
1633+ - 20 patches updated to how they will be in 5.1
1634+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1635+ FTBFS in groovy
1636+ - Make qemu-system-x86-microvm a transitional package as the binary is now
1637+ in qemu-system-x86 itself.
1638+ - d/control-in: build-dep libcap is no more needed
1639+ - d/rules: update arch aware kvm wrappers
1640+ - d/qemu-system-x86.README.Debian: fix typo
1641+
1642+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
1643+
1644 qemu (1:5.0-5) unstable; urgency=medium
1645
1646 * more binfmt-install updates
1647@@ -1739,6 +3265,188 @@ qemu (1:4.2-4) unstable; urgency=medium
1648
1649 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
1650
1651+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
1652+
1653+ * No-change rebuild against libnettle8
1654+
1655+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
1656+
1657+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
1658+
1659+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1660+ crashes it on shutdown (LP: #1878973)
1661+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1662+ supporting to set them (LP: #1882774)
1663+
1664+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
1665+
1666+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1667+
1668+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1669+ - async: use explicit memory barriers (LP: #1805256)
1670+ - aio-wait: delegate polling of main AioContext if BQL not held
1671+
1672+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1673+
1674+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1675+
1676+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1677+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1678+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1679+ - CVE-2020-11869
1680+
1681+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1682+
1683+qemu (1:4.2-3ubuntu6) focal; urgency=medium
1684+
1685+ [ Christian Ehrhardt ]
1686+ * enable riscv build (LP: #1872931)
1687+ [ changes picked from Debian ]
1688+ - enable support for riscv64 hosts
1689+ - only enable librbd on architectures where it is built
1690+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1691+ depends on the former
1692+ - seccomp grew up, no need in versioned build-dep
1693+ - enable seccomp only on architectures where it can be built
1694+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1695+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1696+ and clobbered doubles (LP: #1872945)
1697+
1698+ [ William Grant ]
1699+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1700+
1701+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1702+
1703+qemu (1:4.2-3ubuntu5) focal; urgency=medium
1704+
1705+ [ Christian Ehrhardt ]
1706+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1707+ (LP: #1871830)
1708+ * Security and packaging fixes (LP: #1872937)
1709+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1710+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1711+ CVE-2020-10702
1712+ CVE-2020-11102
1713+ - fix external spice UI
1714+ + install ui-spice-app.so in qemu-system-common
1715+ + install ui-spice-app.so only if built, spice is optional
1716+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1717+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1718+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1719+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1720+
1721+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1722+
1723+qemu (1:4.2-3ubuntu4) focal; urgency=medium
1724+
1725+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1726+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1727+ to avoid broken nesting (LP: #1868692)
1728+
1729+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1730+
1731+qemu (1:4.2-3ubuntu3) focal; urgency=medium
1732+
1733+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1734+ patches @qemu-stable (LP: #1867519)
1735+
1736+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1737+
1738+qemu (1:4.2-3ubuntu2) focal; urgency=medium
1739+
1740+ * allow qemu to load old modules post upgrade (LP: #1847361)
1741+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1742+ load to a versioned path
1743+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1744+ upgrade
1745+ - d/rules: generate maintainer scripts matching package version on build
1746+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1747+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1748+ avoid unnecessary IOTLB transactions (LP: #1866207)
1749+
1750+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1751+
1752+qemu (1:4.2-3ubuntu1) focal; urgency=medium
1753+
1754+ * Merge with Debian testing, remaining changes:
1755+ - qemu-kvm to systemd unit
1756+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1757+ hugepages and architecture specifics
1758+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1759+ qemu-kvm-init
1760+ - d/qemu-system-common.install: install helper script
1761+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1762+ - d/qemu-system-common.qemu-kvm.default: defaults for
1763+ /etc/default/qemu-kvm
1764+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1765+ - Distribution specific machine type (LP: 1304107 1621042)
1766+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1767+ types
1768+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1769+ for host-phys-bits=true (LP: 1776189)
1770+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1771+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1772+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1773+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1774+ - Enable nesting by default
1775+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1776+ in qemu64 cpu type.
1777+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1778+ in qemu64 on amd
1779+ [ No more strictly needed, but required for backward compatibility ]
1780+ - improved dependencies
1781+ - Make qemu-system-common depend on qemu-block-extra
1782+ - Make qemu-utils depend on qemu-block-extra
1783+ - let qemu-utils recommend sharutils
1784+ - improved s390x support
1785+ - d/rules: build s390-ccw.img with upstream Makefile
1786+ - d/rules: build s390-netboot.img with upstream Makefile
1787+ - arch aware kvm wrappers
1788+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1789+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1790+ reference 256k path
1791+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1792+ handle incoming migrations from former releases.
1793+ - d/control-in: Disable capstone disassembler library support (universe)
1794+ - d/binfmt-update-in: fix binfmt being called in some containers
1795+ (LP 1840956)
1796+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1797+ (LP 1857033)
1798+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1799+ - d/control*, d/rules: disable xen by default, but provide universe
1800+ package qemu-system-x86-xen as alternative
1801+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1802+ - Dropped changes [ in Debian ]
1803+ - d/control: update VCS links
1804+ - d/control-in: bump debhelper build-dep for compat 12
1805+ - d/control: disable bluetooth being deprecated
1806+ - d/not-installed: ignore new interop docs and extra icons for now
1807+ - d/not-installed: do not install elf2dmp until namespaced
1808+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1809+ [ not needed ]
1810+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1811+ - s390x support
1812+ - Create qemu-system-s390x package
1813+ - Enable numa support for s390x
1814+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
1815+ * Added changes
1816+ - d/control: regenerate debian/control out of control-in
1817+ - qemu-system-x86-microvm package
1818+ In addition to the generic multi-purpose qemu also provide a minimal
1819+ feature binary that is loading faster for use cases with microvm machine
1820+ type and qboot bios
1821+ - d/control-in: add a new qemu-system-x86-microvm package
1822+ - d/rules: add an extra config/build step to get the minimal qemu
1823+ - d/control-in: disable pmem on ppc64 as it is currently considered
1824+ experimental on that architecture (pmdk v1.8-1)
1825+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1826+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1827+ vhost-user-gpu
1828+ - d/rules: report config log from the correct subdir
1829+ - d/rules: --disable-xen for user-static builds
1830+
1831+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1832+
1833 qemu (1:4.2-3) unstable; urgency=medium
1834
1835 * mention closing of #909743 in previous changelog (Closes: #909743)
1836@@ -1781,6 +3489,169 @@ qemu (1:4.2-2) unstable; urgency=medium
1837
1838 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
1839
1840+qemu (1:4.2-1ubuntu2) focal; urgency=medium
1841+
1842+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1843+ Debian. Fixed by by bumping the related Breaks/Replaces to the
1844+ Version Ubuntu introduced the change (LP: #1862287)
1845+
1846+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1847+
1848+qemu (1:4.2-1ubuntu1) focal; urgency=medium
1849+
1850+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1851+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1852+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1853+ LP: #1852744 - Crypto Passthrough Interrupt Support
1854+ LP: #1853316 - CCW IPL Support
1855+ Remaining changes:
1856+ - qemu-kvm to systemd unit
1857+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1858+ hugepages and architecture specifics
1859+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1860+ qemu-kvm-init
1861+ - d/qemu-system-common.install: install helper script
1862+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1863+ - d/qemu-system-common.qemu-kvm.default: defaults for
1864+ /etc/default/qemu-kvm
1865+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1866+ - Distribution specific machine type (LP: 1304107 1621042)
1867+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1868+ types
1869+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1870+ for host-phys-bits=true (LP: 1776189)
1871+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1872+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1873+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1874+ - Enable nesting by default
1875+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1876+ in qemu64 cpu type.
1877+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1878+ in qemu64 on amd
1879+ [ No more strictly needed, but required for backward compatibility ]
1880+ - improved dependencies
1881+ - Make qemu-system-common depend on qemu-block-extra
1882+ - Make qemu-utils depend on qemu-block-extra
1883+ - let qemu-utils recommend sharutils
1884+ - s390x support
1885+ - Create qemu-system-s390x package
1886+ - Enable numa support for s390x
1887+ - d/rules: build s390-ccw.img with upstream Makefile
1888+ - d/rules: build s390-netboot.img with upstream Makefile
1889+ - arch aware kvm wrappers
1890+ - d/control: update VCS links
1891+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1892+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1893+ reference 256k path
1894+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1895+ handle incoming migrations from former releases.
1896+ - d/control-in: Disable capstone disassembler library support (universe)
1897+ - d/control: disable bluetooth being deprecated
1898+ - d/not-installed: ignore new interop docs and extra icons for now
1899+ - d/not-installed: do not install elf2dmp until namespaced
1900+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1901+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1902+ - d/binfmt-update-in: fix binfmt being called in some containers
1903+ (LP 1840956)
1904+ - Dropped changes (in Debian)
1905+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1906+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1907+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1908+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1909+ - enable RDMA config option
1910+ - add libibumad-dev build-dep
1911+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1912+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1913+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1914+ replace it with a build-indep using the upstream makefiles.
1915+ This is less prone to miss future changes/fixes that are done to the
1916+ makefiles
1917+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1918+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1919+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1920+ - Refreshed patches for v4.0 context changes
1921+ - d/control*: remove sdlabi which was removed upstream
1922+ - d/control*: enable docs (now explicit) and provide new build-dep
1923+ python3-sphinx
1924+ - d/qemu-system-data.install: use new paths for formerly used icons
1925+ - Merge with Upstream release of qemu 4.0
1926+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1927+ - Dropped changes (Upstream)
1928+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1929+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1930+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1931+ fix i386 build error
1932+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1933+ fix naming of the new vector facitlity (LP 1836066)
1934+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1935+ for missing SIOCGSTAMP definition; final fix is still in discussion
1936+ upstream (LP: 1836159)
1937+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
1938+ s390x machines (LP 1836154)
1939+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
1940+ (LP 1841066)
1941+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
1942+ update the z15 model name (LP 1842774)
1943+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
1944+ fix a potential hang when qemu or qemu-img where accessing http backed
1945+ disks via libcurl (LP 1848556)
1946+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
1947+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
1948+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
1949+ toleration for future machines (LP 1830704)
1950+ - SECURITY UPDATE: Add support for exposing md-clear functionality
1951+ to guests
1952+ - d/p/ubuntu/enable-md-clear.patch
1953+ - d/p/ubuntu/enable-md-no.patch
1954+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1955+ - SECURITY UPDATE: heap overflow when loading device tree blob
1956+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
1957+ copy the device tree blob into is.
1958+ - CVE-2018-20815
1959+ - SECURITY UPDATE: device driver denial of service via NULL pointer
1960+ dereference
1961+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
1962+ routine
1963+ - CVE-2019-5008
1964+ - SECURITY UPDATE: information leak in SLiRP
1965+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
1966+ emulating ident.
1967+ - CVE-2019-9824
1968+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
1969+ unimplement.patch: properly return architecture defined exception
1970+ on bad subcodes of diag 308 (LP 1812384)
1971+ * Dropped changes (no more needed)
1972+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
1973+ mv_conffile since the new path is a directory in the old package
1974+ version which can not be handled by mv_conffile.
1975+ [ only needed between disco and eoan ]
1976+ - disable pvrdma
1977+ [ CVEs all fixed now ]
1978+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
1979+ avoid misdetection of simplified nesting blocking all migrations
1980+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
1981+ - Enable nesting by default
1982+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
1983+ (is default on amd)
1984+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
1985+ without nested=1
1986+ [ nesting is default in kernel modules and default selected cpu types ]
1987+ * Added changes
1988+ - d/control: regenerate debian/control out of control-in
1989+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
1990+ - added ubuntu focal types for qemu 4.2
1991+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1992+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1993+ (LP: #1857033)
1994+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1995+ - d/control*, d/rules: disable xen by default, but provide universe
1996+ package qemu-system-x86-xen as alternative
1997+ - fix typos in changelog and d/qemu-system-x86.NEWS
1998+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
1999+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
2000+
2001+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
2002+
2003 qemu (1:4.2-1) unstable; urgency=medium
2004
2005 * new upstream release (4.2.0)
2006@@ -1857,6 +3728,205 @@ qemu (1:4.1-1) unstable; urgency=medium
2007
2008 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
2009
2010+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
2011+
2012+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
2013+ fix a potential hang when qemu or qemu-img where accessing http backed
2014+ disks via libcurl (LP: #1848556)
2015+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
2016+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
2017+
2018+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
2019+
2020+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
2021+
2022+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
2023+ update the z15 model name (LP: #1842774)
2024+
2025+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
2026+
2027+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
2028+
2029+ * d/binfmt-update-in: fix binfmt being called in some containers
2030+ (LP: #1840956)
2031+
2032+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
2033+
2034+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
2035+
2036+ * No-change upload with strops.h and sys/strops.h removed in glibc.
2037+
2038+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
2039+
2040+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
2041+
2042+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
2043+ (LP: #1841066)
2044+
2045+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
2046+
2047+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
2048+
2049+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
2050+ s390x machines (LP: #1836154)
2051+
2052+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
2053+
2054+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
2055+
2056+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
2057+ - pick Debian change for (#889885)
2058+ move ovmf to recommends on debian and update aarch ovmf refs
2059+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
2060+
2061+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
2062+
2063+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
2064+
2065+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
2066+ for missing SIOCGSTAMP definition; final fix is still in discussion
2067+ upstream (LP: 1836159)
2068+
2069+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
2070+
2071+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
2072+
2073+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
2074+ fix naming of the new vector facitlity (LP: #1836066)
2075+ * d/control-in: update VCS links in control template as well
2076+
2077+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
2078+
2079+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
2080+
2081+ * Merge with Upstream release of qemu 4.0.
2082+ Among many other things this fixes LP Bugs:
2083+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
2084+ LP: #1828038 - Update s390x CPU Model for more HW support
2085+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
2086+ Remaining Changes:
2087+ - qemu-kvm to systemd unit
2088+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2089+ hugepages and architecture specifics
2090+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
2091+ qemu-kvm-init
2092+ - d/qemu-system-common.install: install helper script
2093+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2094+ - d/qemu-system-common.qemu-kvm.default: defaults for
2095+ /etc/default/qemu-kvm
2096+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
2097+ - Enable nesting by default
2098+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
2099+ (is default on amd)
2100+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
2101+ without nested=1
2102+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2103+ in qemu64 cpu type.
2104+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2105+ in qemu64 on amd
2106+ - d/qemu-system-x86.README.Debian: document intention of nested being
2107+ default is comfort, not full support
2108+ - Distribution specific machine type (LP: 1304107 1621042)
2109+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2110+ types
2111+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2112+ for host-phys-bits=true (LP: 1776189)
2113+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2114+ - provide pseries-bionic-2.11-sxxm type as convenience with all
2115+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
2116+ - improved dependencies
2117+ - Make qemu-system-common depend on qemu-block-extra
2118+ - Make qemu-utils depend on qemu-block-extra
2119+ - let qemu-utils recommend sharutils
2120+ - s390x support
2121+ - Create qemu-system-s390x package
2122+ - Enable numa support for s390x
2123+ - arch aware kvm wrappers
2124+ - d/control: update VCS links
2125+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2126+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2127+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2128+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2129+ - enable RDMA config option
2130+ - add libibumad-dev build-dep
2131+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2132+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2133+ reference 256k path
2134+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2135+ handle incoming migrations from former releases.
2136+ - d/control-in: Disable capstone disassembler library support (universe)
2137+ - Move s390x roms to a new qemu-system-data-s390x
2138+ - d/qemu-system-data.install: install s390x roms as architecture:all in
2139+ qemu-system-data
2140+ - d/rules: build s390-ccw.img with upstream Makefile
2141+ - d/rules: build s390-netboot.img with upstream Makefile
2142+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
2143+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
2144+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
2145+ replace it with a build-indep using the upstream makefiles.
2146+ This is less prone to miss future changes/fixes that are done to the
2147+ makefiles
2148+ - d/control-in: add breaks/replaces for moving s390x roms from
2149+ qemu-system-s390x to qemu-system-data
2150+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
2151+ [From not yet uploaded Debian branch]
2152+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
2153+ - d/rules: fix qemu-kvm service for debhelper compat >=12
2154+ - disable pvrdma - besides several security holes there are many other
2155+ bugs there as well
2156+ * Dropped patches that are upstream in v4.0
2157+ - d/p/do-not-link-everything-with-xen.patch
2158+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
2159+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
2160+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
2161+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
2162+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
2163+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
2164+ (LP: 1759509)
2165+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
2166+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
2167+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
2168+ - d/p/ubuntu/CVE-2018-20815.patch
2169+ - d/p/ubuntu/CVE-2019-5008.patch
2170+ - d/p/ubuntu/CVE-2019-9824.patch
2171+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2172+ avoid misdetection of simplified nesting blocking all migrations
2173+ * Dropped further patches
2174+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
2175+ [upstream deprecated the whole subsystem instead of applying the fix]
2176+ * Added Changes
2177+ - updated ubuntu machine types for v4.0
2178+ - added eoan types
2179+ - fixed s390x issue of upstream types having a "v" prefix
2180+ - add back dropped machine types to avoid more issues like LP: 1802944
2181+ - fix kvm split irqchip default in ubuntu q35 machine type
2182+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
2183+ adapt updated CamelCase
2184+ - -hpb types now need to use GlobalProperties
2185+ - pc_compat_2_0 got a _fn suffix and slight changes
2186+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
2187+ SLOF of qemu 4.0
2188+ - Refreshed patches still needed for v4.0 context changes
2189+ - d/p/use-fixed-data-path.patch
2190+ - d/p/ubuntu/enable-svm-by-default.patch
2191+ - d/p/ubuntu/enable-md-clear.patch
2192+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
2193+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
2194+ (LP: #1830243)
2195+ - d/control: disable bluetooth being deprecated
2196+ - d/control*: remove sdlabi which was removed upstream
2197+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
2198+ - d/control*: enable docs (now explicit) and provide new build-dep
2199+ python3-sphinx
2200+ - d/not-installed: ignore new interop docs and extra icons for now
2201+ - d/not-installed: do not install elf2dmp until namespaced
2202+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
2203+ - d/qemu-system-data.install: use new paths for formerly used icons
2204+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
2205+ fix i386 build error
2206+
2207+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
2208+
2209 qemu (1:3.1+dfsg-8) unstable; urgency=high
2210
2211 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
2212@@ -1959,6 +4029,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
2213
2214 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
2215
2216+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
2217+
2218+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
2219+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
2220+ fix migrations from old machines (LP: #1829868).
2221+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
2222+ toleration for future machines (LP: #1830704
2223+
2224+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
2225+
2226+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
2227+
2228+ * SECURITY UPDATE: Add support for exposing md-clear functionality
2229+ to guests
2230+ - d/p/ubuntu/enable-md-clear.patch
2231+ - d/p/ubuntu/enable-md-no.patch
2232+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
2233+ * SECURITY UPDATE: heap overflow when loading device tree blob
2234+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
2235+ copy the device tree blob into is.
2236+ - CVE-2018-20815
2237+ * SECURITY UPDATE: device driver denial of service via NULL pointer
2238+ dereference
2239+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
2240+ routine
2241+ - CVE-2019-5008
2242+ * SECURITY UPDATE: information leak in SLiRP
2243+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
2244+ emulating ident.
2245+ - CVE-2019-9824
2246+
2247+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
2248+
2249+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
2250+
2251+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
2252+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
2253+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
2254+ mv_conffile since the new path is a directory in the old package
2255+ version which can not be handled by mv_conffile.
2256+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
2257+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
2258+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
2259+ CVE-2019-3812
2260+
2261+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
2262+
2263+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
2264+
2265+ * disable pvrdma - besides several security holes there are many other
2266+ bugs there as well, and the amount of patches applied upstream after
2267+ 3.1 release is large (Closes, or actuallymakes unimportant again)
2268+ - CVE-2018-20123
2269+ - CVE-2018-20124
2270+ - CVE-2018-20125
2271+ - CVE-2018-20126
2272+ - CVE-2018-20191
2273+ - CVE-2018-20216
2274+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
2275+ - CVE-2019-6501
2276+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
2277+ - CVE-2019-6778
2278+
2279+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
2280+
2281+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
2282+
2283+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
2284+ LP: #1806104 - fix misleading page size error on ppc64el
2285+ LP: #1782205 - SnowRidge enabled new ISAs
2286+ LP: #1786956 - upgrade to qemu >= 3.0
2287+ LP: #1809083 - Backward migration to Xenial on ppc64el
2288+ LP: #1803315 - s390x Huge page enablement
2289+ LP: #1657409 - enable virglrenderer
2290+ Remaining Changes:
2291+ - qemu-kvm to systemd unit
2292+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2293+ hugepages and architecture specifics
2294+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2295+ - d/qemu-system-common.install: install systemd unit and helper script
2296+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2297+ - d/qemu-system-common.qemu-kvm.default: defaults for
2298+ /etc/default/qemu-kvm
2299+ - d/rules: install /etc/default/qemu-kvm
2300+ - Enable nesting by default
2301+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
2302+ (is default on amd)
2303+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
2304+ without nested=1
2305+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2306+ in qemu64 cpu type.
2307+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2308+ in qemu64 on amd
2309+ - d/qemu-system-x86.README.Debian: document intention of nested being
2310+ default is comfort, not full support
2311+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
2312+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2313+ types
2314+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2315+ for host-phys-bits=true (LP: 1776189)
2316+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2317+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2318+ convenience with all meltdown/spectre workarounds enabled by default.
2319+ (LP: 1761372).
2320+ - improved dependencies
2321+ - Make qemu-system-common depend on qemu-block-extra
2322+ - Make qemu-utils depend on qemu-block-extra
2323+ - let qemu-utils recommend sharutils
2324+ - s390x support
2325+ - Create qemu-system-s390x package
2326+ - Enable numa support for s390x
2327+ - arch aware kvm wrappers
2328+ - d/control: update VCS links (updated to match latest Ubuntu)
2329+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2330+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2331+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2332+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2333+ - enable RDMA config option
2334+ - add libibumad-dev build-dep
2335+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2336+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2337+ reference 256k path
2338+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2339+ handle incoming migrations from former releases.
2340+ - d/control-in: Disable capstone disassembler library support (universe)
2341+ * Added Changes:
2342+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
2343+ for qemu 3.1 in the Ubuntu Disco release
2344+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
2345+ - Move s390x roms to a new qemu-system-data-s390x
2346+ - d/qemu-system-data.install: install s390x roms as architecture:all in
2347+ qemu-system-data
2348+ - d/rules: build s390-ccw.img with upstream Makefile
2349+ - d/rules: build s390x-netboot.img with upstream Makefile
2350+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
2351+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
2352+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
2353+ replace it with a build-indep using the upstream makefiles.
2354+ This is less prone to miss future changes/fixes that are done to the
2355+ makefiles
2356+ - d/control-in: add breaks/replaces for moving s390x roms from
2357+ qemu-system-s390x to qemu-system-data
2358+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
2359+ [From not yet uploaded Debian branch]
2360+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
2361+ (Closes: #918378)
2362+ - d/rules: fix qemu-kvm service for debhelper compat >=12
2363+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2364+ avoid misdetection of simplified nesting blocking all migrations
2365+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
2366+ unimplement.patch: properly return archicture defined exception
2367+ on bad subcodes of diag 308 (LP: #1812384)
2368+ * Dropped Changes:
2369+ - Include s390-ccw.img firmware (old style native build)
2370+ - d/rules enable install s390x-netboot.img (old style native build)
2371+ - libvirt/qemu user/group support
2372+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2373+ trigger.
2374+ [ Droppable since logind properly sets ACLs now ]
2375+ - qemu-system-common.preinst: add kvm group if needed
2376+ [ Droppable because systemd/udev take care of it since 239-6]
2377+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
2378+ freeze-hook fixes (LP: 1484990)
2379+ [upstream]
2380+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2381+ merged upstream
2382+ [upstream]
2383+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2384+ computation while concatenating mbuf.
2385+ CVE-2018-11806
2386+ [upstream]
2387+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2388+ for powerpc64 to speed up translation (LP: 1781526)
2389+ [upstream]
2390+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2391+ cpu model for z14 ZR1 (LP: 1780773).
2392+ [upstream]
2393+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2394+ (Closes: 903562)
2395+ [in Debian]
2396+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2397+ unreleased Debian version)
2398+ [in Debian]
2399+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2400+ by migrations with UI frontends or frequent guest resolution changes
2401+ (LP #1755912)
2402+ [upstream]
2403+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2404+ extend eieio for POWER9 emulation (LP: 1787408).
2405+ [upstream]
2406+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2407+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
2408+ [upstream]
2409+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
2410+ [upstream]
2411+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
2412+ [upstream]
2413+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
2414+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
2415+ [in Debian]
2416+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2417+ Adapters on s390x (LP: 1787405)
2418+ [upstream]
2419+ - enable opengl for vfio-MDEV support (LP: 1804766)
2420+ [in Debian]
2421+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2422+ [upstream]
2423+ - SECURITY UPDATE: integer overflow via crafted QMP command
2424+ [upstream]
2425+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2426+ [upstream]
2427+ - SECURITY UPDATE: buffer overflow in rtl8139
2428+ [upstream]
2429+ - SECURITY UPDATE: buffer overflow in pcnet
2430+ [upstream]
2431+ - SECURITY UPDATE: DoS via large packet sizes
2432+ [upstream]
2433+ - SECURITY UPDATE: DoS in lsi53c895a
2434+ [upstream]
2435+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2436+ [upstream]
2437+ - SECURITY UPDATE: race condition in 9p
2438+ [upstream]
2439+
2440+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
2441+
2442 qemu (1:3.1+dfsg-2) unstable; urgency=medium
2443
2444 * d/rules: split arch and indep builds
2445@@ -2038,6 +4334,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
2446
2447 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
2448
2449+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
2450+
2451+ [ Marc Deslauriers ]
2452+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2453+ - debian/patches/CVE-2018-10839.patch: use proper type in
2454+ hw/net/ne2000.c.
2455+ - CVE-2018-10839
2456+ * SECURITY UPDATE: integer overflow via crafted QMP command
2457+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
2458+ guest-file-read in qga/commands-posix.c.
2459+ - CVE-2018-12617
2460+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2461+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
2462+ - CVE-2018-16847
2463+ * SECURITY UPDATE: buffer overflow in rtl8139
2464+ - debian/patches/CVE-2018-17958.patch: use proper type in
2465+ hw/net/rtl8139.c.
2466+ - CVE-2018-17958
2467+ * SECURITY UPDATE: buffer overflow in pcnet
2468+ - debian/patches/CVE-2018-17962.patch: use proper type in
2469+ hw/net/pcnet.c.
2470+ - CVE-2018-17962
2471+ * SECURITY UPDATE: DoS via large packet sizes
2472+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
2473+ - CVE-2018-17963
2474+ * SECURITY UPDATE: DoS in lsi53c895a
2475+ - debian/patches/CVE-2018-18849.patch: check message length value is
2476+ valid in hw/scsi/lsi53c895a.c.
2477+ - CVE-2018-18849
2478+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2479+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
2480+ access in hw/ppc/pnv_lpc.c.
2481+ - CVE-2018-18954
2482+ * SECURITY UPDATE: race condition in 9p
2483+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
2484+ hw/9pfs/cofile.c.
2485+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
2486+ hw/9pfs/9p.c.
2487+ - CVE-2018-19364
2488+
2489+ [ Christian Ehrhardt]
2490+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2491+ Adapters on s390x (LP: #1787405)
2492+ * enable opengl for vfio-MDEV support (LP: #1804766)
2493+ - d/control-in: set --enable-opengl
2494+ - d/control-in: add gl related build-dependencies
2495+
2496+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
2497+
2498+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
2499+
2500+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
2501+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
2502+
2503+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
2504+
2505+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
2506+
2507+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
2508+ The SLOF source pieces in src:qemu are only used for s390x netboot,
2509+ which are independent ROMs (no linking). All other binaries out of this
2510+ are part of src:slof and independent.
2511+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
2512+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
2513+ and related fixes
2514+
2515+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
2516+
2517+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
2518+
2519+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
2520+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
2521+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
2522+
2523+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
2524+
2525+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
2526+
2527+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2528+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
2529+ - CVE-2018-15746
2530+
2531+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
2532+
2533+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
2534+
2535+ [ Murilo Opsfelder Araujo ]
2536+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2537+ extend eieio for POWER9 emulation (LP: #1787408).
2538+
2539+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
2540+
2541+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
2542+
2543+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2544+ by migrations with UI frontends or frequent guest resolution changes
2545+ (LP: #1755912)
2546+
2547+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
2548+
2549+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
2550+
2551+ * Disable capstone disassembler library support (universe dependency)
2552+
2553+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
2554+
2555+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
2556+
2557+ * Merge with Debian testing, Remaining Changes:
2558+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
2559+ - qemu-kvm to systemd unit
2560+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2561+ hugepages and architecture specifics
2562+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2563+ - d/qemu-system-common.install: install systemd unit and helper script
2564+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2565+ - d/qemu-system-common.qemu-kvm.default: defaults for
2566+ /etc/default/qemu-kvm
2567+ - d/rules: install /etc/default/qemu-kvm
2568+ - Enable nesting by default
2569+ - set nested=1 module option on intel. (is default on amd)
2570+ - re-load kvm_intel.ko if it was loaded without nested=1
2571+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2572+ in qemu64 cpu type.
2573+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2574+ in qemu64 on amd
2575+ - d/qemu-system-x86.README.Debian: document intention of nested being
2576+ default is comfort, not full support
2577+ - libvirt/qemu user/group support
2578+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2579+ trigger.
2580+ - qemu-system-common.preinst: add kvm group if needed
2581+ - Distribution specific machine type
2582+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2583+ types to ease future live vm migration.
2584+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2585+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2586+ for host-phys-bits=true (LP: 1776189)
2587+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2588+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2589+ convenience with all meltdown/spectre workarounds enabled by default.
2590+ (LP: 1761372).
2591+ - improved dependencies
2592+ - Make qemu-system-common depend on qemu-block-extra
2593+ - Make qemu-utils depend on qemu-block-extra
2594+ - let qemu-utils recommend sharutils
2595+ - s390x support
2596+ - Create qemu-system-s390x package
2597+ - Include s390-ccw.img firmware
2598+ - Enable numa support for s390x
2599+ - arch aware kvm wrappers
2600+ - update VCS-git (updated to match cosmic)
2601+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2602+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2603+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2604+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2605+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2606+ - d/rules enable install s390x-netboot.img
2607+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2608+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2609+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2610+ reference 256k path
2611+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2612+ handle incoming migrations from former releases.
2613+ - SECURITY UPDATE: Speculative Store Bypass
2614+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2615+ CPUID feature bit in target/i386/cpu.*.
2616+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2617+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2618+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2619+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2620+ target/i386/machine.c.
2621+ - CVE-2018-3639
2622+ * Added Changes:
2623+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2624+ - add cosmic types for base and -hpb
2625+ - drop no more supported types (zesty and yakkety)
2626+ - d/p/series: group machine type changes
2627+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2628+ merged upstream
2629+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2630+ computation while concatenating mbuf.
2631+ CVE-2018-11806
2632+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2633+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2634+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2635+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2636+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2637+ to POWER8
2638+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2639+ is no more needed with systemd-detect-virt being more mature and always
2640+ present.
2641+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2642+ - d/control-in: add libibumad-dev which is now needed for rdma
2643+ - d/rules: update s390x delta to match new Debian packaging
2644+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2645+ for powerpc64 to speed up translation (LP: #1781526)
2646+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2647+ cpu model for z14 ZR1 (LP: #1780773).
2648+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2649+ (Closes: 903562)
2650+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2651+ unreleased Debian version)
2652+ * Dropped Changes:
2653+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2654+ (No more removed when building DFSG orig tarball in Debian)
2655+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2656+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2657+ so we revert related changes to stick with the proven for now:
2658+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2659+ depends on it)
2660+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2661+ (Debian switched to gtk which seems to work better and has all
2662+ dependencies in main.)
2663+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2664+ - Changes that are now upstream with qemu 2.12
2665+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2666+ newer versions of glibc >=2.27 (LP: 1753826)
2667+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2668+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2669+ SSE/AVX/AVX512 cpu features (LP: 1739665)
2670+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2671+ space+commpage continuous which avoids long startup times on
2672+ qemu-user-static (LP: 1740219)
2673+ - provide pseries-2.12-sxxm type (LP: 1761372)
2674+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2675+ filesystem-dax with pmem by backporting align and unarmed options
2676+ (LP: 1704312).
2677+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2678+ option to slirp's DHCP server (LP: 1762315)
2679+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2680+ Protection information (LP: 1762854).
2681+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2682+ migration (LP: 1763468).
2683+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
2684+ CVE-2017-16845
2685+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
2686+ CVE-2018-7550
2687+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2688+ CVE-2018-7858
2689+
2690+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2691+
2692 qemu (1:2.12+dfsg-3) unstable; urgency=medium
2693
2694 * make qemu-system-foo depending
2695@@ -2126,6 +4665,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
2696
2697 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
2698
2699+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2700+
2701+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2702+ for host-phys-bits=true (LP: #1776189)
2703+ - add an info about this change in debian/qemu-system-x86.NEWS
2704+
2705+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2706+
2707+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2708+
2709+ * SECURITY UPDATE: Speculative Store Bypass
2710+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2711+ CPUID feature bit in target/i386/cpu.*.
2712+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2713+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2714+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2715+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2716+ target/i386/machine.c.
2717+ - CVE-2018-3639
2718+
2719+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2720+
2721+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2722+
2723+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
2724+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2725+ in post_load routine in hw/input/ps2.c.
2726+ - CVE-2017-16845
2727+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
2728+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2729+ zero in hw/i386/multiboot.c.
2730+ - CVE-2018-7550
2731+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2732+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2733+ hw/display/vga.c.
2734+ - CVE-2018-7858
2735+
2736+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2737+
2738+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2739+
2740+ * No-change rebuild for ncurses soname changes.
2741+
2742+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2743+
2744+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2745+
2746+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2747+ information (LP: #1762854).
2748+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2749+ (LP: #1763468).
2750+
2751+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2752+
2753+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2754+
2755+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2756+ The Kernel fixes are preferred and already committed to the kernel.
2757+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
2758+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2759+ SSE/AVX/AVX512 cpu features (LP: #1739665)
2760+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2761+ space+commpage continuous which avoids long startup times on
2762+ qemu-user-static (LP: #1740219)
2763+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2764+ convenience with all meltdown/spectre workarounds enabled by default.
2765+ This is not the default type following upstream and x86 on that.
2766+ (LP: #1761372).
2767+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2768+ with pmem by backporting align and unarmed options (LP: #1704312).
2769+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2770+ option to slirp's DHCP server (LP: #1762315)
2771+
2772+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2773+
2774+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2775+
2776+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2777+ accepted to be better long term maintainable (LP: #1753938)
2778+
2779+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2780+
2781+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2782+
2783+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2784+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2785+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2786+ versions of glibc >=2.27 (LP: #1753826)
2787+
2788+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2789+
2790+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2791+
2792+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2793+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2794+ Add domainname option and classless static routes support to the user
2795+ networking's DHCP server
2796+
2797+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2798+
2799+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2800+
2801+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2802+ - among other fixes this adds code to:
2803+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2804+ However, enabling this functionality requires additional configuration
2805+ beyond just updating QEMU. Also migrations need special consideration.
2806+ Details about that can be found at:
2807+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2808+ - Power9 allocation of max 8 threads per core (LP: #1750526)
2809+ * Drop changes that are part of the upstream stable release
2810+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2811+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2812+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2813+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2814+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2815+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2816+ common compat.h header and add some extra info in the patch header.
2817+
2818+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2819+
2820+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2821+
2822+ * Merge with Debian testing, among other fixes this includes
2823+ - fix fatal error on negative maxcpus (LP: #1722495)
2824+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2825+ - linux user threading issues (LP: #1350435)
2826+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2827+ Remaining changes:
2828+ - qemu-kvm to systemd unit
2829+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2830+ hugepages and architecture specifics
2831+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2832+ - d/qemu-system-common.install: install systemd unit and helper script
2833+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2834+ - d/qemu-system-common.qemu-kvm.default: defaults for
2835+ /etc/default/qemu-kvm
2836+ - d/rules: install /etc/default/qemu-kvm
2837+ - Enable nesting by default
2838+ - set nested=1 module option on intel. (is default on amd)
2839+ - re-load kvm_intel.ko if it was loaded without nested=1
2840+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2841+ in qemu64 cpu type.
2842+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2843+ in qemu64 on amd
2844+ - libvirt/qemu user/group support
2845+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2846+ trigger.
2847+ - qemu-system-common.preinst: add kvm group if needed
2848+ - Distribution specific machine type
2849+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2850+ types to ease future live vm migration.
2851+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2852+ - improved dependencies
2853+ - Make qemu-system-common depend on qemu-block-extra
2854+ - Make qemu-utils depend on qemu-block-extra
2855+ - let qemu-utils recommend sharutils
2856+ - s390x support
2857+ - Create qemu-system-s390x package
2858+ - Include s390-ccw.img firmware
2859+ - Enable numa support for s390x
2860+ - ppc64[le] support
2861+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2862+ - arch aware kvm wrappers
2863+ * Added Changes
2864+ - update VCS-git to match the bionic branch
2865+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2866+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2867+ so we revert related changes to stick with the proven for now:
2868+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2869+ depends on it)
2870+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2871+ - d/qemu-system-x86.README.Debian: document intention of nested being
2872+ default is comfort, not full support
2873+ - update Ubuntu machine types for qemu 2.11
2874+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2875+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2876+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2877+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2878+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2879+ - d/rules enable install s390x-netboot.img
2880+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2881+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
2882+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2883+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2884+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2885+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2886+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2887+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2888+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2889+ reference 256k path
2890+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2891+ handle incoming migrations from former releases.
2892+ - d/control-in: enable seccomp on s390x
2893+ * Dropped changes (no more needed):
2894+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2895+ The functionality is retained for upgraders, but is deprecated.
2896+ Post 18.04 the implementation for these configurations will be removed.
2897+ * Dropped changes (in Debian now):
2898+ - ppc64[le] support
2899+ - Enable seccomp for ppc64el
2900+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2901+ - disable missing x32 architecture
2902+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2903+ - d/qemu-system-common.docs: new paths since (ac06724a)
2904+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2905+ by qapi-schema.json which is already packaged (since 4d8bb958)
2906+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2907+ to Debian patch to match qemu 2.10)
2908+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2909+ since 8508eee7
2910+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2911+ - make nios2/hppa not installed explicitly until further stablized
2912+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2913+ qemu-ga-ref
2914+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2915+ along the qapi intro
2916+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2917+ dh_missing that are already provided in other formats qemu-doc,
2918+ qemu-qmp-ref,qemu-ga-ref
2919+ * Dropped changes (integrated upstream):
2920+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2921+ on arm64 when doing suspend/resume and reboots due to older kernels not
2922+ supporting ITS (LP 1731051).
2923+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2924+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2925+ calls (LP 1726394)
2926+ - update to upstream 2.10.1 point release (LP 1722808)
2927+
2928+
2929+
2930+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2931+
2932 qemu (1:2.11+dfsg-1) unstable; urgency=medium
2933
2934 [ Michael Tokarev ]
2935@@ -2240,6 +5012,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
2936
2937 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
2938
2939+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
2940+
2941+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2942+ on arm64 when doing suspend/resume and reboots due to older kernels not
2943+ supporting ITS (LP: #1731051).
2944+
2945+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
2946+
2947+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
2948+
2949+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2950+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2951+ calls (LP: #1726394)
2952+
2953+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
2954+
2955+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
2956+
2957+ * fix enablement of qemu-kvm service (LP: #1720397)
2958+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
2959+ - d/rules: add proper enablement debhelper calls
2960+ - d/qemu-system-common.install: install covered by dh_installinit
2961+
2962+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
2963+
2964+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
2965+
2966+ * update to upstream 2.10.1 point release (LP: #1722808)
2967+
2968+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
2969+
2970+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
2971+
2972+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
2973+ Remaining changes:
2974+ - qemu-kvm to systemd unit
2975+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2976+ hugepages and architecture specifics
2977+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2978+ - d/qemu-system-common.install: install systemd unit and helper script
2979+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2980+ - d/qemu-system-common.qemu-kvm.default: defaults for
2981+ /etc/default/qemu-kvm
2982+ - d/rules: install /etc/default/qemu-kvm
2983+ - Enable nesting by default
2984+ - set nested=1 module option on intel. (is default on amd)
2985+ - re-load kvm_intel.ko if it was loaded without nested=1
2986+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2987+ in qemu64 cpu type.
2988+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2989+ in qemu64 on amd
2990+ - libvirt/qemu user/group support
2991+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2992+ trigger.
2993+ - qemu-system-common.preinst: add kvm group if needed
2994+ - Distribution specific machine type
2995+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2996+ types to ease future live vm migration.
2997+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2998+ - improved dependencies
2999+ - Make qemu-system-common depend on qemu-block-extra
3000+ - Make qemu-utils depend on qemu-block-extra
3001+ - let qemu-utils recommend sharutils
3002+ - s390x support
3003+ - Create qemu-system-s390x package
3004+ - Include s390-ccw.img firmware
3005+ - Enable numa support for s390x
3006+ - ppc64[le] support
3007+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3008+ - Enable seccomp for ppc64el
3009+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
3010+ - arch aware kvm wrappers
3011+ - update VCS-git to match the Artful branch
3012+ - disable missing x32 architecture
3013+ - d/rules: or32 is now named or1k (since 4a09d0bb)
3014+ - d/qemu-system-common.docs: new paths since (ac06724a)
3015+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
3016+ by qapi-schema.json which is already packaged (since 4d8bb958)
3017+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
3018+ to Debian patch to match qemu 2.10)
3019+ - s390x package now builds correctly on all architectures (LP 1710695)
3020+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
3021+ since 8508eee7
3022+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
3023+ - make nios2/hppa not installed explicitly until further stablized
3024+ - d/qemu-guest-agent.install: add the new guest agent reference man page
3025+ qemu-ga-ref
3026+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
3027+ along the qapi intro
3028+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
3029+ dh_missing that are already provided in other formats qemu-doc,
3030+ qemu-qmp-ref,qemu-ga-ref
3031+
3032+
3033+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
3034+
3035+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
3036+
3037+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
3038+ Remaining changes:
3039+ - qemu-kvm to systemd unit
3040+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
3041+ hugepages and architecture specifics
3042+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
3043+ - d/qemu-system-common.install: install systemd unit and helper script
3044+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
3045+ - d/qemu-system-common.qemu-kvm.default: defaults for
3046+ /etc/default/qemu-kvm
3047+ - d/rules: install /etc/default/qemu-kvm
3048+ - Enable nesting by default
3049+ - set nested=1 module option on intel. (is default on amd)
3050+ - re-load kvm_intel.ko if it was loaded without nested=1
3051+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
3052+ in qemu64 cpu type.
3053+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
3054+ in qemu64 on amd
3055+ - libvirt/qemu user/group support
3056+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
3057+ trigger.
3058+ - qemu-system-common.preinst: add kvm group if needed
3059+ - Distribution specific machine type
3060+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3061+ types to ease future live vm migration.
3062+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
3063+ - improved dependencies
3064+ - Make qemu-system-common depend on qemu-block-extra
3065+ - Make qemu-utils depend on qemu-block-extra
3066+ - let qemu-utils recommend sharutils
3067+ - s390x support
3068+ - Create qemu-system-s390x package
3069+ - Include s390-ccw.img firmware
3070+ - Enable numa support for s390x
3071+ - ppc64[le] support
3072+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3073+ - Enable seccomp for ppc64el
3074+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
3075+ - arch aware kvm wrappers
3076+ - update VCS-git to match the Artful branch
3077+ - disable missing x32 architecture
3078+ - d/rules: or32 is now named or1k (since 4a09d0bb)
3079+ - d/qemu-system-common.docs: new paths since (ac06724a)
3080+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
3081+ by qapi-schema.json which is already packaged (since 4d8bb958)
3082+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
3083+ to Debian patch to match qemu 2.10)
3084+ - s390x package now builds correctly on all architectures (LP 1710695)
3085+ * Added changes:
3086+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
3087+ since 8508eee7
3088+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
3089+ - make nios2/hppa not installed explicitly until further stablized
3090+ - d/qemu-guest-agent.install: add the new guest agent reference man page
3091+ qemu-ga-ref
3092+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
3093+ along the qapi intro
3094+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
3095+ dh_missing that are already provided in other formats qemu-doc,
3096+ qemu-qmp-ref,qemu-ga-ref
3097+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
3098+ changes in 2.10-rc4
3099+
3100+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
3101+
3102+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
3103+
3104+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
3105+ a set of bugs
3106+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
3107+ - CPU hot unplug fails after migrating a CPU hotplugged guest
3108+ from source (LP: #1677552)
3109+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
3110+ - New KVM 288 Pass Through (LP: #1672447)
3111+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
3112+ * Remaining changes:
3113+ - qemu-kvm to systemd unit
3114+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
3115+ hugepages and architecture specifics
3116+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
3117+ - d/qemu-system-common.install: install systemd unit and helper script
3118+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
3119+ - d/qemu-system-common.qemu-kvm.default: defaults for
3120+ /etc/default/qemu-kvm
3121+ - d/rules: install /etc/default/qemu-kvm
3122+ - Enable nesting by default
3123+ - set nested=1 module option on intel. (is default on amd)
3124+ - re-load kvm_intel.ko if it was loaded without nested=1
3125+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
3126+ in qemu64 cpu type.
3127+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
3128+ in qemu64 on amd
3129+ - libvirt/qemu user/group support
3130+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
3131+ trigger.
3132+ - qemu-system-common.preinst: add kvm group if needed
3133+ - Distribution specific machine type
3134+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3135+ types to ease future live vm migration.
3136+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
3137+ - improved dependencies
3138+ - Make qemu-system-common depend on qemu-block-extra
3139+ - Make qemu-utils depend on qemu-block-extra
3140+ - let qemu-utils recommend sharutils
3141+ - s390x support
3142+ - Create qemu-system-s390x package
3143+ - Include s390-ccw.img firmware
3144+ - Enable numa support for s390x
3145+ - ppc64[le] support
3146+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3147+ - Enable seccomp for ppc64el
3148+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
3149+ - arch aware kvm wrappers
3150+ - disable missing x32 architecture
3151+ - update VCS links
3152+ * Added changes
3153+ - d/rules: or32 is now named or1k (since 4a09d0bb)
3154+ - d/qemu-system-common.docs: new paths since (ac06724a)
3155+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
3156+ by qapi-schema.json which is already packaged (since 4d8bb958)
3157+ - Updates in debian/patches to match qemu 2.10
3158+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
3159+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
3160+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
3161+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
3162+ - update VCS-git to match the Artful branch
3163+ - s390x package now builds correctly on all architectures (LP: #1710695)
3164+ * Dropped changes (integrated upstream):
3165+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3166+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
3167+ - All CVE fixes formerly applied are upstream and thereby dropped.
3168+
3169+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
3170+
3171 qemu (1:2.8+dfsg-7) unstable; urgency=medium
3172
3173 * uploading to unstable all fixes which went to stretch-security
3174@@ -2349,6 +5353,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
3175
3176 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
3177
3178+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
3179+
3180+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
3181+ This was inadvertently dropped on 2.8 merge.
3182+
3183+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
3184+
3185+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
3186+
3187+ * SECURITY UPDATE: denial of service via leak in virtFS
3188+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
3189+ hw/9pfs/9p.c.
3190+ - CVE-2017-7377
3191+ * SECURITY UPDATE: denial of service in cirrus_vga
3192+ - debian/patches/CVE-2017-7718.patch: check parameters in
3193+ hw/display/cirrus_vga_rop.h.
3194+ - CVE-2017-7718
3195+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
3196+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
3197+ hw/display/cirrus_vga.c.
3198+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
3199+ hw/display/cirrus_vga.c.
3200+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
3201+ in hw/display/cirrus_vga.c.
3202+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
3203+ hw/display/cirrus_vga.c.
3204+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
3205+ in hw/display/cirrus_vga.c.
3206+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
3207+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3208+ hw/display/cirrus_vga_rop2.h.
3209+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
3210+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3211+ hw/display/cirrus_vga_rop2.h.
3212+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
3213+ hw/display/cirrus_vga_rop.h.
3214+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
3215+ hw/display/cirrus_vga.c.
3216+ - CVE-2017-7980
3217+ * SECURITY UPDATE: denial of service via memory leak in virtFS
3218+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
3219+ - CVE-2017-8086
3220+ * SECURITY UPDATE: denial of service via leak in audio
3221+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
3222+ audio/audio.c.
3223+ - CVE-2017-8309
3224+ * SECURITY UPDATE: denial of service via leak in keyboard
3225+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
3226+ ui/input.c.
3227+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
3228+ ui/input.c.
3229+ - CVE-2017-8379
3230+
3231+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
3232+
3233+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
3234+
3235+ * SECURITY UPDATE: DoS in virtio GPU device
3236+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
3237+ max_size in hw/display/virtio-gpu-3d.c.
3238+ - CVE-2016-10028
3239+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
3240+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
3241+ in hw/dma/rc4030.c.
3242+ - CVE-2016-8667
3243+ * SECURITY UPDATE: host filesystem access via virtFS
3244+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
3245+ hw/9pfs/*.
3246+ - CVE-2016-9602
3247+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
3248+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
3249+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
3250+ ui/console.c, ui/vnc.c.
3251+ - CVE-2016-9603
3252+ * SECURITY UPDATE: information leak in virtio GPU device
3253+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
3254+ hw/display/virtio-gpu-3d.c.
3255+ - CVE-2016-9908
3256+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3257+ - debian/patches/CVE-2016-9912.patch: properly free memory in
3258+ hw/display/virtio-gpu.c.
3259+ - CVE-2016-9912
3260+ * SECURITY UPDATE: DoS via virtFS
3261+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
3262+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
3263+ - CVE-2016-9914
3264+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3265+ - debian/patches/CVE-2017-5552.patch: check return value in
3266+ hw/display/virtio-gpu-3d.c.
3267+ - CVE-2017-5552
3268+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3269+ - debian/patches/CVE-2017-5578.patch: check res->iov in
3270+ hw/display/virtio-gpu.c.
3271+ - CVE-2017-5578
3272+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
3273+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
3274+ handling in hw/sd/sdhci.c.
3275+ - CVE-2017-5987
3276+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
3277+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
3278+ hw/usb/hcd-ohci.c.
3279+ - CVE-2017-6505
3280+
3281+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
3282+
3283+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
3284+
3285+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3286+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
3287+
3288+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
3289+
3290+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
3291+
3292+ * Merge with Debian;
3293+ This fixes several CVEs that were reported against qemu 2.8 and also
3294+ includes a few important functional backports (LP: #1667033); remaining
3295+ changes:
3296+ - add qemu-kvm init script and defaults file
3297+ (d/qemu-system-common.qemu-kvm.*)
3298+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
3299+ modules and handling /etc/default/qemu-kvm
3300+ - qemu-system-common.preinst: add kvm group if needed
3301+ - Enable nesting by default on intel.
3302+ - set default module option
3303+ - re-load kvm_intel.ko if it was loaded without nested=1
3304+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3305+ default in qemu64 cpu type.
3306+ - Enable svm by default for qemu64 on amd
3307+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
3308+ define distro machine types to ease future live vm migration (includes
3309+ all former follow up fixes).
3310+ - Make qemu-system-common depend on qemu-block-extra
3311+ - Make qemu-utils depend on qemu-block-extra
3312+ - s390x support
3313+ - Create qemu-system-s390x package
3314+ - Include s390-ccw.img firmware
3315+ - qemu-system-common.postinst:
3316+ - change acl placed by udev, and add udevadm trigger.
3317+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3318+ - Several changes were applied but missing in the changelog so far
3319+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3320+ - arch aware kvm wrapper
3321+ - update VCS links
3322+ - let qemu-utils recommend sharutils
3323+ - disable x32 architecture
3324+ - Enable seccomp for ppc64el
3325+ - Enable numa support for s390x
3326+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3327+ init.d-script-missing-dependency-on-remote_fs
3328+ - d/qemu-system-common.postinst: fix lintian error type
3329+ command-with-path-in-maintainer-script
3330+ - Transition qemu-kvm to a systemd unit
3331+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3332+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3333+ that it shows up where the user expects (sytemctl status, kvm stdout)
3334+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3335+ - add arch aware kvm wrapper for s390x
3336+ * Dropped Changes (in Debian now):
3337+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3338+ - d/control-in: change dependencies for fix of wrong acl for newly
3339+ created device node on ubuntu
3340+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3341+ relationship, but qemu-efi is still in universe right now.
3342+ - Disable glusterfs (Universe dependency)
3343+ - no more skip disable libiscsi on Ubuntu
3344+ - d/rules, d/control-in: avoid people editing d/control
3345+ * Added Changes:
3346+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
3347+ power makes 2.3 the minimum level.
3348+
3349+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
3350+
3351 qemu (1:2.8+dfsg-3) unstable; urgency=high
3352
3353 * urgency high due to security fixes
3354@@ -2409,6 +5586,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
3355
3356 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
3357
3358+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
3359+
3360+ * Merge with Debian; remaining changes:
3361+ - add qemu-kvm init script and defaults file
3362+ (d/qemu-system-common.qemu-kvm.*)
3363+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
3364+ modules and handling /etc/default/qemu-kvm
3365+ - qemu-system-common.preinst: add kvm group if needed
3366+ - Enable nesting by default on intel.
3367+ - set default module option
3368+ - re-load kvm_intel.ko if it was loaded without nested=1
3369+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3370+ default in qemu64 cpu type.
3371+ - Enable svm by default for qemu64 on amd
3372+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3373+ types to ease future live vm migration.
3374+ - Make qemu-system-common depend on qemu-block-extra
3375+ - Make qemu-utils depend on qemu-block-extra
3376+ - s390x support
3377+ - Create qemu-system-s390x package
3378+ - Include s390-ccw.img firmware
3379+ - qemu-system-common.postinst:
3380+ - change acl placed by udev, and add udevadm trigger.
3381+ - d/control-in: change dependencies for fix of wrong acl for newly
3382+ created device node on ubuntu
3383+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3384+ relationship, but qemu-efi is still in universe right now.
3385+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3386+ - Several changes were applied but missing in the changelog so far
3387+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3388+ - arch aware kvm wrapper
3389+ - update VCS links
3390+ - no more skip disable libiscsi on Ubuntu
3391+ - let qemu-utils recommend sharutils
3392+ - disable x32 architecture
3393+ * Dropped Changes:
3394+ - Several changes were applied but missing in the changelog so far
3395+ but are no more needed
3396+ - no pie for relocatable LD calls, with toolchain defaulting to
3397+ pie (fixed upstream)
3398+ - enable libnuma-dev (now in Debian)
3399+ - transition for moved init scripts (can be dropped after LTS
3400+ containing >=2.5 which is Xenial)
3401+ - --enable-seccomp related whitespace change (had no effect)
3402+ - apport hook for qemu source package (In Debian)
3403+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
3404+ - d/qemu-system-x86.maintscript: transition off of
3405+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
3406+ - Enable pie by default, on ubuntu/s390x. (Is the default since
3407+ >=Xenial, no cloud archive backport <=Xenial to consider)
3408+ - no pie for relocatable LD calls (fixed upstream in commit
3409+ 7ecf44a5)
3410+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
3411+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3412+ (Improved fix included by upstream)
3413+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
3414+ - Fixed wrong migration blocker when vhost is used (is upstream in
3415+ qemu 2.8)
3416+ * Added Changes:
3417+ - d/rules, d/control-in: avoid people editing d/control by warning
3418+ header and non writable permissions
3419+ - fixed moving trusty machine type definition which made it
3420+ ambiguous (LP: #1641532)
3421+ - d/qemu-system-x86.NEWS describe the issue
3422+ - Enable seccomp for ppc64el (LP: #1644639)
3423+ - Enable numa support for s390x
3424+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3425+ init.d-script-missing-dependency-on-remote_fs
3426+ - d/qemu-system-common.postinst: fix lintian error type
3427+ command-with-path-in-maintainer-script
3428+ - Transition qemu-kvm to a systemd unit
3429+ - Disable glusterfs (Universe dependency)
3430+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3431+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3432+ that it shows up where the user expects (sytemctl status, kvm stdout)
3433+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3434+ - add arch aware kvm wrapper for s390x
3435+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3436+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
3437+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
3438+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
3439+
3440+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
3441+
3442 qemu (1:2.8+dfsg-2) unstable; urgency=medium
3443
3444 * Revert "update binfmt registration for mipsn32"
3445@@ -2527,6 +5788,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
3446
3447 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
3448
3449+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
3450+
3451+ * No-change rebuild to compile against new libxen version.
3452+
3453+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
3454+
3455+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
3456+
3457+ * retain older xenial machine type to avoid issues starting guests
3458+ created on xenial prior to the SRU for bug 1621042. In that regard the old
3459+ broken xenial machine type and the new fixed one have both to be considered
3460+ as valid LTS machine types (LP: #1626070).
3461+
3462+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
3463+
3464+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
3465+
3466+ * fix default ubuntu machine types. (LP: #1621042)
3467+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
3468+ - remove double default and double ubuntu alias
3469+ - drop former devel releases utopic, vivid, wily
3470+ - add xenial and yakkety machine types
3471+ - add q35 based ubuntu machine type starting at xenial
3472+ - add ubuntu machine types on ppc64el and s390x starting at xenial
3473+
3474+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
3475+
3476+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
3477+
3478+ * Enable GPU Passthru for ppc64le (LP: #1541902)
3479+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
3480+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
3481+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
3482+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
3483+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
3484+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
3485+ - 0007-spapr_iommu-Migrate-full-state.patch
3486+ - 0008-spapr_iommu-Add-root-memory-region.patch
3487+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
3488+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
3489+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
3490+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
3491+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
3492+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
3493+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
3494+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
3495+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
3496+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
3497+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
3498+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
3499+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
3500+
3501+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
3502+
3503+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
3504+
3505+ * New upstream release. LP: #1617055.
3506+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3507+
3508+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
3509+
3510 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3511
3512 * Non-maintainer upload.
3513@@ -2560,6 +5882,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3514
3515 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
3516
3517+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
3518+
3519+ * SECURITY UPDATE: DoS via unbounded memory allocation
3520+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
3521+ - CVE-2016-5403
3522+ * SECURITY UPDATE: oob write access while reading ESP command
3523+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
3524+ maximum CDB size and handle migration in hw/scsi/esp.c,
3525+ include/hw/scsi/esp.h, include/migration/vmstate.h.
3526+ - CVE-2016-6351
3527+ * SECURITY UPDATE: infinite loop in virtqueue_pop
3528+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
3529+ length in hw/virtio/virtio.c.
3530+ - CVE-2016-6490
3531+
3532+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
3533+
3534+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
3535+
3536+ * Merge with Debian; remaining changes:
3537+ - debian/rules: do not drop the init scripts loading kvm modules
3538+ (still needed in precise in cloud archive)
3539+ - qemu-system-common.postinst:
3540+ * remove acl placed by udev, and add udevadm trigger.
3541+ * reload kvm_intel if needed to set nested=1
3542+ - qemu-system-common.preinst: add kvm group if needed
3543+ - add qemu-kvm upstart job and defaults file (rules,
3544+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3545+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3546+ do not auto-load the kvm kernel module. Enable nesting by default
3547+ on intel.
3548+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3549+ in qemu64 cpu type.
3550+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3551+ types to ease future live vm migration.
3552+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3553+ d/qemu-system-common.install
3554+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3555+ to fix errors with missing block backends.
3556+ - s390x:
3557+ * Create qemu-system-s390x package
3558+ * Enable pie by default, on ubuntu/s390x.
3559+ * Enable svm by default for qemu64 on amd
3560+ * Include s390-ccw.img firmware
3561+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3562+ relationship, but qemu-efi is still in universe right now.
3563+
3564+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
3565+
3566 qemu (1:2.6+dfsg-3) unstable; urgency=high
3567
3568 * more security fixes picked from upstream:
3569@@ -2613,6 +5984,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
3570
3571 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
3572
3573+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
3574+
3575+ * Merge with Debian; remaining changes: (LP: #1583775)
3576+ - debian/rules: do not drop the init scripts loading kvm modules
3577+ (still needed in precise in cloud archive)
3578+ - qemu-system-common.postinst:
3579+ * remove acl placed by udev, and add udevadm trigger.
3580+ * reload kvm_intel if needed to set nested=1
3581+ - qemu-system-common.preinst: add kvm group if needed
3582+ - add qemu-kvm upstart job and defaults file (rules,
3583+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3584+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3585+ do not auto-load the kvm kernel module. Enable nesting by default
3586+ on intel.
3587+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3588+ in qemu64 cpu type.
3589+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3590+ types to ease future live vm migration.
3591+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3592+ d/qemu-system-common.install
3593+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3594+ to fix errors with missing block backends. (LP: #1495895)
3595+ - s390x:
3596+ * Create qemu-system-s390x package
3597+ * Enable pie by default, on ubuntu/s390x.
3598+ * Enable svm by default for qemu64 on amd
3599+ * Include s390-ccw.img firmware
3600+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3601+ relationship, but qemu-efi is still in universe right now.
3602+ * Drop patches which have been applied upstream:
3603+
3604+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3605+
3606 qemu (1:2.6+dfsg-1) unstable; urgency=medium
3607
3608 * new upstream release
3609@@ -2650,6 +6054,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
3610
3611 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
3612
3613+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3614+
3615+ * Cherrypick upstream patches to support the query-gic-version QMP command
3616+ (LP: #1566564)
3617+
3618+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3619+
3620+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3621+
3622+ [Stefan Bader]
3623+ * Enable svm by default for qemu64 on amd (LP: #1561019)
3624+
3625+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3626+
3627+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3628+
3629+ * qemu-system-s390x only available on s390x, so qemu-system should only
3630+ depend on it on this arch.
3631+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3632+ relationship, but qemu-efi is still in universe right now.
3633+
3634+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3635+
3636+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3637+
3638+ * And actually ship the right things in qemu-system-s390x.
3639+
3640+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3641+
3642+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3643+
3644+ * Create qemu-system-s390x package on ubuntu only.
3645+
3646+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3647+
3648+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3649+
3650+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3651+
3652+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3653+
3654+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3655+
3656+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3657+ (LP: #1556306)
3658+
3659+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3660+
3661+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3662+
3663+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3664+
3665+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3666+
3667+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3668+
3669+ * d/control{-in}: Re-generate and build with libiscsi-dev now
3670+ that its in Ubuntu main (LP: #1271653).
3671+
3672+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3673+
3674+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3675+
3676+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3677+
3678+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3679+
3680+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3681+
3682+ * No-change rebuild for gnutls transition.
3683+
3684+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3685+
3686+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3687+
3688+ * Merge with Debian; remaining changes:
3689+ - debian/rules: do not drop the init scripts loading kvm modules
3690+ (still needed in precise in cloud archive)
3691+ - qemu-system-common.postinst:
3692+ * remove acl placed by udev, and add udevadm trigger.
3693+ * reload kvm_intel if needed to set nested=1
3694+ - qemu-system-common.preinst: add kvm group if needed
3695+ - add qemu-kvm upstart job and defaults file (rules,
3696+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3697+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3698+ do not auto-load the kvm kernel module. Enable nesting by default
3699+ on intel.
3700+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3701+ in qemu64 cpu type.
3702+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3703+ types to ease future live vm migration.
3704+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3705+ d/qemu-system-common.install
3706+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3707+ to fix errors with missing block backends. (LP: #1495895)
3708+ - Enable pie by default, on ubuntu/s390x.
3709+ - Include s390-ccw.img firmware.
3710+
3711+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3712+
3713 qemu (1:2.5+dfsg-5) unstable; urgency=medium
3714
3715 * fix misspellings in previous debian/changelog entry
3716@@ -2707,6 +6211,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
3717
3718 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
3719
3720+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
3721+
3722+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
3723+ contents
3724+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
3725+ hw/block/xen_blkif.h.
3726+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
3727+ hw/display/xenfb.c.
3728+ - CVE-2015-8550
3729+ * SECURITY UPDATE: infinite loop in ehci_advance_state
3730+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
3731+ in hw/usb/hcd-ehci.c.
3732+ - CVE-2015-8558
3733+ * SECURITY UPDATE: host memory leakage in vmxnet3
3734+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
3735+ hw/net/vmxnet3.c.
3736+ - CVE-2015-8567
3737+ - CVE-2015-8568
3738+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
3739+ - debian/patches/CVE-2015-8613.patch: initialise info object with
3740+ appropriate size in hw/scsi/megasas.c.
3741+ - CVE-2015-8613
3742+ * SECURITY UPDATE: DoS via Human Monitor Interface
3743+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
3744+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
3745+ - CVE-2015-8619
3746+ * SECURITY UPDATE: incorrect array bounds check in rocker
3747+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
3748+ check in hw/net/rocker/rocker.c.
3749+ - CVE-2015-8701
3750+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
3751+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
3752+ operations in hw/net/ne2000.c.
3753+ - CVE-2015-8743
3754+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
3755+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
3756+ error in hw/ide/ahci.c.
3757+ - CVE-2016-1568
3758+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
3759+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
3760+ hw/i386/kvmvapic.c.
3761+ - CVE-2016-1922
3762+ * SECURITY UPDATE: e1000 infinite loop
3763+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
3764+ out-of-bounds transfer start in hw/net/e1000.c
3765+ - CVE-2016-1981
3766+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
3767+ engines
3768+ - debian/patches/CVE-2016-2197.patch: add check before calling
3769+ dma_memory_unmap in hw/ide/ahci.c.
3770+ - CVE-2016-2197
3771+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
3772+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
3773+ function in hw/usb/hcd-ehci.c.
3774+ - CVE-2016-2198
3775+
3776+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
3777+
3778+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
3779+
3780+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
3781+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
3782+
3783+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
3784+
3785+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
3786+
3787+ * Include s390-ccw.img firmware.
3788+
3789+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
3790+
3791+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
3792+
3793+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
3794+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
3795+ Thanks Simon. (LP: #1531191)
3796+
3797+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
3798+
3799+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
3800+
3801+ * Merge with Debian; remaining changes:
3802+ - debian/rules: do not drop the init scripts loading kvm modules
3803+ (still needed in precise in cloud archive)
3804+ - qemu-system-common.postinst:
3805+ * remove acl placed by udev, and add udevadm trigger.
3806+ * reload kvm_intel if needed to set nested=1
3807+ - qemu-system-common.preinst: add kvm group if needed
3808+ - add qemu-kvm upstart job and defaults file (rules,
3809+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3810+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3811+ do not auto-load the kvm kernel module. Enable nesting by default
3812+ on intel.
3813+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3814+ in qemu64 cpu type.
3815+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3816+ types to ease future live vm migration.
3817+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3818+ d/qemu-system-common.install
3819+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3820+ to fix errors with missing block backends. (LP: #1495895)
3821+ - Enable pie by default, on ubuntu/s390x.
3822+ * Drop vGICv3 support patches - all is now upstream
3823+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
3824+
3825+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
3826+
3827 qemu (1:2.5+dfsg-1) unstable; urgency=medium
3828
3829 * new upstream release
3830@@ -2733,6 +6344,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
3831
3832 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
3833
3834+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
3835+
3836+ * Enable pie by default, on ubuntu/s390x.
3837+
3838+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
3839+
3840+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
3841+
3842+ * undo the libseccomp delta from debian. libseccomp is indeed available
3843+ on other arches, but we need qemu's configure script to be fixed before
3844+ we can use it on anything other than amd64|i386. Fixes FTBFS.
3845+ (LP: #1522531)
3846+
3847+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
3848+
3849+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
3850+
3851+ * Merge with Debian; remaining changes:
3852+ - Update the ubuntu machine types patch to reflect upstream churn
3853+ - debian/rules: do not drop the init scripts loading kvm modules
3854+ (still needed in precise in cloud archive)
3855+ - qemu-system-common.postinst:
3856+ * remove acl placed by udev, and add udevadm trigger.
3857+ * reload kvm_intel if needed to set nested=1
3858+ - qemu-system-common.preinst: add kvm group if needed
3859+ - add qemu-kvm upstart job and defaults file (rules,
3860+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3861+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3862+ do not auto-load the kvm kernel module. Enable nesting by default
3863+ on intel.
3864+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3865+ in qemu64 cpu type.
3866+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3867+ machine type to ease future live vm migration.
3868+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3869+ d/qemu-system-common.install
3870+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3871+ to fix errors with missing block backends. (LP: #1495895)
3872+ - control-in: build with libseccomp an all architectures
3873+ - Add vGICv3 support
3874+
3875+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
3876+
3877 qemu (1:2.4+dfsg-5) unstable; urgency=medium
3878
3879 * trace-remove-malloc-tracing.patch from upstream.
3880@@ -2745,6 +6399,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
3881
3882 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
3883
3884+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
3885+
3886+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
3887+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
3888+ hw/net/pcnet.c.
3889+ - CVE-2015-7504
3890+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
3891+ - debian/patches/CVE-2015-7512.patch: check packet length in
3892+ hw/net/pcnet.c.
3893+ - CVE-2015-7512
3894+ * SECURITY UPDATE: infinite loop in eepro100
3895+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
3896+ hw/net/eepro100.c.
3897+ - CVE-2015-8345
3898+
3899+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
3900+
3901+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
3902+
3903+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
3904+
3905+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
3906+
3907+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
3908+
3909+ * Merge 2.4 from unstable. Remaining changes:
3910+ - Update the ubuntu machine types patch to reflect upstream churn
3911+ - debian/rules: do not drop the init scripts loading kvm modules
3912+ (still needed in precise in cloud archive)
3913+ - qemu-system-common.postinst:
3914+ * remove acl placed by udev, and add udevadm trigger.
3915+ * reload kvm_intel if needed to set nested=1
3916+ - qemu-system-common.preinst: add kvm group if needed
3917+ - add qemu-kvm upstart job and defaults file (rules,
3918+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3919+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3920+ do not auto-load the kvm kernel module. Enable nesting by default
3921+ on intel.
3922+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3923+ in qemu64 cpu type.
3924+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3925+ machine type to ease future live vm migration.
3926+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3927+ d/qemu-system-common.install
3928+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3929+ to fix errors with missing block backends. (LP: #1495895)
3930+ - control-in: build with libseccomp an all architectures.
3931+ * Add vGICv3 support
3932+
3933+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
3934+
3935 qemu (1:2.4+dfsg-4) unstable; urgency=medium
3936
3937 * applied 3 patches from upstream to fix virtio-net
3938@@ -2759,7 +6464,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
3939 fix for Heap overflow vulnerability in ne2000_receive() function
3940 (Closes: #799074 CVE-2015-5279)
3941 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
3942- (Closes: #799073 CVE-2015-5278)
3943+ (Closes: #799073 CVE-2015-5278)
3944 * some binfmt reorg:
3945 - extend aarch64 to include one more byte as other arches do
3946 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
3947@@ -2811,6 +6516,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
3948
3949 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
3950
3951+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
3952+
3953+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
3954+
3955+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
3956+
3957+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
3958+
3959+ * debian/patches/upstream-fix-irq-route-entries.patch
3960+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
3961+ (LP: #1465935)
3962+
3963+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
3964+
3965+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
3966+
3967+ * Build using libseccomp on all architectures.
3968+
3969+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
3970+
3971+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
3972+
3973+ * SECURITY UPDATE: denial of service via NE2000 driver
3974+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
3975+ hw/net/ne2000.c.
3976+ - CVE-2015-5278
3977+ * SECURITY UPDATE: denial of service and possible code execution via
3978+ heap overflow in NE2000 driver
3979+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
3980+ hw/net/ne2000.c.
3981+ - CVE-2015-5279
3982+ * SECURITY UPDATE: denial of service via e1000 infinite loop
3983+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
3984+ - CVE-2015-6815
3985+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
3986+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
3987+ hw/ide/core.c.
3988+ - CVE-2015-6855
3989+
3990+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
3991+
3992+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
3993+
3994+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
3995+ to fix errors with missing block backends. (LP: #1495895)
3996+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
3997+ * Apply fix for memory corruption during live-migration in tcg mode
3998+ (LP: #1493049)
3999+ * Apply tracing patch to remove use of custom vtable in newer glibc
4000+ (LP: #1491972)
4001+
4002+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
4003+
4004+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
4005+
4006+ * Import qcow2-handle-eagain-from-update_refcount from upstream
4007+ to fix errors when using qemu-img convert -c. (LP: #1491050)
4008+
4009+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
4010+
4011+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
4012+
4013+ * SECURITY UPDATE: process heap memory disclosure
4014+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
4015+ - CVE-2015-5165
4016+ * SECURITY UPDATE: privilege escalation via block device unplugging
4017+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
4018+ in hw/ide/piix.c.
4019+ - CVE-2015-5166
4020+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
4021+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
4022+ limits in ui/vnc.c.
4023+ - CVE-2015-5225
4024+ * SECURITY UPDATE: denial of service via virtio-serial
4025+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
4026+ for control messages in hw/char/virtio-serial-bus.c.
4027+ - CVE-2015-5745
4028+
4029+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
4030+
4031+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
4032+
4033+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
4034+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
4035+ - CVE-2015-3214
4036+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
4037+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
4038+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
4039+ - CVE-2015-5154
4040+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
4041+ - debian/patches/CVE-2015-5158.patch: check length in
4042+ hw/scsi/scsi-bus.c.
4043+ - CVE-2015-5158
4044+
4045+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
4046+
4047+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
4048+
4049+ * SECURITY UPDATE: heap overflow in PCNET controller
4050+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
4051+ - CVE-2015-3209
4052+
4053+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
4054+
4055+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
4056+
4057+ * Merge 1:2.3+dfsg-5 from Debian.
4058+ * Remaining changes:
4059+ - debian/rules: do not drop the init scripts loading kvm modules
4060+ (still needed in precise in cloud archive)
4061+ - qemu-system-common.postinst:
4062+ * remove acl placed by udev, and add udevadm trigger.
4063+ * reload kvm_intel if needed to set nested=1
4064+ - qemu-system-common.preinst: add kvm group if needed
4065+ - add qemu-kvm upstart job and defaults file (rules,
4066+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4067+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4068+ do not auto-load the kvm kernel module. Enable nesting by default
4069+ on intel.
4070+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4071+ in qemu64 cpu type.
4072+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4073+ machine type to ease future live vm migration.
4074+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4075+ d/qemu-system-common.install
4076+ * Refreshed patches:
4077+ - ubuntu/expose-vmx_qemu64cpu.patch
4078+ - ubuntu/define-ubuntu-machine-types.patch
4079+
4080+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
4081+
4082 qemu (1:2.3+dfsg-5) unstable; urgency=high
4083
4084 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
4085@@ -2822,6 +6658,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
4086
4087 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
4088
4089+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
4090+
4091+ * Merge 1:2.3+dfsg-4 from Debian.
4092+ * Remaining changes:
4093+ - debian/rules: do not drop the init scripts loading kvm modules
4094+ (still needed in precise in cloud archive)
4095+ - qemu-system-common.postinst:
4096+ * remove acl placed by udev, and add udevadm trigger.
4097+ * reload kvm_intel if needed to set nested=1
4098+ - qemu-system-common.preinst: add kvm group if needed
4099+ - add qemu-kvm upstart job and defaults file (rules,
4100+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4101+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4102+ do not auto-load the kvm kernel module. Enable nesting by default
4103+ on intel.
4104+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4105+ in qemu64 cpu type.
4106+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4107+ machine type to ease future live vm migration.
4108+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4109+ d/qemu-system-common.install
4110+ * Dropped all patches which are applied upstream
4111+ * Move the upstart jobs to a generic script
4112+ - add new qemu-kvm-init script
4113+ - call that from upstart and sysvrc qemu-kvm scripts
4114+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
4115+
4116+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
4117+
4118 qemu (1:2.3+dfsg-4) unstable; urgency=medium
4119
4120 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
4121@@ -2883,6 +6748,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
4122
4123 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
4124
4125+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
4126+
4127+ * SECURITY UPDATE: denial of service in vnc web
4128+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
4129+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
4130+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
4131+ websockets clients in ui/vnc-ws.c.
4132+ - CVE-2015-1779
4133+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
4134+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
4135+ bounds of the allocated buffer in hw/block/fdc.c.
4136+ - CVE-2015-3456
4137+
4138+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
4139+
4140+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
4141+
4142+ * CVE-2015-2756 / XSA-126
4143+ - xen: limit guest control of PCI command register
4144+
4145+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
4146+
4147+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
4148+
4149+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
4150+ accidentally create /1
4151+
4152+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
4153+
4154+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
4155+
4156+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
4157+
4158+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
4159+
4160+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
4161+
4162+ * No-change rebuild to pull in libxl-4.5.
4163+
4164+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
4165+
4166+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
4167+
4168+ * debian/control-in: enable numa on architectures where numa is built
4169+ (LP: #1417937)
4170+
4171+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
4172+
4173+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
4174+
4175+ [Scott Moser]
4176+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
4177+ profile when started by libvirt.
4178+
4179+ [Serge Hallyn]
4180+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
4181+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
4182+ (LP: #1419855)
4183+
4184+ [Chris J Arges]
4185+ * Determine if we are running inside a virtual environment. If running inside
4186+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
4187+
4188+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
4189+
4190+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
4191+
4192+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
4193+ - debian/rules: do not drop the init scripts loading kvm modules
4194+ (still needed in precise in cloud archive)
4195+ * Remaining changes:
4196+ - qemu-system-common.postinst:
4197+ * remove acl placed by udev, and add udevadm trigger.
4198+ * reload kvm_intel if needed to set nested=1
4199+ - qemu-system-common.preinst: add kvm group if needed
4200+ - add qemu-kvm upstart job and defaults file (rules,
4201+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4202+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4203+ do not auto-load the kvm kernel module. Enable nesting by default
4204+ on intel.
4205+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4206+ in qemu64 cpu type.
4207+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4208+ machine type to ease future live vm migration.
4209+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4210+ d/qemu-system-common.install
4211+ * Dropped all patches which are applied upstream
4212+ * Update ubuntu-vivid machine type to default to std graphics (following
4213+ upstream's lead for pc-i440fx-2.2 machine type)
4214+
4215+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
4216+
4217 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
4218
4219 * fix initscript removal once again
4220@@ -2932,6 +6889,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
4221
4222 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
4223
4224+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
4225+
4226+ * Cherrypick upstream patch needed to allow ESx hosts to run under
4227+ kvm (LP: #1411575)
4228+
4229+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
4230+
4231+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
4232+
4233+ * Merge 2.1+dfsg-11. Remaining changes:
4234+ - qemu-system-common.postinst:
4235+ * remove acl placed by udev, and add udevadm trigger.
4236+ * reload kvm_intel if needed to set nested=1
4237+ - qemu-system-common.preinst: add kvm group if needed
4238+ - add qemu-kvm upstart job and defaults file (rules,
4239+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4240+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4241+ do not auto-load the kvm kernel module. Enable nesting by default
4242+ on intel.
4243+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4244+ removed the alternatives bit later.
4245+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4246+ in qemu64 cpu type.
4247+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4248+ machine type to ease future live vm migration.
4249+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4250+ d/qemu-system-common.install
4251+ - debian/binfmt-update-in: support ppcle
4252+ * debian/binfmt-update-in
4253+ * Support-ppcle.patch
4254+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
4255+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4256+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4257+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4258+ * Dropped patches (upstream or now in debian's tree):
4259+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
4260+ - CVE-2014-7840.patch
4261+ - CVE-2014-8106.patch
4262+
4263+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
4264+
4265 qemu (1:2.1+dfsg-11) unstable; urgency=medium
4266
4267 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
4268@@ -3001,6 +6999,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
4269
4270 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
4271
4272+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
4273+
4274+ * SECURITY UPDATE: code execution via savevm data
4275+ - debian/patches/CVE-2014-7840.patch: validate parameters in
4276+ arch_init.c.
4277+ - CVE-2014-7840
4278+ * SECURITY UPDATE: code execution via cirrus vga blit regions
4279+ (LP: #1400775)
4280+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
4281+ hw/display/cirrus_vga.c.
4282+ - CVE-2014-8106
4283+
4284+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
4285+
4286+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
4287+
4288+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
4289+ dropped and VENDOR now will be all capital UBUNTU).
4290+
4291+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
4292+
4293+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
4294+
4295+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4296+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4297+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4298+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
4299+ SPSel=0 in certain conditions. (LP: #1349277)
4300+
4301+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
4302+
4303+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
4304+
4305+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
4306+ Cherry-pick of qemu-upstream patch to fix issues with persistent
4307+ grants and the PV backend (Qdisk) (LP: #1394327).
4308+
4309+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
4310+
4311+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
4312+
4313+ * Merge 2.1+dfsg-7. Remaining changes:
4314+ - qemu-system-common.postinst:
4315+ * remove acl placed by udev, and add udevadm trigger.
4316+ * reload kvm_intel if needed to set nested=1
4317+ - qemu-system-common.preinst: add kvm group if needed
4318+ - add qemu-kvm upstart job and defaults file (rules,
4319+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4320+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4321+ do not auto-load the kvm kernel module. Enable nesting by default
4322+ on intel.
4323+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4324+ removed the alternatives bit later.
4325+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4326+ in qemu64 cpu type.
4327+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4328+ machine type to ease future live vm migration.
4329+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4330+ d/qemu-system-common.install
4331+ - debian/binfmt-update-in: support ppcle
4332+ * debian/binfmt-update-in
4333+ * Support-ppcle.patch
4334+ * Dropped patches (upstream or now in debian's tree):
4335+ - pc-reserve-more-memory-for-acpi.patch
4336+ - CVE-2014-5388.patch
4337+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
4338+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
4339+ in debian)
4340+ - CVE-2014-3615.patch
4341+ - CVE-2014-3640.patch
4342+ - CVE-2014-3689.patch
4343+ - CVE-2014-7815.patch
4344+
4345+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
4346+
4347 qemu (2.1+dfsg-7) unstable; urgency=high
4348
4349 * urgency is high due to 2 security fixes
4350@@ -3052,6 +7125,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
4351
4352 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
4353
4354+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
4355+
4356+ * SECURITY UPDATE: information disclosure via vga driver
4357+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
4358+ sanity check register writes, and don't use fixed buffer sizes in
4359+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
4360+ ui/spice-display.c.
4361+ - CVE-2014-3615
4362+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
4363+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
4364+ stub in slirp/udp.c.
4365+ - CVE-2014-3640
4366+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
4367+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
4368+ hw/display/vmware_vga.c.
4369+ - CVE-2014-3689
4370+ * SECURITY UPDATE: denial of service via VNC console
4371+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
4372+ ui/vnc.c.
4373+ - CVE-2014-7815
4374+
4375+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
4376+
4377+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
4378+
4379+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
4380+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
4381+
4382+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
4383+
4384+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
4385+
4386+ * Apply two patches to fix intermittent qemu-img corruption
4387+ (LP: #1368815)
4388+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
4389+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
4390+
4391+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
4392+
4393+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
4394+
4395+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
4396+ debian does.
4397+
4398+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
4399+
4400+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
4401+
4402+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
4403+ versa.
4404+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
4405+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
4406+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
4407+ machine type for that.
4408+
4409+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
4410+
4411+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
4412+
4413+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
4414+ container. (LP: #1370199)
4415+ * load kvm module on ppc64le at boot (LP: #1369785)
4416+ - debian/rules: install qemu-kvm on ppc64el
4417+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
4418+ kvm-hv module if available
4419+ * qemu-system-x86.maintscript: remove accidentally installed
4420+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
4421+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
4422+ ubuntu.
4423+
4424+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
4425+
4426+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
4427+
4428+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
4429+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
4430+
4431+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
4432+
4433+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
4434+
4435+ * move kvm_intel nested setting to qemu-system-x86.postinst.
4436+
4437+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
4438+
4439+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
4440+
4441+ * Merge new debian release
4442+ * Remaining changes:
4443+ - qemu-system-common.postinst:
4444+ * remove acl placed by udev, and add udevadm trigger.
4445+ * reload kvm_intel if needed to set nested=1
4446+ - qemu-system-common.preinst: add kvm group if needed
4447+ - add qemu-kvm upstart job and defaults file (rules,
4448+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4449+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4450+ do not auto-load the kvm kernel module. Enable nesting by default
4451+ on intel.
4452+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4453+ removed the alternatives bit later.
4454+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4455+ in qemu64 cpu type.
4456+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4457+ machine type to ease future live vm migration.
4458+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4459+ d/qemu-system-common.install
4460+ - debian/binfmt-update-in: support ppcle
4461+ * debian/binfmt-update-in
4462+ * Support-ppcle.patch
4463+ - d/p/CVE-2014-5388.patch
4464+
4465+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
4466+
4467 qemu (2.1+dfsg-4) unstable; urgency=medium
4468
4469 * mention libnuma-dev but not enable for now
4470@@ -3069,6 +7255,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
4471
4472 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
4473
4474+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
4475+
4476+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
4477+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
4478+ - CVE-2014-5388
4479+
4480+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
4481+
4482+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
4483+
4484+ * replace d/p/revert-acpi-table-size-bump with
4485+ pc-reserve-more-memory-for-acpi.patch from upstream
4486+ * debian/binfmt-update-in
4487+ - don't run in a container
4488+ - add ppc64le as target (LP: #1358268)
4489+ * Add experimental ppcle support (LP: #1358268)
4490+
4491+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
4492+
4493+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
4494+
4495+ * revert-acpi-table-size-bump - get qemu -kernel working again.
4496+
4497+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
4498+
4499+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
4500+
4501+ * Merge new debian release
4502+ * Remaining changes:
4503+ - control-in: stick to libsdl1.2-dev.
4504+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4505+ qemu-bridge-helper
4506+ - qemu-system-common.postinst: remove acl placed by udev,
4507+ and add udevadm trigger.
4508+ - qemu-system-common.preinst: add kvm group if needed
4509+ - add qemu-kvm upstart job and defaults file (rules,
4510+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4511+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4512+ do not auto-load the kvm kernel module. Enable nesting by default
4513+ on intel.
4514+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4515+ removed the alternatives bit later.
4516+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4517+ in qemu64 cpu type.
4518+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4519+ machine type to ease future live vm migration.
4520+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4521+ d/qemu-system-common.install
4522+ * Upstart job: use getent group to check for kvm group
4523+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
4524+
4525+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
4526+
4527 qemu (2.1+dfsg-3) unstable; urgency=medium
4528
4529 * set SHELL = /bin/sh -e, so that more complex shell constructs
4530@@ -3095,6 +7334,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
4531
4532 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
4533
4534+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
4535+
4536+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
4537+
4538+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
4539+
4540+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
4541+
4542+ * Merge new debian release
4543+ * Remaining changes:
4544+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4545+ have in ipxe-qemu package.
4546+ - control-in: stick to libsdl1.2-dev.
4547+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4548+ qemu-bridge-helper
4549+ - qemu-system-common.postinst: remove acl placed by udev,
4550+ and add udevadm trigger.
4551+ - qemu-system-common.preinst: add kvm group if needed
4552+ - add qemu-kvm upstart job and defaults file (rules,
4553+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4554+ - debian/rules: add qemu-kvm-spice
4555+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4556+ do not auto-load the kvm kernel module. Enable nesting by default
4557+ on intel.
4558+ - binfmt-update-in: make sure to filter out compat arches.
4559+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4560+ removed the alternatives bit later.
4561+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4562+ in qemu64 cpu type.
4563+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4564+ machine type to ease future live vm migration.
4565+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4566+ d/qemu-system-common.install
4567+
4568+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
4569+
4570 qemu (2.1+dfsg-2) unstable; urgency=medium
4571
4572 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
4573@@ -3129,7 +7404,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
4574
4575 qemu (2.0.0+dfsg-7) unstable; urgency=medium
4576
4577- * clarify description of qemu-user-binfmt a bit
4578+ * clarify description of qemu-user-binfmt a bit
4579 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
4580 * remove qemu-keymaps package, since it is not used by other tools
4581 anymore, and ship keymaps in qemu-system-common.
4582@@ -3146,6 +7421,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
4583
4584 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
4585
4586+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
4587+
4588+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
4589+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
4590+
4591+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
4592+
4593+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
4594+
4595+ * Merge 2.0.0+dfsg-6. Remaining changes:
4596+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4597+ have in ipxe-qemu package.
4598+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
4599+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4600+ qemu-bridge-helper
4601+ - qemu-system-common.postinst: remove acl placed by udev,
4602+ and add udevadm trigger.
4603+ - qemu-system-common.preinst: add kvm group if needed
4604+ - add qemu-kvm upstart job and defaults file (rules,
4605+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4606+ - debian/rules: add qemu-kvm-spice
4607+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4608+ do not auto-load the kvm kernel module. Enable nesting by default
4609+ on intel.
4610+ - binfmt-update-in: make sure to filter out compat arches.
4611+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4612+ removed the alternatives bit later.
4613+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4614+ in qemu64 cpu type.
4615+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4616+ machine type to ease future live vm migration.
4617+ - re-introduce apport hook for qemu source package:
4618+ d/source_qemu-kvm.py, d/qemu-system-common.install
4619+ * enable-build-dep on libjpeg8-dev - which is now in main
4620+
4621+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
4622+
4623 qemu (2.0.0+dfsg-6) unstable; urgency=medium
4624
4625 * build-depend on libgnutls28-dev not libgnutls-dev
4626@@ -3189,6 +7501,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
4627
4628 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
4629
4630+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
4631+
4632+ * remove alternatives for qemu: different architectures
4633+ aren't really alternatives and never had been (LP: #1316829)
4634+
4635+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
4636+
4637+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
4638+
4639+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
4640+ * debian/control: drop the versioning requirement from libfdt-dev
4641+ build-dependency, as it is longer needed (LP: #1295072)
4642+
4643+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
4644+
4645+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
4646+
4647+ * Merge 2.0.0+dfsg-2
4648+ * Incorporates a fix for spice users (LP: #1309452)
4649+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
4650+ the regression requiring it was reverted for 2.0 upstream.
4651+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
4652+ * debian/qemu-debootstrap: add arm64
4653+ * Remaining changes from debian:
4654+ - keep qemu 'alternative' (not something to change in SRU)
4655+ - debian/control and debian/control-in:
4656+ * versioned libfdt-dev check, until libfdt is fixed in precise
4657+ * enable rbd
4658+ * remove ovmf Recommends, as it is in multiverse
4659+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
4660+ * add a qemu-system-aarch64 metapackage for transitions from trusty
4661+ development version. This can be removed after trusty.
4662+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4663+ qemu-bridge-helper
4664+ - qemu-system-common.postinst: fix /dev/kvm acls
4665+ - qemu-system-common.preinst: add kvm group if needed
4666+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4667+ have in ipxe-qemu package.
4668+ - qemu-system-x86.modprobe: set module options for older releases
4669+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
4670+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
4671+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
4672+ - debian/rules
4673+ * add legacy kvm-spice link
4674+ * fix ppc and arm slections
4675+ * add aarch64 to user_targets
4676+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
4677+ pc-i440fx-trusty machine type as the default.
4678+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
4679+ default in qemu64 cpu time.
4680+
4681+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
4682+
4683 qemu (2.0.0+dfsg-2) unstable; urgency=medium
4684
4685 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
4686@@ -3214,7 +7579,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
4687 * kmod dependency is linux-any
4688 * doc-grammify-allows-to.patch: fix some lintian warnings
4689 * remove alternatives for qemu: different architectures
4690- aren't really alternatives and never had been
4691+ aren't really alternatives and never had been
4692 * update Standards-Version to 3.9.5 (no changes needed)
4693 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
4694 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
4695@@ -3248,6 +7613,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
4696
4697 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
4698
4699+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
4700+
4701+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
4702+ don't abort() just because the kernel has no dirty bitmap.
4703+ (LP: #1303926)
4704+
4705+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
4706+
4707+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
4708+
4709+ * define-trusty-machine-type.patch: update the trusty machine type name to
4710+ pc-i440fx-trusty (LP: #1304107)
4711+
4712+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
4713+
4714+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
4715+
4716+ * Merge 2.0.0-rc1
4717+ * debian/rules: consolidate ppc filter entries.
4718+ * Move qemu-system-arch64 into qemu-system-arm
4719+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
4720+ type, currently the same as pc-i440fx-2.0, to put is in a better position
4721+ to enable live migrations from trusty onward. (LP: #1294823)
4722+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
4723+ * Merge latest upstream git to commit dc9528f
4724+ * Debian/rules:
4725+ - remove -enable-uname-release=2.6.32
4726+ - don't make the aarch64 target Ubuntu-specific.
4727+ * Remove patches which are now upstream:
4728+ - fix-smb-security-share.patch
4729+ - slirp-smb-redirect-port-445-too.patch
4730+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
4731+ - signal-added-a-wrapper-for-sigprocmask-function.patch
4732+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4733+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4734+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
4735+ * add link for /usr/share/qemu/bios-256k.bin
4736+ * Remove all linaro patches.
4737+ * Remove all arm64/ patches. Many but not all are upstream.
4738+ * Remove CVE-2013-4377.patch which is upstream.
4739+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
4740+
4741+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
4742+
4743 qemu (1.7.0+dfsg-9) unstable; urgency=medium
4744
4745 * remove rbd/rados/ceph support *again*, till they'll actually provide
4746@@ -3312,6 +7721,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
4747
4748 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
4749
4750+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
4751+
4752+ * No-change rebuild to build with libxen-4.4.
4753+
4754+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
4755+
4756+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
4757+
4758+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
4759+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
4760+
4761+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
4762+
4763+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
4764+
4765+ [ dann frazier ]
4766+ * Add patches from the susematz tree to avoid intermittent segfaults:
4767+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
4768+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4769+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4770+
4771+ [ Serge Hallyn ]
4772+ * Modify do_sigprocmask to only change behavior for aarch64.
4773+ (LP: #1285363)
4774+
4775+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
4776+
4777+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
4778+
4779+ [ Steve Langasek ]
4780+ * Merge debian/control with unreleased Debian branch: our architecture
4781+ lists should now be in sync.
4782+
4783+ [ Dann Frazier ]
4784+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
4785+ on arm64 and maybe others. (LP: #1284344)
4786+
4787+ [ Serge Hallyn ]
4788+ * Move the OVMF.fd link to the ovmf package.
4789+
4790+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
4791+
4792+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
4793+
4794+ * Add ppc64el to the architecture list (supposedly added in the previous
4795+ upload, but really wasn't).
4796+
4797+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
4798+
4799+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
4800+
4801+ * Backport changes to enable qemu-user-static support for aarch64
4802+ * debian/control: add ppc64el to Architectures
4803+ * debian/rules: only install qemu-system-aarch64 on arm64.
4804+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
4805+ debian/qemu-system-aarch64 directory
4806+
4807+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
4808+
4809+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
4810+
4811+ * Fix broken filter_binfmts
4812+ * Remove use of dpkg-version in postinsts, as we're not Depending on
4813+ dpkg-dev.
4814+
4815+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
4816+
4817+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
4818+
4819+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
4820+ - debian/patches/ubuntu:
4821+ * expose-vmx_qemu64cpu.patch
4822+ * linaro (omap3) and arm64 patches
4823+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
4824+ on ppc
4825+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
4826+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
4827+ - debian/control:
4828+ * add arm64 to Architectures
4829+ * add qemu-common and qemu-system-aarch64 packages
4830+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
4831+ - debian/qemu-system-common.preinst: add kvm group
4832+ - debian/qemu-system-common.postinst: remove acl placed by udev,
4833+ and add udevadm trigger.
4834+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
4835+ pxe-e1000 and pxe-rtl8139.
4836+ - add qemu-system-x86.qemu-kvm.upstart and .default
4837+ - qemu-user-static.postinst-in: remove arm64 binfmt
4838+ - debian/rules:
4839+ * allow parallel build
4840+ * add aarch64 to system_targets and sys_systems
4841+ * add qemu-kvm-spice links
4842+ * install qemu-system-x86.modprobe
4843+ - add debian/qemu-system-common.links for OVMF.fd link
4844+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
4845+
4846+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
4847+
4848 qemu (1.7.0+dfsg-3) unstable; urgency=low
4849
4850 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
4851@@ -3337,6 +7844,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
4852
4853 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
4854
4855+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
4856+
4857+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
4858+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
4859+
4860+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
4861+
4862+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
4863+
4864+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
4865+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
4866+ virtio device unplugging.
4867+ - CVE-2013-4377
4868+
4869+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
4870+
4871+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
4872+
4873+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
4874+ powerpc.
4875+
4876+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
4877+
4878+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
4879+
4880+ [ Serge Hallyn ]
4881+ * add arm64 patchset from upstream. The three arm virt patches previously
4882+ pushed are in that set, so drop them.
4883+
4884+ [ dann frazier ]
4885+ * Add packaging for qemu-system-aarch64. This package is currently only
4886+ available for arm64, as full software emulation is not yet supported.
4887+
4888+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
4889+
4890+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
4891+
4892+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
4893+ supported any longer.
4894+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
4895+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
4896+ churn caused by linaro patchset.
4897+ * debian/rules: enable parallel builds.
4898+
4899+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
4900+
4901+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
4902+
4903+ * d/control: enable usbredir (LP: 1126390)
4904+
4905+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
4906+
4907+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
4908+
4909+ * add missing arm virt patches from the mach-virt-v7 branch of
4910+ git://git.linaro.org/people/cdall/qemu-arm.git
4911+
4912+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
4913+
4914+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
4915+
4916+ * debian/control: add arm64 to list of architectures.
4917+
4918+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
4919+
4920+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
4921+
4922+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
4923+ - debian/control
4924+ * update maintainer
4925+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4926+ from build-deps
4927+ * enable rbd
4928+ * add qemu-system and qemu-common B/R to qemu-keymaps
4929+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4930+ qemu-system-common
4931+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4932+ - add qemu-common, qemu-kvm, kvm to B/R
4933+ - remove openbios-sparc from qemu-system-sparc D
4934+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4935+ * qemu-system-x86:
4936+ - add qemu-common to Breaks/Replaces.
4937+ - add cpu-checker to Recommends.
4938+ * qemu-user: add B/R:qemu-kvm
4939+ * qemu-kvm:
4940+ - add armhf armel powerpc sparc to Architecture
4941+ - C/R/P: qemu-kvm-spice
4942+ * add qemu-common package
4943+ * drop qemu-slof which is not packaged in ubuntu
4944+ - add qemu-system-common.links for tap ifup/down scripts and OVMF link.
4945+ - qemu-system-x86.links:
4946+ * remove pxe rom links which are in kvm-ipxe
4947+ - debian/rules
4948+ * add kvm-spice symlink to qemu-kvm
4949+ * call dh_installmodules for qemu-system-x86
4950+ * update dh_installinit to install upstart script
4951+ * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
4952+ - Add qemu-utils.links for kvm-* symlinks.
4953+ - Add qemu-system-x86.qemu-kvm.upstart and .default
4954+ - Add qemu-system-x86.modprobe to set nesting=1
4955+ - Add qemu-system-common.preinst to add kvm group
4956+ - qemu-system-common.postinst: remove bad group acl if there, then have
4957+ udev relabel /dev/kvm.
4958+ - New linaro patches from qemu-linaro rebasing branch
4959+ - Dropped patches:
4960+ * linaro patchset
4961+ * mach-virt patchset
4962+ - Kept patches:
4963+ * expose_vms_qemu64cpu.patch
4964+ * fix-pci-add
4965+ * qemu-system-common.install: add debian/tmp/usr/lib to install the
4966+ qemu-bridge-helper
4967+
4968+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 07 Dec 2013 06:08:11 +0000
4969+
4970 qemu (1.7.0+dfsg-2) unstable; urgency=low
4971
4972 * switch from vgabios to seavgabios
4973@@ -3366,6 +7988,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low
4974
4975 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Nov 2013 03:14:21 +0400
4976
4977+qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
4978+
4979+ * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
4980+ to prevent lts-to-lts updates from breaking. (LP: #1243403)
4981+
4982+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:31:05 -0500
4983+
4984+qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
4985+
4986+ * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
4987+ - debian/control
4988+ * update maintainer
4989+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4990+ from build-deps
4991+ * enable rbd
4992+ * add qemu-system and qemu-common B/R to qemu-keymaps
4993+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4994+ qemu-system-common
4995+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4996+ - add qemu-kvm to Provides
4997+ - add qemu-common, qemu-kvm, kvm to B/R
4998+ - remove openbios-sparc from qemu-system-sparc D
4999+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
5000+ * qemu-system-x86:
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches