Ubuntu
qemu package

Merge ~sergiodj/ubuntu/+source/qemu:merge-8.2.1-ds-1-noble into ubuntu/+source/qemu:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/qemu
  3. merge-8.2.1-ds-1-noble
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 987be248691a9e3b0c9c7d06c996bd81a0439509
Proposed branch: ~sergiodj/ubuntu/+source/qemu:merge-8.2.1-ds-1-noble
Merge into: ubuntu/+source/qemu:debian/sid
Diff against target: 7377 lines (+6725/-13)
14 files modified
debian/changelog (+5260/-3)
debian/control (+79/-7)
debian/control-in (+28/-0)
debian/patches/series (+6/-0)
debian/patches/ubuntu/define-ubuntu-machine-types.patch (+1005/-0)
debian/patches/ubuntu/enable-svm-by-default.patch (+34/-0)
debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch (+64/-0)
debian/patches/ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch (+44/-0)
debian/qemu-block-extra.postinst (+59/-0)
debian/qemu-kvm-init (+89/-0)
debian/qemu-system-common.install (+1/-0)
debian/qemu-system-common.qemu-kvm.default (+8/-0)
debian/qemu-system-common.qemu-kvm.service (+16/-0)
debian/rules (+32/-3)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+460095@code.launchpad.net

Description of the change

This is the merge of qemu 8.2.1 from Debian unstable.

Pretty trivial merge; nothing noteworthy to mention here. A bunch of patches have been dropped from the Debian package, which is great.

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/qemu

dep8 tests are pending. Unfortunately qemu-migration-test results are not going to be reliable because of the current libvirt regression on Noble.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

My upload of https://launchpad.net/ubuntu/+source/qemu/1:8.2.0+ds-4ubuntu2 is in noble-proposed already, but not yet imported into git-ubuntu. You will have to rebase once that happens. Please let me know if my new delta is getting in the way of the merge :)

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-qemu/?format=plain)
  qemu @ amd64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-qemu/noble/amd64/q/qemu/20240206_205955_2b303@/log.gz
    06.02.24 20:59:55 ✅ Triggers: qemu/1:8.2.1+ds-1ubuntu1~ppa1
  qemu @ arm64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-qemu/noble/arm64/q/qemu/20240206_210446_53198@/log.gz
    06.02.24 21:04:46 ✅ Triggers: qemu/1:8.2.1+ds-1ubuntu1~ppa1
  qemu @ armhf:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-qemu/noble/armhf/q/qemu/20240206_212750_53198@/log.gz
    06.02.24 21:27:50 ✅ Triggers: qemu/1:8.2.1+ds-1ubuntu1~ppa1
  qemu @ ppc64el:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-qemu/noble/ppc64el/q/qemu/20240206_211304_53198@/log.gz
    06.02.24 21:13:04 ✅ Triggers: qemu/1:8.2.1+ds-1ubuntu1~ppa1
  qemu @ s390x:
    http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-qemu/noble/s390x/q/qemu/20240206_205857_2b303@/log.gz
    06.02.24 20:58:57 ✅ Triggers: qemu/1:8.2.1+ds-1ubuntu1~ppa1

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the heads up, Andreas.

I'll rebase the merge later and incorporate your upload.

~sergiodj/ubuntu/+source/qemu:merge-8.2.1-ds-1-noble updated
cea83b7... by Sergio Durigan Junior

merge-changelogs

d418e86... by Sergio Durigan Junior

reconstruct-changelog

987be24... by Sergio Durigan Junior

update-maintainer

d84c3b1... by Sergio Durigan Junior

Regenerate d/control

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I rebased everything on top of Andreas' last upload. This should be good to be reviewed now.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Reminder for myself: use dpkg-buildpackage -v when generating the source changes.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1, I inspected range-diff, all context changes. Changes from debian are also ok. I saw this bit in debian, though:

--- a/debian/rules
+++ b/debian/rules
@@ -275,9 +275,7 @@ endif # x86
                 debian/source_qemu.py
 endif # ubuntu

-# for --enable-module-upgrades to work in more environments
- install -D -m 0644 debian/run-qemu.mount debian/qemu-block-extra/lib/systemd/system/run-qemu.mount
-
+# for --enable-module-upgrades to work (also see run-qemu.mount install)
 # save block-extra loadable modules on upgrades
 # other module types for now (5.0) can't be loaded at runtime, only at startup
 # the maintscript fragments include version string so we have to generate them
@@ -498,7 +496,7 @@ install-arch: pre-install-arch $(addprefix install-, ${qemu-builds})
        dh_installudev -pqemu-guest-agent
 # default-enable /run/qemu mount only on ubuntu,
 # on debian let it be manually controlled and off by default
- dh_installsystemd -pqemu-block-extra --no-restart-on-upgrade --name=run-qemu.mount \
+ dh_installsystemd -pqemu-block-extra --no-restart-on-upgrade --name=run-qemu \
                $(if $(filter ${VENDOR},DEBIAN),--no-start --no-enable,)
        dh_lintian -a
        dh_strip_nondeterminism -a

and wonder if that will have any effect on my run-qemu changes, but I think not. I'll check it out after this is uploaded.

I didn´t find any upstream release notes for 8.2.1, either in the upstream website, or in the tarball, but ok.

+1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Wednesday, February 07 2024, Andreas Hasenack wrote:

> Review: Approve
>
> +1, I inspected range-diff, all context changes. Changes from debian are also ok. I saw this bit in debian, though:
>
> --- a/debian/rules
> +++ b/debian/rules
> @@ -275,9 +275,7 @@ endif # x86
> debian/source_qemu.py
> endif # ubuntu
>
> -# for --enable-module-upgrades to work in more environments
> - install -D -m 0644 debian/run-qemu.mount debian/qemu-block-extra/lib/systemd/system/run-qemu.mount
> -
> +# for --enable-module-upgrades to work (also see run-qemu.mount install)
> # save block-extra loadable modules on upgrades
> # other module types for now (5.0) can't be loaded at runtime, only at startup
> # the maintscript fragments include version string so we have to generate them
> @@ -498,7 +496,7 @@ install-arch: pre-install-arch $(addprefix install-, ${qemu-builds})
> dh_installudev -pqemu-guest-agent
> # default-enable /run/qemu mount only on ubuntu,
> # on debian let it be manually controlled and off by default
> - dh_installsystemd -pqemu-block-extra --no-restart-on-upgrade --name=run-qemu.mount \
> + dh_installsystemd -pqemu-block-extra --no-restart-on-upgrade --name=run-qemu \
> $(if $(filter ${VENDOR},DEBIAN),--no-start --no-enable,)
> dh_lintian -a
> dh_strip_nondeterminism -a
>
>
> and wonder if that will have any effect on my run-qemu changes, but I think not. I'll check it out after this is uploaded.
>
> I didn´t find any upstream release notes for 8.2.1, either in the upstream website, or in the tarball, but ok.

Thanks, Andreas.

I saw the snippet you posted as well, but I don't think it will have an
effect on your changes.

Uploaded (with -v):

$ dput qemu_8.2.1+ds-1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/qemu/qemu_8.2.1+ds-1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/qemu/qemu_8.2.1+ds-1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading qemu_8.2.1+ds-1ubuntu1.dsc: done.
  Uploading qemu_8.2.1+ds.orig.tar.xz: done.
  Uploading qemu_8.2.1+ds-1ubuntu1.debian.tar.xz: done.
  Uploading qemu_8.2.1+ds-1ubuntu1_source.buildinfo: done.
  Uploading qemu_8.2.1+ds-1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 3dd43d3..cdf9f8f 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,47 @@
6+qemu (1:8.2.1+ds-1ubuntu1) noble; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #2051883, #2049703). Remaining changes:
9+ - qemu-kvm to systemd unit
10+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
11+ hugepages and architecture specifics
12+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
13+ qemu-kvm-init
14+ - d/qemu-system-common.install: install helper script
15+ - d/qemu-system-common.qemu-kvm.default: defaults for
16+ /etc/default/qemu-kvm
17+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
18+ - Distribution specific machine type
19+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
20+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
21+ types containing release versioned machine attributes
22+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
23+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
24+ - Enable nesting by default
25+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
26+ in qemu64 on amd
27+ [ No more strictly needed, but required for backward compatibility ]
28+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
29+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
30+ reference 256k path
31+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
32+ handle incoming migrations from former releases.
33+ - Ease the use of module retention on upgrades (LP 1913421)
34+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
35+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
36+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
37+ fix qboot FTBFS with LTO
38+ - d/rules: Enable/disable extra features on microvm
39+ variant. (LP #2045594)
40+ - Move glusterfs storage driver to Universe in a new package
41+ (LP #2045063):
42+ + d/control{,-in}: new package qemu-block-supplemental for drivers
43+ we want in Universe
44+ + d/rules: we only want block-gluster.so in the new
45+ qemu-block-supplemental package. Adjust dynamically-created
46+ maintainer scripts for qemu-block-extra and -supplemental.
47+
48+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 07 Feb 2024 13:01:14 -0500
49+
50 qemu (1:8.2.1+ds-1) unstable; urgency=medium
51
52 * new upstream stable/bugfix release
53@@ -23,6 +67,60 @@ qemu (1:8.2.0+ds-5) unstable; urgency=medium
54
55 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 18 Jan 2024 10:16:31 +0300
56
57+qemu (1:8.2.0+ds-4ubuntu2) noble; urgency=medium
58+
59+ * Move glusterfs storage driver to Universe in a new package
60+ (LP: #2045063):
61+ - d/control{,-in}: new package qemu-block-supplemental for drivers
62+ we want in Universe
63+ - d/rules: we only want block-gluster.so in the new
64+ qemu-block-supplemental package. Adjust dynamically-created
65+ maintainer scripts for qemu-block-extra and -supplemental.
66+
67+ -- Andreas Hasenack <andreas@canonical.com> Fri, 02 Feb 2024 14:07:00 -0300
68+
69+qemu (1:8.2.0+ds-4ubuntu1) noble; urgency=medium
70+
71+ * Merge with Debian unstable (LP: #2048802, #2048776). Remaining changes:
72+ - qemu-kvm to systemd unit
73+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
74+ hugepages and architecture specifics
75+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
76+ qemu-kvm-init
77+ - d/qemu-system-common.install: install helper script
78+ - d/qemu-system-common.qemu-kvm.default: defaults for
79+ /etc/default/qemu-kvm
80+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
81+ - Distribution specific machine type
82+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
83+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
84+ types containing release versioned machine attributes
85+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
86+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
87+ - Enable nesting by default
88+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
89+ in qemu64 on amd
90+ [ No more strictly needed, but required for backward compatibility ]
91+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
92+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
93+ reference 256k path
94+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
95+ handle incoming migrations from former releases.
96+ - Ease the use of module retention on upgrades (LP 1913421)
97+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
98+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
99+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
100+ fix qboot FTBFS with LTO
101+ * Drop changes:
102+ - d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto
103+ hardware to Secure Execution guests. (LP #2003673)
104+ [ Incorporated by upstream on version 8.2.0. ]
105+ * Add changes:
106+ - d/rules: Enable/disable extra features on microvm
107+ variant. (LP: #2045594)
108+
109+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 10 Jan 2024 19:10:46 -0500
110+
111 qemu (1:8.2.0+ds-4) unstable; urgency=medium
112
113 * d/rules: fix "tail -20" usage
114@@ -85,6 +183,67 @@ qemu (1:8.2.0+ds-1) unstable; urgency=medium
115
116 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 20 Dec 2023 18:21:19 +0300
117
118+qemu (1:8.1.3+ds-1ubuntu2) noble; urgency=medium
119+
120+ * d/p/u/define-ubuntu-machine-types.patch: Remove -hpb Noble machine
121+ types, as they are not needed by OpenStack anymore. (LP: #2045592)
122+
123+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 04 Dec 2023 16:44:44 -0500
124+
125+qemu (1:8.1.3+ds-1ubuntu1) noble; urgency=medium
126+
127+ * Merge with Debian unstable (LP: #2044425, #2039700). Remaining changes:
128+ - qemu-kvm to systemd unit
129+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
130+ hugepages and architecture specifics
131+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
132+ qemu-kvm-init
133+ - d/qemu-system-common.install: install helper script
134+ - d/qemu-system-common.qemu-kvm.default: defaults for
135+ /etc/default/qemu-kvm
136+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
137+ - Distribution specific machine type
138+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
139+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
140+ types containing release versioned machine attributes
141+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
142+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
143+ - Enable nesting by default
144+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
145+ in qemu64 on amd
146+ [ No more strictly needed, but required for backward compatibility ]
147+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
148+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
149+ reference 256k path
150+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
151+ handle incoming migrations from former releases.
152+ - Ease the use of module retention on upgrades (LP 1913421)
153+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
154+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
155+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
156+ fix qboot FTBFS with LTO
157+ - d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto
158+ hardware to Secure Execution guests. (LP #2003673)
159+ * Drop changes:
160+ - d/rules: Incorporate the following changes from Debian unstable, in
161+ order to fix the FTBFS caused by -fcf-protection:
162+ + d/rules: move icons install rules to install-misc section
163+ + d/rules: stop running whole thing with dh, take back *-indep sequence
164+ + d/rules: implement arch-dependent install/build targets without dh too
165+ [ Fixed in Debian. ]
166+ - d/rules: Get rid of binary-helper target; explicitly invoke its
167+ commands under binary-{arch,indep}. This makes the build succeed
168+ again in Ubuntu, where binary-helper wasn't being properly invoked.
169+ [ Fixed in Debian. ]
170+ - d/p/u/lp2003673-update-linux-headers-6.3rc5.patch,
171+ d/p/u/lp2003673-update-linux-headers-6.5rc1.patch,
172+ d/p/u/lp2003673-s390x-fix-missing-subsystem-reset-registration.patch:
173+ Drop some of the patches to Enable passthrough of IBM Z crypto
174+ hardware to Secure Execution guests. (LP #2003673)
175+ [ Applied upstream. ]
176+
177+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 22 Nov 2023 21:34:19 -0500
178+
179 qemu (1:8.1.3+ds-1) unstable; urgency=medium
180
181 * new upstream stable/bugfix release
182@@ -296,6 +455,72 @@ qemu (1:8.0.4+dfsg-2) unstable; urgency=medium
183
184 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Aug 2023 09:57:59 +0300
185
186+qemu (1:8.0.4+dfsg-1ubuntu5) noble; urgency=medium
187+
188+ * d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto
189+ hardware to Secure Execution guests. (LP: #2003673)
190+
191+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 16 Nov 2023 10:35:58 -0500
192+
193+qemu (1:8.0.4+dfsg-1ubuntu4) noble; urgency=medium
194+
195+ * Rebuild against new libnfs14.
196+
197+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 27 Oct 2023 10:46:01 +0200
198+
199+qemu (1:8.0.4+dfsg-1ubuntu3) mantic; urgency=medium
200+
201+ * d/rules: Get rid of binary-helper target; explicitly invoke its
202+ commands under binary-{arch,indep}. This makes the build succeed
203+ again in Ubuntu, where binary-helper wasn't being properly invoked.
204+
205+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 03 Oct 2023 18:13:20 -0400
206+
207+qemu (1:8.0.4+dfsg-1ubuntu2) mantic; urgency=medium
208+
209+ * d/rules: Incorporate the following changes from Debian unstable, in
210+ order to fix the FTBFS caused by -fcf-protection:
211+ - d/rules: implement arch-dependent install/build targets without dh too
212+ - d/rules: stop running whole thing with dh, take back *-indep sequence
213+ - d/rules: move icons install rules to install-misc section
214+
215+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 27 Sep 2023 14:53:27 -0400
216+
217+qemu (1:8.0.4+dfsg-1ubuntu1) mantic; urgency=medium
218+
219+ * Merge with Debian unstable. Remaining changes:
220+ - qemu-kvm to systemd unit
221+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
222+ hugepages and architecture specifics
223+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
224+ qemu-kvm-init
225+ - d/qemu-system-common.install: install helper script
226+ - d/qemu-system-common.qemu-kvm.default: defaults for
227+ /etc/default/qemu-kvm
228+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
229+ - Distribution specific machine type
230+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
231+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
232+ types containing release versioned machine attributes
233+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
234+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
235+ - Enable nesting by default
236+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
237+ in qemu64 on amd
238+ [ No more strictly needed, but required for backward compatibility ]
239+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
240+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
241+ reference 256k path
242+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
243+ handle incoming migrations from former releases.
244+ - Ease the use of module retention on upgrades (LP 1913421)
245+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
246+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
247+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
248+ fix qboot FTBFS with LTO
249+
250+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 14 Aug 2023 16:28:34 -0400
251+
252 qemu (1:8.0.4+dfsg-1) unstable; urgency=medium
253
254 * new upstream stable/bugfix release
255@@ -322,6 +547,41 @@ qemu (1:8.0.3+dfsg-5) unstable; urgency=medium
256
257 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 02 Aug 2023 10:55:50 +0300
258
259+qemu (1:8.0.3+dfsg-4ubuntu1) mantic; urgency=medium
260+
261+ * Merge with Debian unstable (LP: #2028873, #2028124). Remaining changes:
262+ - qemu-kvm to systemd unit
263+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
264+ hugepages and architecture specifics
265+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
266+ qemu-kvm-init
267+ - d/qemu-system-common.install: install helper script
268+ - d/qemu-system-common.qemu-kvm.default: defaults for
269+ /etc/default/qemu-kvm
270+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
271+ - Distribution specific machine type
272+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
273+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
274+ types containing release versioned machine attributes
275+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
276+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
277+ - Enable nesting by default
278+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
279+ in qemu64 on amd
280+ [ No more strictly needed, but required for backward compatibility ]
281+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
282+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
283+ reference 256k path
284+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
285+ handle incoming migrations from former releases.
286+ - Ease the use of module retention on upgrades (LP 1913421)
287+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
288+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
289+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
290+ fix qboot FTBFS with LTO
291+
292+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 31 Jul 2023 23:09:27 -0400
293+
294 qemu (1:8.0.3+dfsg-4) unstable; urgency=medium
295
296 * more linux-user address fixes from Helge Deller
297@@ -394,6 +654,59 @@ qemu (1:8.0.2+dfsg-3) unstable; urgency=medium
298
299 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 29 Jun 2023 18:36:33 +0300
300
301+qemu (1:8.0.2+dfsg-2ubuntu1) mantic; urgency=medium
302+
303+ * Merge with Debian unstable (LP: #2018103). Remaining changes:
304+ - qemu-kvm to systemd unit
305+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
306+ hugepages and architecture specifics
307+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
308+ qemu-kvm-init
309+ - d/qemu-system-common.install: install helper script
310+ - d/qemu-system-common.qemu-kvm.default: defaults for
311+ /etc/default/qemu-kvm
312+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
313+ - Distribution specific machine type
314+ (LP 1304107 1621042 1776189 1761372 1761372 1776189)
315+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
316+ types containing release versioned machine attributes
317+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
318+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
319+ - Enable nesting by default
320+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
321+ in qemu64 on amd
322+ [ No more strictly needed, but required for backward compatibility ]
323+ - tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
324+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
325+ reference 256k path
326+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
327+ handle incoming migrations from former releases.
328+ - Ease the use of module retention on upgrades (LP 1913421)
329+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
330+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
331+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
332+ fix qboot FTBFS with LTO
333+ * Drop changes:
334+ - d/control-in: libnfs is in main since focal, enable direct nfs
335+ storage support (LP 1988704)
336+ [ Adopted by Debian. ]
337+ - d/control-in: libsndio is in universe in ubuntu
338+ [ Adopted by Debian. ]
339+ - Fix FTBFS with glibc >= 2.36. (LP #2015418)
340+ + d/p/fix-ftbfs-glibc-*.patch: Revert now-unnecessary
341+ upstream commits that were working around a glibc issue.
342+ [ Incorporated upstream. ]
343+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
344+ [ Debian linked the qemu-system-x86 documentation with the
345+ qemu-system-common package, rendering this README file not
346+ applicable. ]
347+ - d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
348+ hot-unplug requests by making ACPI PCI able to requeue them.
349+ (LP #2018733)
350+ [ Applied upstream. ]
351+
352+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 19 Jun 2023 15:45:09 -0400
353+
354 qemu (1:8.0.2+dfsg-2) unstable; urgency=medium
355
356 * d/rules: --enable-libusb for xen build (Closes: #1037341)
357@@ -619,6 +932,66 @@ qemu (1:8.0~rc2+dfsg-1) experimental; urgency=medium
358
359 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Mar 2023 15:44:21 +0300
360
361+qemu (1:7.2+dfsg-5ubuntu3) mantic; urgency=medium
362+
363+ * d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
364+ hot-unplug requests by making ACPI PCI able to requeue them.
365+ (LP: #2018733)
366+
367+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 18 May 2023 15:13:14 -0400
368+
369+qemu (1:7.2+dfsg-5ubuntu2) lunar; urgency=medium
370+
371+ * Fix FTBFS with glibc >= 2.36. (LP: #2015418)
372+ - d/p/fix-ftbfs-glibc-*.patch: Revert now-unnecessary
373+ upstream commits that were working around a glibc issue.
374+
375+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 05 Apr 2023 20:10:13 -0400
376+
377+qemu (1:7.2+dfsg-5ubuntu1) lunar; urgency=medium
378+
379+ * Re-merge with Debian unstable to pick up stabilization fixes
380+ remaining changes:
381+ - qemu-kvm to systemd unit
382+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
383+ hugepages and architecture specifics
384+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
385+ qemu-kvm-init
386+ - d/qemu-system-common.install: install helper script
387+ - d/qemu-system-common.qemu-kvm.default: defaults for
388+ /etc/default/qemu-kvm
389+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
390+ - Distribution specific machine type
391+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
392+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
393+ types containing release versioned machine attributes
394+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
395+ for host-phys-bits=true
396+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
397+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
398+ - Enable nesting by default
399+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
400+ in qemu64 on amd
401+ [ No more strictly needed, but required for backward compatibility ]
402+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
403+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
404+ reference 256k path
405+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
406+ handle incoming migrations from former releases.
407+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
408+ - Ease the use of module retention on upgrades (LP 1913421)
409+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
410+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
411+ landed in Debian but under a different name.
412+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
413+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
414+ fix qboot FTBFS with LTO
415+ - d/control-in: libnfs is in main since focal, enable direct nfs
416+ storage support (LP 1988704)
417+ - d/control-in: libsndio is in universe in ubuntu
418+
419+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2023 08:50:45 +0100
420+
421 qemu (1:7.2+dfsg-5) unstable; urgency=medium
422
423 * d/qemu-guest-agent.udev: fix missing comma
424@@ -658,6 +1031,89 @@ qemu (1:7.2+dfsg-5) unstable; urgency=medium
425
426 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 05 Mar 2023 20:09:04 +0300
427
428+qemu (1:7.2+dfsg-4ubuntu1) lunar; urgency=medium
429+
430+ * Merge with Debian unstable (LP: #1993438), among many other fixes
431+ this resolvs these bugs:
432+ (LP: #1957924) - support for querying stats,
433+ (LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
434+ (LP: #1959966) - guest dump encryption with customer keys (s390x)
435+ (LP: #1999885) - pv: don't allow userspace to set the clock under PV
436+ (LP: #1957924) - add filtering of statistics by target vCPU
437+ remaining changes:
438+ - qemu-kvm to systemd unit
439+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
440+ hugepages and architecture specifics
441+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
442+ qemu-kvm-init
443+ - d/qemu-system-common.install: install helper script
444+ - d/qemu-system-common.qemu-kvm.default: defaults for
445+ /etc/default/qemu-kvm
446+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
447+ - Distribution specific machine type
448+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
449+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
450+ types containing release versioned machine attributes
451+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
452+ for host-phys-bits=true
453+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
454+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
455+ - Enable nesting by default
456+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
457+ in qemu64 on amd
458+ [ No more strictly needed, but required for backward compatibility ]
459+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
460+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
461+ reference 256k path
462+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
463+ handle incoming migrations from former releases.
464+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
465+ - Ease the use of module retention on upgrades (LP 1913421)
466+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
467+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
468+ landed in Debian but under a different name.
469+ - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
470+ + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
471+ fix qboot FTBFS with LTO
472+ * Dropped Changes [now part of upstream v7.2.0]
473+ - d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
474+ error 'migration was active, but no RAM info was set' (LP 1994002)
475+ - d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
476+ Fix FTBFS with libbpf 1.0.1-2.
477+ + Header updates that were added as part of the libbpf fixes
478+ but not mentioned in changelog
479+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
480+ - Fix I/O stalls when using NVMe storage (LP 1970737).
481+ + d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
482+ in laio_io_unplug.
483+ - SECURITY UPDATE: heap overflow in floppy disk emulator
484+ + debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
485+ hw/block/fdc.c.
486+ - SECURITY UPDATE: use-after-free vulnerability
487+ + debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
488+ lsi_do_msgout
489+ - SECURITY UPDATE: heap overflow vulnerability
490+ + debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
491+ memories
492+ - SECURITY UPDATE: integer underflow vulnerability
493+ + debian/patches/CVE-2022-3165.patch: fix integer underflow in
494+ vnc_client_cut_text_ext
495+ * Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
496+ [not all are needed in lunar]
497+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
498+ Silence -Warray-bounds false positive [no more needed]
499+ - d/rules: set -O1 for alpha firmware build
500+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
501+ further FTBFS fixup
502+ * Dropped Changes [in Debian 1:7.2+dfsg-3]
503+ - d/rules: disable LTO on non-amd64 builds (LP 1921664)
504+ * Added Changes
505+ - d/control-in: libnfs is in main since focal, enable direct nfs
506+ storage support (LP: #1988704)
507+ - d/control-in: libsndio is in universe in ubuntu
508+
509+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Jan 2023 13:18:43 +0100
510+
511 qemu (1:7.2+dfsg-4) unstable; urgency=medium
512
513 * block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch:
514@@ -795,6 +1251,126 @@ qemu (1:7.1+dfsg-1) unstable; urgency=medium
515
516 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 12 Sep 2022 11:50:53 +0300
517
518+qemu (1:7.0+dfsg-7ubuntu4) lunar; urgency=medium
519+
520+ * SECURITY UPDATE: use-after-free vulnerability
521+ - debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
522+ lsi_do_msgout
523+ - CVE-2022-0216
524+ * SECURITY UPDATE: heap overflow vulnerability
525+ - debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
526+ memories
527+ - CVE-2022-2962
528+ * SECURITY UPDATE: integer underflow vulnerability
529+ - debian/patches/CVE-2022-3165.patch: fix integer underflow in
530+ vnc_client_cut_text_ext
531+ - CVE-2022-3165
532+
533+ -- Nishit Majithia <nishit.majithia@canonical.com> Fri, 09 Dec 2022 10:25:52 +0530
534+
535+qemu (1:7.0+dfsg-7ubuntu3) lunar; urgency=medium
536+
537+ [ Brett Milford ]
538+ * d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
539+ error 'migration was active, but no RAM info was set' (LP: #1994002)
540+
541+ [ Mauricio Faria de Oliveira ]
542+ * d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
543+ Fix FTBFS with libbpf 1.0.1-2.
544+
545+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 30 Nov 2022 12:17:51 -0300
546+
547+qemu (1:7.0+dfsg-7ubuntu2) kinetic; urgency=medium
548+
549+ [ Paride Legovini ]
550+ * d/rules: disable LTO on non-amd64 builds (LP: #1921664)
551+ * GCC-12 FTBFS (LP: #1988710)
552+ - d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
553+ Silence -Warray-bounds false positive (treated as error)
554+
555+ [ Christian Ehrhardt ]
556+ * More on GCC-12 FTBFS (LP 1988710)
557+ - d/rules: set -O1 for alpha firmware build
558+ - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
559+ further FTBFS fixup
560+
561+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2022 08:07:24 +0200
562+
563+qemu (1:7.0+dfsg-7ubuntu1) kinetic; urgency=medium
564+
565+ * Merge with Debian unstable (LP: #1971315)(LP: #1980896), remaining changes:
566+ - qemu-kvm to systemd unit
567+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
568+ hugepages and architecture specifics
569+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
570+ qemu-kvm-init
571+ - d/qemu-system-common.install: install helper script
572+ - d/qemu-system-common.qemu-kvm.default: defaults for
573+ /etc/default/qemu-kvm
574+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
575+ - Distribution specific machine type
576+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
577+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
578+ types containing release versioned machine attributes
579+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
580+ for host-phys-bits=true
581+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
582+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
583+ - Enable nesting by default
584+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
585+ in qemu64 on amd
586+ [ No more strictly needed, but required for backward compatibility ]
587+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
588+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
589+ reference 256k path
590+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
591+ handle incoming migrations from former releases.
592+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
593+ - Ease the use of module retention on upgrades (LP 1913421)
594+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
595+ - Fix I/O stalls when using NVMe storage (LP 1970737).
596+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
597+ in laio_io_unplug.
598+ - SECURITY UPDATE: heap overflow in floppy disk emulator
599+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
600+ hw/block/fdc.c.
601+ - CVE-2021-3507
602+ * Dropped Changes [now part of 1:7.0+dfsg-7]:
603+ - d/rules: xen libexec dir is no more versioned
604+ - d/rules: ensure xen is built on x86
605+ - d/kvm-spice: fix when acceleration is already defined on the commandline
606+ - debian/control[-in]: no more disable glusterfs in Ubuntu (LP 1246924)
607+ * Dropped Changes [now part of upstream v7.0.0]
608+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
609+ Allow long kernel command lines for QEMU (LP 1959984)
610+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
611+ - d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
612+ tcg on s390x.
613+ - Fix diff handling on ceph that can cause data corruption (LP 1968258)
614+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
615+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
616+ - d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
617+ in vnc connections (LP 1970563)
618+ - All CVE fixes of 1:6.2+dfsg-2ubuntu8 except CVE-2021-3507
619+ * Dropped Changes
620+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
621+ add patch to workaround FTBFS when building against OpenSSL 3.0.
622+ [ now working with OpenSSL 3.0 ]
623+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
624+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
625+ [ fixed in compiler toolchain ]
626+ - Make qemu-system-x86-microvm a transitional package as the binary is now
627+ in qemu-system-x86 itself.
628+ [ no more needed]
629+ * Added Changes
630+ - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
631+ landed in Debian but under a different name.
632+ - d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch: fix qboot FTBFS
633+ with LTO
634+ - d/p/u/lp-1981339-*: fix s390x system emulation (LP: #1981339)
635+
636+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jul 2022 12:07:19 +0200
637+
638 qemu (1:7.0+dfsg-7) unstable; urgency=medium
639
640 * d/tests/test-qemu-user: rework ls/glob test a bit
641@@ -929,6 +1505,141 @@ qemu (1:6.2+dfsg-3) unstable; urgency=medium
642
643 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 25 Feb 2022 12:01:46 +0300
644
645+qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium
646+
647+ [ Marc Deslauriers ]
648+ * SECURITY UPDATE: heap overflow in floppy disk emulator
649+ - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
650+ hw/block/fdc.c.
651+ - CVE-2021-3507
652+ * SECURITY UPDATE: use-after-free in nvme
653+ - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
654+ device itself in hw/nvme/ctrl.c.
655+ - CVE-2021-3929
656+ * SECURITY UPDATE: integer overflow in QXL display device emulation
657+ - debian/patches/CVE-2021-4206.patch: check width and height in
658+ hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
659+ - CVE-2021-4206
660+ * SECURITY UPDATE: heap overflow in QXL display device emulation
661+ - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
662+ in hw/display/qxl-render.c.
663+ - CVE-2021-4207
664+ * SECURITY UPDATE: potential privilege escalation in virtiofsd
665+ - debian/patches/CVE-2022-0358.patch: Drop membership of all
666+ supplementary groups in tools/virtiofsd/passthrough_ll.c.
667+ - CVE-2022-0358
668+ * SECURITY UPDATE: memory leakage in virtio-net device
669+ - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
670+ receive in hw/net/virtio-net.c.
671+ - CVE-2022-26353
672+ * SECURITY UPDATE: memory leakage in vhost-vsock device
673+ - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
674+ case of error in hw/virtio/vhost-vsock-common.c.
675+ - CVE-2022-26354
676+
677+ [ Sergio Durigan Junior ]
678+ * Fix I/O stalls when using NVMe storage (LP: #1970737).
679+ - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
680+ in laio_io_unplug.
681+
682+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 22 Jun 2022 15:38:37 -0400
683+
684+qemu (1:6.2+dfsg-2ubuntu7) kinetic; urgency=medium
685+
686+ * d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
687+ in vnc connections (LP: #1970563)
688+
689+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 May 2022 08:25:20 +0200
690+
691+qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
692+
693+ * debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
694+ * Fix diff handling on ceph that can cause data corruption (LP: #1968258)
695+ - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
696+ - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
697+
698+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 08 Apr 2022 09:36:34 +0200
699+
700+qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium
701+
702+ * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
703+ tcg on s390x.
704+
705+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Feb 2022 09:54:36 +0100
706+
707+qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium
708+
709+ * No-change rebuild to update maintainer scripts, see LP: 1959054
710+
711+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:28:14 +0000
712+
713+qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium
714+
715+ * Merge with Debian unstable, remaining changes:
716+ - qemu-kvm to systemd unit
717+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
718+ hugepages and architecture specifics
719+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
720+ qemu-kvm-init
721+ - d/qemu-system-common.install: install helper script
722+ - d/qemu-system-common.qemu-kvm.default: defaults for
723+ /etc/default/qemu-kvm
724+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
725+ - Distribution specific machine type
726+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
727+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
728+ types containing release versioned machine attributes
729+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
730+ for host-phys-bits=true
731+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
732+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
733+ - Enable nesting by default
734+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
735+ in qemu64 on amd
736+ [ No more strictly needed, but required for backward compatibility ]
737+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
738+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
739+ reference 256k path
740+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
741+ handle incoming migrations from former releases.
742+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
743+ - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
744+ add patch to workaround FTBFS when building against OpenSSL 3.0.
745+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
746+ -fcf-protection being unavailble on -march=i486 (LP 1940029)
747+ - Ease the use of module retention on upgrades (LP 1913421)
748+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
749+ - Make qemu-system-x86-microvm a transitional package as the binary is now
750+ in qemu-system-x86 itself.
751+ * Dropped Changes [now part of 1:6.1+dfsg-8]:
752+ - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
753+ (#993658) (LP 1947860)
754+ - improved dependencies
755+ - Make qemu-system-common depend on qemu-block-extra
756+ - Make qemu-utils depend on qemu-block-extra
757+ - d/control*, d/rules: disable xen by default, but provide universe
758+ package qemu-system-x86-xen as alternative
759+ [includes compat links changes of 5.0-5ubuntu4]
760+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
761+ * Dropped Changes [now part of upstream]
762+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
763+ and 3932 machines (LP 1932175)
764+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
765+ migration with audio devices present (LP 1940288)
766+ * Added changes:
767+ - update patches for qemu v6.2.0
768+ - d/p/u/enable-svm-by-default.patch
769+ - d/p/u/define-ubuntu-machine-types.patch
770+ - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
771+ - d/rules: xen libexec dir is no more versioned
772+ - d/rules: ensure xen is built on x86
773+ - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
774+ Allow long kernel command lines for QEMU (LP: #1959984)
775+ - d/kvm-spice: fix when acceleration is already defined on the commandline
776+ - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
777+
778+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 05 Jan 2022 12:18:25 +0100
779+
780 qemu (1:6.2+dfsg-2) unstable; urgency=medium
781
782 * bump meson build-dep to 0.59.3
783@@ -1150,6 +1861,95 @@ qemu (1:6.0+dfsg-3) unstable; urgency=medium
784
785 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 17 Aug 2021 17:49:10 +0300
786
787+qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium
788+
789+ * d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
790+ add patch to workaround FTBFS when building against OpenSSL 3.0.
791+ Thanks to Christian Ehrhardt (LP: #1952448)
792+
793+ -- Paride Legovini <paride@ubuntu.com> Fri, 26 Nov 2021 15:47:51 +0100
794+
795+qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium
796+
797+ * No-change rebuild against liburing2
798+
799+ -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:00:26 +0100
800+
801+qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium
802+
803+ * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
804+ (#993658) (LP: #1947860)
805+
806+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 03 Nov 2021 14:10:56 +0100
807+
808+qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium
809+
810+ * Merge with Debian experimental, remaining changes:
811+ - qemu-kvm to systemd unit
812+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
813+ hugepages and architecture specifics
814+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
815+ qemu-kvm-init
816+ - d/qemu-system-common.install: install helper script
817+ - d/qemu-system-common.qemu-kvm.default: defaults for
818+ /etc/default/qemu-kvm
819+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
820+ - Distribution specific machine type
821+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
822+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
823+ types containing release versioned machine attributes
824+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
825+ for host-phys-bits=true
826+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
827+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
828+ - Enable nesting by default
829+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
830+ in qemu64 on amd
831+ [ No more strictly needed, but required for backward compatibility ]
832+ - improved dependencies
833+ - Make qemu-system-common depend on qemu-block-extra
834+ - Make qemu-utils depend on qemu-block-extra
835+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
836+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
837+ reference 256k path
838+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
839+ handle incoming migrations from former releases.
840+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
841+ - d/control*, d/rules: disable xen by default, but provide universe
842+ package qemu-system-x86-xen as alternative
843+ [includes compat links changes of 5.0-5ubuntu4]
844+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
845+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
846+ for v6.0
847+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
848+ - Ease the use of module retention on upgrades (LP 1913421)
849+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
850+ * Dropped Changes [in 1:6.0+dfsg-2exp]:
851+ - d/control-in: Disable capstone disassembler library support (universe)
852+ - Disable fuse export (universe dependency)
853+ - Ease the use of module retention on upgrades (LP 1913421)
854+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
855+ - d/rules: only save modules if /run/qemu isn't noexec
856+ - d/rules: clear all (current and former) modules on purge
857+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
858+ upgrade issues (LP 1932264)
859+ - Enable SDL as secondary UI backend (LP 1256185)
860+ - d/control: add build dependency libsdl2-dev
861+ - d/control: enable sdl graphics on build
862+ - d/qemu-system-gui.install: add ui-sdl.so
863+ - d/control: add runtime dependency to libgl1
864+ * Dropped Changes [no more needed]
865+ - let qemu-utils recommend sharutils
866+ * Added changes:
867+ - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
868+ -fcf-protection being unavailble on -march=i486 (LP: #1940029)
869+ - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
870+ and 3932 machines (LP: #1932175)
871+ - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
872+ migration with audio devices present (LP: #1940288)
873+
874+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Aug 2021 15:35:12 +0200
875+
876 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
877
878 [ Christian Ehrhardt ]
879@@ -1187,6 +1987,104 @@ qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
880
881 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jul 2021 19:43:37 +0300
882
883+qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium
884+
885+ * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch:
886+ fix TCG emulation for ppc64 (LP: #1935617)
887+
888+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 13 Jul 2021 09:34:55 +0200
889+
890+qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium
891+
892+ * d/control: remove fuse2 trial-build (LP 1934510)
893+
894+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Jul 2021 10:26:08 +0200
895+
896+qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium
897+
898+ * Merge with Debian experimental, Among many other things this fixes LP Bugs:
899+ (LP: #1907952) broken arrow keys in -display gtk on aarch64
900+ - qemu-kvm to systemd unit
901+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
902+ hugepages and architecture specifics
903+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
904+ qemu-kvm-init
905+ - d/qemu-system-common.install: install helper script
906+ - d/qemu-system-common.qemu-kvm.default: defaults for
907+ /etc/default/qemu-kvm
908+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
909+ - Distribution specific machine type
910+ (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
911+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
912+ types containing release versioned machine attributes
913+ - d/qemu-system-x86.NEWS Info on fixed machine type defintions
914+ for host-phys-bits=true
915+ - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
916+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
917+ - Enable nesting by default
918+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
919+ in qemu64 on amd
920+ [ No more strictly needed, but required for backward compatibility ]
921+ - improved dependencies
922+ - Make qemu-system-common depend on qemu-block-extra
923+ - Make qemu-utils depend on qemu-block-extra
924+ - Let qemu-utils recommend sharutils
925+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
926+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
927+ reference 256k path
928+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
929+ handle incoming migrations from former releases.
930+ - d/control-in: Disable capstone disassembler library support (universe)
931+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
932+ - d/control*, d/rules: disable xen by default, but provide universe
933+ package qemu-system-x86-xen as alternative
934+ [includes compat links changes of 5.0-5ubuntu4]
935+ - Fix upgrade module handling (LP 1905377)
936+ --enable-module-upgrades for qemu-xen which doesn't exist in Debian
937+ * Dropped Changes [in 6.0]:
938+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
939+ ld usage of -no-pie (LP 1907789)
940+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
941+ virtio-9p-ccw being missing (LP 1916230)
942+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
943+ to glib2.0 >=2.67.3 (LP 1916705)
944+ - d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
945+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
946+ (LP 1921754)
947+ - d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
948+ (LP 1921880)
949+ - d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*:
950+ fix go in qemu-s390x-static (LP 1922010)
951+ * Dropped Changes [in Debian]:
952+ - Allow qemu to load old modules post upgrade (LP 1847361)
953+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
954+ - d/rules: Drop generating package version into maintainer scripts
955+ * Dropped Changes [No more needed >21.04]:
956+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
957+ the bad old prerm (LP 1906245 1905377)
958+ * Added Changes
959+ - Disable fuse export (universe dependency)
960+ - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
961+ - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
962+ for v6.0
963+ - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926)
964+ - Ease the use of module retention on upgrades (LP: #1913421)
965+ - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
966+ - d/rules: only save modules if /run/qemu isn't noexec
967+ - d/rules: clear all (current and former) modules on purge
968+ - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
969+ - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
970+ upgrade issues (LP: #1932264)
971+ - Enable SDL as secondary UI backend (LP: #1256185)
972+ - d/control: add build dependency libsdl2-dev
973+ - d/control: enable sdl graphics on build
974+ - d/qemu-system-gui.install: add ui-sdl.so
975+ - d/control: add runtime dependency to libgl1
976+ - d/rules: qemu-system-x86-xen builds modules as well now (follows the
977+ other packages)
978+
979+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Jun 2021 12:41:33 +0200
980+
981 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium
982
983 * new upstream release
984@@ -1239,6 +2137,75 @@ qemu (1:5.2+dfsg-10) unstable; urgency=medium
985
986 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 16 Apr 2021 12:43:36 +0300
987
988+qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium
989+
990+ * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
991+ on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
992+ (LP: #1921754)
993+ * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
994+ (LP: #1921880)
995+
996+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 11:58:29 +0200
997+
998+qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium
999+
1000+ * d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch:
1001+ fix go in qemu-s390x-static (LP: #1922010)
1002+
1003+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 Mar 2021 10:01:40 +0200
1004+
1005+qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium
1006+
1007+ * Merge with Debian unstable; Remaining changes:
1008+ - qemu-kvm to systemd unit
1009+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1010+ hugepages and architecture specifics
1011+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1012+ qemu-kvm-init
1013+ - d/qemu-system-common.install: install helper script
1014+ - d/qemu-system-common.qemu-kvm.default: defaults for
1015+ /etc/default/qemu-kvm
1016+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1017+ - Distribution specific machine type (LP: 1304107 1621042)
1018+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
1019+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1020+ for host-phys-bits=true (LP: 1776189)
1021+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1022+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1023+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1024+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1025+ - Enable nesting by default
1026+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1027+ in qemu64 on amd
1028+ [ No more strictly needed, but required for backward compatibility ]
1029+ - improved dependencies
1030+ - Make qemu-system-common depend on qemu-block-extra
1031+ - Make qemu-utils depend on qemu-block-extra
1032+ - let qemu-utils recommend sharutils
1033+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1034+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1035+ reference 256k path
1036+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1037+ handle incoming migrations from former releases.
1038+ - d/control-in: Disable capstone disassembler library support (universe)
1039+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1040+ - d/control*, d/rules: disable xen by default, but provide universe
1041+ package qemu-system-x86-xen as alternative
1042+ [includes compat links changes of 5.0-5ubuntu4]
1043+ - allow qemu to load old modules post upgrade (LP 1847361)
1044+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1045+ - d/rules: Drop generating package version into maintainer scripts
1046+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1047+ the bad old prerm (LP 1906245 1905377)
1048+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
1049+ ld usage of -no-pie (LP 1907789)
1050+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
1051+ virtio-9p-ccw being missing (LP 1916230)
1052+ - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
1053+ to glib2.0 >=2.67.3 (LP 1916705)
1054+
1055+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Mar 2021 11:13:49 +0100
1056+
1057 qemu (1:5.2+dfsg-9) unstable; urgency=medium
1058
1059 * do not make qemu-system-data dependent on qemu-system-foo
1060@@ -1278,6 +2245,66 @@ qemu (1:5.2+dfsg-7) unstable; urgency=high
1061
1062 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Mar 2021 11:32:54 +0300
1063
1064+qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium
1065+
1066+ * d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
1067+ to glib2.0 >=2.67.3 (LP: #1916705)
1068+
1069+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Feb 2021 08:39:09 +0100
1070+
1071+qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
1072+
1073+ * Merge with Debian unstable, includes fixes for
1074+ - build operates differently if source is a git repo (LP: #1887535)
1075+ Remaining changes:
1076+ - qemu-kvm to systemd unit
1077+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1078+ hugepages and architecture specifics
1079+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1080+ qemu-kvm-init
1081+ - d/qemu-system-common.install: install helper script
1082+ - d/qemu-system-common.qemu-kvm.default: defaults for
1083+ /etc/default/qemu-kvm
1084+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1085+ - Distribution specific machine type (LP: 1304107 1621042)
1086+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
1087+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1088+ for host-phys-bits=true (LP: 1776189)
1089+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1090+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1091+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1092+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1093+ - Enable nesting by default
1094+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1095+ in qemu64 on amd
1096+ [ No more strictly needed, but required for backward compatibility ]
1097+ - improved dependencies
1098+ - Make qemu-system-common depend on qemu-block-extra
1099+ - Make qemu-utils depend on qemu-block-extra
1100+ - let qemu-utils recommend sharutils
1101+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1102+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1103+ reference 256k path
1104+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1105+ handle incoming migrations from former releases.
1106+ - d/control-in: Disable capstone disassembler library support (universe)
1107+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1108+ - d/control*, d/rules: disable xen by default, but provide universe
1109+ package qemu-system-x86-xen as alternative
1110+ [includes compat links changes of 5.0-5ubuntu4]
1111+ - allow qemu to load old modules post upgrade (LP 1847361)
1112+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1113+ - d/rules: Drop generating package version into maintainer scripts
1114+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1115+ the bad old prerm (LP 1906245 1905377)
1116+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
1117+ ld usage of -no-pie (LP 1907789)
1118+ * Added changes
1119+ - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
1120+ virtio-9p-ccw being missing (LP: #1916230)
1121+
1122+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Feb 2021 11:40:36 +0100
1123+
1124 qemu (1:5.2+dfsg-6) unstable; urgency=medium
1125
1126 * deprecate qemu-debootstrap. It is not needed anymore with
1127@@ -1330,6 +2357,64 @@ qemu (1:5.2+dfsg-4) unstable; urgency=medium
1128
1129 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 14 Feb 2021 16:52:10 +0300
1130
1131+qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
1132+
1133+ * No change rebuild to pick up liburing. (LP: #1914145)
1134+
1135+ -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 19:44:54 -0300
1136+
1137+qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
1138+
1139+ * Merge with Debian unstable, includes fixes for
1140+ - qemu-user-static are partially dynamically linked (LP: #1908331)
1141+ - qemu crashing when using spice without qemu-system-gui being
1142+ installed (LP: #1908577)
1143+ Remaining changes:
1144+ - qemu-kvm to systemd unit
1145+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1146+ hugepages and architecture specifics
1147+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1148+ qemu-kvm-init
1149+ - d/qemu-system-common.install: install helper script
1150+ - d/qemu-system-common.qemu-kvm.default: defaults for
1151+ /etc/default/qemu-kvm
1152+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1153+ - Distribution specific machine type (LP: 1304107 1621042)
1154+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
1155+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1156+ for host-phys-bits=true (LP: 1776189)
1157+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1158+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1159+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1160+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1161+ - Enable nesting by default
1162+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1163+ in qemu64 on amd
1164+ [ No more strictly needed, but required for backward compatibility ]
1165+ - improved dependencies
1166+ - Make qemu-system-common depend on qemu-block-extra
1167+ - Make qemu-utils depend on qemu-block-extra
1168+ - let qemu-utils recommend sharutils
1169+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1170+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1171+ reference 256k path
1172+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1173+ handle incoming migrations from former releases.
1174+ - d/control-in: Disable capstone disassembler library support (universe)
1175+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1176+ - d/control*, d/rules: disable xen by default, but provide universe
1177+ package qemu-system-x86-xen as alternative
1178+ [includes compat links changes of 5.0-5ubuntu4]
1179+ - allow qemu to load old modules post upgrade (LP 1847361)
1180+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1181+ - d/rules: Drop generating package version into maintainer scripts
1182+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1183+ the bad old prerm (LP 1906245 1905377)
1184+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
1185+ ld usage of -no-pie (LP 1907789)
1186+
1187+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Jan 2021 12:43:42 +0100
1188+
1189 qemu (1:5.2+dfsg-3) unstable; urgency=medium
1190
1191 [ Christian Ehrhardt ]
1192@@ -1346,6 +2431,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium
1193
1194 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 29 Dec 2020 15:07:03 +0300
1195
1196+qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
1197+
1198+ * Merge with Debian unstable
1199+ - includes fix for CVE-2020-17380
1200+ - includes a fix for s390x PCI device reset (LP: #1907656)
1201+ Remaining changes:
1202+ - qemu-kvm to systemd unit
1203+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1204+ hugepages and architecture specifics
1205+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1206+ qemu-kvm-init
1207+ - d/qemu-system-common.install: install helper script
1208+ - d/qemu-system-common.qemu-kvm.default: defaults for
1209+ /etc/default/qemu-kvm
1210+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1211+ - Distribution specific machine type (LP: 1304107 1621042)
1212+ - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
1213+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1214+ for host-phys-bits=true (LP: 1776189)
1215+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1216+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1217+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1218+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1219+ - Enable nesting by default
1220+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1221+ in qemu64 on amd
1222+ [ No more strictly needed, but required for backward compatibility ]
1223+ - improved dependencies
1224+ - Make qemu-system-common depend on qemu-block-extra
1225+ - Make qemu-utils depend on qemu-block-extra
1226+ - let qemu-utils recommend sharutils
1227+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1228+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1229+ reference 256k path
1230+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1231+ handle incoming migrations from former releases.
1232+ - d/control-in: Disable capstone disassembler library support (universe)
1233+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1234+ - d/control*, d/rules: disable xen by default, but provide universe
1235+ package qemu-system-x86-xen as alternative
1236+ [includes compat links changes of 5.0-5ubuntu4]
1237+ - allow qemu to load old modules post upgrade (LP 1847361)
1238+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1239+ - d/rules: Drop generating package version into maintainer scripts
1240+ - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1241+ the bad old prerm (LP 1906245 1905377)
1242+ * Dropped Changes:
1243+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
1244+ resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
1245+ fails]
1246+ * Added Changes:
1247+ - Refreshed ubuntu machine types for hirsute@5.2
1248+ - d/control: regenerated from d/control-in
1249+ - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
1250+ ld usage of -no-pie (LP: #1907789)
1251+
1252+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Dec 2020 16:44:47 +0100
1253+
1254 qemu (1:5.2+dfsg-2) unstable; urgency=medium
1255
1256 * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
1257@@ -1391,6 +2534,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium
1258
1259 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 09 Dec 2020 08:57:41 +0300
1260
1261+qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
1262+
1263+ * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
1264+ the bad old prerm (LP: #1906245)
1265+
1266+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 30 Nov 2020 12:53:03 +0100
1267+
1268+qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
1269+
1270+ * Fix upgrade module handling (LP: #1905377)
1271+ This was accetped in a slightly different form in qemu_5.0-6 and therefore
1272+ allows to drop some former delta that is now conflicting.
1273+ Ubuntu still keeps enabling --enable-module-upgrades, but only for
1274+ qemu-xen which doesn't exist in Debian
1275+ - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
1276+ - d/rules: Drop generating package version into maintainer scripts
1277+
1278+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Nov 2020 11:16:01 +0100
1279+
1280+qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
1281+
1282+ * Merge with Debian testing, remaining changes:
1283+ Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
1284+ - qemu-kvm to systemd unit
1285+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1286+ hugepages and architecture specifics
1287+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1288+ qemu-kvm-init
1289+ - d/qemu-system-common.install: install helper script
1290+ - d/qemu-system-common.qemu-kvm.default: defaults for
1291+ /etc/default/qemu-kvm
1292+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1293+ - Distribution specific machine type (LP: 1304107 1621042)
1294+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1295+ types
1296+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1297+ for host-phys-bits=true (LP: 1776189)
1298+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1299+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1300+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1301+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1302+ - Enable nesting by default
1303+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1304+ in qemu64 on amd
1305+ [ No more strictly needed, but required for backward compatibility ]
1306+ - improved dependencies
1307+ - Make qemu-system-common depend on qemu-block-extra
1308+ - Make qemu-utils depend on qemu-block-extra
1309+ - let qemu-utils recommend sharutils
1310+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1311+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1312+ reference 256k path
1313+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1314+ handle incoming migrations from former releases.
1315+ - d/control-in: Disable capstone disassembler library support (universe)
1316+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1317+ - d/control*, d/rules: disable xen by default, but provide universe
1318+ package qemu-system-x86-xen as alternative
1319+ [includes compat links changes of 5.0-5ubuntu4]
1320+ - allow qemu to load old modules post upgrade (LP 1847361)
1321+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1322+ upgrade
1323+ - d/rules: generate maintainer scripts matching package version on build
1324+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1325+ - d/control: regenerate debian/control out of control-in
1326+ * Dropped changes [in Debian or no more needed]
1327+ - d/control-in: disable pmem on ppc64 as it is currently considered
1328+ experimental on that architecture (pmdk v1.8-1)
1329+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1330+ - d/rules: report config log from the correct subdir
1331+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1332+ - Pick further changes for groovy from debian/master since 5.0-5
1333+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
1334+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
1335+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
1336+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
1337+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
1338+ - megasas-fix-possible-out-of-bounds-array-access.patch
1339+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
1340+ - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
1341+ - a few patches from the stable series:
1342+ - fix-tulip-breakage.patch
1343+ - 9p-lock-directory-streams-with-a-CoMutex.patch
1344+ Prevent deadlocks in 9pfs readdir code
1345+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
1346+ Fix newline accidentally sneaked into id string of a nic
1347+ - qemu-nbd-close-inherited-stderr.patch
1348+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
1349+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
1350+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
1351+ - acpi-tmr-allow-2-byte-reads.patch
1352+ - reapply CVE-2020-13253 fixes from upstream
1353+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
1354+ - linux-user-add-netlink-RTM_SETLINK-command.patch
1355+ - d/control: since qemu-system-data now contains module(s),
1356+ it can't be multi-arch. Ditto for qemu-block-extra.
1357+ - qemu-system-foo: depend on exact version of qemu-system-data,
1358+ due to the latter having modules
1359+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
1360+ This is another incarnation of the recent bugfix which actually enabled
1361+ memory access constraints, like #964247
1362+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
1363+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
1364+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
1365+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
1366+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
1367+ - do not install outdated (0.12 and before) Changelog
1368+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
1369+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
1370+ Closes: CVE-2020-15863
1371+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
1372+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1373+ another fix for revert-memory-accept-.. CVE-2020-13754
1374+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1375+ - d/control-in: build-dep libcap is no more needed
1376+ - arch aware kvm wrappers
1377+ [upstream now automatically enables KVM if available and called with
1378+ kvm* name, provides KVM as before but with auto-fallback to tcg.
1379+ Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
1380+ * Dropped changes [upstream now]
1381+ - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
1382+ setup_len
1383+ - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
1384+ - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
1385+ - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
1386+ from vfio-ccw (LP 1887935)
1387+ - fix qemu-user-static initialization to allow executing systemd (LP 1890881)
1388+ - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
1389+ - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
1390+ SQXBR (LP 1883984)
1391+ - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
1392+ - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
1393+ environments (LP 1887763)
1394+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1395+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1396+ crashes it on shutdown (LP 1878973)
1397+ - update d/p/ubuntu/lp-1835546-* to the final versions
1398+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1399+ FTBFS in groovy
1400+ * Added Changes:
1401+ - update ubuntu machine types for hirsute@5.1
1402+ - d/control: regenerated from d/control-in
1403+ - d/control, d/rules: build with gcc-9 on armhf as workaround until
1404+ resolved in gcc-10 (LP: 1890435)
1405+
1406+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 29 Oct 2020 12:37:31 +0100
1407+
1408 qemu (1:5.1+dfsg-4) unstable; urgency=high
1409
1410 * mention closing of CVE-2020-16092 by 5.1
1411@@ -1632,6 +2922,298 @@ qemu (1:5.0-6) unstable; urgency=medium
1412
1413 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 03 Jul 2020 18:24:48 +0300
1414
1415+qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
1416+
1417+ * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
1418+ machine type to match how it originally was released (LP: #1902654)
1419+
1420+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Nov 2020 08:19:07 +0100
1421+
1422+qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
1423+
1424+ * No-change rebuild for brltty soname change.
1425+
1426+ -- Matthias Klose <doko@ubuntu.com> Mon, 02 Nov 2020 16:59:33 +0100
1427+
1428+qemu (1:5.0-5ubuntu9) groovy; urgency=medium
1429+
1430+ * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
1431+ setup_len
1432+ CVE-2020-14364
1433+
1434+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Sep 2020 16:53:18 +0200
1435+
1436+qemu (1:5.0-5ubuntu8) groovy; urgency=medium
1437+
1438+ * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
1439+
1440+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 Sep 2020 08:23:49 +0200
1441+
1442+qemu (1:5.0-5ubuntu7) groovy; urgency=medium
1443+
1444+ * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
1445+
1446+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Sep 2020 08:47:12 +0200
1447+
1448+qemu (1:5.0-5ubuntu6) groovy; urgency=medium
1449+
1450+ * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
1451+ from vfio-ccw (LP: #1887935)
1452+
1453+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 11:09:12 +0200
1454+
1455+qemu (1:5.0-5ubuntu5) groovy; urgency=medium
1456+
1457+ * fix qemu-user-static initialization to allow executing systemd
1458+ (LP: #1890881)
1459+ - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
1460+ - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
1461+ - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
1462+ - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
1463+ - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
1464+ - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
1465+ * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
1466+ CVE-2020-16092
1467+ - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
1468+
1469+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Aug 2020 07:19:42 +0200
1470+
1471+qemu (1:5.0-5ubuntu4) groovy; urgency=medium
1472+
1473+ * xen: provide compat links to what libxen-dev reports where to find
1474+ the binaries (LP: #1890005)
1475+ * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
1476+ SQXBR (LP: #1883984)
1477+ * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
1478+
1479+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Aug 2020 07:15:28 +0200
1480+
1481+qemu (1:5.0-5ubuntu3) groovy; urgency=medium
1482+
1483+ * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
1484+ environments (LP: #1887763)
1485+ * Pick further changes for groovy from debian/master since 5.0-5
1486+ - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
1487+ Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
1488+ infinite recursion via a crafted mm_index value during
1489+ ati_mm_read or ati_mm_write call.
1490+ - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
1491+ Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
1492+ devices which uses min_access_size and max_access_size Memory API fields.
1493+ Also closes: CVE-2020-13791
1494+ - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
1495+ CVE-2020-13659: address_space_map in exec.c can trigger
1496+ a NULL pointer dereference related to BounceBuffer
1497+ - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
1498+ Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
1499+ has an OOB read via a crafted reply_queue_head field from a guest OS user
1500+ - megasas-use-unsigned-type-for-positive-numeric-fields.patch
1501+ fix other possible cases like in CVE-2020-13362 (#961887)
1502+ - megasas-fix-possible-out-of-bounds-array-access.patch
1503+ Some tracepoints use a guest-controlled value as an index into the
1504+ mfi_frame_desc[] array. Thus a malicious guest could cause a very low
1505+ impact OOB errors here
1506+ - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
1507+ Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
1508+ This flaw occurs when an nbd-client sends a spec-compliant request that is
1509+ near the boundary of maximum permitted request length. A remote nbd-client
1510+ could use this flaw to crash the qemu-nbd server resulting in a DoS.
1511+ - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
1512+ Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
1513+ properly validate the frame count, which allows guest OS users to trigger
1514+ an out-of-bounds access during an es1370_write() operation
1515+ - a few patches from the stable series:
1516+ - fix-tulip-breakage.patch
1517+ The tulip network driver in a qemu-system-hppa emulation is broken in
1518+ the sense that bigger network packages aren't received any longer and
1519+ thus even running e.g. "apt update" inside the VM fails. Fix this.
1520+ - 9p-lock-directory-streams-with-a-CoMutex.patch
1521+ Prevent deadlocks in 9pfs readdir code
1522+ - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
1523+ Fix newline accidentally sneaked into id string of a nic
1524+ - qemu-nbd-close-inherited-stderr.patch
1525+ - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
1526+ - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
1527+ - virtio-balloon-unref-the-iothread-when-unrealizing.patch
1528+ - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
1529+ - reapply CVE-2020-13253 fixed from upstream:
1530+ sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
1531+ sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
1532+ sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
1533+ sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
1534+ Closes: #961297, CVE-2020-13253
1535+ - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
1536+ (Closes: #965109)
1537+ - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
1538+ - d/control: since qemu-system-data now contains module(s),
1539+ it can't be multi-arch. Ditto for qemu-block-extra.
1540+ - qemu-system-foo: depend on exact version of qemu-system-data,
1541+ due to the latter having modules
1542+ - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
1543+ This is another incarnation of the recent bugfix which actually enabled
1544+ memory access constraints, like #964247
1545+ - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
1546+ this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
1547+ and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
1548+ - xhci-fix-valid.max_access_size-to-access-address-registers.patch
1549+ fix one more incarnation of the breakage after the CVE-2020-13754 fix
1550+ - do not install outdated (0.12 and before) Changelog (Closes: #965381)
1551+ - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
1552+ ARM-only XGMAC NIC, possible buffer overflow during packet transmission
1553+ Closes: CVE-2020-15863
1554+ - sm501 OOB read/write due to integer overflow in sm501_2d_operation()
1555+ List of patches:
1556+ sm501-convert-printf-abort-to-qemu_log_mask.patch
1557+ sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
1558+ sm501-use-BIT-macro-to-shorten-constant.patch
1559+ sm501-clean-up-local-variables-in-sm501_2d_operation.patch
1560+ sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
1561+ Closes: #961451, CVE-2020-12829
1562+ - riscv-allow-64-bit-access-to-SiFive-CLINT.patch
1563+ another fix for revert-memory-accept-.. CVE-2020-13754
1564+ - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
1565+
1566+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul 2020 13:21:31 +0200
1567+
1568+qemu (1:5.0-5ubuntu2) groovy; urgency=medium
1569+
1570+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
1571+
1572+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:32:55 +0100
1573+
1574+qemu (1:5.0-5ubuntu1) groovy; urgency=medium
1575+
1576+ * Merge with Debian testing (LP: #1749393), remaining changes:
1577+ - qemu-kvm to systemd unit
1578+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1579+ hugepages and architecture specifics
1580+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1581+ qemu-kvm-init
1582+ - d/qemu-system-common.install: install helper script
1583+ - d/qemu-system-common.qemu-kvm.default: defaults for
1584+ /etc/default/qemu-kvm
1585+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1586+ - Distribution specific machine type (LP: 1304107 1621042)
1587+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1588+ types
1589+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1590+ for host-phys-bits=true (LP: 1776189)
1591+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1592+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1593+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1594+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1595+ - Enable nesting by default
1596+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1597+ in qemu64 on amd
1598+ [ No more strictly needed, but required for backward compatibility ]
1599+ - improved dependencies
1600+ - Make qemu-system-common depend on qemu-block-extra
1601+ - Make qemu-utils depend on qemu-block-extra
1602+ - let qemu-utils recommend sharutils
1603+ - arch aware kvm wrappers
1604+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1605+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1606+ reference 256k path
1607+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1608+ handle incoming migrations from former releases.
1609+ - d/control-in: Disable capstone disassembler library support (universe)
1610+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1611+ - d/control*, d/rules: disable xen by default, but provide universe
1612+ package qemu-system-x86-xen as alternative
1613+ [includes --disable-xen for user-static builds]
1614+ - d/control-in: disable pmem on ppc64 as it is currently considered
1615+ experimental on that architecture (pmdk v1.8-1)
1616+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1617+ - d/rules: report config log from the correct subdir
1618+ - allow qemu to load old modules post upgrade (LP 1847361)
1619+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1620+ upgrade
1621+ - d/rules: generate maintainer scripts matching package version on build
1622+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1623+ - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
1624+ - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1625+ - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1626+ crashes it on shutdown (LP 1878973)
1627+ * Dropped changes (no more needed)
1628+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1629+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1630+ in qemu64 cpu type.
1631+ - d/control: avoid upgrade issues triggered by moving ivshmem tools after
1632+ Debian. Fixed by bumping the related Breaks/Replaces to the
1633+ Version Ubuntu introduced the change (LP 1862287)
1634+ * Dropped changes (in Debian)
1635+ - improved s390x support
1636+ - d/binfmt-update-in: fix binfmt being called in some containers
1637+ (LP 1840956)
1638+ - qemu-system-x86-microvm package
1639+ In addition to the generic multi-purpose qemu also provide a minimal
1640+ feature binary that is loading faster for use cases with microvm machine
1641+ type and qboot bios
1642+ - d/control-in: add a new qemu-system-x86-microvm package
1643+ - d/rules: add an extra config/build step to get the minimal qemu
1644+ - Security and packaging fixes (LP 1872937)
1645+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1646+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1647+ CVE-2020-10702
1648+ CVE-2020-11102
1649+ - fix external spice UI
1650+ + install ui-spice-app.so in qemu-system-common
1651+ + install ui-spice-app.so only if built, spice is optional
1652+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1653+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1654+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1655+ - enable riscv build (LP 1872931)
1656+ [ changes picked from Debian ]
1657+ - enable support for riscv64 hosts
1658+ - only enable librbd on architectures where it is built
1659+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1660+ depends on the former
1661+ - seccomp grew up, no need in versioned build-dep
1662+ - enable seccomp only on architectures where it can be built
1663+ * Dropped changes (upstream)
1664+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1665+ (LP 1857033)
1666+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1667+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1668+ vhost-user-gpu
1669+ - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1670+ avoid unnecessary IOTLB transactions (LP 1866207)
1671+ - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1672+ patches @qemu-stable (LP 1867519)
1673+ - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1674+ to avoid broken nesting (LP 1868692)
1675+ - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1676+ (LP 1871830)
1677+ - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
1678+ - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1679+ - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1680+ and clobbered doubles (LP 1872945)
1681+ - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1682+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1683+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1684+ - CVE-2020-11869
1685+ - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1686+ - async: use explicit memory barriers (LP 1805256)
1687+ - aio-wait: delegate polling of main AioContext if BQL not held
1688+ - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1689+ supporting to set them (LP 1882774)
1690+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1691+ load to a versioned path
1692+ * Added Changes:
1693+ - d/control: regenerate debian/control out of control-in
1694+ - update d/p/ubuntu/lp-1835546-* to the final versions
1695+ - 11 patches dropped as they are in 5.0
1696+ - 20 patches updated to how they will be in 5.1
1697+ - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
1698+ FTBFS in groovy
1699+ - Make qemu-system-x86-microvm a transitional package as the binary is now
1700+ in qemu-system-x86 itself.
1701+ - d/control-in: build-dep libcap is no more needed
1702+ - d/rules: update arch aware kvm wrappers
1703+ - d/qemu-system-x86.README.Debian: fix typo
1704+
1705+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 16 Jun 2020 16:50:09 +0200
1706+
1707 qemu (1:5.0-5) unstable; urgency=medium
1708
1709 * more binfmt-install updates
1710@@ -1764,6 +3346,188 @@ qemu (1:4.2-4) unstable; urgency=medium
1711
1712 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 14 Apr 2020 12:44:43 +0300
1713
1714+qemu (1:4.2-3ubuntu10) groovy; urgency=medium
1715+
1716+ * No-change rebuild against libnettle8
1717+
1718+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 20 Jul 2020 16:12:37 +0000
1719+
1720+qemu (1:4.2-3ubuntu9) groovy; urgency=medium
1721+
1722+ * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
1723+ crashes it on shutdown (LP: #1878973)
1724+ * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
1725+ supporting to set them (LP: #1882774)
1726+
1727+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jun 2020 10:42:49 +0200
1728+
1729+qemu (1:4.2-3ubuntu8) groovy; urgency=medium
1730+
1731+ * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
1732+ - async: use explicit memory barriers (LP: #1805256)
1733+ - aio-wait: delegate polling of main AioContext if BQL not held
1734+
1735+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Wed, 27 May 2020 21:47:21 +0000
1736+
1737+qemu (1:4.2-3ubuntu7) groovy; urgency=medium
1738+
1739+ * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
1740+ - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
1741+ ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
1742+ - CVE-2020-11869
1743+
1744+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 May 2020 14:43:19 -0400
1745+
1746+qemu (1:4.2-3ubuntu6) focal; urgency=medium
1747+
1748+ [ Christian Ehrhardt ]
1749+ * enable riscv build (LP: #1872931)
1750+ [ changes picked from Debian ]
1751+ - enable support for riscv64 hosts
1752+ - only enable librbd on architectures where it is built
1753+ - ceph: do not list librados-dev as we only use librbd-dev and the latter
1754+ depends on the former
1755+ - seccomp grew up, no need in versioned build-dep
1756+ - enable seccomp only on architectures where it can be built
1757+ * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
1758+ * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
1759+ and clobbered doubles (LP: #1872945)
1760+
1761+ [ William Grant ]
1762+ * d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
1763+
1764+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 14:27:15 +0200
1765+
1766+qemu (1:4.2-3ubuntu5) focal; urgency=medium
1767+
1768+ [ Christian Ehrhardt ]
1769+ * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
1770+ (LP: #1871830)
1771+ * Security and packaging fixes (LP: #1872937)
1772+ - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
1773+ - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
1774+ CVE-2020-10702
1775+ CVE-2020-11102
1776+ - fix external spice UI
1777+ + install ui-spice-app.so in qemu-system-common
1778+ + install ui-spice-app.so only if built, spice is optional
1779+ - switch binfmt registration to use update-binfmts --[un]import (#866756)
1780+ - qemu-system-gui: Multi-Arch=same, not foreign (#956763)
1781+ - qemu-system-data: s/highcolor/hicolor/ (#955741)
1782+ * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
1783+
1784+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 11:26:44 +0200
1785+
1786+qemu (1:4.2-3ubuntu4) focal; urgency=medium
1787+
1788+ * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
1789+ * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
1790+ to avoid broken nesting (LP: #1868692)
1791+
1792+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100
1793+
1794+qemu (1:4.2-3ubuntu3) focal; urgency=medium
1795+
1796+ * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
1797+ patches @qemu-stable (LP: #1867519)
1798+
1799+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100
1800+
1801+qemu (1:4.2-3ubuntu2) focal; urgency=medium
1802+
1803+ * allow qemu to load old modules post upgrade (LP: #1847361)
1804+ - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
1805+ load to a versioned path
1806+ - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
1807+ upgrade
1808+ - d/rules: generate maintainer scripts matching package version on build
1809+ - d/rules: enable --enable-module-upgrades where --enable-modules is set
1810+ * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
1811+ avoid unnecessary IOTLB transactions (LP: #1866207)
1812+
1813+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100
1814+
1815+qemu (1:4.2-3ubuntu1) focal; urgency=medium
1816+
1817+ * Merge with Debian testing, remaining changes:
1818+ - qemu-kvm to systemd unit
1819+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1820+ hugepages and architecture specifics
1821+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1822+ qemu-kvm-init
1823+ - d/qemu-system-common.install: install helper script
1824+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1825+ - d/qemu-system-common.qemu-kvm.default: defaults for
1826+ /etc/default/qemu-kvm
1827+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1828+ - Distribution specific machine type (LP: 1304107 1621042)
1829+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1830+ types
1831+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1832+ for host-phys-bits=true (LP: 1776189)
1833+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1834+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1835+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1836+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
1837+ - Enable nesting by default
1838+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1839+ in qemu64 cpu type.
1840+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1841+ in qemu64 on amd
1842+ [ No more strictly needed, but required for backward compatibility ]
1843+ - improved dependencies
1844+ - Make qemu-system-common depend on qemu-block-extra
1845+ - Make qemu-utils depend on qemu-block-extra
1846+ - let qemu-utils recommend sharutils
1847+ - improved s390x support
1848+ - d/rules: build s390-ccw.img with upstream Makefile
1849+ - d/rules: build s390-netboot.img with upstream Makefile
1850+ - arch aware kvm wrappers
1851+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1852+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1853+ reference 256k path
1854+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1855+ handle incoming migrations from former releases.
1856+ - d/control-in: Disable capstone disassembler library support (universe)
1857+ - d/binfmt-update-in: fix binfmt being called in some containers
1858+ (LP 1840956)
1859+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
1860+ (LP 1857033)
1861+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
1862+ - d/control*, d/rules: disable xen by default, but provide universe
1863+ package qemu-system-x86-xen as alternative
1864+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
1865+ - Dropped changes [ in Debian ]
1866+ - d/control: update VCS links
1867+ - d/control-in: bump debhelper build-dep for compat 12
1868+ - d/control: disable bluetooth being deprecated
1869+ - d/not-installed: ignore new interop docs and extra icons for now
1870+ - d/not-installed: do not install elf2dmp until namespaced
1871+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1872+ [ not needed ]
1873+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1874+ - s390x support
1875+ - Create qemu-system-s390x package
1876+ - Enable numa support for s390x
1877+ - d/control*: enable libpmem support for nvdimms (LP 1790856)
1878+ * Added changes
1879+ - d/control: regenerate debian/control out of control-in
1880+ - qemu-system-x86-microvm package
1881+ In addition to the generic multi-purpose qemu also provide a minimal
1882+ feature binary that is loading faster for use cases with microvm machine
1883+ type and qboot bios
1884+ - d/control-in: add a new qemu-system-x86-microvm package
1885+ - d/rules: add an extra config/build step to get the minimal qemu
1886+ - d/control-in: disable pmem on ppc64 as it is currently considered
1887+ experimental on that architecture (pmdk v1.8-1)
1888+ - d/rules: makefile definitions can't be recursive - sys_systems for s390x
1889+ - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
1890+ vhost-user-gpu
1891+ - d/rules: report config log from the correct subdir
1892+ - d/rules: --disable-xen for user-static builds
1893+
1894+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 15:21:56 +0100
1895+
1896 qemu (1:4.2-3) unstable; urgency=medium
1897
1898 * mention closing of #909743 in previous changelog (Closes: #909743)
1899@@ -1806,6 +3570,169 @@ qemu (1:4.2-2) unstable; urgency=medium
1900
1901 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 31 Jan 2020 23:51:09 +0300
1902
1903+qemu (1:4.2-1ubuntu2) focal; urgency=medium
1904+
1905+ * d/control: avoid upgrade issues triggered by moving ivshmem tools after
1906+ Debian. Fixed by by bumping the related Breaks/Replaces to the
1907+ Version Ubuntu introduced the change (LP: #1862287)
1908+
1909+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Feb 2020 07:31:21 +0100
1910+
1911+qemu (1:4.2-1ubuntu1) focal; urgency=medium
1912+
1913+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
1914+ LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
1915+ LP: #1812822 - avoid crashes on detaching vhost_net interfaces
1916+ LP: #1852744 - Crypto Passthrough Interrupt Support
1917+ LP: #1853316 - CCW IPL Support
1918+ Remaining changes:
1919+ - qemu-kvm to systemd unit
1920+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
1921+ hugepages and architecture specifics
1922+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
1923+ qemu-kvm-init
1924+ - d/qemu-system-common.install: install helper script
1925+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
1926+ - d/qemu-system-common.qemu-kvm.default: defaults for
1927+ /etc/default/qemu-kvm
1928+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
1929+ - Distribution specific machine type (LP: 1304107 1621042)
1930+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
1931+ types
1932+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
1933+ for host-phys-bits=true (LP: 1776189)
1934+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
1935+ - provide pseries-bionic-2.11-sxxm type as convenience with all
1936+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
1937+ - Enable nesting by default
1938+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
1939+ in qemu64 cpu type.
1940+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
1941+ in qemu64 on amd
1942+ [ No more strictly needed, but required for backward compatibility ]
1943+ - improved dependencies
1944+ - Make qemu-system-common depend on qemu-block-extra
1945+ - Make qemu-utils depend on qemu-block-extra
1946+ - let qemu-utils recommend sharutils
1947+ - s390x support
1948+ - Create qemu-system-s390x package
1949+ - Enable numa support for s390x
1950+ - d/rules: build s390-ccw.img with upstream Makefile
1951+ - d/rules: build s390-netboot.img with upstream Makefile
1952+ - arch aware kvm wrappers
1953+ - d/control: update VCS links
1954+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
1955+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
1956+ reference 256k path
1957+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
1958+ handle incoming migrations from former releases.
1959+ - d/control-in: Disable capstone disassembler library support (universe)
1960+ - d/control: disable bluetooth being deprecated
1961+ - d/not-installed: ignore new interop docs and extra icons for now
1962+ - d/not-installed: do not install elf2dmp until namespaced
1963+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
1964+ - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
1965+ - d/binfmt-update-in: fix binfmt being called in some containers
1966+ (LP 1840956)
1967+ - Dropped changes (in Debian)
1968+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
1969+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
1970+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
1971+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
1972+ - enable RDMA config option
1973+ - add libibumad-dev build-dep
1974+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
1975+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
1976+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
1977+ replace it with a build-indep using the upstream makefiles.
1978+ This is less prone to miss future changes/fixes that are done to the
1979+ makefiles
1980+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
1981+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
1982+ - d/rules: fix qemu-kvm service for debhelper compat >=12
1983+ - Refreshed patches for v4.0 context changes
1984+ - d/control*: remove sdlabi which was removed upstream
1985+ - d/control*: enable docs (now explicit) and provide new build-dep
1986+ python3-sphinx
1987+ - d/qemu-system-data.install: use new paths for formerly used icons
1988+ - Merge with Upstream release of qemu 4.0
1989+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
1990+ - Dropped changes (Upstream)
1991+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
1992+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
1993+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
1994+ fix i386 build error
1995+ - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
1996+ fix naming of the new vector facitlity (LP 1836066)
1997+ - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
1998+ for missing SIOCGSTAMP definition; final fix is still in discussion
1999+ upstream (LP: 1836159)
2000+ - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
2001+ s390x machines (LP 1836154)
2002+ - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
2003+ (LP 1841066)
2004+ - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
2005+ update the z15 model name (LP 1842774)
2006+ - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
2007+ fix a potential hang when qemu or qemu-img where accessing http backed
2008+ disks via libcurl (LP 1848556)
2009+ - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
2010+ fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
2011+ - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
2012+ toleration for future machines (LP 1830704)
2013+ - SECURITY UPDATE: Add support for exposing md-clear functionality
2014+ to guests
2015+ - d/p/ubuntu/enable-md-clear.patch
2016+ - d/p/ubuntu/enable-md-no.patch
2017+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
2018+ - SECURITY UPDATE: heap overflow when loading device tree blob
2019+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
2020+ copy the device tree blob into is.
2021+ - CVE-2018-20815
2022+ - SECURITY UPDATE: device driver denial of service via NULL pointer
2023+ dereference
2024+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
2025+ routine
2026+ - CVE-2019-5008
2027+ - SECURITY UPDATE: information leak in SLiRP
2028+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
2029+ emulating ident.
2030+ - CVE-2019-9824
2031+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
2032+ unimplement.patch: properly return architecture defined exception
2033+ on bad subcodes of diag 308 (LP 1812384)
2034+ * Dropped changes (no more needed)
2035+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
2036+ mv_conffile since the new path is a directory in the old package
2037+ version which can not be handled by mv_conffile.
2038+ [ only needed between disco and eoan ]
2039+ - disable pvrdma
2040+ [ CVEs all fixed now ]
2041+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2042+ avoid misdetection of simplified nesting blocking all migrations
2043+ [ qemu now detects and handles nesting - needs kernel >=4.20 ]
2044+ - Enable nesting by default
2045+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
2046+ (is default on amd)
2047+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
2048+ without nested=1
2049+ [ nesting is default in kernel modules and default selected cpu types ]
2050+ * Added changes
2051+ - d/control: regenerate debian/control out of control-in
2052+ - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
2053+ - added ubuntu focal types for qemu 4.2
2054+ - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
2055+ - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
2056+ (LP: #1857033)
2057+ - d/qemu-system-x86.README.Debian: add info about updated nesting changes
2058+ - d/control*, d/rules: disable xen by default, but provide universe
2059+ package qemu-system-x86-xen as alternative
2060+ - fix typos in changelog and d/qemu-system-x86.NEWS
2061+ - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
2062+ - d/control*: enable libpmem support for nvdimms (LP: #1790856)
2063+
2064+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 08 Jan 2020 15:27:42 +0100
2065+
2066 qemu (1:4.2-1) unstable; urgency=medium
2067
2068 * new upstream release (4.2.0)
2069@@ -1882,6 +3809,205 @@ qemu (1:4.1-1) unstable; urgency=medium
2070
2071 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 27 Aug 2019 12:43:43 +0300
2072
2073+qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
2074+
2075+ * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
2076+ fix a potential hang when qemu or qemu-img where accessing http backed
2077+ disks via libcurl (LP: #1848556)
2078+ * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
2079+ fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
2080+
2081+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
2082+
2083+qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
2084+
2085+ * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
2086+ update the z15 model name (LP: #1842774)
2087+
2088+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Sep 2019 11:42:58 +0200
2089+
2090+qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
2091+
2092+ * d/binfmt-update-in: fix binfmt being called in some containers
2093+ (LP: #1840956)
2094+
2095+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 09 Sep 2019 11:03:13 +0200
2096+
2097+qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
2098+
2099+ * No-change upload with strops.h and sys/strops.h removed in glibc.
2100+
2101+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:07:25 +0000
2102+
2103+qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
2104+
2105+ * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
2106+ (LP: #1841066)
2107+
2108+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Aug 2019 12:08:04 +0200
2109+
2110+qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
2111+
2112+ * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
2113+ s390x machines (LP: #1836154)
2114+
2115+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 13:20:42 +0200
2116+
2117+qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
2118+
2119+ * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
2120+ - pick Debian change for (#889885)
2121+ move ovmf to recommends on debian and update aarch ovmf refs
2122+ - stop Ubuntu to drop ovmf/qemu-efi to a suggest
2123+
2124+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Jul 2019 12:48:24 +0200
2125+
2126+qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
2127+
2128+ * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
2129+ for missing SIOCGSTAMP definition; final fix is still in discussion
2130+ upstream (LP: 1836159)
2131+
2132+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 10:10:00 +0200
2133+
2134+qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
2135+
2136+ * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
2137+ fix naming of the new vector facitlity (LP: #1836066)
2138+ * d/control-in: update VCS links in control template as well
2139+
2140+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Jul 2019 08:18:44 +0200
2141+
2142+qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
2143+
2144+ * Merge with Upstream release of qemu 4.0.
2145+ Among many other things this fixes LP Bugs:
2146+ LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
2147+ LP: #1828038 - Update s390x CPU Model for more HW support
2148+ LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
2149+ Remaining Changes:
2150+ - qemu-kvm to systemd unit
2151+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2152+ hugepages and architecture specifics
2153+ - d/qemu-system-common.qemu-kvm.service: systemd unit to call
2154+ qemu-kvm-init
2155+ - d/qemu-system-common.install: install helper script
2156+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2157+ - d/qemu-system-common.qemu-kvm.default: defaults for
2158+ /etc/default/qemu-kvm
2159+ - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
2160+ - Enable nesting by default
2161+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
2162+ (is default on amd)
2163+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
2164+ without nested=1
2165+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2166+ in qemu64 cpu type.
2167+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2168+ in qemu64 on amd
2169+ - d/qemu-system-x86.README.Debian: document intention of nested being
2170+ default is comfort, not full support
2171+ - Distribution specific machine type (LP: 1304107 1621042)
2172+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2173+ types
2174+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2175+ for host-phys-bits=true (LP: 1776189)
2176+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2177+ - provide pseries-bionic-2.11-sxxm type as convenience with all
2178+ meltdown/spectre workarounds enabled by default. (LP: 1761372).
2179+ - improved dependencies
2180+ - Make qemu-system-common depend on qemu-block-extra
2181+ - Make qemu-utils depend on qemu-block-extra
2182+ - let qemu-utils recommend sharutils
2183+ - s390x support
2184+ - Create qemu-system-s390x package
2185+ - Enable numa support for s390x
2186+ - arch aware kvm wrappers
2187+ - d/control: update VCS links
2188+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2189+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2190+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2191+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2192+ - enable RDMA config option
2193+ - add libibumad-dev build-dep
2194+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2195+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2196+ reference 256k path
2197+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2198+ handle incoming migrations from former releases.
2199+ - d/control-in: Disable capstone disassembler library support (universe)
2200+ - Move s390x roms to a new qemu-system-data-s390x
2201+ - d/qemu-system-data.install: install s390x roms as architecture:all in
2202+ qemu-system-data
2203+ - d/rules: build s390-ccw.img with upstream Makefile
2204+ - d/rules: build s390-netboot.img with upstream Makefile
2205+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
2206+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
2207+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
2208+ replace it with a build-indep using the upstream makefiles.
2209+ This is less prone to miss future changes/fixes that are done to the
2210+ makefiles
2211+ - d/control-in: add breaks/replaces for moving s390x roms from
2212+ qemu-system-s390x to qemu-system-data
2213+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
2214+ [From not yet uploaded Debian branch]
2215+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
2216+ - d/rules: fix qemu-kvm service for debhelper compat >=12
2217+ - disable pvrdma - besides several security holes there are many other
2218+ bugs there as well
2219+ * Dropped patches that are upstream in v4.0
2220+ - d/p/do-not-link-everything-with-xen.patch
2221+ - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
2222+ - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
2223+ - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
2224+ - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
2225+ - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
2226+ - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
2227+ (LP: 1759509)
2228+ - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
2229+ - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
2230+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
2231+ - d/p/ubuntu/CVE-2018-20815.patch
2232+ - d/p/ubuntu/CVE-2019-5008.patch
2233+ - d/p/ubuntu/CVE-2019-9824.patch
2234+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2235+ avoid misdetection of simplified nesting blocking all migrations
2236+ * Dropped further patches
2237+ d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
2238+ [upstream deprecated the whole subsystem instead of applying the fix]
2239+ * Added Changes
2240+ - updated ubuntu machine types for v4.0
2241+ - added eoan types
2242+ - fixed s390x issue of upstream types having a "v" prefix
2243+ - add back dropped machine types to avoid more issues like LP: 1802944
2244+ - fix kvm split irqchip default in ubuntu q35 machine type
2245+ - drop no more needed spapr_machine_2_11_sxxm_instance_options and
2246+ adapt updated CamelCase
2247+ - -hpb types now need to use GlobalProperties
2248+ - pc_compat_2_0 got a _fn suffix and slight changes
2249+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
2250+ SLOF of qemu 4.0
2251+ - Refreshed patches still needed for v4.0 context changes
2252+ - d/p/use-fixed-data-path.patch
2253+ - d/p/ubuntu/enable-svm-by-default.patch
2254+ - d/p/ubuntu/enable-md-clear.patch
2255+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
2256+ - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
2257+ (LP: #1830243)
2258+ - d/control: disable bluetooth being deprecated
2259+ - d/control*: remove sdlabi which was removed upstream
2260+ - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
2261+ - d/control*: enable docs (now explicit) and provide new build-dep
2262+ python3-sphinx
2263+ - d/not-installed: ignore new interop docs and extra icons for now
2264+ - d/not-installed: do not install elf2dmp until namespaced
2265+ - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
2266+ - d/qemu-system-data.install: use new paths for formerly used icons
2267+ - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
2268+ fix i386 build error
2269+
2270+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jun 2019 16:33:19 +0200
2271+
2272 qemu (1:3.1+dfsg-8) unstable; urgency=high
2273
2274 * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
2275@@ -1984,6 +4110,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium
2276
2277 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 06 Feb 2019 12:23:01 +0300
2278
2279+qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
2280+
2281+ * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
2282+ broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
2283+ fix migrations from old machines (LP: #1829868).
2284+ * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
2285+ toleration for future machines (LP: #1830704
2286+
2287+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 May 2019 11:30:42 +0200
2288+
2289+qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
2290+
2291+ * SECURITY UPDATE: Add support for exposing md-clear functionality
2292+ to guests
2293+ - d/p/ubuntu/enable-md-clear.patch
2294+ - d/p/ubuntu/enable-md-no.patch
2295+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
2296+ * SECURITY UPDATE: heap overflow when loading device tree blob
2297+ - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
2298+ copy the device tree blob into is.
2299+ - CVE-2018-20815
2300+ * SECURITY UPDATE: device driver denial of service via NULL pointer
2301+ dereference
2302+ - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
2303+ routine
2304+ - CVE-2019-5008
2305+ * SECURITY UPDATE: information leak in SLiRP
2306+ - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
2307+ emulating ident.
2308+ - CVE-2019-9824
2309+
2310+ -- Steve Beattie <sbeattie@ubuntu.com> Wed, 08 May 2019 09:27:53 -0700
2311+
2312+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
2313+
2314+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
2315+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
2316+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
2317+ mv_conffile since the new path is a directory in the old package
2318+ version which can not be handled by mv_conffile.
2319+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
2320+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
2321+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
2322+ CVE-2019-3812
2323+
2324+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
2325+
2326+qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
2327+
2328+ * disable pvrdma - besides several security holes there are many other
2329+ bugs there as well, and the amount of patches applied upstream after
2330+ 3.1 release is large (Closes, or actuallymakes unimportant again)
2331+ - CVE-2018-20123
2332+ - CVE-2018-20124
2333+ - CVE-2018-20125
2334+ - CVE-2018-20126
2335+ - CVE-2018-20191
2336+ - CVE-2018-20216
2337+ * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
2338+ - CVE-2019-6501
2339+ * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
2340+ - CVE-2019-6778
2341+
2342+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 19 Feb 2019 06:43:04 +0100
2343+
2344+qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
2345+
2346+ * Merge with Debian testing, Among many other things this fixes LP Bugs:
2347+ LP: #1806104 - fix misleading page size error on ppc64el
2348+ LP: #1782205 - SnowRidge enabled new ISAs
2349+ LP: #1786956 - upgrade to qemu >= 3.0
2350+ LP: #1809083 - Backward migration to Xenial on ppc64el
2351+ LP: #1803315 - s390x Huge page enablement
2352+ LP: #1657409 - enable virglrenderer
2353+ Remaining Changes:
2354+ - qemu-kvm to systemd unit
2355+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2356+ hugepages and architecture specifics
2357+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2358+ - d/qemu-system-common.install: install systemd unit and helper script
2359+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2360+ - d/qemu-system-common.qemu-kvm.default: defaults for
2361+ /etc/default/qemu-kvm
2362+ - d/rules: install /etc/default/qemu-kvm
2363+ - Enable nesting by default
2364+ - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
2365+ (is default on amd)
2366+ - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
2367+ without nested=1
2368+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2369+ in qemu64 cpu type.
2370+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2371+ in qemu64 on amd
2372+ - d/qemu-system-x86.README.Debian: document intention of nested being
2373+ default is comfort, not full support
2374+ - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
2375+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2376+ types
2377+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2378+ for host-phys-bits=true (LP: 1776189)
2379+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2380+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2381+ convenience with all meltdown/spectre workarounds enabled by default.
2382+ (LP: 1761372).
2383+ - improved dependencies
2384+ - Make qemu-system-common depend on qemu-block-extra
2385+ - Make qemu-utils depend on qemu-block-extra
2386+ - let qemu-utils recommend sharutils
2387+ - s390x support
2388+ - Create qemu-system-s390x package
2389+ - Enable numa support for s390x
2390+ - arch aware kvm wrappers
2391+ - d/control: update VCS links (updated to match latest Ubuntu)
2392+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2393+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2394+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2395+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2396+ - enable RDMA config option
2397+ - add libibumad-dev build-dep
2398+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2399+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2400+ reference 256k path
2401+ - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2402+ handle incoming migrations from former releases.
2403+ - d/control-in: Disable capstone disassembler library support (universe)
2404+ * Added Changes:
2405+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
2406+ for qemu 3.1 in the Ubuntu Disco release
2407+ - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
2408+ - Move s390x roms to a new qemu-system-data-s390x
2409+ - d/qemu-system-data.install: install s390x roms as architecture:all in
2410+ qemu-system-data
2411+ - d/rules: build s390-ccw.img with upstream Makefile
2412+ - d/rules: build s390x-netboot.img with upstream Makefile
2413+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
2414+ some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
2415+ As that hack to build s390-ccw.img rom can't build s390x-netboot.img
2416+ replace it with a build-indep using the upstream makefiles.
2417+ This is less prone to miss future changes/fixes that are done to the
2418+ makefiles
2419+ - d/control-in: add breaks/replaces for moving s390x roms from
2420+ qemu-system-s390x to qemu-system-data
2421+ - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
2422+ [From not yet uploaded Debian branch]
2423+ - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
2424+ (Closes: #918378)
2425+ - d/rules: fix qemu-kvm service for debhelper compat >=12
2426+ - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
2427+ avoid misdetection of simplified nesting blocking all migrations
2428+ - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
2429+ unimplement.patch: properly return archicture defined exception
2430+ on bad subcodes of diag 308 (LP: #1812384)
2431+ * Dropped Changes:
2432+ - Include s390-ccw.img firmware (old style native build)
2433+ - d/rules enable install s390x-netboot.img (old style native build)
2434+ - libvirt/qemu user/group support
2435+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2436+ trigger.
2437+ [ Droppable since logind properly sets ACLs now ]
2438+ - qemu-system-common.preinst: add kvm group if needed
2439+ [ Droppable because systemd/udev take care of it since 239-6]
2440+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
2441+ freeze-hook fixes (LP: 1484990)
2442+ [upstream]
2443+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2444+ merged upstream
2445+ [upstream]
2446+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2447+ computation while concatenating mbuf.
2448+ CVE-2018-11806
2449+ [upstream]
2450+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2451+ for powerpc64 to speed up translation (LP: 1781526)
2452+ [upstream]
2453+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2454+ cpu model for z14 ZR1 (LP: 1780773).
2455+ [upstream]
2456+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2457+ (Closes: 903562)
2458+ [in Debian]
2459+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2460+ unreleased Debian version)
2461+ [in Debian]
2462+ - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2463+ by migrations with UI frontends or frequent guest resolution changes
2464+ (LP #1755912)
2465+ [upstream]
2466+ - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2467+ extend eieio for POWER9 emulation (LP: 1787408).
2468+ [upstream]
2469+ - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2470+ ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
2471+ [upstream]
2472+ - improve s390x spectre mitigation with etoken facility (LP: 1790457)
2473+ [upstream]
2474+ - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
2475+ [upstream]
2476+ - d/control-in: our addition of a qemu-system-s390x package needs to follow
2477+ the split of qemu-system-data by adding a dependency to it (LP: 1798084)
2478+ [in Debian]
2479+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2480+ Adapters on s390x (LP: 1787405)
2481+ [upstream]
2482+ - enable opengl for vfio-MDEV support (LP: 1804766)
2483+ [in Debian]
2484+ - SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2485+ [upstream]
2486+ - SECURITY UPDATE: integer overflow via crafted QMP command
2487+ [upstream]
2488+ - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2489+ [upstream]
2490+ - SECURITY UPDATE: buffer overflow in rtl8139
2491+ [upstream]
2492+ - SECURITY UPDATE: buffer overflow in pcnet
2493+ [upstream]
2494+ - SECURITY UPDATE: DoS via large packet sizes
2495+ [upstream]
2496+ - SECURITY UPDATE: DoS in lsi53c895a
2497+ [upstream]
2498+ - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2499+ [upstream]
2500+ - SECURITY UPDATE: race condition in 9p
2501+ [upstream]
2502+
2503+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 09:41:08 +0100
2504+
2505 qemu (1:3.1+dfsg-2) unstable; urgency=medium
2506
2507 * d/rules: split arch and indep builds
2508@@ -2063,6 +4415,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium
2509
2510 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 02 Dec 2018 19:10:27 +0300
2511
2512+qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium
2513+
2514+ [ Marc Deslauriers ]
2515+ * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
2516+ - debian/patches/CVE-2018-10839.patch: use proper type in
2517+ hw/net/ne2000.c.
2518+ - CVE-2018-10839
2519+ * SECURITY UPDATE: integer overflow via crafted QMP command
2520+ - debian/patches/CVE-2018-12617.patch: check bytes count read by
2521+ guest-file-read in qga/commands-posix.c.
2522+ - CVE-2018-12617
2523+ * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
2524+ - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
2525+ - CVE-2018-16847
2526+ * SECURITY UPDATE: buffer overflow in rtl8139
2527+ - debian/patches/CVE-2018-17958.patch: use proper type in
2528+ hw/net/rtl8139.c.
2529+ - CVE-2018-17958
2530+ * SECURITY UPDATE: buffer overflow in pcnet
2531+ - debian/patches/CVE-2018-17962.patch: use proper type in
2532+ hw/net/pcnet.c.
2533+ - CVE-2018-17962
2534+ * SECURITY UPDATE: DoS via large packet sizes
2535+ - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
2536+ - CVE-2018-17963
2537+ * SECURITY UPDATE: DoS in lsi53c895a
2538+ - debian/patches/CVE-2018-18849.patch: check message length value is
2539+ valid in hw/scsi/lsi53c895a.c.
2540+ - CVE-2018-18849
2541+ * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
2542+ - debian/patches/CVE-2018-18954.patch: check size before data buffer
2543+ access in hw/ppc/pnv_lpc.c.
2544+ - CVE-2018-18954
2545+ * SECURITY UPDATE: race condition in 9p
2546+ - debian/patches/CVE-2018-19364-1.patch: use write lock in
2547+ hw/9pfs/cofile.c.
2548+ - debian/patches/CVE-2018-19364-2.patch: use write lock in
2549+ hw/9pfs/9p.c.
2550+ - CVE-2018-19364
2551+
2552+ [ Christian Ehrhardt]
2553+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2554+ Adapters on s390x (LP: #1787405)
2555+ * enable opengl for vfio-MDEV support (LP: #1804766)
2556+ - d/control-in: set --enable-opengl
2557+ - d/control-in: add gl related build-dependencies
2558+
2559+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Nov 2018 13:17:01 -0500
2560+
2561+qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium
2562+
2563+ * d/control-in: our addition of a qemu-system-s390x package needs to follow
2564+ the split of qemu-system-data by adding a dependency to it (LP: #1798084)
2565+
2566+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Oct 2018 10:50:27 +0200
2567+
2568+qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium
2569+
2570+ * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
2571+ The SLOF source pieces in src:qemu are only used for s390x netboot,
2572+ which are independent ROMs (no linking). All other binaries out of this
2573+ are part of src:slof and independent.
2574+ - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch
2575+ - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
2576+ and related fixes
2577+
2578+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Sep 2018 13:31:15 +0200
2579+
2580+qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium
2581+
2582+ * improve s390x spectre mitigation with etoken facility (LP: #1790457)
2583+ - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
2584+ - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
2585+
2586+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Sep 2018 10:06:48 +0200
2587+
2588+qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium
2589+
2590+ * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
2591+ ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
2592+ - CVE-2018-15746
2593+
2594+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 29 Aug 2018 08:50:36 +0200
2595+
2596+qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium
2597+
2598+ [ Murilo Opsfelder Araujo ]
2599+ * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
2600+ extend eieio for POWER9 emulation (LP: #1787408).
2601+
2602+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 11:52:39 +0200
2603+
2604+qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium
2605+
2606+ * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
2607+ by migrations with UI frontends or frequent guest resolution changes
2608+ (LP: #1755912)
2609+
2610+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 Jul 2018 08:26:52 +0200
2611+
2612+qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium
2613+
2614+ * Disable capstone disassembler library support (universe dependency)
2615+
2616+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Jul 2018 08:35:32 +0200
2617+
2618+qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
2619+
2620+ * Merge with Debian testing, Remaining Changes:
2621+ - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
2622+ - qemu-kvm to systemd unit
2623+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2624+ hugepages and architecture specifics
2625+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2626+ - d/qemu-system-common.install: install systemd unit and helper script
2627+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2628+ - d/qemu-system-common.qemu-kvm.default: defaults for
2629+ /etc/default/qemu-kvm
2630+ - d/rules: install /etc/default/qemu-kvm
2631+ - Enable nesting by default
2632+ - set nested=1 module option on intel. (is default on amd)
2633+ - re-load kvm_intel.ko if it was loaded without nested=1
2634+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2635+ in qemu64 cpu type.
2636+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2637+ in qemu64 on amd
2638+ - d/qemu-system-x86.README.Debian: document intention of nested being
2639+ default is comfort, not full support
2640+ - libvirt/qemu user/group support
2641+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2642+ trigger.
2643+ - qemu-system-common.preinst: add kvm group if needed
2644+ - Distribution specific machine type
2645+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2646+ types to ease future live vm migration.
2647+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2648+ - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2649+ for host-phys-bits=true (LP: 1776189)
2650+ - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
2651+ - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2652+ convenience with all meltdown/spectre workarounds enabled by default.
2653+ (LP: 1761372).
2654+ - improved dependencies
2655+ - Make qemu-system-common depend on qemu-block-extra
2656+ - Make qemu-utils depend on qemu-block-extra
2657+ - let qemu-utils recommend sharutils
2658+ - s390x support
2659+ - Create qemu-system-s390x package
2660+ - Include s390-ccw.img firmware
2661+ - Enable numa support for s390x
2662+ - arch aware kvm wrappers
2663+ - update VCS-git (updated to match cosmic)
2664+ - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
2665+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2666+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2667+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2668+ - Create and install pxe netboot images for KVM s390x (LP: 1732094)
2669+ - d/rules enable install s390x-netboot.img
2670+ - d/control-in: enable RDMA support in qemu (LP: 1692476)
2671+ - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
2672+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2673+ reference 256k path
2674+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2675+ handle incoming migrations from former releases.
2676+ - SECURITY UPDATE: Speculative Store Bypass
2677+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2678+ CPUID feature bit in target/i386/cpu.*.
2679+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2680+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2681+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2682+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2683+ target/i386/machine.c.
2684+ - CVE-2018-3639
2685+ * Added Changes:
2686+ - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
2687+ - add cosmic types for base and -hpb
2688+ - drop no more supported types (zesty and yakkety)
2689+ - d/p/series: group machine type changes
2690+ - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
2691+ merged upstream
2692+ - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
2693+ computation while concatenating mbuf.
2694+ CVE-2018-11806
2695+ - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
2696+ deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
2697+ - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
2698+ - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
2699+ - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
2700+ to POWER8
2701+ - d/qemu-kvm-init: drop old VM detection that was broken in some cases and
2702+ is no more needed with systemd-detect-virt being more mature and always
2703+ present.
2704+ - d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
2705+ - d/control-in: add libibumad-dev which is now needed for rdma
2706+ - d/rules: update s390x delta to match new Debian packaging
2707+ - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
2708+ for powerpc64 to speed up translation (LP: #1781526)
2709+ - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
2710+ cpu model for z14 ZR1 (LP: #1780773).
2711+ - Mark qemu-system-data foreign to be able to install it e.g. on i386
2712+ (Closes: 903562)
2713+ - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
2714+ unreleased Debian version)
2715+ * Dropped Changes:
2716+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2717+ (No more removed when building DFSG orig tarball in Debian)
2718+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2719+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2720+ so we revert related changes to stick with the proven for now:
2721+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2722+ depends on it)
2723+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2724+ (Debian switched to gtk which seems to work better and has all
2725+ dependencies in main.)
2726+ - d/control-in: enable seccomp on s390x (in Debian for Linux-any)
2727+ - Changes that are now upstream with qemu 2.12
2728+ - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
2729+ newer versions of glibc >=2.27 (LP: 1753826)
2730+ - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2731+ - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2732+ SSE/AVX/AVX512 cpu features (LP: 1739665)
2733+ - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2734+ space+commpage continuous which avoids long startup times on
2735+ qemu-user-static (LP: 1740219)
2736+ - provide pseries-2.12-sxxm type (LP: 1761372)
2737+ - d/p/ubuntu/lp-1704312-1-* provide means to manually handle
2738+ filesystem-dax with pmem by backporting align and unarmed options
2739+ (LP: 1704312).
2740+ - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2741+ option to slirp's DHCP server (LP: 1762315)
2742+ - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
2743+ Protection information (LP: 1762854).
2744+ - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
2745+ migration (LP: 1763468).
2746+ - SECURITY UPDATE: out-of-bounds access during migration via ps2
2747+ CVE-2017-16845
2748+ - SECURITY UPDATE: arbitrary code execution via load_multiboot
2749+ CVE-2018-7550
2750+ - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2751+ CVE-2018-7858
2752+
2753+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 21 Jun 2018 14:24:06 +0200
2754+
2755 qemu (1:2.12+dfsg-3) unstable; urgency=medium
2756
2757 * make qemu-system-foo depending
2758@@ -2151,6 +4746,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
2759
2760 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 12 Apr 2018 19:04:03 +0300
2761
2762+qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium
2763+
2764+ * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
2765+ for host-phys-bits=true (LP: #1776189)
2766+ - add an info about this change in debian/qemu-system-x86.NEWS
2767+
2768+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 09:01:00 +0200
2769+
2770+qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium
2771+
2772+ * SECURITY UPDATE: Speculative Store Bypass
2773+ - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
2774+ CPUID feature bit in target/i386/cpu.*.
2775+ - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
2776+ 'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
2777+ - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
2778+ MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
2779+ target/i386/machine.c.
2780+ - CVE-2018-3639
2781+
2782+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 09:34:52 -0400
2783+
2784+qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium
2785+
2786+ * SECURITY UPDATE: out-of-bounds access during migration via ps2
2787+ - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
2788+ in post_load routine in hw/input/ps2.c.
2789+ - CVE-2017-16845
2790+ * SECURITY UPDATE: arbitrary code execution via load_multiboot
2791+ - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
2792+ zero in hw/i386/multiboot.c.
2793+ - CVE-2018-7550
2794+ * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
2795+ - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
2796+ hw/display/vga.c.
2797+ - CVE-2018-7858
2798+
2799+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 16 May 2018 14:14:20 -0400
2800+
2801+qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium
2802+
2803+ * No-change rebuild for ncurses soname changes.
2804+
2805+ -- Matthias Klose <doko@ubuntu.com> Thu, 03 May 2018 14:18:39 +0000
2806+
2807+qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
2808+
2809+ * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
2810+ information (LP: #1762854).
2811+ * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
2812+ (LP: #1763468).
2813+
2814+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Apr 2018 07:46:18 +0200
2815+
2816+qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
2817+
2818+ * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
2819+ The Kernel fixes are preferred and already committed to the kernel.
2820+ Therefore remove the default disabling of the HTM feature (LP: #1761175)
2821+ * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
2822+ SSE/AVX/AVX512 cpu features (LP: #1739665)
2823+ * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
2824+ space+commpage continuous which avoids long startup times on
2825+ qemu-user-static (LP: #1740219)
2826+ * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
2827+ convenience with all meltdown/spectre workarounds enabled by default.
2828+ This is not the default type following upstream and x86 on that.
2829+ (LP: #1761372).
2830+ * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
2831+ with pmem by backporting align and unarmed options (LP: #1704312).
2832+ * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
2833+ option to slirp's DHCP server (LP: #1762315)
2834+
2835+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 04 Apr 2018 15:16:07 +0200
2836+
2837+qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
2838+
2839+ * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
2840+ accepted to be better long term maintainable (LP: #1753938)
2841+
2842+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 22 Mar 2018 10:31:23 +0100
2843+
2844+qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
2845+
2846+ * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
2847+ ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
2848+ * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
2849+ versions of glibc >=2.27 (LP: #1753826)
2850+
2851+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Mar 2018 16:43:01 +0100
2852+
2853+qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
2854+
2855+ * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
2856+ d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
2857+ Add domainname option and classless static routes support to the user
2858+ networking's DHCP server
2859+
2860+ -- Benjamin Drung <benjamin.drung@profitbricks.com> Fri, 02 Mar 2018 21:08:54 +0100
2861+
2862+qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
2863+
2864+ * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
2865+ - among other fixes this adds code to:
2866+ - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
2867+ However, enabling this functionality requires additional configuration
2868+ beyond just updating QEMU. Also migrations need special consideration.
2869+ Details about that can be found at:
2870+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
2871+ - Power9 allocation of max 8 threads per core (LP: #1750526)
2872+ * Drop changes that are part of the upstream stable release
2873+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2874+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2875+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2876+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2877+ * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
2878+ * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
2879+ common compat.h header and add some extra info in the patch header.
2880+
2881+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 11:03:11 +0100
2882+
2883+qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
2884+
2885+ * Merge with Debian testing, among other fixes this includes
2886+ - fix fatal error on negative maxcpus (LP: #1722495)
2887+ - fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
2888+ - linux user threading issues (LP: #1350435)
2889+ - TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
2890+ Remaining changes:
2891+ - qemu-kvm to systemd unit
2892+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
2893+ hugepages and architecture specifics
2894+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
2895+ - d/qemu-system-common.install: install systemd unit and helper script
2896+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
2897+ - d/qemu-system-common.qemu-kvm.default: defaults for
2898+ /etc/default/qemu-kvm
2899+ - d/rules: install /etc/default/qemu-kvm
2900+ - Enable nesting by default
2901+ - set nested=1 module option on intel. (is default on amd)
2902+ - re-load kvm_intel.ko if it was loaded without nested=1
2903+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
2904+ in qemu64 cpu type.
2905+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
2906+ in qemu64 on amd
2907+ - libvirt/qemu user/group support
2908+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
2909+ trigger.
2910+ - qemu-system-common.preinst: add kvm group if needed
2911+ - Distribution specific machine type
2912+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
2913+ types to ease future live vm migration.
2914+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
2915+ - improved dependencies
2916+ - Make qemu-system-common depend on qemu-block-extra
2917+ - Make qemu-utils depend on qemu-block-extra
2918+ - let qemu-utils recommend sharutils
2919+ - s390x support
2920+ - Create qemu-system-s390x package
2921+ - Include s390-ccw.img firmware
2922+ - Enable numa support for s390x
2923+ - ppc64[le] support
2924+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
2925+ - arch aware kvm wrappers
2926+ * Added Changes
2927+ - update VCS-git to match the bionic branch
2928+ - sdl2 is yet too unstable for the LTS Ubuntu release given the reports
2929+ we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
2930+ so we revert related changes to stick with the proven for now:
2931+ - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
2932+ depends on it)
2933+ - 9594f820 - switch from sdl1.2 to sdl2 (#870025)
2934+ - d/qemu-system-x86.README.Debian: document intention of nested being
2935+ default is comfort, not full support
2936+ - update Ubuntu machine types for qemu 2.11
2937+ - qemu-guest-agent: freeze-hook fixes (LP: #1484990)
2938+ - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
2939+ - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
2940+ - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
2941+ - Create and install pxe netboot images for KVM s390x (LP: #1732094)
2942+ - d/rules enable install s390x-netboot.img
2943+ - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
2944+ - d/control-in: enable RDMA support in qemu (LP: #1692476)
2945+ - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
2946+ - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
2947+ - d/p/ubuntu/linux-headers-update-4.15-rc9.patch
2948+ - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
2949+ - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
2950+ - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
2951+ - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
2952+ reference 256k path
2953+ - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
2954+ handle incoming migrations from former releases.
2955+ - d/control-in: enable seccomp on s390x
2956+ * Dropped changes (no more needed):
2957+ - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
2958+ The functionality is retained for upgraders, but is deprecated.
2959+ Post 18.04 the implementation for these configurations will be removed.
2960+ * Dropped changes (in Debian now):
2961+ - ppc64[le] support
2962+ - Enable seccomp for ppc64el
2963+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
2964+ - disable missing x32 architecture
2965+ - d/rules: or32 is now named or1k (since 4a09d0bb)
2966+ - d/qemu-system-common.docs: new paths since (ac06724a)
2967+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
2968+ by qapi-schema.json which is already packaged (since 4d8bb958)
2969+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
2970+ to Debian patch to match qemu 2.10)
2971+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
2972+ since 8508eee7
2973+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
2974+ - make nios2/hppa not installed explicitly until further stablized
2975+ - d/qemu-guest-agent.install: add the new guest agent reference man page
2976+ qemu-ga-ref
2977+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
2978+ along the qapi intro
2979+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
2980+ dh_missing that are already provided in other formats qemu-doc,
2981+ qemu-qmp-ref,qemu-ga-ref
2982+ * Dropped changes (integrated upstream):
2983+ - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
2984+ on arm64 when doing suspend/resume and reboots due to older kernels not
2985+ supporting ITS (LP 1731051).
2986+ - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
2987+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
2988+ calls (LP 1726394)
2989+ - update to upstream 2.10.1 point release (LP 1722808)
2990+
2991+
2992+
2993+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jan 2018 14:35:18 +0100
2994+
2995 qemu (1:2.11+dfsg-1) unstable; urgency=medium
2996
2997 [ Michael Tokarev ]
2998@@ -2265,6 +5093,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium
2999
3000 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 23 Sep 2017 16:47:02 +0300
3001
3002+qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
3003+
3004+ * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
3005+ on arm64 when doing suspend/resume and reboots due to older kernels not
3006+ supporting ITS (LP: #1731051).
3007+
3008+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 Nov 2017 08:30:29 +0100
3009+
3010+qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
3011+
3012+ * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
3013+ James Cowgill to prevent qemu-user from forwarding prctl seccomp
3014+ calls (LP: #1726394)
3015+
3016+ -- Julian Andres Klode <juliank@ubuntu.com> Sat, 04 Nov 2017 00:21:14 +0100
3017+
3018+qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
3019+
3020+ * fix enablement of qemu-kvm service (LP: #1720397)
3021+ - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
3022+ - d/rules: add proper enablement debhelper calls
3023+ - d/qemu-system-common.install: install covered by dh_installinit
3024+
3025+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Oct 2017 11:28:39 +0200
3026+
3027+qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
3028+
3029+ * update to upstream 2.10.1 point release (LP: #1722808)
3030+
3031+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Oct 2017 15:33:40 +0200
3032+
3033+qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
3034+
3035+ * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
3036+ Remaining changes:
3037+ - qemu-kvm to systemd unit
3038+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
3039+ hugepages and architecture specifics
3040+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
3041+ - d/qemu-system-common.install: install systemd unit and helper script
3042+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
3043+ - d/qemu-system-common.qemu-kvm.default: defaults for
3044+ /etc/default/qemu-kvm
3045+ - d/rules: install /etc/default/qemu-kvm
3046+ - Enable nesting by default
3047+ - set nested=1 module option on intel. (is default on amd)
3048+ - re-load kvm_intel.ko if it was loaded without nested=1
3049+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
3050+ in qemu64 cpu type.
3051+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
3052+ in qemu64 on amd
3053+ - libvirt/qemu user/group support
3054+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
3055+ trigger.
3056+ - qemu-system-common.preinst: add kvm group if needed
3057+ - Distribution specific machine type
3058+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3059+ types to ease future live vm migration.
3060+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
3061+ - improved dependencies
3062+ - Make qemu-system-common depend on qemu-block-extra
3063+ - Make qemu-utils depend on qemu-block-extra
3064+ - let qemu-utils recommend sharutils
3065+ - s390x support
3066+ - Create qemu-system-s390x package
3067+ - Include s390-ccw.img firmware
3068+ - Enable numa support for s390x
3069+ - ppc64[le] support
3070+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3071+ - Enable seccomp for ppc64el
3072+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
3073+ - arch aware kvm wrappers
3074+ - update VCS-git to match the Artful branch
3075+ - disable missing x32 architecture
3076+ - d/rules: or32 is now named or1k (since 4a09d0bb)
3077+ - d/qemu-system-common.docs: new paths since (ac06724a)
3078+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
3079+ by qapi-schema.json which is already packaged (since 4d8bb958)
3080+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
3081+ to Debian patch to match qemu 2.10)
3082+ - s390x package now builds correctly on all architectures (LP 1710695)
3083+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
3084+ since 8508eee7
3085+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
3086+ - make nios2/hppa not installed explicitly until further stablized
3087+ - d/qemu-guest-agent.install: add the new guest agent reference man page
3088+ qemu-ga-ref
3089+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
3090+ along the qapi intro
3091+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
3092+ dh_missing that are already provided in other formats qemu-doc,
3093+ qemu-qmp-ref,qemu-ga-ref
3094+
3095+
3096+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 08:31:26 +0200
3097+
3098+qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
3099+
3100+ * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
3101+ Remaining changes:
3102+ - qemu-kvm to systemd unit
3103+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
3104+ hugepages and architecture specifics
3105+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
3106+ - d/qemu-system-common.install: install systemd unit and helper script
3107+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
3108+ - d/qemu-system-common.qemu-kvm.default: defaults for
3109+ /etc/default/qemu-kvm
3110+ - d/rules: install /etc/default/qemu-kvm
3111+ - Enable nesting by default
3112+ - set nested=1 module option on intel. (is default on amd)
3113+ - re-load kvm_intel.ko if it was loaded without nested=1
3114+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
3115+ in qemu64 cpu type.
3116+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
3117+ in qemu64 on amd
3118+ - libvirt/qemu user/group support
3119+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
3120+ trigger.
3121+ - qemu-system-common.preinst: add kvm group if needed
3122+ - Distribution specific machine type
3123+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3124+ types to ease future live vm migration.
3125+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
3126+ - improved dependencies
3127+ - Make qemu-system-common depend on qemu-block-extra
3128+ - Make qemu-utils depend on qemu-block-extra
3129+ - let qemu-utils recommend sharutils
3130+ - s390x support
3131+ - Create qemu-system-s390x package
3132+ - Include s390-ccw.img firmware
3133+ - Enable numa support for s390x
3134+ - ppc64[le] support
3135+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3136+ - Enable seccomp for ppc64el
3137+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
3138+ - arch aware kvm wrappers
3139+ - update VCS-git to match the Artful branch
3140+ - disable missing x32 architecture
3141+ - d/rules: or32 is now named or1k (since 4a09d0bb)
3142+ - d/qemu-system-common.docs: new paths since (ac06724a)
3143+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
3144+ by qapi-schema.json which is already packaged (since 4d8bb958)
3145+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
3146+ to Debian patch to match qemu 2.10)
3147+ - s390x package now builds correctly on all architectures (LP 1710695)
3148+ * Added changes:
3149+ - d/qemu-system-common.docs: adapt new path of live-block-operations.rst
3150+ since 8508eee7
3151+ - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
3152+ - make nios2/hppa not installed explicitly until further stablized
3153+ - d/qemu-guest-agent.install: add the new guest agent reference man page
3154+ qemu-ga-ref
3155+ - d/qemu-system-common.install: add the now generated qapi/qmp reference
3156+ along the qapi intro
3157+ - d/not-installed: ignore further generated (since 56e8bdd4) files in
3158+ dh_missing that are already provided in other formats qemu-doc,
3159+ qemu-qmp-ref,qemu-ga-ref
3160+ - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
3161+ changes in 2.10-rc4
3162+
3163+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 25 Aug 2017 07:49:30 +0200
3164+
3165+qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
3166+
3167+ * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
3168+ a set of bugs
3169+ - [FFE] Qemu 2.10 in Artful (LP: #1699968)
3170+ - CPU hot unplug fails after migrating a CPU hotplugged guest
3171+ from source (LP: #1677552)
3172+ - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
3173+ - New KVM 288 Pass Through (LP: #1672447)
3174+ - aarch64: MSI is not supported by interrupt controller (LP: #1706630)
3175+ * Remaining changes:
3176+ - qemu-kvm to systemd unit
3177+ - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
3178+ hugepages and architecture specifics
3179+ - d/qemu-kvm.service: systemd unit to call qemu-kvm-init
3180+ - d/qemu-system-common.install: install systemd unit and helper script
3181+ - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
3182+ - d/qemu-system-common.qemu-kvm.default: defaults for
3183+ /etc/default/qemu-kvm
3184+ - d/rules: install /etc/default/qemu-kvm
3185+ - Enable nesting by default
3186+ - set nested=1 module option on intel. (is default on amd)
3187+ - re-load kvm_intel.ko if it was loaded without nested=1
3188+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
3189+ in qemu64 cpu type.
3190+ - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
3191+ in qemu64 on amd
3192+ - libvirt/qemu user/group support
3193+ - qemu-system-common.postinst: remove acl placed by udev, and add udevadm
3194+ trigger.
3195+ - qemu-system-common.preinst: add kvm group if needed
3196+ - Distribution specific machine type
3197+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3198+ types to ease future live vm migration.
3199+ - d/qemu-system-x86.NEWS Info on fixed machine type definitions
3200+ - improved dependencies
3201+ - Make qemu-system-common depend on qemu-block-extra
3202+ - Make qemu-utils depend on qemu-block-extra
3203+ - let qemu-utils recommend sharutils
3204+ - s390x support
3205+ - Create qemu-system-s390x package
3206+ - Include s390-ccw.img firmware
3207+ - Enable numa support for s390x
3208+ - ppc64[le] support
3209+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3210+ - Enable seccomp for ppc64el
3211+ - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
3212+ - arch aware kvm wrappers
3213+ - disable missing x32 architecture
3214+ - update VCS links
3215+ * Added changes
3216+ - d/rules: or32 is now named or1k (since 4a09d0bb)
3217+ - d/qemu-system-common.docs: new paths since (ac06724a)
3218+ - d/qemu-system-common.install: qmp-commands.txt removed, but replaced
3219+ by qapi-schema.json which is already packaged (since 4d8bb958)
3220+ - Updates in debian/patches to match qemu 2.10
3221+ - d/p/02_kfreebsd.patch: utimensat is no more optional upstream
3222+ - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
3223+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
3224+ - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
3225+ - update VCS-git to match the Artful branch
3226+ - s390x package now builds correctly on all architectures (LP: #1710695)
3227+ * Dropped changes (integrated upstream):
3228+ - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3229+ "spapr/pci: populate PCI DT in reverse order" (LP 1670481).
3230+ - All CVE fixes formerly applied are upstream and thereby dropped.
3231+
3232+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Aug 2017 16:59:19 +0200
3233+
3234 qemu (1:2.8+dfsg-7) unstable; urgency=medium
3235
3236 * uploading to unstable all fixes which went to stretch-security
3237@@ -2374,6 +5434,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high
3238
3239 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 03 Apr 2017 16:28:49 +0300
3240
3241+qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
3242+
3243+ * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
3244+ This was inadvertently dropped on 2.8 merge.
3245+
3246+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 May 2017 15:45:58 +0200
3247+
3248+qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
3249+
3250+ * SECURITY UPDATE: denial of service via leak in virtFS
3251+ - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
3252+ hw/9pfs/9p.c.
3253+ - CVE-2017-7377
3254+ * SECURITY UPDATE: denial of service in cirrus_vga
3255+ - debian/patches/CVE-2017-7718.patch: check parameters in
3256+ hw/display/cirrus_vga_rop.h.
3257+ - CVE-2017-7718
3258+ * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
3259+ - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
3260+ hw/display/cirrus_vga.c.
3261+ - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
3262+ hw/display/cirrus_vga.c.
3263+ - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
3264+ in hw/display/cirrus_vga.c.
3265+ - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
3266+ hw/display/cirrus_vga.c.
3267+ - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
3268+ in hw/display/cirrus_vga.c.
3269+ - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
3270+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3271+ hw/display/cirrus_vga_rop2.h.
3272+ - debian/patches/CVE-2017-7980-7.patch: stop passing around src
3273+ pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
3274+ hw/display/cirrus_vga_rop2.h.
3275+ - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
3276+ hw/display/cirrus_vga_rop.h.
3277+ - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
3278+ hw/display/cirrus_vga.c.
3279+ - CVE-2017-7980
3280+ * SECURITY UPDATE: denial of service via memory leak in virtFS
3281+ - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
3282+ - CVE-2017-8086
3283+ * SECURITY UPDATE: denial of service via leak in audio
3284+ - debian/patches/CVE-2017-8309.patch: release capture buffers in
3285+ audio/audio.c.
3286+ - CVE-2017-8309
3287+ * SECURITY UPDATE: denial of service via leak in keyboard
3288+ - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
3289+ ui/input.c.
3290+ - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
3291+ ui/input.c.
3292+ - CVE-2017-8379
3293+
3294+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 May 2017 09:20:54 -0400
3295+
3296+qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
3297+
3298+ * SECURITY UPDATE: DoS in virtio GPU device
3299+ - debian/patches/CVE-2016-10028.patch: check virgl capabilities
3300+ max_size in hw/display/virtio-gpu-3d.c.
3301+ - CVE-2016-10028
3302+ * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
3303+ - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
3304+ in hw/dma/rc4030.c.
3305+ - CVE-2016-8667
3306+ * SECURITY UPDATE: host filesystem access via virtFS
3307+ - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
3308+ hw/9pfs/*.
3309+ - CVE-2016-9602
3310+ * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
3311+ - debian/patches/CVE-2016-9603.patch: remove bitblit support from
3312+ console code in hw/display/cirrus_vga.c, include/ui/console.h,
3313+ ui/console.c, ui/vnc.c.
3314+ - CVE-2016-9603
3315+ * SECURITY UPDATE: information leak in virtio GPU device
3316+ - debian/patches/CVE-2016-9908.patch: properly clear out memory in
3317+ hw/display/virtio-gpu-3d.c.
3318+ - CVE-2016-9908
3319+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3320+ - debian/patches/CVE-2016-9912.patch: properly free memory in
3321+ hw/display/virtio-gpu.c.
3322+ - CVE-2016-9912
3323+ * SECURITY UPDATE: DoS via virtFS
3324+ - debian/patches/CVE-2016-9914.patch: add cleanup operations to
3325+ fsdev/file-op-9p.h, hw/9pfs/9p.c.
3326+ - CVE-2016-9914
3327+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3328+ - debian/patches/CVE-2017-5552.patch: check return value in
3329+ hw/display/virtio-gpu-3d.c.
3330+ - CVE-2017-5552
3331+ * SECURITY UPDATE: DoS via memory leak in virtio GPU device
3332+ - debian/patches/CVE-2017-5578.patch: check res->iov in
3333+ hw/display/virtio-gpu.c.
3334+ - CVE-2017-5578
3335+ * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
3336+ - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
3337+ handling in hw/sd/sdhci.c.
3338+ - CVE-2017-5987
3339+ * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
3340+ - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
3341+ hw/usb/hcd-ohci.c.
3342+ - CVE-2017-6505
3343+
3344+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 24 Apr 2017 07:30:11 -0400
3345+
3346+qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
3347+
3348+ * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
3349+ "spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
3350+
3351+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 07 Mar 2017 09:23:08 +0100
3352+
3353+qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
3354+
3355+ * Merge with Debian;
3356+ This fixes several CVEs that were reported against qemu 2.8 and also
3357+ includes a few important functional backports (LP: #1667033); remaining
3358+ changes:
3359+ - add qemu-kvm init script and defaults file
3360+ (d/qemu-system-common.qemu-kvm.*)
3361+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
3362+ modules and handling /etc/default/qemu-kvm
3363+ - qemu-system-common.preinst: add kvm group if needed
3364+ - Enable nesting by default on intel.
3365+ - set default module option
3366+ - re-load kvm_intel.ko if it was loaded without nested=1
3367+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3368+ default in qemu64 cpu type.
3369+ - Enable svm by default for qemu64 on amd
3370+ - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
3371+ define distro machine types to ease future live vm migration (includes
3372+ all former follow up fixes).
3373+ - Make qemu-system-common depend on qemu-block-extra
3374+ - Make qemu-utils depend on qemu-block-extra
3375+ - s390x support
3376+ - Create qemu-system-s390x package
3377+ - Include s390-ccw.img firmware
3378+ - qemu-system-common.postinst:
3379+ - change acl placed by udev, and add udevadm trigger.
3380+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3381+ - Several changes were applied but missing in the changelog so far
3382+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3383+ - arch aware kvm wrapper
3384+ - update VCS links
3385+ - let qemu-utils recommend sharutils
3386+ - disable x32 architecture
3387+ - Enable seccomp for ppc64el
3388+ - Enable numa support for s390x
3389+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3390+ init.d-script-missing-dependency-on-remote_fs
3391+ - d/qemu-system-common.postinst: fix lintian error type
3392+ command-with-path-in-maintainer-script
3393+ - Transition qemu-kvm to a systemd unit
3394+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3395+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3396+ that it shows up where the user expects (sytemctl status, kvm stdout)
3397+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3398+ - add arch aware kvm wrapper for s390x
3399+ * Dropped Changes (in Debian now):
3400+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3401+ - d/control-in: change dependencies for fix of wrong acl for newly
3402+ created device node on ubuntu
3403+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3404+ relationship, but qemu-efi is still in universe right now.
3405+ - Disable glusterfs (Universe dependency)
3406+ - no more skip disable libiscsi on Ubuntu
3407+ - d/rules, d/control-in: avoid people editing d/control
3408+ * Added Changes:
3409+ - d/control: bump libseccomp-dev dependency as enabling libseccomp for
3410+ power makes 2.3 the minimum level.
3411+
3412+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2017 14:23:16 +0100
3413+
3414 qemu (1:2.8+dfsg-3) unstable; urgency=high
3415
3416 * urgency high due to security fixes
3417@@ -2434,6 +5667,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high
3418
3419 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 28 Feb 2017 11:40:18 +0300
3420
3421+qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
3422+
3423+ * Merge with Debian; remaining changes:
3424+ - add qemu-kvm init script and defaults file
3425+ (d/qemu-system-common.qemu-kvm.*)
3426+ - d/rules, d/qemu-kvm-init: add and install script loading kvm
3427+ modules and handling /etc/default/qemu-kvm
3428+ - qemu-system-common.preinst: add kvm group if needed
3429+ - Enable nesting by default on intel.
3430+ - set default module option
3431+ - re-load kvm_intel.ko if it was loaded without nested=1
3432+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
3433+ default in qemu64 cpu type.
3434+ - Enable svm by default for qemu64 on amd
3435+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3436+ types to ease future live vm migration.
3437+ - Make qemu-system-common depend on qemu-block-extra
3438+ - Make qemu-utils depend on qemu-block-extra
3439+ - s390x support
3440+ - Create qemu-system-s390x package
3441+ - Include s390-ccw.img firmware
3442+ - qemu-system-common.postinst:
3443+ - change acl placed by udev, and add udevadm trigger.
3444+ - d/control-in: change dependencies for fix of wrong acl for newly
3445+ created device node on ubuntu
3446+ - have qemu-system-arm suggest: qemu-efi; this should be a stronger
3447+ relationship, but qemu-efi is still in universe right now.
3448+ - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
3449+ - Several changes were applied but missing in the changelog so far
3450+ - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
3451+ - arch aware kvm wrapper
3452+ - update VCS links
3453+ - no more skip disable libiscsi on Ubuntu
3454+ - let qemu-utils recommend sharutils
3455+ - disable x32 architecture
3456+ * Dropped Changes:
3457+ - Several changes were applied but missing in the changelog so far
3458+ but are no more needed
3459+ - no pie for relocatable LD calls, with toolchain defaulting to
3460+ pie (fixed upstream)
3461+ - enable libnuma-dev (now in Debian)
3462+ - transition for moved init scripts (can be dropped after LTS
3463+ containing >=2.5 which is Xenial)
3464+ - --enable-seccomp related whitespace change (had no effect)
3465+ - apport hook for qemu source package (In Debian)
3466+ - add upstart script (d/qemu-system-common.qemu-kvm.upstart)
3467+ - d/qemu-system-x86.maintscript: transition off of
3468+ /etc/init.d/qemu-system-x86 (can be dropped after Xenial)
3469+ - Enable pie by default, on ubuntu/s390x. (Is the default since
3470+ >=Xenial, no cloud archive backport <=Xenial to consider)
3471+ - no pie for relocatable LD calls (fixed upstream in commit
3472+ 7ecf44a5)
3473+ - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
3474+ - Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3475+ (Improved fix included by upstream)
3476+ - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
3477+ - Fixed wrong migration blocker when vhost is used (is upstream in
3478+ qemu 2.8)
3479+ * Added Changes:
3480+ - d/rules, d/control-in: avoid people editing d/control by warning
3481+ header and non writable permissions
3482+ - fixed moving trusty machine type definition which made it
3483+ ambiguous (LP: #1641532)
3484+ - d/qemu-system-x86.NEWS describe the issue
3485+ - Enable seccomp for ppc64el (LP: #1644639)
3486+ - Enable numa support for s390x
3487+ - d/qemu-system-common.qemu-kvm.init: fix lintian error type
3488+ init.d-script-missing-dependency-on-remote_fs
3489+ - d/qemu-system-common.postinst: fix lintian error type
3490+ command-with-path-in-maintainer-script
3491+ - Transition qemu-kvm to a systemd unit
3492+ - Disable glusterfs (Universe dependency)
3493+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
3494+ - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
3495+ that it shows up where the user expects (sytemctl status, kvm stdout)
3496+ - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
3497+ - add arch aware kvm wrapper for s390x
3498+ - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
3499+ - Enable DDW in Yakkety machine type because "Enable GPU Passthru for
3500+ ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
3501+ merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
3502+
3503+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Jan 2017 16:27:11 +0100
3504+
3505 qemu (1:2.8+dfsg-2) unstable; urgency=medium
3506
3507 * Revert "update binfmt registration for mipsn32"
3508@@ -2552,6 +5869,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium
3509
3510 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Oct 2016 13:31:40 +0300
3511
3512+qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
3513+
3514+ * No-change rebuild to compile against new libxen version.
3515+
3516+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 14:24:37 +0200
3517+
3518+qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
3519+
3520+ * retain older xenial machine type to avoid issues starting guests
3521+ created on xenial prior to the SRU for bug 1621042. In that regard the old
3522+ broken xenial machine type and the new fixed one have both to be considered
3523+ as valid LTS machine types (LP: #1626070).
3524+
3525+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Sep 2016 14:57:09 +0200
3526+
3527+qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
3528+
3529+ * fix default ubuntu machine types. (LP: #1621042)
3530+ - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
3531+ - remove double default and double ubuntu alias
3532+ - drop former devel releases utopic, vivid, wily
3533+ - add xenial and yakkety machine types
3534+ - add q35 based ubuntu machine type starting at xenial
3535+ - add ubuntu machine types on ppc64el and s390x starting at xenial
3536+
3537+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Sep 2016 07:50:50 +0200
3538+
3539+qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
3540+
3541+ * Enable GPU Passthru for ppc64le (LP: #1541902)
3542+ - 0001-spapr-ensure-device-trees-are-always-associated-with.patch
3543+ - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
3544+ - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
3545+ - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
3546+ - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
3547+ - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
3548+ - 0007-spapr_iommu-Migrate-full-state.patch
3549+ - 0008-spapr_iommu-Add-root-memory-region.patch
3550+ - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
3551+ - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
3552+ - 0011-memory-Add-reporting-of-supported-page-sizes.patch
3553+ - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
3554+ - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
3555+ - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
3556+ - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
3557+ - 0016-vfio-Add-host-side-DMA-window-capabilities.patch
3558+ - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
3559+ - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
3560+ - 0019-vfio-spapr-Remove-stale-ioctl-call.patch
3561+ - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
3562+ - 0021-memory-Fix-IOMMU-replay-base-address.patch
3563+
3564+ -- Jon Grimm <jon.grimm@canonical.com> Fri, 16 Sep 2016 14:14:47 -0500
3565+
3566+qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
3567+
3568+ * New upstream release. LP: #1617055.
3569+ * Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
3570+
3571+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 09 Sep 2016 23:33:57 +0100
3572+
3573 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3574
3575 * Non-maintainer upload.
3576@@ -2585,6 +5963,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high
3577
3578 -- Andrew James <ajames@hpe.com> Wed, 14 Sep 2016 00:56:18 -0600
3579
3580+qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
3581+
3582+ * SECURITY UPDATE: DoS via unbounded memory allocation
3583+ - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
3584+ - CVE-2016-5403
3585+ * SECURITY UPDATE: oob write access while reading ESP command
3586+ - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
3587+ maximum CDB size and handle migration in hw/scsi/esp.c,
3588+ include/hw/scsi/esp.h, include/migration/vmstate.h.
3589+ - CVE-2016-6351
3590+ * SECURITY UPDATE: infinite loop in virtqueue_pop
3591+ - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
3592+ length in hw/virtio/virtio.c.
3593+ - CVE-2016-6490
3594+
3595+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 03 Aug 2016 08:36:16 -0400
3596+
3597+qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
3598+
3599+ * Merge with Debian; remaining changes:
3600+ - debian/rules: do not drop the init scripts loading kvm modules
3601+ (still needed in precise in cloud archive)
3602+ - qemu-system-common.postinst:
3603+ * remove acl placed by udev, and add udevadm trigger.
3604+ * reload kvm_intel if needed to set nested=1
3605+ - qemu-system-common.preinst: add kvm group if needed
3606+ - add qemu-kvm upstart job and defaults file (rules,
3607+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3608+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3609+ do not auto-load the kvm kernel module. Enable nesting by default
3610+ on intel.
3611+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3612+ in qemu64 cpu type.
3613+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3614+ types to ease future live vm migration.
3615+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3616+ d/qemu-system-common.install
3617+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3618+ to fix errors with missing block backends.
3619+ - s390x:
3620+ * Create qemu-system-s390x package
3621+ * Enable pie by default, on ubuntu/s390x.
3622+ * Enable svm by default for qemu64 on amd
3623+ * Include s390-ccw.img firmware
3624+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3625+ relationship, but qemu-efi is still in universe right now.
3626+
3627+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Jun 2016 16:49:49 -0500
3628+
3629 qemu (1:2.6+dfsg-3) unstable; urgency=high
3630
3631 * more security fixes picked from upstream:
3632@@ -2638,6 +6065,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium
3633
3634 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2016 12:10:44 +0300
3635
3636+qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
3637+
3638+ * Merge with Debian; remaining changes: (LP: #1583775)
3639+ - debian/rules: do not drop the init scripts loading kvm modules
3640+ (still needed in precise in cloud archive)
3641+ - qemu-system-common.postinst:
3642+ * remove acl placed by udev, and add udevadm trigger.
3643+ * reload kvm_intel if needed to set nested=1
3644+ - qemu-system-common.preinst: add kvm group if needed
3645+ - add qemu-kvm upstart job and defaults file (rules,
3646+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3647+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3648+ do not auto-load the kvm kernel module. Enable nesting by default
3649+ on intel.
3650+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3651+ in qemu64 cpu type.
3652+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3653+ types to ease future live vm migration.
3654+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3655+ d/qemu-system-common.install
3656+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3657+ to fix errors with missing block backends. (LP: #1495895)
3658+ - s390x:
3659+ * Create qemu-system-s390x package
3660+ * Enable pie by default, on ubuntu/s390x.
3661+ * Enable svm by default for qemu64 on amd
3662+ * Include s390-ccw.img firmware
3663+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3664+ relationship, but qemu-efi is still in universe right now.
3665+ * Drop patches which have been applied upstream:
3666+
3667+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 May 2016 12:11:36 -0500
3668+
3669 qemu (1:2.6+dfsg-1) unstable; urgency=medium
3670
3671 * new upstream release
3672@@ -2675,6 +6135,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium
3673
3674 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 18 May 2016 14:44:14 +0300
3675
3676+qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
3677+
3678+ * Cherrypick upstream patches to support the query-gic-version QMP command
3679+ (LP: #1566564)
3680+
3681+ -- dann frazier <dannf@ubuntu.com> Tue, 05 Apr 2016 16:56:11 -0600
3682+
3683+qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
3684+
3685+ [Stefan Bader]
3686+ * Enable svm by default for qemu64 on amd (LP: #1561019)
3687+
3688+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 22 Apr 2016 16:53:55 -0500
3689+
3690+qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium
3691+
3692+ * qemu-system-s390x only available on s390x, so qemu-system should only
3693+ depend on it on this arch.
3694+ * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
3695+ relationship, but qemu-efi is still in universe right now.
3696+
3697+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 19 Apr 2016 13:41:37 -0700
3698+
3699+qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium
3700+
3701+ * And actually ship the right things in qemu-system-s390x.
3702+
3703+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 16:49:00 +0100
3704+
3705+qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium
3706+
3707+ * Create qemu-system-s390x package on ubuntu only.
3708+
3709+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Apr 2016 10:16:19 +0100
3710+
3711+qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium
3712+
3713+ * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149)
3714+
3715+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Apr 2016 15:13:06 -0500
3716+
3717+qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium
3718+
3719+ * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch
3720+ (LP: #1556306)
3721+
3722+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Mar 2016 16:35:22 -0700
3723+
3724+qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium
3725+
3726+ * Cherrypick upstream patch to fix snapshot regression (LP: #1533728)
3727+
3728+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 07 Mar 2016 18:53:34 -0800
3729+
3730+qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
3731+
3732+ * d/control{-in}: Re-generate and build with libiscsi-dev now
3733+ that its in Ubuntu main (LP: #1271653).
3734+
3735+ -- James Page <james.page@ubuntu.com> Wed, 24 Feb 2016 17:59:13 +0000
3736+
3737+qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium
3738+
3739+ * Make -no-pie conditional, on $(CC) supporting -no-pie flag.
3740+
3741+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Feb 2016 14:40:19 +0000
3742+
3743+qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium
3744+
3745+ * No-change rebuild for gnutls transition.
3746+
3747+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:20 +0000
3748+
3749+qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium
3750+
3751+ * Merge with Debian; remaining changes:
3752+ - debian/rules: do not drop the init scripts loading kvm modules
3753+ (still needed in precise in cloud archive)
3754+ - qemu-system-common.postinst:
3755+ * remove acl placed by udev, and add udevadm trigger.
3756+ * reload kvm_intel if needed to set nested=1
3757+ - qemu-system-common.preinst: add kvm group if needed
3758+ - add qemu-kvm upstart job and defaults file (rules,
3759+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3760+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3761+ do not auto-load the kvm kernel module. Enable nesting by default
3762+ on intel.
3763+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3764+ in qemu64 cpu type.
3765+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3766+ types to ease future live vm migration.
3767+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3768+ d/qemu-system-common.install
3769+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3770+ to fix errors with missing block backends. (LP: #1495895)
3771+ - Enable pie by default, on ubuntu/s390x.
3772+ - Include s390-ccw.img firmware.
3773+
3774+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Feb 2016 10:24:49 -0800
3775+
3776 qemu (1:2.5+dfsg-5) unstable; urgency=medium
3777
3778 * fix misspellings in previous debian/changelog entry
3779@@ -2732,6 +6292,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high
3780
3781 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Jan 2016 21:40:43 +0300
3782
3783+qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
3784+
3785+ * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
3786+ contents
3787+ - debian/patches/CVE-2015-8550-1.patch: avoid double access in
3788+ hw/block/xen_blkif.h.
3789+ - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
3790+ hw/display/xenfb.c.
3791+ - CVE-2015-8550
3792+ * SECURITY UPDATE: infinite loop in ehci_advance_state
3793+ - debian/patches/CVE-2015-8558.patch: make idt processing more robust
3794+ in hw/usb/hcd-ehci.c.
3795+ - CVE-2015-8558
3796+ * SECURITY UPDATE: host memory leakage in vmxnet3
3797+ - debian/patches/CVE-2015-856x.patch: avoid memory leakage in
3798+ hw/net/vmxnet3.c.
3799+ - CVE-2015-8567
3800+ - CVE-2015-8568
3801+ * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
3802+ - debian/patches/CVE-2015-8613.patch: initialise info object with
3803+ appropriate size in hw/scsi/megasas.c.
3804+ - CVE-2015-8613
3805+ * SECURITY UPDATE: DoS via Human Monitor Interface
3806+ - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
3807+ in hmp.c, include/ui/console.h, ui/input-legacy.c.
3808+ - CVE-2015-8619
3809+ * SECURITY UPDATE: incorrect array bounds check in rocker
3810+ - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
3811+ check in hw/net/rocker/rocker.c.
3812+ - CVE-2015-8701
3813+ * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
3814+ - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
3815+ operations in hw/net/ne2000.c.
3816+ - CVE-2015-8743
3817+ * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
3818+ - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
3819+ error in hw/ide/ahci.c.
3820+ - CVE-2016-1568
3821+ * SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
3822+ - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
3823+ hw/i386/kvmvapic.c.
3824+ - CVE-2016-1922
3825+ * SECURITY UPDATE: e1000 infinite loop
3826+ - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
3827+ out-of-bounds transfer start in hw/net/e1000.c
3828+ - CVE-2016-1981
3829+ * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
3830+ engines
3831+ - debian/patches/CVE-2016-2197.patch: add check before calling
3832+ dma_memory_unmap in hw/ide/ahci.c.
3833+ - CVE-2016-2197
3834+ * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
3835+ - debian/patches/CVE-2016-2198.patch: add capability mmio write
3836+ function in hw/usb/hcd-ehci.c.
3837+ - CVE-2016-2198
3838+
3839+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Feb 2016 09:39:01 -0500
3840+
3841+qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium
3842+
3843+ * debian/qemu-kvm-init: Call systemd-detect-virt instead of the
3844+ Ubuntu specific running-in-container wrapper. (LP: #1539016)
3845+
3846+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Jan 2016 13:24:51 +0100
3847+
3848+qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high
3849+
3850+ * Include s390-ccw.img firmware.
3851+
3852+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 12 Jan 2016 15:53:43 +0000
3853+
3854+qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium
3855+
3856+ * Place qemu-kvm.defaults file in qemu-system-common, next to the init
3857+ scripts. Fix the comparison operator when checking KVM_HUGEPAGES.
3858+ Thanks Simon. (LP: #1531191)
3859+
3860+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 06 Jan 2016 09:45:37 -0800
3861+
3862+qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium
3863+
3864+ * Merge with Debian; remaining changes:
3865+ - debian/rules: do not drop the init scripts loading kvm modules
3866+ (still needed in precise in cloud archive)
3867+ - qemu-system-common.postinst:
3868+ * remove acl placed by udev, and add udevadm trigger.
3869+ * reload kvm_intel if needed to set nested=1
3870+ - qemu-system-common.preinst: add kvm group if needed
3871+ - add qemu-kvm upstart job and defaults file (rules,
3872+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3873+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3874+ do not auto-load the kvm kernel module. Enable nesting by default
3875+ on intel.
3876+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3877+ in qemu64 cpu type.
3878+ - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
3879+ types to ease future live vm migration.
3880+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3881+ d/qemu-system-common.install
3882+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3883+ to fix errors with missing block backends. (LP: #1495895)
3884+ - Enable pie by default, on ubuntu/s390x.
3885+ * Drop vGICv3 support patches - all is now upstream
3886+ * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191)
3887+
3888+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Jan 2016 15:42:50 -0800
3889+
3890 qemu (1:2.5+dfsg-1) unstable; urgency=medium
3891
3892 * new upstream release
3893@@ -2758,6 +6425,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium
3894
3895 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Dec 2015 20:00:04 +0300
3896
3897+qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high
3898+
3899+ * Enable pie by default, on ubuntu/s390x.
3900+
3901+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Dec 2015 16:04:16 +0000
3902+
3903+qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium
3904+
3905+ * undo the libseccomp delta from debian. libseccomp is indeed available
3906+ on other arches, but we need qemu's configure script to be fixed before
3907+ we can use it on anything other than amd64|i386. Fixes FTBFS.
3908+ (LP: #1522531)
3909+
3910+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 03 Dec 2015 12:44:46 -0600
3911+
3912+qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium
3913+
3914+ * Merge with Debian; remaining changes:
3915+ - Update the ubuntu machine types patch to reflect upstream churn
3916+ - debian/rules: do not drop the init scripts loading kvm modules
3917+ (still needed in precise in cloud archive)
3918+ - qemu-system-common.postinst:
3919+ * remove acl placed by udev, and add udevadm trigger.
3920+ * reload kvm_intel if needed to set nested=1
3921+ - qemu-system-common.preinst: add kvm group if needed
3922+ - add qemu-kvm upstart job and defaults file (rules,
3923+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3924+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3925+ do not auto-load the kvm kernel module. Enable nesting by default
3926+ on intel.
3927+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3928+ in qemu64 cpu type.
3929+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3930+ machine type to ease future live vm migration.
3931+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3932+ d/qemu-system-common.install
3933+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3934+ to fix errors with missing block backends. (LP: #1495895)
3935+ - control-in: build with libseccomp an all architectures
3936+ - Add vGICv3 support
3937+
3938+ -- Matthias Klose <doko@ubuntu.com> Wed, 02 Dec 2015 21:31:36 +0100
3939+
3940 qemu (1:2.4+dfsg-5) unstable; urgency=medium
3941
3942 * trace-remove-malloc-tracing.patch from upstream.
3943@@ -2770,6 +6480,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium
3944
3945 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 Nov 2015 12:22:52 +0300
3946
3947+qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
3948+
3949+ * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
3950+ - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
3951+ hw/net/pcnet.c.
3952+ - CVE-2015-7504
3953+ * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
3954+ - debian/patches/CVE-2015-7512.patch: check packet length in
3955+ hw/net/pcnet.c.
3956+ - CVE-2015-7512
3957+ * SECURITY UPDATE: infinite loop in eepro100
3958+ - debian/patches/CVE-2015-8345.patch: prevent endless loop in
3959+ hw/net/eepro100.c.
3960+ - CVE-2015-8345
3961+
3962+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Dec 2015 13:36:40 -0500
3963+
3964+qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium
3965+
3966+ * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition.
3967+
3968+ -- dann frazier <dann.frazier@canonical.com> Tue, 03 Nov 2015 08:05:46 -0700
3969+
3970+qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium
3971+
3972+ * Merge 2.4 from unstable. Remaining changes:
3973+ - Update the ubuntu machine types patch to reflect upstream churn
3974+ - debian/rules: do not drop the init scripts loading kvm modules
3975+ (still needed in precise in cloud archive)
3976+ - qemu-system-common.postinst:
3977+ * remove acl placed by udev, and add udevadm trigger.
3978+ * reload kvm_intel if needed to set nested=1
3979+ - qemu-system-common.preinst: add kvm group if needed
3980+ - add qemu-kvm upstart job and defaults file (rules,
3981+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
3982+ - rules,qemu-system-x86.modprobe: support use under older udevs which
3983+ do not auto-load the kvm kernel module. Enable nesting by default
3984+ on intel.
3985+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
3986+ in qemu64 cpu type.
3987+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
3988+ machine type to ease future live vm migration.
3989+ - apport hook for qemu source package: d/source_qemu-kvm.py,
3990+ d/qemu-system-common.install
3991+ - Make qemu-system-common and qemu-utils depend on qemu-block-extra
3992+ to fix errors with missing block backends. (LP: #1495895)
3993+ - control-in: build with libseccomp an all architectures.
3994+ * Add vGICv3 support
3995+
3996+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Oct 2015 13:28:58 -0500
3997+
3998 qemu (1:2.4+dfsg-4) unstable; urgency=medium
3999
4000 * applied 3 patches from upstream to fix virtio-net
4001@@ -2784,7 +6545,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high
4002 fix for Heap overflow vulnerability in ne2000_receive() function
4003 (Closes: #799074 CVE-2015-5279)
4004 * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
4005- (Closes: #799073 CVE-2015-5278)
4006+ (Closes: #799073 CVE-2015-5278)
4007 * some binfmt reorg:
4008 - extend aarch64 to include one more byte as other arches do
4009 - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
4010@@ -2836,6 +6597,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high
4011
4012 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 11 Jun 2015 20:03:40 +0300
4013
4014+qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium
4015+
4016+ * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466)
4017+
4018+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 21 Oct 2015 08:59:29 -0500
4019+
4020+qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low
4021+
4022+ * debian/patches/upstream-fix-irq-route-entries.patch
4023+ Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
4024+ (LP: #1465935)
4025+
4026+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 09 Oct 2015 15:38:53 +0200
4027+
4028+qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium
4029+
4030+ * Build using libseccomp on all architectures.
4031+
4032+ -- Matthias Klose <doko@ubuntu.com> Sat, 03 Oct 2015 21:12:15 +0200
4033+
4034+qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium
4035+
4036+ * SECURITY UPDATE: denial of service via NE2000 driver
4037+ - debian/patches/CVE-2015-5278.patch: fix infinite loop in
4038+ hw/net/ne2000.c.
4039+ - CVE-2015-5278
4040+ * SECURITY UPDATE: denial of service and possible code execution via
4041+ heap overflow in NE2000 driver
4042+ - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
4043+ hw/net/ne2000.c.
4044+ - CVE-2015-5279
4045+ * SECURITY UPDATE: denial of service via e1000 infinite loop
4046+ - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
4047+ - CVE-2015-6815
4048+ * SECURITY UPDATE: denial of service via illegal ATAPI commands
4049+ - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
4050+ hw/ide/core.c.
4051+ - CVE-2015-6855
4052+
4053+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Sep 2015 15:05:51 -0400
4054+
4055+qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium
4056+
4057+ * Make qemu-system-common and qemu-utils depend on qemu-block-extra
4058+ to fix errors with missing block backends. (LP: #1495895)
4059+ * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655)
4060+ * Apply fix for memory corruption during live-migration in tcg mode
4061+ (LP: #1493049)
4062+ * Apply tracing patch to remove use of custom vtable in newer glibc
4063+ (LP: #1491972)
4064+
4065+ -- Ryan Harper <ryan.harper@canonical.com> Tue, 15 Sep 2015 09:37:23 -0500
4066+
4067+qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium
4068+
4069+ * Import qcow2-handle-eagain-from-update_refcount from upstream
4070+ to fix errors when using qemu-img convert -c. (LP: #1491050)
4071+
4072+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 16:35:56 -0500
4073+
4074+qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
4075+
4076+ * SECURITY UPDATE: process heap memory disclosure
4077+ - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
4078+ - CVE-2015-5165
4079+ * SECURITY UPDATE: privilege escalation via block device unplugging
4080+ - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
4081+ in hw/ide/piix.c.
4082+ - CVE-2015-5166
4083+ * SECURITY UPDATE: privilege escalation via memory corruption in vnc
4084+ - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
4085+ limits in ui/vnc.c.
4086+ - CVE-2015-5225
4087+ * SECURITY UPDATE: denial of service via virtio-serial
4088+ - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
4089+ for control messages in hw/char/virtio-serial-bus.c.
4090+ - CVE-2015-5745
4091+
4092+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Aug 2015 09:38:43 -0400
4093+
4094+qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
4095+
4096+ * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
4097+ - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
4098+ - CVE-2015-3214
4099+ * SECURITY UPDATE: heap overflow when processing ATAPI commands
4100+ - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
4101+ hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
4102+ - CVE-2015-5154
4103+ * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
4104+ - debian/patches/CVE-2015-5158.patch: check length in
4105+ hw/scsi/scsi-bus.c.
4106+ - CVE-2015-5158
4107+
4108+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jul 2015 10:07:05 -0400
4109+
4110+qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium
4111+
4112+ * SECURITY UPDATE: heap overflow in PCNET controller
4113+ - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
4114+ - CVE-2015-3209
4115+
4116+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jun 2015 14:25:05 -0400
4117+
4118+qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium
4119+
4120+ * Merge 1:2.3+dfsg-5 from Debian.
4121+ * Remaining changes:
4122+ - debian/rules: do not drop the init scripts loading kvm modules
4123+ (still needed in precise in cloud archive)
4124+ - qemu-system-common.postinst:
4125+ * remove acl placed by udev, and add udevadm trigger.
4126+ * reload kvm_intel if needed to set nested=1
4127+ - qemu-system-common.preinst: add kvm group if needed
4128+ - add qemu-kvm upstart job and defaults file (rules,
4129+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4130+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4131+ do not auto-load the kvm kernel module. Enable nesting by default
4132+ on intel.
4133+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4134+ in qemu64 cpu type.
4135+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4136+ machine type to ease future live vm migration.
4137+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4138+ d/qemu-system-common.install
4139+ * Refreshed patches:
4140+ - ubuntu/expose-vmx_qemu64cpu.patch
4141+ - ubuntu/define-ubuntu-machine-types.patch
4142+
4143+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 10 Jun 2015 14:28:39 -0500
4144+
4145 qemu (1:2.3+dfsg-5) unstable; urgency=high
4146
4147 * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
4148@@ -2847,6 +6739,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high
4149
4150 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 03 Jun 2015 17:18:58 +0300
4151
4152+qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium
4153+
4154+ * Merge 1:2.3+dfsg-4 from Debian.
4155+ * Remaining changes:
4156+ - debian/rules: do not drop the init scripts loading kvm modules
4157+ (still needed in precise in cloud archive)
4158+ - qemu-system-common.postinst:
4159+ * remove acl placed by udev, and add udevadm trigger.
4160+ * reload kvm_intel if needed to set nested=1
4161+ - qemu-system-common.preinst: add kvm group if needed
4162+ - add qemu-kvm upstart job and defaults file (rules,
4163+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4164+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4165+ do not auto-load the kvm kernel module. Enable nesting by default
4166+ on intel.
4167+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4168+ in qemu64 cpu type.
4169+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4170+ machine type to ease future live vm migration.
4171+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4172+ d/qemu-system-common.install
4173+ * Dropped all patches which are applied upstream
4174+ * Move the upstart jobs to a generic script
4175+ - add new qemu-kvm-init script
4176+ - call that from upstart and sysvrc qemu-kvm scripts
4177+ - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc}
4178+
4179+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 03 Jun 2015 13:36:36 -0500
4180+
4181 qemu (1:2.3+dfsg-4) unstable; urgency=medium
4182
4183 * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
4184@@ -2908,6 +6829,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
4185
4186 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 17 Apr 2015 21:54:53 +0300
4187
4188+qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
4189+
4190+ * SECURITY UPDATE: denial of service in vnc web
4191+ - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
4192+ frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
4193+ - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
4194+ websockets clients in ui/vnc-ws.c.
4195+ - CVE-2015-1779
4196+ * SECURITY UPDATE: host code execution via floppy device (VEMON)
4197+ - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
4198+ bounds of the allocated buffer in hw/block/fdc.c.
4199+ - CVE-2015-3456
4200+
4201+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2015 07:25:59 -0400
4202+
4203+qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
4204+
4205+ * CVE-2015-2756 / XSA-126
4206+ - xen: limit guest control of PCI command register
4207+
4208+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Apr 2015 10:17:45 +0200
4209+
4210+qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
4211+
4212+ * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
4213+ accidentally create /1
4214+
4215+ -- Steve Beattie <sbeattie@ubuntu.com> Thu, 12 Mar 2015 16:46:51 -0700
4216+
4217+qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
4218+
4219+ * No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
4220+
4221+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Feb 2015 08:55:35 +0100
4222+
4223+qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
4224+
4225+ * No-change rebuild to pull in libxl-4.5.
4226+
4227+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 13:58:37 +0100
4228+
4229+qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
4230+
4231+ * debian/control-in: enable numa on architectures where numa is built
4232+ (LP: #1417937)
4233+
4234+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 23:18:58 -0600
4235+
4236+qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
4237+
4238+ [Scott Moser]
4239+ * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
4240+ profile when started by libvirt.
4241+
4242+ [Serge Hallyn]
4243+ * add symlink qemu-system-ppc64le -> qemu-system-ppc64
4244+ * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
4245+ (LP: #1419855)
4246+
4247+ [Chris J Arges]
4248+ * Determine if we are running inside a virtual environment. If running inside
4249+ a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153)
4250+
4251+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 13:04:21 -0600
4252+
4253+qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
4254+
4255+ * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
4256+ - debian/rules: do not drop the init scripts loading kvm modules
4257+ (still needed in precise in cloud archive)
4258+ * Remaining changes:
4259+ - qemu-system-common.postinst:
4260+ * remove acl placed by udev, and add udevadm trigger.
4261+ * reload kvm_intel if needed to set nested=1
4262+ - qemu-system-common.preinst: add kvm group if needed
4263+ - add qemu-kvm upstart job and defaults file (rules,
4264+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4265+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4266+ do not auto-load the kvm kernel module. Enable nesting by default
4267+ on intel.
4268+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4269+ in qemu64 cpu type.
4270+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4271+ machine type to ease future live vm migration.
4272+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4273+ d/qemu-system-common.install
4274+ * Dropped all patches which are applied upstream
4275+ * Update ubuntu-vivid machine type to default to std graphics (following
4276+ upstream's lead for pc-i440fx-2.2 machine type)
4277+
4278+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 22:31:09 -0600
4279+
4280 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
4281
4282 * fix initscript removal once again
4283@@ -2957,6 +6970,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium
4284
4285 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 09 Dec 2014 23:09:26 +0300
4286
4287+qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
4288+
4289+ * Cherrypick upstream patch needed to allow ESx hosts to run under
4290+ kvm (LP: #1411575)
4291+
4292+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 16 Jan 2015 16:32:48 -0600
4293+
4294+qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
4295+
4296+ * Merge 2.1+dfsg-11. Remaining changes:
4297+ - qemu-system-common.postinst:
4298+ * remove acl placed by udev, and add udevadm trigger.
4299+ * reload kvm_intel if needed to set nested=1
4300+ - qemu-system-common.preinst: add kvm group if needed
4301+ - add qemu-kvm upstart job and defaults file (rules,
4302+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4303+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4304+ do not auto-load the kvm kernel module. Enable nesting by default
4305+ on intel.
4306+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4307+ removed the alternatives bit later.
4308+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4309+ in qemu64 cpu type.
4310+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4311+ machine type to ease future live vm migration.
4312+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4313+ d/qemu-system-common.install
4314+ - debian/binfmt-update-in: support ppcle
4315+ * debian/binfmt-update-in
4316+ * Support-ppcle.patch
4317+ - Upstream patches to fix AArch64 emulation ignoring SPSel=0:
4318+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4319+ * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4320+ * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4321+ * Dropped patches (upstream or now in debian's tree):
4322+ - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
4323+ - CVE-2014-7840.patch
4324+ - CVE-2014-8106.patch
4325+
4326+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Dec 2014 13:57:34 -0600
4327+
4328 qemu (1:2.1+dfsg-11) unstable; urgency=medium
4329
4330 * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
4331@@ -3026,6 +7080,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low
4332
4333 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
4334
4335+qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
4336+
4337+ * SECURITY UPDATE: code execution via savevm data
4338+ - debian/patches/CVE-2014-7840.patch: validate parameters in
4339+ arch_init.c.
4340+ - CVE-2014-7840
4341+ * SECURITY UPDATE: code execution via cirrus vga blit regions
4342+ (LP: #1400775)
4343+ - debian/patches/CVE-2014-8106.patch: properly validate blit regions in
4344+ hw/display/cirrus_vga.c.
4345+ - CVE-2014-8106
4346+
4347+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Dec 2014 14:11:52 -0500
4348+
4349+qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
4350+
4351+ * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
4352+ dropped and VENDOR now will be all capital UBUNTU).
4353+
4354+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 08 Dec 2014 14:45:31 +0100
4355+
4356+qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
4357+
4358+ * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
4359+ d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
4360+ d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
4361+ Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
4362+ SPSel=0 in certain conditions. (LP: #1349277)
4363+
4364+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 04 Dec 2014 14:17:01 -0600
4365+
4366+qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
4367+
4368+ * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
4369+ Cherry-pick of qemu-upstream patch to fix issues with persistent
4370+ grants and the PV backend (Qdisk) (LP: #1394327).
4371+
4372+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 28 Nov 2014 13:14:37 +0100
4373+
4374+qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
4375+
4376+ * Merge 2.1+dfsg-7. Remaining changes:
4377+ - qemu-system-common.postinst:
4378+ * remove acl placed by udev, and add udevadm trigger.
4379+ * reload kvm_intel if needed to set nested=1
4380+ - qemu-system-common.preinst: add kvm group if needed
4381+ - add qemu-kvm upstart job and defaults file (rules,
4382+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4383+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4384+ do not auto-load the kvm kernel module. Enable nesting by default
4385+ on intel.
4386+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4387+ removed the alternatives bit later.
4388+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4389+ in qemu64 cpu type.
4390+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4391+ machine type to ease future live vm migration.
4392+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4393+ d/qemu-system-common.install
4394+ - debian/binfmt-update-in: support ppcle
4395+ * debian/binfmt-update-in
4396+ * Support-ppcle.patch
4397+ * Dropped patches (upstream or now in debian's tree):
4398+ - pc-reserve-more-memory-for-acpi.patch
4399+ - CVE-2014-5388.patch
4400+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
4401+ 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
4402+ in debian)
4403+ - CVE-2014-3615.patch
4404+ - CVE-2014-3640.patch
4405+ - CVE-2014-3689.patch
4406+ - CVE-2014-7815.patch
4407+
4408+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sat, 22 Nov 2014 18:36:53 -0600
4409+
4410 qemu (2.1+dfsg-7) unstable; urgency=high
4411
4412 * urgency is high due to 2 security fixes
4413@@ -3077,6 +7206,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium
4414
4415 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 26 Sep 2014 17:43:26 +0400
4416
4417+qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
4418+
4419+ * SECURITY UPDATE: information disclosure via vga driver
4420+ - debian/patches/CVE-2014-3615.patch: return the correct memory size,
4421+ sanity check register writes, and don't use fixed buffer sizes in
4422+ hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
4423+ ui/spice-display.c.
4424+ - CVE-2014-3615
4425+ * SECURITY UPDATE: denial of service via slirp NULL pointer deref
4426+ - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
4427+ stub in slirp/udp.c.
4428+ - CVE-2014-3640
4429+ * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
4430+ - debian/patches/CVE-2014-3689.patch: verify rectangles in
4431+ hw/display/vmware_vga.c.
4432+ - CVE-2014-3689
4433+ * SECURITY UPDATE: denial of service via VNC console
4434+ - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
4435+ ui/vnc.c.
4436+ - CVE-2014-7815
4437+
4438+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Nov 2014 07:31:03 -0500
4439+
4440+qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
4441+
4442+ * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
4443+ (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
4444+
4445+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Nov 2014 15:51:47 -0600
4446+
4447+qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
4448+
4449+ * Apply two patches to fix intermittent qemu-img corruption
4450+ (LP: #1368815)
4451+ - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
4452+ - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
4453+
4454+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 22:31:43 -0500
4455+
4456+qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
4457+
4458+ * debian/control: slof is moving into main, so we can depend on qemu-slof as
4459+ debian does.
4460+
4461+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Oct 2014 22:01:27 +0200
4462+
4463+qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium
4464+
4465+ * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice
4466+ versa.
4467+ * Drop Support-ppc64le.pach, as that architecture appears to not exist yet.
4468+ * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing
4469+ to latest upstream machine type, rather than distro one. Add 'ubuntu'
4470+ machine type for that.
4471+
4472+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Oct 2014 13:41:31 -0500
4473+
4474+qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium
4475+
4476+ * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
4477+ container. (LP: #1370199)
4478+ * load kvm module on ppc64le at boot (LP: #1369785)
4479+ - debian/rules: install qemu-kvm on ppc64el
4480+ - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the
4481+ kvm-hv module if available
4482+ * qemu-system-x86.maintscript: remove accidentally installed
4483+ /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier)
4484+ * rename qemu-system-x86 init script to qemu-kvm so it gets installed in
4485+ ubuntu.
4486+
4487+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 17 Sep 2014 14:20:12 -0500
4488+
4489+qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium
4490+
4491+ * Re-stick the trusty machine type to 2.0 (where it must always stay) and
4492+ define a new, default, pc-i440fx-utopic machine type (LP: #1369481)
4493+
4494+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 14:04:57 -0500
4495+
4496+qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium
4497+
4498+ * move kvm_intel nested setting to qemu-system-x86.postinst.
4499+
4500+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 12 Sep 2014 23:12:52 +0000
4501+
4502+qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium
4503+
4504+ * Merge new debian release
4505+ * Remaining changes:
4506+ - qemu-system-common.postinst:
4507+ * remove acl placed by udev, and add udevadm trigger.
4508+ * reload kvm_intel if needed to set nested=1
4509+ - qemu-system-common.preinst: add kvm group if needed
4510+ - add qemu-kvm upstart job and defaults file (rules,
4511+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4512+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4513+ do not auto-load the kvm kernel module. Enable nesting by default
4514+ on intel.
4515+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4516+ removed the alternatives bit later.
4517+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4518+ in qemu64 cpu type.
4519+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4520+ machine type to ease future live vm migration.
4521+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4522+ d/qemu-system-common.install
4523+ - debian/binfmt-update-in: support ppcle
4524+ * debian/binfmt-update-in
4525+ * Support-ppcle.patch
4526+ - d/p/CVE-2014-5388.patch
4527+
4528+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 09 Sep 2014 17:56:15 -0500
4529+
4530 qemu (2.1+dfsg-4) unstable; urgency=medium
4531
4532 * mention libnuma-dev but not enable for now
4533@@ -3094,6 +7336,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium
4534
4535 -- Michael Tokarev <mjt@tls.msk.ru> Sun, 31 Aug 2014 09:32:59 +0400
4536
4537+qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium
4538+
4539+ * SECURITY UPDATE: memory disclosure via out-of-bounds array access
4540+ - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c.
4541+ - CVE-2014-5388
4542+
4543+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Sep 2014 08:26:24 -0400
4544+
4545+qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium
4546+
4547+ * replace d/p/revert-acpi-table-size-bump with
4548+ pc-reserve-more-memory-for-acpi.patch from upstream
4549+ * debian/binfmt-update-in
4550+ - don't run in a container
4551+ - add ppc64le as target (LP: #1358268)
4552+ * Add experimental ppcle support (LP: #1358268)
4553+
4554+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 27 Aug 2014 18:24:32 -0500
4555+
4556+qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium
4557+
4558+ * revert-acpi-table-size-bump - get qemu -kernel working again.
4559+
4560+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 15:33:24 -0500
4561+
4562+qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium
4563+
4564+ * Merge new debian release
4565+ * Remaining changes:
4566+ - control-in: stick to libsdl1.2-dev.
4567+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4568+ qemu-bridge-helper
4569+ - qemu-system-common.postinst: remove acl placed by udev,
4570+ and add udevadm trigger.
4571+ - qemu-system-common.preinst: add kvm group if needed
4572+ - add qemu-kvm upstart job and defaults file (rules,
4573+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4574+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4575+ do not auto-load the kvm kernel module. Enable nesting by default
4576+ on intel.
4577+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4578+ removed the alternatives bit later.
4579+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4580+ in qemu64 cpu type.
4581+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4582+ machine type to ease future live vm migration.
4583+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4584+ d/qemu-system-common.install
4585+ * Upstart job: use getent group to check for kvm group
4586+ * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks
4587+
4588+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 15 Aug 2014 08:44:54 -0500
4589+
4590 qemu (2.1+dfsg-3) unstable; urgency=medium
4591
4592 * set SHELL = /bin/sh -e, so that more complex shell constructs
4593@@ -3120,6 +7415,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium
4594
4595 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 14 Aug 2014 14:30:24 +0400
4596
4597+qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium
4598+
4599+ * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
4600+
4601+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Aug 2014 12:58:50 -0500
4602+
4603+qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium
4604+
4605+ * Merge new debian release
4606+ * Remaining changes:
4607+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4608+ have in ipxe-qemu package.
4609+ - control-in: stick to libsdl1.2-dev.
4610+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4611+ qemu-bridge-helper
4612+ - qemu-system-common.postinst: remove acl placed by udev,
4613+ and add udevadm trigger.
4614+ - qemu-system-common.preinst: add kvm group if needed
4615+ - add qemu-kvm upstart job and defaults file (rules,
4616+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4617+ - debian/rules: add qemu-kvm-spice
4618+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4619+ do not auto-load the kvm kernel module. Enable nesting by default
4620+ on intel.
4621+ - binfmt-update-in: make sure to filter out compat arches.
4622+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4623+ removed the alternatives bit later.
4624+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4625+ in qemu64 cpu type.
4626+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4627+ machine type to ease future live vm migration.
4628+ - apport hook for qemu source package: d/source_qemu-kvm.py,
4629+ d/qemu-system-common.install
4630+
4631+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 05 Aug 2014 13:53:06 -0500
4632+
4633 qemu (2.1+dfsg-2) unstable; urgency=medium
4634
4635 * l2tp-linux-only.patch: fix FTBFS on kfreebsd
4636@@ -3154,7 +7485,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium
4637
4638 qemu (2.0.0+dfsg-7) unstable; urgency=medium
4639
4640- * clarify description of qemu-user-binfmt a bit
4641+ * clarify description of qemu-user-binfmt a bit
4642 * build-depend on acpica-tools (iasl) in order to rebuild .dsl files
4643 * remove qemu-keymaps package, since it is not used by other tools
4644 anymore, and ship keymaps in qemu-system-common.
4645@@ -3171,6 +7502,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium
4646
4647 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Jul 2014 16:51:16 +0400
4648
4649+qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium
4650+
4651+ * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
4652+ /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
4653+
4654+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 25 Jul 2014 08:35:02 -0500
4655+
4656+qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium
4657+
4658+ * Merge 2.0.0+dfsg-6. Remaining changes:
4659+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4660+ have in ipxe-qemu package.
4661+ - control-in: stick to libgnutls-dev and libsdl1.2-dev.
4662+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4663+ qemu-bridge-helper
4664+ - qemu-system-common.postinst: remove acl placed by udev,
4665+ and add udevadm trigger.
4666+ - qemu-system-common.preinst: add kvm group if needed
4667+ - add qemu-kvm upstart job and defaults file (rules,
4668+ qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
4669+ - debian/rules: add qemu-kvm-spice
4670+ - rules,qemu-system-x86.modprobe: support use under older udevs which
4671+ do not auto-load the kvm kernel module. Enable nesting by default
4672+ on intel.
4673+ - binfmt-update-in: make sure to filter out compat arches.
4674+ - debian/qemu-system-alternatives.in: use a later version as ubuntu
4675+ removed the alternatives bit later.
4676+ - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
4677+ in qemu64 cpu type.
4678+ - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
4679+ machine type to ease future live vm migration.
4680+ - re-introduce apport hook for qemu source package:
4681+ d/source_qemu-kvm.py, d/qemu-system-common.install
4682+ * enable-build-dep on libjpeg8-dev - which is now in main
4683+
4684+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jun 2014 14:52:54 -0500
4685+
4686 qemu (2.0.0+dfsg-6) unstable; urgency=medium
4687
4688 * build-depend on libgnutls28-dev not libgnutls-dev
4689@@ -3214,6 +7582,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low
4690
4691 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Apr 2014 12:34:03 +0400
4692
4693+qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium
4694+
4695+ * remove alternatives for qemu: different architectures
4696+ aren't really alternatives and never had been (LP: #1316829)
4697+
4698+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 07 May 2014 15:12:33 +0000
4699+
4700+qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium
4701+
4702+ * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
4703+ * debian/control: drop the versioning requirement from libfdt-dev
4704+ build-dependency, as it is longer needed (LP: #1295072)
4705+
4706+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 May 2014 11:43:44 -0500
4707+
4708+qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
4709+
4710+ * Merge 2.0.0+dfsg-2
4711+ * Incorporates a fix for spice users (LP: #1309452)
4712+ * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
4713+ the regression requiring it was reverted for 2.0 upstream.
4714+ * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
4715+ * debian/qemu-debootstrap: add arm64
4716+ * Remaining changes from debian:
4717+ - keep qemu 'alternative' (not something to change in SRU)
4718+ - debian/control and debian/control-in:
4719+ * versioned libfdt-dev check, until libfdt is fixed in precise
4720+ * enable rbd
4721+ * remove ovmf Recommends, as it is in multiverse
4722+ * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
4723+ * add a qemu-system-aarch64 metapackage for transitions from trusty
4724+ development version. This can be removed after trusty.
4725+ - qemu-system-common.install: add debian/tmp/usr/lib to install the
4726+ qemu-bridge-helper
4727+ - qemu-system-common.postinst: fix /dev/kvm acls
4728+ - qemu-system-common.preinst: add kvm group if needed
4729+ - qemu-system-x86.links: add eepro100.rom link, drop links which we
4730+ have in ipxe-qemu package.
4731+ - qemu-system-x86.modprobe: set module options for older releases
4732+ - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
4733+ - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
4734+ - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
4735+ - debian/rules
4736+ * add legacy kvm-spice link
4737+ * fix ppc and arm slections
4738+ * add aarch64 to user_targets
4739+ - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
4740+ pc-i440fx-trusty machine type as the default.
4741+ - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
4742+ default in qemu64 cpu time.
4743+
4744+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 18 Apr 2014 09:23:27 -0500
4745+
4746 qemu (2.0.0+dfsg-2) unstable; urgency=medium
4747
4748 * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
4749@@ -3239,7 +7660,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low
4750 * kmod dependency is linux-any
4751 * doc-grammify-allows-to.patch: fix some lintian warnings
4752 * remove alternatives for qemu: different architectures
4753- aren't really alternatives and never had been
4754+ aren't really alternatives and never had been
4755 * update Standards-Version to 3.9.5 (no changes needed)
4756 * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
4757 fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
4758@@ -3273,6 +7694,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
4759
4760 -- Michael Tokarev <mjt@tls.msk.ru> Sat, 05 Apr 2014 16:23:48 +0400
4761
4762+qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
4763+
4764+ * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
4765+ don't abort() just because the kernel has no dirty bitmap.
4766+ (LP: #1303926)
4767+
4768+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 22:32:00 -0500
4769+
4770+qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
4771+
4772+ * define-trusty-machine-type.patch: update the trusty machine type name to
4773+ pc-i440fx-trusty (LP: #1304107)
4774+
4775+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 08 Apr 2014 11:49:04 -0500
4776+
4777+qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
4778+
4779+ * Merge 2.0.0-rc1
4780+ * debian/rules: consolidate ppc filter entries.
4781+ * Move qemu-system-arch64 into qemu-system-arm
4782+ * debian/patches/define-trusty-machine-type.patch: define a trusty machine
4783+ type, currently the same as pc-i440fx-2.0, to put is in a better position
4784+ to enable live migrations from trusty onward. (LP: #1294823)
4785+ * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
4786+ * Merge latest upstream git to commit dc9528f
4787+ * Debian/rules:
4788+ - remove -enable-uname-release=2.6.32
4789+ - don't make the aarch64 target Ubuntu-specific.
4790+ * Remove patches which are now upstream:
4791+ - fix-smb-security-share.patch
4792+ - slirp-smb-redirect-port-445-too.patch
4793+ - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
4794+ - signal-added-a-wrapper-for-sigprocmask-function.patch
4795+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4796+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4797+ - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
4798+ * add link for /usr/share/qemu/bios-256k.bin
4799+ * Remove all linaro patches.
4800+ * Remove all arm64/ patches. Many but not all are upstream.
4801+ * Remove CVE-2013-4377.patch which is upstream.
4802+ * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
4803+
4804+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 22:31:43 -0600
4805+
4806 qemu (1.7.0+dfsg-9) unstable; urgency=medium
4807
4808 * remove rbd/rados/ceph support *again*, till they'll actually provide
4809@@ -3337,6 +7802,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium
4810
4811 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 12 Mar 2014 18:34:03 +0400
4812
4813+qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
4814+
4815+ * No-change rebuild to build with libxen-4.4.
4816+
4817+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 10:04:36 +0100
4818+
4819+qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
4820+
4821+ * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
4822+ upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
4823+
4824+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 00:03:00 -0500
4825+
4826+qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
4827+
4828+ [ dann frazier ]
4829+ * Add patches from the susematz tree to avoid intermittent segfaults:
4830+ - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
4831+ - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
4832+ - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
4833+
4834+ [ Serge Hallyn ]
4835+ * Modify do_sigprocmask to only change behavior for aarch64.
4836+ (LP: #1285363)
4837+
4838+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 06 Mar 2014 16:15:50 -0600
4839+
4840+qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
4841+
4842+ [ Steve Langasek ]
4843+ * Merge debian/control with unreleased Debian branch: our architecture
4844+ lists should now be in sync.
4845+
4846+ [ Dann Frazier ]
4847+ * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
4848+ on arm64 and maybe others. (LP: #1284344)
4849+
4850+ [ Serge Hallyn ]
4851+ * Move the OVMF.fd link to the ovmf package.
4852+
4853+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 21 Feb 2014 12:14:53 -0800
4854+
4855+qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
4856+
4857+ * Add ppc64el to the architecture list (supposedly added in the previous
4858+ upload, but really wasn't).
4859+
4860+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 20 Feb 2014 23:40:07 -0800
4861+
4862+qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
4863+
4864+ * Backport changes to enable qemu-user-static support for aarch64
4865+ * debian/control: add ppc64el to Architectures
4866+ * debian/rules: only install qemu-system-aarch64 on arm64.
4867+ Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
4868+ debian/qemu-system-aarch64 directory
4869+
4870+ -- dann frazier <dann.frazier@canonical.com> Tue, 11 Feb 2014 15:41:53 -0700
4871+
4872+qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
4873+
4874+ * Fix broken filter_binfmts
4875+ * Remove use of dpkg-version in postinsts, as we're not Depending on
4876+ dpkg-dev.
4877+
4878+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Feb 2014 21:57:38 -0600
4879+
4880+qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
4881+
4882+ * Merge 1.7.0+dfsg-3 from debian. Remaining changes:
4883+ - debian/patches/ubuntu:
4884+ * expose-vmx_qemu64cpu.patch
4885+ * linaro (omap3) and arm64 patches
4886+ * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
4887+ on ppc
4888+ * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
4889+ - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
4890+ - debian/control:
4891+ * add arm64 to Architectures
4892+ * add qemu-common and qemu-system-aarch64 packages
4893+ - debian/qemu-system-common.install: add debian/tmp/usr/lib
4894+ - debian/qemu-system-common.preinst: add kvm group
4895+ - debian/qemu-system-common.postinst: remove acl placed by udev,
4896+ and add udevadm trigger.
4897+ - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
4898+ pxe-e1000 and pxe-rtl8139.
4899+ - add qemu-system-x86.qemu-kvm.upstart and .default
4900+ - qemu-user-static.postinst-in: remove arm64 binfmt
4901+ - debian/rules:
4902+ * allow parallel build
4903+ * add aarch64 to system_targets and sys_systems
4904+ * add qemu-kvm-spice links
4905+ * install qemu-system-x86.modprobe
4906+ - add debian/qemu-system-common.links for OVMF.fd link
4907+ * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
4908+
4909+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 04 Feb 2014 12:13:08 -0600
4910+
4911 qemu (1.7.0+dfsg-3) unstable; urgency=low
4912
4913 * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
4914@@ -3362,6 +7925,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low
4915
4916 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 16 Jan 2014 15:17:46 +0400
4917
4918+qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
4919+
4920+ * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
4921+ may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
4922+
4923+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 14:41:20 +0000
4924+
4925+qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
4926+
4927+ * SECURITY UPDATE: denial of service via virtio device hot-plugging
4928+ - debian/patches/CVE-2013-4377.patch: upstream commits to refactor
4929+ virtio device unplugging.
4930+ - CVE-2013-4377
4931+
4932+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Jan 2014 09:10:37 -0500
4933+
4934+qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
4935+
4936+ * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
4937+ powerpc.
4938+
4939+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 11:59:26 -0600
4940+
4941+qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
4942+
4943+ [ Serge Hallyn ]
4944+ * add arm64 patchset from upstream. The three arm virt patches previously
4945+ pushed are in that set, so drop them.
4946+
4947+ [ dann frazier ]
4948+ * Add packaging for qemu-system-aarch64. This package is currently only
4949+ available for arm64, as full software emulation is not yet supported.
4950+
4951+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 10 Jan 2014 12:19:08 -0600
4952+
4953+qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
4954+
4955+ * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
4956+ supported any longer.
4957+ * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
4958+ * Refresh debian/patches/hw_arm_add_virt_platform.patch against context
4959+ churn caused by linaro patchset.
4960+ * debian/rules: enable parallel builds.
4961+
4962+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 03 Jan 2014 10:53:17 -0600
4963+
4964+qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
4965+
4966+ * d/control: enable usbredir (LP: 1126390)
4967+
4968+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 02 Jan 2014 08:55:43 -0600
4969+
4970+qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
4971+
4972+ * add missing arm virt patches from the mach-virt-v7 branch of
4973+ git://git.linaro.org/people/cdall/qemu-arm.git
4974+
4975+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 18 Dec 2013 12:25:59 -0600
4976+
4977+qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
4978+
4979+ * debian/control: add arm64 to list of architectures.
4980+
4981+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Dec 2013 10:22:47 -0600
4982+
4983+qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
4984+
4985+ * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
4986+ - debian/control
4987+ * update maintainer
4988+ * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
4989+ from build-deps
4990+ * enable rbd
4991+ * add qemu-system and qemu-common B/R to qemu-keymaps
4992+ * add D:udev, R:qemu, R:qemu-common and B:qemu-common to
4993+ qemu-system-common
4994+ * qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
4995+ - add qemu-common, qemu-kvm, kvm to B/R
4996+ - remove openbios-sparc from qemu-system-sparc D
4997+ - drop openbios-ppc and openhackware Depends to Suggests (for now)
4998+ * qemu-system-x86:
4999+ - add qemu-common to Breaks/Replaces.
5000+ - add cpu-checker to Recommends.
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches