-
qemu (1:2.11+dfsg-1ubuntu7.42) bionic; urgency=medium
[ Brett Milford ]
* d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP: #1994002)
[ Mauricio Faria de Oliveira ]
* d/p/u/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch: Add hint
to VFIO_MAP_DMA error on AMD IOMMU for VMs with ~1TB+ RAM (LP: #2009048)
-- Mauricio Faria de Oliveira <email address hidden> Thu, 02 Mar 2023 18:26:12 -0300
-
qemu (1:2.11+dfsg-1ubuntu7.41) bionic-security; urgency=medium
* SECURITY UPDATE: DMA reentrancy issue
- debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
field and MEMTX_ACCESS_ERROR
- CVE-2021-3750
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- CVE-2022-0216
-- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:38:49 +0530
-
qemu (1:2.11+dfsg-1ubuntu7.40) bionic-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock.c.
- CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:37:25 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.39) bionic-security; urgency=medium
* SECURITY UPDATE: crash or code exec in USB redirector device emulation
- debian/patches/CVE-2021-3682.patch: fix free call in
hw/usb/redirect.c.
- CVE-2021-3682
* SECURITY UPDATE: heap use-after-free in virtio_net_receive_rcu
- debian/patches/CVE-2021-3748.patch: fix use after unmap/free for sg
in hw/net/virtio-net.c.
- CVE-2021-3748
* SECURITY UPDATE: off-by-one error in mode_sense_page()
- debian/patches/CVE-2021-3930.patch: MODE_PAGE_ALLS not allowed in
MODE SELECT commands in hw/scsi/scsi-disk.c.
- CVE-2021-3930
* SECURITY UPDATE: NULL dereference in floppy disk emulator
- debian/patches/CVE-2021-20196-1.patch: Extract
blk_create_empty_drive() in hw/block/fdc.c.
- debian/patches/CVE-2021-20196-2.patch: kludge missing floppy drive in
hw/block/fdc.c.
- CVE-2021-20196
* SECURITY UPDATE: integer overflow in vmxnet3 NIC emulator
- debian/patches/CVE-2021-20203.patch: validate configuration values
during activate in hw/net/vmxnet3.c.
- CVE-2021-20203
-- Marc Deslauriers <email address hidden> Wed, 23 Feb 2022 07:35:04 -0500
-
qemu (1:2.11+dfsg-1ubuntu7.38) bionic; urgency=medium
* enhance loading of old modules post upgrade (LP: #1913421)
- d/qemu-block-extra.prerm.in: clear all (current and former) modules
on purge
- d/qemu-block-extra.prerm.in: test for exec and prepare /var/run/qemu
if needed
-- Christian Ehrhardt <email address hidden> Thu, 19 Aug 2021 14:30:25 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.37) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
- debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
hw/pci-host/prep.c.
- debian/patches/CVE-2020-15469-3.patch: add quirk device write method
in hw/vfio/pci-quirks.c.
- debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
hw/ppc/prep_systemio.c.
- debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
hw/ppc/spapr_pci.c.
- CVE-2020-15469
* SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
- debian/patches/CVE-2020-35504.patch: always check current_req is not
NULL before use in DMA callbacks in hw/scsi/esp.c.
- CVE-2020-35504
* SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
- debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
current_dev is non-NULL in hw/scsi/esp.c.
- CVE-2020-35505
* SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
- debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
- CVE-2021-3392
* SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
- debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
command time out in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
register when transfer is in progress in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-3.patch: correctly set the controller
status for ADMA in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-4.patch: limit block size only when
SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
s->fifo_buffer[] when a different block size is programmed in
hw/sd/sdhci.c.
- CVE-2021-3409
* SECURITY UPDATE: stack overflow via infinite loop issue in various NIC
- debian/patches/CVE-2021-3416-1.patch: introduce qemu_receive_packet()
in include/net/net.h, include/net/queue.h, net/net.c, net/queue.c.
- debian/patches/CVE-2021-3416-2.patch: switch to use
qemu_receive_packet() for loopback in hw/net/e1000.c.
- debian/patches/CVE-2021-3416-3.patch: switch to use
qemu_receive_packet() for loopback packet in hw/net/dp8393x.c.
- debian/patches/CVE-2021-3416-5.patch: switch to use
qemu_receive_packet() for loopback in hw/net/sungem.c.
- debian/patches/CVE-2021-3416-6.patch: switch to use
qemu_receive_packet_iov() for loopback in hw/net/net_tx_pkt.c.
- debian/patches/CVE-2021-3416-7.patch: switch to use
qemu_receive_packet() for loopback in hw/net/rtl8139.c.
- debian/patches/CVE-2021-3416-8.patch: switch to use
qemu_receive_packet() for loopback in hw/net/pcnet.c.
- debian/patches/CVE-2021-3416-9.patch: switch to use
qemu_receive_packet() for loopback in hw/net/cadence_gem.c.
- debian/patches/CVE-2021-3416-10.patch: switch to use
qemu_receive_packet() for loopback in hw/net/lan9118.c.
- CVE-2021-3416
* SECURITY UPDATE: DoS in USB redirector device
- debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
in hw/usb/redirect.c.
- debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
in hw/usb/combined-packet.c.
- CVE-2021-3527
* SECURITY UPDATE: out-of-bounds access issue in ARM Generic Interrupt
Controller
- debian/patches/CVE-2021-20221.patch: fix interrupt ID in GICD_SGIR
register in hw/intc/arm_gic.c.
- CVE-2021-20221
* SECURITY UPDATE: infinite loop while processing transmit descriptors
- debian/patches/CVE-2021-20257.patch: fail early for evil descriptor
in hw/net/e1000.c.
- CVE-2021-20257
* SECURITY UPDATE: data leak in bootp_input()
- debian/patches/CVE-2021-3592-pre1.patch: add sanity check for str
option length to slirp/bootp.c.
- debian/patches/CVE-2021-3592-1.patch: add mtod_check() to
slirp/mbuf.*.
- debian/patches/CVE-2021-3592-2.patch: limit vendor-specific area to
input packet memory buffer in slirp/bootp.*, slirp/mbuf.*.
- debian/patches/CVE-2021-3592-3.patch: check bootp_input buffer size
in slirp/bootp.c.
- debian/patches/CVE-2021-3592-4.patch: fix regression in dhcp in
slirp/bootp.c.
- CVE-2021-3592
* SECURITY UPDATE: data leak in udp6_input()
- debian/patches/CVE-2021-3593.patch: check udp6_input buffer size in
slirp/udp6.c.
- CVE-2021-3593
* SECURITY UPDATE: data leak in udp_input()
- debian/patches/CVE-2021-3594.patch: check upd_input buffer size in
slirp/udp.c.
- CVE-2021-3594
* SECURITY UPDATE: data leak in tftp_input()
- debian/patches/CVE-2021-3595-1.patch: check tftp_input buffer size in
slirp/tftp.c.
- debian/patches/CVE-2021-3595-2.patch: introduce a header structure in
slirp/tftp.*.
- CVE-2021-3595
-- Marc Deslauriers <email address hidden> Tue, 13 Jul 2021 07:51:34 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.36) bionic-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions caused by CVE-2020-13754
security update (LP: #1914883)
- debian/patches/CVE-2020-13754-3.patch: log invalid memory accesses in
memory.c.
- debian/patches/CVE-2020-13754-5.patch: allow 64-bit accesses in
hw/timer/slavio_timer.c.
- debian/patches/CVE-2020-13754-6.patch: allow less than 32-bit
accesses in hw/char/bcm2835_aux.c.
- debian/patches/CVE-2020-13754-9.patch: fix valid.max_access_size to
access address registers in hw/usb/hcd-xhci.c.
-- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 08:37:38 -0500
-
qemu (1:2.11+dfsg-1ubuntu7.35) bionic-security; urgency=medium
* SECURITY UPDATE: heap overread in iscsi_aio_ioctl_cb
- debian/patches/CVE-2020-11947.patch: fix heap-buffer-overflow in
block/iscsi.c.
- CVE-2020-11947
* SECURITY UPDATE: use-after-free in e1000e
- debian/patches/CVE-2020-15859.patch: forbid the reentrant RX in
net/queue.c.
- CVE-2020-15859
* SECURITY UPDATE: infinite loop in e1000e
- debian/patches/CVE-2020-28916.patch: advance desc_offset in case of
null descriptor in hw/net/e1000e_core.c.
- CVE-2020-28916
* SECURITY UPDATE: out of bounds read in atapi
- debian/patches/CVE-2020-29443-1.patch: assert that the buffer pointer
is in range in hw/ide/atapi.c.
- debian/patches/CVE-2020-29443-2.patch: check logical block address
and read size in hw/ide/atapi.c.
- CVE-2020-29443
* SECURITY UPDATE: use after free in 9p
- debian/patches/CVE-2021-20181.patch: fully restart unreclaim loop in
hw/9pfs/9p.c.
- CVE-2021-20181
-- Marc Deslauriers <email address hidden> Wed, 03 Feb 2021 12:46:34 -0500
-
qemu (1:2.11+dfsg-1ubuntu7.34) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
- debian/patches/CVE-2020-17380.patch: fix DMA Transfer Block Size
field in hw/sd/sdhci.c.
- CVE-2020-17380
- CVE-2020-25085
* SECURITY UPDATE: use-after-free via unchecked return value
- debian/patches/CVE-2020-25084.patch: check return value of
'usb_packet_map' in hw/usb/hcd-xhci.c.
- CVE-2020-25084
* SECURITY UPDATE: out-of-bound access issue
- debian/patches/CVE-2020-25624.patch: check len and frame_number
variables in hw/usb/hcd-ohci.c.
- CVE-2020-25624
* SECURITY UPDATE: infinite loop when a TD list has a loop
- debian/patches/CVE-2020-25625.patch: check for processed TD before
retire in hw/usb/hcd-ohci.c.
- CVE-2020-25625
* SECURITY UPDATE: assertion failure through usb_packet_unmap()
- debian/patches/CVE-2020-25723.patch: check return value of
'usb_packet_map' in hw/usb/hcd-ehci.c.
- CVE-2020-25723
* SECURITY UPDATE: assertion failure
- debian/patches/CVE-2020-27617.patch: remove an assert call in
eth_get_gso_type in net/eth.c.
- CVE-2020-27617
-- Marc Deslauriers <email address hidden> Fri, 20 Nov 2020 08:15:55 -0500
-
qemu (1:2.11+dfsg-1ubuntu7.33) bionic; urgency=medium
* d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
-- Christian Ehrhardt <email address hidden> Mon, 21 Sep 2020 15:39:32 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.32) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read/write in USB emulator
- debian/patches/CVE-2020-14364.patch: fix setup_len init in
hw/usb/core.c.
- CVE-2020-14364
-- Marc Deslauriers <email address hidden> Tue, 15 Sep 2020 10:05:38 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.31) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read in slirp networking
- debian/patches/CVE-2020-10756.patch: drop bogus IPv6 messages in
slirp/src/ip6_input.c.
- CVE-2020-10756
* SECURITY UPDATE: out-of-bounds read and write in sm501
- debian/patches/CVE-2020-12829-pre1.patch: use values from the pitch
register for 2D operations.
- debian/patches/CVE-2020-12829-pre2.patch: implement negated
destination raster operation mode.
- debian/patches/CVE-2020-12829-pre3.patch: log unimplemented raster
operation modes.
- debian/patches/CVE-2020-12829-pre4.patch: fix support for non-zero
frame buffer start address.
- debian/patches/CVE-2020-12829-pre5.patch: set updated region dirty
after 2D operation.
- debian/patches/CVE-2020-12829-pre6.patch: adjust endianness of pixel
value in rectangle fill.
- debian/patches/CVE-2020-12829-pre7.patch: convert printf +
abort to qemu_log_mask.
- debian/patches/CVE-2020-12829-pre8.patch: shorten long
variable names in sm501_2d_operation.
- debian/patches/CVE-2020-12829-pre9.patch: use BIT(x) macro to
shorten constant.
- debian/patches/CVE-2020-12829-pre10.patch: clean up local
variables in sm501_2d_operation.
- debian/patches/CVE-2020-12829.patch: replace hand written
implementation with pixman where possible.
- debian/patches/CVE-2020-12829-2.patch: optimize small overlapping
blits.
- debian/patches/CVE-2020-12829-3.patch: fix bounds checks.
- debian/patches/CVE-2020-12829-4.patch: drop unneded variable.
- debian/patches/CVE-2020-12829-5.patch: do not allow guest to set
invalid format.
- debian/patches/CVE-2020-12829-6.patch: introduce variable for
commonly used value for better readability.
- debian/patches/CVE-2020-12829-7.patch: fix and optimize overlap
check.
- CVE-2020-12829
* SECURITY UPDATE: out-of-bounds read during sdhci_write() operations
- debian/patches/CVE-2020-13253.patch: do not switch to ReceivingData
if address is invalid in hw/sd/sd.c.
- CVE-2020-13253
* SECURITY UPDATE: out-of-bounds access during es1370_write() operation
- debian/patches/CVE-2020-13361.patch: check total frame count against
current frame in hw/audio/es1370.c.
- CVE-2020-13361
* SECURITY UPDATE: out-of-bounds read via crafted reply_queue_head
- debian/patches/CVE-2020-13362-1.patch: use unsigned type for
reply_queue_head and check index in hw/scsi/megasas.c.
- debian/patches/CVE-2020-13362-2.patch: avoid NULL pointer dereference
in hw/scsi/megasas.c.
- debian/patches/CVE-2020-13362-3.patch: use unsigned type for positive
numeric fields in hw/scsi/megasas.c.
- CVE-2020-13362
* SECURITY UPDATE: NULL pointer dereference related to BounceBuffer
- debian/patches/CVE-2020-13659.patch: set map length to zero when
returning NULL in exec.c, include/exec/memory.h.
- CVE-2020-13659
* SECURITY UPDATE: out-of-bounds access via msi-x mmio operation
- debian/patches/CVE-2020-13754-1.patch: revert accepting mismatching
sizes in memory_region_access_valid in memory.c.
- debian/patches/CVE-2020-13754-2.patch: accept byte and word access to
core ACPI registers in hw/acpi/core.c.
- CVE-2020-13754
* SECURITY UPDATE: invalid memory copy operation via rom_copy
- debian/patches/CVE-2020-13765.patch: add extra check to
hw/core/loader.c.
- CVE-2020-13765
* SECURITY UPDATE: buffer overflow in XGMAC Ethernet controller
- debian/patches/CVE-2020-15863.patch: check bounds in hw/net/xgmac.c.
- CVE-2020-15863
* SECURITY UPDATE: reachable assertion failure
- debian/patches/CVE-2020-16092.patch: fix assertion failure in
hw/net/net_tx_pkt.c.
- CVE-2020-16092
-- Marc Deslauriers <email address hidden> Tue, 11 Aug 2020 13:19:33 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.30) bionic; urgency=medium
* d/p/ubuntu/lp-1805256-async-use-explicit-mem-barriers-arm-only.patch:
- More conservative and less intrusive approach of the Aarch64 AIO
race window fix. Contained to Aarch64 builds only. (LP: #1805256)
-- Rafael David Tinoco <email address hidden> Mon, 20 Jul 2020 11:48:06 +0000
-
qemu (1:2.11+dfsg-1ubuntu7.29) bionic; urgency=medium
* allow vhost-user driver to ignore some unneeded mem regions,
to stay under its api limit of 8 mem regions (LP: #1887525)
- d/p/lp1887525/0001-vhost-fix-memslot-limit-check.patch
- d/p/lp1887525/0002-vhost-allow-backends-to-filter-memory-sections.patch
-- Dan Streetman <email address hidden> Tue, 14 Jul 2020 09:35:16 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.28) bionic; urgency=medium
* Revert the fixes in 1:2.11+dfsg-1ubuntu7.27 for LP: 1805256 as they
were causing regressions for some iothread use cases (LP: #1885419)
-- Christian Ehrhardt <email address hidden> Tue, 30 Jun 2020 08:57:18 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.27) bionic; urgency=medium
* d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- aio: rename aio_context_in_iothread() to in_aio_context_home_thread()
- aio: Do aio_notify_accept only during blocking aio_poll
- aio-posix: Assert that aio_poll() is always called in home thread
- async: use explicit memory barriers (LP: #1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
- aio-posix: Don't count ctx->notifier as progress when polling
-- Rafael David Tinoco <email address hidden> Tue, 26 May 2020 17:39:21 +0000
-
qemu (1:2.11+dfsg-1ubuntu7.26) bionic-security; urgency=medium
* SECURITY UPDATE: memory leak in zrle_compress_data
- debian/patches/ubuntu/CVE-2019-20382.patch: fix memory leak when vnc
disconnect in ui/vnc-enc-tight.c, ui/vnc-enc-zrle.inc.c, ui/vnc.c,
ui/vnc.h.
- CVE-2019-20382
* SECURITY UPDATE: use-after-free in ip_reass()
- debian/patches/ubuntu/CVE-2020-1983.patch: fix buffer handling in
slirp/ip_input.c.
- CVE-2020-1983
-- Marc Deslauriers <email address hidden> Thu, 14 May 2020 13:36:56 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.25) bionic; urgency=medium
* d/rules: match how 2.11 stores PKGVERSION (LP: 1847361)
qemu (1:2.11+dfsg-1ubuntu7.24) bionic; urgency=medium
* allow qemu to load old modules post upgrade (LP: #1847361)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
- d/qemu-block-extra.*.in: save shared objects on upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
-- Christian Ehrhardt <email address hidden> Thu, 14 May 2020 10:02:30 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.24) bionic; urgency=medium
* allow qemu to load old modules post upgrade (LP: #1847361)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
- d/qemu-block-extra.*.in: save shared objects on upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
-- Christian Ehrhardt <email address hidden> Mon, 02 Mar 2020 15:21:27 +0100
-
qemu (1:2.11+dfsg-1ubuntu7.23) bionic-security; urgency=medium
* SECURITY UPDATE: OOB heap access via unexpected iSCSI Server response
- debian/patches/CVE-2020-1711.patch: cap block count from GET LBA
STATUS in block/iscsi.c.
- CVE-2020-1711
* SECURITY UPDATE: heap-based overflow in slirp networking
- debian/patches/CVE-2020-7039-1.patch: fix oob issue in
slirp/tcp_subr.c.
- debian/patches/CVE-2020-7039-2.patch: use correct size while
emulating IRC commands in slirp/tcp_subr.c.
- debian/patches/CVE-2020-7039-3.patch: use correct size while
emulating commands in slirp/tcp_subr.c.
- CVE-2020-7039
* SECURITY UPDATE: buffer overflow via incorrect snprintf return codes
- debian/patches/CVE-2020-8608-1.patch: add slirp_fmt() helpers to
slirp/slirp.c, slirp/slirp.h.
- debian/patches/CVE-2020-8608-2.patch: fix unsafe snprintf() usages in
slirp/tcp_subr.c.
- CVE-2020-8608
-- Marc Deslauriers <email address hidden> Wed, 12 Feb 2020 13:56:45 -0500
-
qemu (1:2.11+dfsg-1ubuntu7.22) bionic; urgency=medium
* d/p/lp1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch:
fix bitmap index to prevent OOB access when # of vqs > 64 (LP: #1859527)
-- Dan Streetman <email address hidden> Wed, 22 Jan 2020 08:55:45 -0500
-
qemu (1:2.11+dfsg-1ubuntu7.21) bionic; urgency=medium
* d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
update the z15 model name (LP: #1842774)
* d/p/u/lp-1847948-*: allow MSIX BAR mapping on VFIO in general and use that
instead of emulation on ppc64 increasing performance of e.g. NVME
passthrough (LP: #1847948)
-- Christian Ehrhardt <email address hidden> Tue, 15 Oct 2019 11:23:23 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.20) bionic-security; urgency=medium
* SECURITY UPDATE: infinite loop when executing LSI scsi adapter
emulator scripts
- d/p/u/CVE-2019-12068.patch: Move the existing loop exit
- CVE-2019-12068
* SECURITY UPDATE: null pointer dereference in qxl display driver
- d/p/u/CVE-2019-12155.patch: qxl: check release info object
- CVE-2019-12155
* SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
- d/p/u/CVE-2019-13164.patch: qemu-bridge-helper: restrict
interface name to IFNAMSIZ
- CVE-2019-13164
* SECURITY UPDATE: heap overflow in slirp
- d/p/u/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
on big packet input
- CVE-2019-14378
* SECURITY UPDATE: use after free vulnerability in slirp
- d/p/u/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
- CVE-2019-15890
* Add support for exposing "taa-no" flag to guests:
- d/p/u/CVE-2019-11135-taa-no.patch
- CVE-2019-11135
* Add support for exposing "pschange-mc-no" to guests:
- d/p/u/pschange-mce.patch
-- Steve Beattie <email address hidden> Thu, 07 Nov 2019 22:30:29 -0800
-
qemu (1:2.11+dfsg-1ubuntu7.19) bionic; urgency=medium
* d/p/ubuntu/lp-1837869-block-Fix-flags-in-reopen-queue.patch: avoid
issues on block reopen (LP: #1837869)
-- Christian Ehrhardt <email address hidden> Wed, 18 Sep 2019 08:29:32 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.18) bionic; urgency=medium
* d/p/ubuntu/lp-1832622-*: count cache flush Spectre v2 mitigation for ppc64
(LP: #1832622)
* d/p/ubuntu/lp-1840745-*: add amd ssbd / no-ssbd features (LP: #1840745)
* d/p/ubuntu/lp-1836154-*: add HW CPU model for newer s390x machines
(LP: #1836154)
-- Christian Ehrhardt <email address hidden> Thu, 13 Jun 2019 08:08:33 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.17) bionic; urgency=medium
* {Ice,Cascade}Lake IA32_ARCH_CAPABILITIES support (LP: 1828495)
Needed patch is in d/p/u/lp1828495-:
- 0017-target-i386-add-MDS-NO-feature.patch:
target/i386: add MDS-NO feature
qemu (1:2.11+dfsg-1ubuntu7.16) bionic; urgency=medium
[ Christian Ehrhardt ]
* d/p/ubuntu/lp-1830243-s390-bios-Skip-bootmap-signature-entries.patch:
tolerate guests with secure boot loaders (LP: #1830243)
[ Rafael David Tinoco ]
* {Ice,Cascade}Lake CPUs + IA32_ARCH_CAPABILITIES support (LP: #1828495)
Needed patches are in d/p/u/lp1828495-:
- 0001-guidance-cpu-models.patch:
docs: add guidance on configuring CPU models for x86
+ d/qemu-system-common.install: include man/man7/qemu-cpu-models.7
- 0002-msr-new-msr-indices.patch:
i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES
- 0003-cpuid-feature-ia32-arch-capabilities.patch:
i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR
- 0004-cpuid-bit-for-wbnoinvd.patch:
i386: Add CPUID bit for WBNOINVD
- 0005-new-cpu-model-for-icelake.patch:
i386: Add new CPU model Icelake-{Server,Client}
- 0006-update-headers-to-4.16-rc5.patch:
update Linux headers to 4.16-rc5
- 0007-kvm-get-msr-feature-index_list.patch:
kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and
- 0008-x86-msr-related-data-structure-changes.patch:
x86: Data structure changes to support MSR based features
- 0009-feature-wordS-arch-capabilities.patch:
x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH
- 0010-use-kvm-get-msr-index-list.patch:
kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support
- 0011-disable-arch-cap-when-no-msr.patch:
i386: kvm: Disable arch_capabilities if MSR can't be set
- 0012-arch-capabilities-migratable.patch:
i386: Make arch_capabilities migratable
- 0013-cascadelake-server.patch:
i386: Add new model of Cascadelake-Server
- 0014-remove-cpuid-pconfig.patch:
i386: remove the new CPUID 'PCONFIG' from Icelake-Server CPU model
- 0015-remove-cpuid-intel_pt.patch:
i386: remove the 'INTEL_PT' CPUID bit from named CPU models
- 0016-no-ospke-on-some.patch:
i386: Disable OSPKE on CPU model definitions
-- Rafael David Tinoco <email address hidden> Mon, 05 Aug 2019 19:12:08 +0000
-
qemu (1:2.11+dfsg-1ubuntu7.16) bionic; urgency=medium
[ Christian Ehrhardt ]
* d/p/ubuntu/lp-1830243-s390-bios-Skip-bootmap-signature-entries.patch:
tolerate guests with secure boot loaders (LP: #1830243)
[ Rafael David Tinoco ]
* {Ice,Cascade}Lake CPUs + IA32_ARCH_CAPABILITIES support (LP: #1828495)
Needed patches are in d/p/u/lp1828495-:
- 0001-guidance-cpu-models.patch:
docs: add guidance on configuring CPU models for x86
+ d/qemu-system-common.install: include man/man7/qemu-cpu-models.7
- 0002-msr-new-msr-indices.patch:
i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES
- 0003-cpuid-feature-ia32-arch-capabilities.patch:
i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR
- 0004-cpuid-bit-for-wbnoinvd.patch:
i386: Add CPUID bit for WBNOINVD
- 0005-new-cpu-model-for-icelake.patch:
i386: Add new CPU model Icelake-{Server,Client}
- 0006-update-headers-to-4.16-rc5.patch:
update Linux headers to 4.16-rc5
- 0007-kvm-get-msr-feature-index_list.patch:
kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and
- 0008-x86-msr-related-data-structure-changes.patch:
x86: Data structure changes to support MSR based features
- 0009-feature-wordS-arch-capabilities.patch:
x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH
- 0010-use-kvm-get-msr-index-list.patch:
kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support
- 0011-disable-arch-cap-when-no-msr.patch:
i386: kvm: Disable arch_capabilities if MSR can't be set
- 0012-arch-capabilities-migratable.patch:
i386: Make arch_capabilities migratable
- 0013-cascadelake-server.patch:
i386: Add new model of Cascadelake-Server
- 0014-remove-cpuid-pconfig.patch:
i386: remove the new CPUID 'PCONFIG' from Icelake-Server CPU model
- 0015-remove-cpuid-intel_pt.patch:
i386: remove the 'INTEL_PT' CPUID bit from named CPU models
- 0016-no-ospke-on-some.patch:
i386: Disable OSPKE on CPU model definitions
-- Christian Ehrhardt <email address hidden> Thu, 04 Jul 2019 14:47:56 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.15) bionic; urgency=medium
* d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
fix migrations from old machines (LP: #1829868).
* d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
toleration for future machines (LP: #1830704
-- Christian Ehrhardt <email address hidden> Wed, 22 May 2019 13:14:15 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.14) bionic-security; urgency=medium
* Add qemu-guest-agent Breaks: for unattended-upgrades versions not being
able to install it to avoid qemu-guest-agent blocking other security
updates. (LP: #1823872)
-- Balint Reczey <email address hidden> Thu, 23 May 2019 15:09:48 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.13) bionic-security; urgency=medium
* SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- CVE-2018-20815
* SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
-- Steve Beattie <email address hidden> Wed, 08 May 2019 23:24:12 -0700
-
qemu (1:2.11+dfsg-1ubuntu7.12) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: TOCTTOU in MTP
- debian/patches/CVE-2018-16872.patch: use O_NOFOLLOW and O_CLOEXEC in
hw/usb/dev-mtp.c.
- CVE-2018-16872
* SECURITY UPDATE: race during file renaming in v9fs_wstat
- debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
- CVE-2018-19489
* SECURITY UPDATE: out-of-bounds read via i2 commands
- debian/patches/CVE-2019-3812.patch: add bounds check to
hw/i2c/i2c-ddc.c.
- CVE-2019-3812
* SECURITY UPDATE: heap based buffer overflow in slirp
- debian/patches/CVE-2019-6778.patch: check data length while emulating
ident function in slirp/tcp_subr.c.
- CVE-2019-6778
[ Christian Ehrhardt ]
* fix crash when performing block pull on partial cluster (LP: #1818264)
- d/p/ubuntu/lp-1818264-block-Fix-copy-on-read-crash-with-partial.patch
* qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
- d/qemu-guest-agent.install: use correct path for fsfreeze-hook
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile
-- Marc Deslauriers <email address hidden> Mon, 25 Mar 2019 08:32:58 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.11) bionic; urgency=medium
* fix crash when performing block pull on partial cluster (LP: #1818264)
- d/p/ubuntu/lp-1818264-block-Fix-copy-on-read-crash-with-partial.patch
-- Christian Ehrhardt <email address hidden> Tue, 05 Mar 2019 16:49:03 +0100
-
qemu (1:2.11+dfsg-1ubuntu7.10) bionic; urgency=medium
* d/p/ubuntu/lp-1806104-spapr_pci-Remove-unhelpful-pagesize-warning.patch:
remove misleading page size warning on qemu-system-ppc64 (LP: #1806104)
* d/p/ubuntu/lp-1812384-s390x-Return-specification-exception.patch: ensure
a proper exception on unknown diag 308 subcodes
(LP: #1812384)
* d/p/ubuntu/lp-1809083-*: fix backward migration on ppc64el (LP: #1809083)
-- Christian Ehrhardt <email address hidden> Thu, 31 Jan 2019 14:07:51 +0100
-
qemu (1:2.11+dfsg-1ubuntu7.9) bionic; urgency=medium
* debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: #1787405)
-- Christian Ehrhardt <email address hidden> Thu, 15 Nov 2018 12:29:56 +0100
-
qemu (1:2.11+dfsg-1ubuntu7.8) bionic-security; urgency=medium
* SECURITY UPDATE: integer overflow in NE2000 NIC emulation
- debian/patches/CVE-2018-10839.patch: use proper type in
hw/net/ne2000.c.
- CVE-2018-10839
* SECURITY UPDATE: buffer overflow via incoming fragmented datagrams
- debian/patches/CVE-2018-11806.patch: correct size computation in
slirp/mbuf.c, slirp/mbuf.h.
- CVE-2018-11806
* SECURITY UPDATE: integer overflow via crafted QMP command
- debian/patches/CVE-2018-12617.patch: check bytes count read by
guest-file-read in qga/commands-posix.c.
- CVE-2018-12617
* SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
- debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c.
- CVE-2018-16847
* SECURITY UPDATE: buffer overflow in rtl8139
- debian/patches/CVE-2018-17958.patch: use proper type in
hw/net/rtl8139.c.
- CVE-2018-17958
* SECURITY UPDATE: buffer overflow in pcnet
- debian/patches/CVE-2018-17962.patch: use proper type in
hw/net/pcnet.c.
- CVE-2018-17962
* SECURITY UPDATE: DoS via large packet sizes
- debian/patches/CVE-2018-17963.patch: check size in net/net.c.
- CVE-2018-17963
* SECURITY UPDATE: DoS in lsi53c895a
- debian/patches/CVE-2018-18849.patch: check message length value is
valid in hw/scsi/lsi53c895a.c.
- CVE-2018-18849
* SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
- debian/patches/CVE-2018-18954.patch: check size before data buffer
access in hw/ppc/pnv_lpc.c.
- CVE-2018-18954
* SECURITY UPDATE: race condition in 9p
- debian/patches/CVE-2018-19364-1.patch: use write lock in
hw/9pfs/cofile.c.
- debian/patches/CVE-2018-19364-2.patch: use write lock in
hw/9pfs/9p.c.
- CVE-2018-19364
-- Marc Deslauriers <email address hidden> Wed, 21 Nov 2018 14:17:51 -0500
-
qemu (1:2.11+dfsg-1ubuntu7.7) bionic; urgency=medium
* Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901)
The SLOF source pieces in src:qemu are only used for s390x netboot,
which are independent ROMs (no linking). All other binaries out of this
are part of src:slof and independent.
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.11-to-3.0.patch
- d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities
and related fixes
-- Christian Ehrhardt <email address hidden> Tue, 25 Sep 2018 13:31:15 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.6) bionic; urgency=medium
[ Christian Ehrhardt ]
* Add cpu model for z14 ZR1 (LP: #1780773)
* d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
- CVE-2018-15746
* improve s390x spectre mitigation with etoken facility (LP: #1790457)
- debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
- debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
[ Phillip Susi ]
* d/p/ubuntu/lp-1787267-fix-en_us-vnc-pipe.patch: Fix pipe, greater than and
less than keys over vnc when using en_us kemaps (LP: #1787267).
-- Christian Ehrhardt <email address hidden> Wed, 29 Aug 2018 11:46:37 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.5) bionic; urgency=medium
[Christian Ehrhardt]
* d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
by migrations with UI frontends or frequent guest resolution changes
(LP: #1755912)
[ Murilo Opsfelder Araujo ]
* d/p/ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
extend eieio for POWER9 emulation (LP: #1787408).
-- Christian Ehrhardt <email address hidden> Tue, 21 Aug 2018 11:25:45 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.4) bionic; urgency=medium
* d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
for host-phys-bits=true (LP: #1776189)
- add an info about this change in debian/qemu-system-x86.NEWS
-- Christian Ehrhardt <email address hidden> Wed, 13 Jun 2018 10:41:34 +0200
-
qemu (1:2.11+dfsg-1ubuntu7.3) bionic-security; urgency=medium
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/ubuntu/CVE-2018-3639-2.patch: define the AMD
'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
- debian/patches/ubuntu/CVE-2018-3639-3.patch: define the Virt SSBD MSR
and handling of it in target/i386/cpu.h, target/i386/kvm.c,
target/i386/machine.c.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Wed, 23 May 2018 07:57:07 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.2) bionic-security; urgency=medium
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/ubuntu/CVE-2018-3639.patch: add bit(2) of SPEC_CTRL
MSR support - Reduced Data Speculation to target/i386/cpu.*.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Thu, 17 May 2018 09:57:26 -0400
-
qemu (1:2.11+dfsg-1ubuntu7.1) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds access during migration via ps2
- debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
in post_load routine in hw/input/ps2.c.
- CVE-2017-16845
* SECURITY UPDATE: arbitrary code execution via load_multiboot
- debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
zero in hw/i386/multiboot.c.
- CVE-2018-7550
* SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
- debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
hw/display/vga.c.
- CVE-2018-7858
-- Marc Deslauriers <email address hidden> Fri, 11 May 2018 13:26:42 -0400
-
qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium
* d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection
information (LP: #1762854).
* d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration
(LP: #1763468).
-- Christian Ehrhardt <email address hidden> Wed, 11 Apr 2018 07:46:18 +0200
-
qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium
* Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch.
The Kernel fixes are preferred and already committed to the kernel.
Therefore remove the default disabling of the HTM feature (LP: #1761175)
* d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
SSE/AVX/AVX512 cpu features (LP: #1739665)
* d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
space+commpage continuous which avoids long startup times on
qemu-user-static (LP: #1740219)
* d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
convenience with all meltdown/spectre workarounds enabled by default.
This is not the default type following upstream and x86 on that.
(LP: #1761372).
* d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax
with pmem by backporting align and unarmed options (LP: #1704312).
* d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
option to slirp's DHCP server (LP: #1762315)
-- Christian Ehrhardt <email address hidden> Wed, 04 Apr 2018 15:16:07 +0200
-
qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium
* Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream
accepted to be better long term maintainable (LP: #1753938)
-- Christian Ehrhardt <email address hidden> Thu, 22 Mar 2018 10:31:23 +0100
-
qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium
* d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for
ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026).
* d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer
versions of glibc >=2.27 (LP: #1753826)
-- Christian Ehrhardt <email address hidden> Mon, 05 Mar 2018 16:43:01 +0100
-
qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium
* d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch,
d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch:
Add domainname option and classless static routes support to the user
networking's DHCP server
-- Benjamin Drung <email address hidden> Fri, 02 Mar 2018 21:08:54 +0100
-
qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium
* d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
- among other fixes this adds code to:
- mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715)
However, enabling this functionality requires additional configuration
beyond just updating QEMU. Also migrations need special consideration.
Details about that can be found at:
https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
- Power9 allocation of max 8 threads per core (LP: #1750526)
* Drop changes that are part of the upstream stable release
- d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
- d/p/ubuntu/linux-headers-update-4.15-rc9.patch
- d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
- d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
* d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update
* d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the
common compat.h header and add some extra info in the patch header.
-- Christian Ehrhardt <email address hidden> Mon, 19 Feb 2018 11:03:11 +0100
-
qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
* Merge with Debian testing, among other fixes this includes
- fix fatal error on negative maxcpus (LP: #1722495)
- fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
- linux user threading issues (LP: #1350435)
- TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- ppc64[le] support
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- arch aware kvm wrappers
* Added Changes
- update VCS-git to match the bionic branch
- sdl2 is yet too unstable for the LTS Ubuntu release given the reports
we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
so we revert related changes to stick with the proven for now:
- 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
depends on it)
- 9594f820 - switch from sdl1.2 to sdl2 (#870025)
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- update Ubuntu machine types for qemu 2.11
- qemu-guest-agent: freeze-hook fixes (LP: #1484990)
- d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- Create and install pxe netboot images for KVM s390x (LP: #1732094)
- d/rules enable install s390x-netboot.img
- debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
- d/control-in: enable RDMA support in qemu (LP: #1692476)
- on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
- d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
- d/p/ubuntu/linux-headers-update-4.15-rc9.patch
- d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
- d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
- tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: enable seccomp on s390x
* Dropped changes (no more needed):
- Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
The functionality is retained for upgraders, but is deprecated.
Post 18.04 the implementation for these configurations will be removed.
* Dropped changes (in Debian now):
- ppc64[le] support
- Enable seccomp for ppc64el
- bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
- disable missing x32 architecture
- d/rules: or32 is now named or1k (since 4a09d0bb)
- d/qemu-system-common.docs: new paths since (ac06724a)
- d/qemu-system-common.install: qmp-commands.txt removed, but replaced
by qapi-schema.json which is already packaged (since 4d8bb958)
- d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
to Debian patch to match qemu 2.10)
- d/qemu-system-common.docs: adapt new path of live-block-operations.rst
since 8508eee7
- d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
- make nios2/hppa not installed explicitly until further stablized
- d/qemu-guest-agent.install: add the new guest agent reference man page
qemu-ga-ref
- d/qemu-system-common.install: add the now generated qapi/qmp reference
along the qapi intro
- d/not-installed: ignore further generated (since 56e8bdd4) files in
dh_missing that are already provided in other formats qemu-doc,
qemu-qmp-ref,qemu-ga-ref
* Dropped changes (integrated upstream):
- d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
on arm64 when doing suspend/resume and reboots due to older kernels not
supporting ITS (LP 1731051).
- Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
James Cowgill to prevent qemu-user from forwarding prctl seccomp
calls (LP 1726394)
- update to upstream 2.10.1 point release (LP 1722808)
-- Christian Ehrhardt <email address hidden> Mon, 22 Jan 2018 14:35:18 +0100
-
qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
* d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
on arm64 when doing suspend/resume and reboots due to older kernels not
supporting ITS (LP: #1731051).
-- Christian Ehrhardt <email address hidden> Tue, 14 Nov 2017 08:30:29 +0100
-
qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
* Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
James Cowgill to prevent qemu-user from forwarding prctl seccomp
calls (LP: #1726394)
-- Julian Andres Klode <email address hidden> Sat, 04 Nov 2017 00:21:14 +0100
-
qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
* fix enablement of qemu-kvm service (LP: #1720397)
- rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
- d/rules: add proper enablement debhelper calls
- d/qemu-system-common.install: install covered by dh_installinit
-- Christian Ehrhardt <email address hidden> Mon, 16 Oct 2017 11:28:39 +0200