-
qemu (2.0.0+dfsg-2ubuntu1.46) trusty-security; urgency=medium
* SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- d/p/ubuntu/CVE-2018-20815-prereq-1.patch: Add load_image_size()
to replace load_image()
- d/p/ubuntu/CVE-2018-20815-prereq-2.patch: Read as long as possible
in load_image_size()
- CVE-2018-20815
* SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
-- Steve Beattie <email address hidden> Wed, 08 May 2019 23:59:48 -0700
-
qemu (2.0.0+dfsg-2ubuntu1.45) trusty-security; urgency=medium
* SECURITY UPDATE: race during file renaming in v9fs_wstat
- debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
- CVE-2018-19489
* SECURITY UPDATE: heap based buffer overflow in slirp
- debian/patches/CVE-2019-6778.patch: check data length while emulating
ident function in slirp/tcp_subr.c.
- CVE-2019-6778
-- Marc Deslauriers <email address hidden> Fri, 22 Mar 2019 17:08:37 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.44) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in NE2000 NIC emulation
- debian/patches/CVE-2018-10839.patch: use proper type in
hw/net/ne2000.c.
- CVE-2018-10839
* SECURITY UPDATE: buffer overflow via incoming fragmented datagrams
- debian/patches/CVE-2018-11806.patch: correct size computation in
slirp/mbuf.c, slirp/mbuf.h.
- CVE-2018-11806
* SECURITY UPDATE: integer overflow via crafted QMP command
- debian/patches/CVE-2018-12617.patch: check bytes count read by
guest-file-read in qga/commands-posix.c.
- CVE-2018-12617
* SECURITY UPDATE: buffer overflow in rtl8139
- debian/patches/CVE-2018-17958.patch: use proper type in
hw/net/rtl8139.c.
- CVE-2018-17958
* SECURITY UPDATE: buffer overflow in pcnet
- debian/patches/CVE-2018-17962.patch: use proper type in
hw/net/pcnet.c.
- CVE-2018-17962
* SECURITY UPDATE: DoS via large packet sizes
- debian/patches/CVE-2018-17963.patch: check size in net/net.c.
- CVE-2018-17963
* SECURITY UPDATE: DoS in lsi53c895a
- debian/patches/CVE-2018-18849.patch: check message length value is
valid in hw/scsi/lsi53c895a.c.
- CVE-2018-18849
* SECURITY UPDATE: race condition in 9p
- debian/patches/CVE-2018-19364-1.patch: use write lock in
hw/9pfs/cofile.c.
- debian/patches/CVE-2018-19364-2.patch: use write lock in
hw/9pfs/virtio-9p.c.
- CVE-2018-19364
-- Marc Deslauriers <email address hidden> Wed, 21 Nov 2018 15:10:13 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.43) trusty-security; urgency=medium
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-2.patch: define the AMD 'virt-ssbd'
CPUID feature bit in target/i386/cpu.c.
- debian/patches/CVE-2018-3639-3.patch: define the Virt SSBD MSR and
handling of it in target/i386/cpu.h, target/i386/kvm.c,
target/i386/machine.c.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Wed, 23 May 2018 08:03:09 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.42) trusty-security; urgency=medium
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/ubuntu/CVE-2018-3639.patch: add bit(2) of SPEC_CTRL
MSR support - Reduced Data Speculation to target-i386/cpu.*.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Thu, 17 May 2018 10:09:16 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.41) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via load_multiboot
- debian/patches/CVE-2018-7550.patch: handle bss_end_addr being zero in
hw/i386/multiboot.c.
- CVE-2018-7550
-- Marc Deslauriers <email address hidden> Fri, 11 May 2018 13:35:08 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.40) trusty-security; urgency=medium
* SECURITY REGRESSION: Xen regression (LP: #1752761)
- debian/patches/CVE-2017-11334-1.patch: removed.
- debian/patches/CVE-2017-11334-2.patch: removed.
-- Marc Deslauriers <email address hidden> Sun, 04 Mar 2018 10:11:19 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.39) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via guest ram block area
- debian/patches/CVE-2017-11334-1.patch: use qemu_ram_ptr_length to
access guest ram in exec.c.
- debian/patches/CVE-2017-11334-2.patch: add lock parameter to
qemu_ram_ptr_length in exec.c.
- CVE-2017-11334
* SECURITY UPDATE: code execution via multiboot out-of-bounds write
- debian/patches/CVE-2017-14167.patch: validate multiboot header
address values in hw/i386/multiboot.c.
- CVE-2017-14167
* SECURITY UPDATE: information disclosure via race in 9pfs
- debian/patches/CVE-2017-15038.patch: use g_malloc0 to allocate space
for xattr in hw/9pfs/virtio-9p.c.
- CVE-2017-15038
* SECURITY UPDATE: DoS in cirrus driver
- debian/patches/CVE-2017-15289.patch: fix oob access in mode4and5
write functions in hw/display/cirrus_vga.c.
- CVE-2017-15289
* SECURITY UPDATE: DoS via integer overflow in ROUND_UP
- debian/patches/CVE-2017-18043.patch: fix ROUND_UP in
include/qemu/osdep.h.
- CVE-2017-18043
* SECURITY UPDATE: DoS in VGA driver
- debian/patches/CVE-2018-5683.patch: check the validation of memory
addr when draw text in hw/display/vga.c.
- CVE-2018-5683
-- Marc Deslauriers <email address hidden> Thu, 15 Feb 2018 13:33:14 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.38) trusty-security; urgency=medium
* SECURITY UPDATE: Add support for Spectre mitigations (LP: #1744882)
- debian/patches/CVE-2017-5715-1.patch: Lengthen X86CPUDefinition::
model_id in target-i386/cpu.c.
- debian/patches/CVE-2017-5715-2.patch: Add support for SPEC_CTRL MSR
in target-i386/cpu.h, target-i386/kvm.c, target-i386/machine.c.
- debian/patches/CVE-2017-5715-3pre1.patch: add FEAT_7_0_ECX and
FEAT_7_0_EDX in target-i386/cpu.c, target-i386/cpu.h.
- debian/patches/CVE-2017-5715-3.patch: Add spec-ctrl CPUID bit in
target-i386/cpu.c, target-i386/cpu.h.
- debian/patches/CVE-2017-5715-4.patch: Add FEAT_8000_0008_EBX CPUID
feature word in target-i386/cpu.c, target-i386/cpu.h.
- debian/patches/CVE-2017-5715-5.patch: Add new -IBRS versions of Intel
CPU models in target-i386/cpu.c.
- CVE-2017-5715
-- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 13:27:00 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.36) trusty-security; urgency=medium
* SECURITY REGRESSION: regression in in USB xHCI emulation (LP: #1718222)
- debian/patches/CVE-2017-9375-regression.patch: don't kick in
xhci_submit and xhci_fire_ctl_transfer in hw/usb/hcd-xhci.c.
-- Marc Deslauriers <email address hidden> Wed, 20 Sep 2017 07:27:30 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.35) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation via virtFS
- debian/patches/CVE-2017-7493.patch: forbid client access to metadata
in hw/9pfs/virtio-9p-local.c.
- CVE-2017-7493
* SECURITY UPDATE: DoS via message ring page count
- debian/patches/CVE-2017-8112.patch: check page count in
hw/scsi/vmw_pvscsi.c.
- CVE-2017-8112
* SECURITY UPDATE: DoS in USB OHCI emulation
- debian/patches/CVE-2017-9330.patch: fix error code in
hw/usb/hcd-ohci.c.
- CVE-2017-9330
* SECURITY UPDATE: DoS in IDE AHCI emulation
- debian/patches/CVE-2017-9373-1.patch: add cleanup function in
hw/ide/core.c, hw/ide/internal.h.
- debian/patches/CVE-2017-9373-2.patch: call cleanup function in
hw/ide/ahci.c.
- CVE-2017-9373
* SECURITY UPDATE: DoS in USB EHCI emulation
- debian/patches/CVE-2017-9374.patch: fix memory leak in
hw/usb/hcd-ehci-pci.c, hw/usb/hcd-ehci.c, hw/usb/hcd-ehci.h.
- CVE-2017-9374
* SECURITY UPDATE: DoS in USB xHCI emulation
- debian/patches/CVE-2017-9375.patch: guard against recursive calls in
hw/usb/hcd-xhci.c.
- CVE-2017-9375
* SECURITY UPDATE: DoS in MegaSAS
- debian/patches/CVE-2017-9503-pre1.patch: fixup device mapping in
hw/scsi/megasas.c, hw/scsi/mfi.h.
- debian/patches/CVE-2017-9503-1.patch: add test to
tests/Makefile, tests/megasas-test.c.
- debian/patches/CVE-2017-9503-2.patch: do not read sense length more
than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-3.patch: do not read iovec count more
than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-4.patch: do not read DCMD opcode more
than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-5.patch: do not read command more than
once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-6.patch: do not read SCSI req parameters
more than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-7.patch: always store SCSIRequest* into
MegasasCmd in hw/scsi/megasas.c, added test to tests/megasas-test.c.
- CVE-2017-9503
* SECURITY UPDATE: DoS via incorrect SIGPIPE handling
- debian/patches/CVE-2017-10664.patch: ignore SIGPIPE in qemu-nbd.c.
- CVE-2017-10664
* SECURITY UPDATE: stack overflow in usbredir_log_data
- debian/patches/CVE-2017-10806.patch: use qemu_hexdump in
hw/usb/redirect.c.
- CVE-2017-10806
* SECURITY UPDATE: memory disclosure in Xen block-interface responses
- debian/patches/CVE-2017-10911.patch: fill the fields directly in
hw/block/xen_disk.c.
- CVE-2017-10911
* SECURITY UPDATE: DoS via crafted DHCP options string
- debian/patches/CVE-2017-11434.patch: check length in slirp/bootp.c.
- CVE-2017-11434
-- Marc Deslauriers <email address hidden> Tue, 22 Aug 2017 12:38:28 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.34) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via leak in virtFS
- debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
hw/9pfs/virtio-9p.c.
- CVE-2017-7377
* SECURITY UPDATE: denial of service in cirrus_vga
- debian/patches/CVE-2017-7718.patch: check parameters in
hw/display/cirrus_vga_rop.h.
- CVE-2017-7718
* SECURITY UPDATE: code execution via cirrus_vga OOB r/w
- debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-6.patch: stop passing around dst
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-7.patch: stop passing around src
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
hw/display/cirrus_vga_rop.h.
- debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
hw/display/cirrus_vga.c.
- CVE-2017-7980
* SECURITY UPDATE: denial of service via memory leak in virtFS
- debian/patches/CVE-2017-8086.patch: fix leak in
hw/9pfs/virtio-9p-xattr.c.
- CVE-2017-8086
* SECURITY UPDATE: denial of service via leak in audio
- debian/patches/CVE-2017-8309.patch: release capture buffers in
audio/audio.c.
- CVE-2017-8309
* SECURITY UPDATE: denial of service via leak in keyboard
- debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
ui/input.c.
- debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
ui/input.c.
- CVE-2017-8379
* SECURITY REGRESSION: Windows 7 VGA compatibility issue (LP: #1581936)
- debian/patches/lp1581936.patch: add sr_vbe register set to
hw/display/vga.c, hw/display/vga_int.h.
-- Marc Deslauriers <email address hidden> Wed, 10 May 2017 15:50:30 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.33) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via 6300esb unplug operations
- debian/patches/CVE-2016-10155.patch: add exit function in
hw/watchdog/wdt_i6300esb.c.
- CVE-2016-10155
* SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
- debian/patches/CVE-2016-8667.patch: limit interval timer reload value
in hw/dma/rc4030.c.
- CVE-2016-8667
* SECURITY UPDATE: DoS in 16550A UART emulation
- debian/patches/CVE-2016-8669.patch: check divider value against baud
base in hw/char/serial.c.
- CVE-2016-8669
* SECURITY UPDATE: privilege escalation via ioreq handling
- debian/patches/CVE-2016-9381.patch: avoid double fetches and add
bounds checks to xen-all.c.
- CVE-2016-9381
* SECURITY UPDATE: host filesystem access via virtFS
- debian/patches/CVE-2016-9602-*.patch: don't follow symlinks in
hw/9pfs/*.
- CVE-2016-9602
* SECURITY UPDATE: arbitrary code execution via Cirrus VGA
- debian/patches/CVE-2016-9603.patch: remove bitblit support from
console code in hw/display/cirrus_vga.c, include/ui/console.h,
ui/console.c, ui/vnc.c.
- CVE-2016-9603
* SECURITY UPDATE: infinite loop in ColdFire Fast Ethernet Controller
- debian/patches/CVE-2016-9776.patch: check receive buffer size
register value in hw/net/mcf_fec.c.
- CVE-2016-9776
* SECURITY UPDATE: DoS via memory leak in USB redirector
- debian/patches/CVE-2016-9907.patch: properly free memory in
hw/usb/redirect.c.
- CVE-2016-9907
* SECURITY UPDATE: DoS via memory leak in USB EHCI Emulation
- debian/patches/CVE-2016-9911.patch: properly free memory in
hw/usb/hcd-ehci.c.
- CVE-2016-9911
* SECURITY UPDATE: DoS via virtFS
- debian/patches/CVE-2016-9913.patch: adjust the order of resource
cleanup in hw/9pfs/virtio-9p-device.c.
- CVE-2016-9913
* SECURITY UPDATE: DoS via virtFS
- debian/patches/CVE-2016-9914-*.patch: add cleanup operations to
fsdev/file-op-9p.h, hw/9pfs/virtio-9p-device.c.
- CVE-2016-9914
* SECURITY UPDATE: DoS via virtFS
- debian/patches/CVE-2016-9915.patch: add cleanup operation to
hw/9pfs/virtio-9p-handle.c.
- CVE-2016-9915
* SECURITY UPDATE: DoS via virtFS
- debian/patches/CVE-2016-9916.patch: add cleanup operation to
hw/9pfs/virtio-9p-proxy.c.
- CVE-2016-9916
* SECURITY UPDATE: DoS in Cirrus VGA
- debian/patches/CVE-2016-9921-9922.patch: check bpp values in
hw/display/cirrus_vga.c.
- CVE-2016-9921
- CVE-2016-9922
* SECURITY UPDATE: code execution via Cirrus VGA
- debian/patches/CVE-2017-2615.patch: fix oob access in
hw/display/cirrus_vga.c.
- CVE-2017-2615
* SECURITY UPDATE: code execution via Cirrus VGA
- debian/patches/CVE-2017-2620-pre.patch: add extra parameter to
blit_is_unsafe in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-2620.patch: add blit destination check to
hw/display/cirrus_vga.c.
- CVE-2017-2620
* SECURITY UPDATE: memory corruption issues in VNC
- debian/patches/CVE-2017-2633.patch: properly handle surface sizes in
ui/vnc.c, ui/vnc.h.
- CVE-2017-2633
* SECURITY UPDATE: DoS via memory leak in ac97 audio device
- debian/patches/CVE-2017-5525.patch: add exit function to
hw/audio/ac97.c.
- CVE-2017-5525
* SECURITY UPDATE: DoS via memory leak in es1370 audio device
- debian/patches/CVE-2017-5526.patch: add exit function to
hw/audio/es1370.c.
- CVE-2017-5526
* SECURITY UPDATE: DoS via memory leak in 16550A UART emulation
- debian/patches/CVE-2017-5579.patch: properly free resources in
hw/char/serial.c.
- CVE-2017-5579
* SECURITY UPDATE: code execution via SDHCI device emulation
- debian/patches/CVE-2017-5667.patch: check data length in
hw/sd/sdhci.c.
- CVE-2017-5667
* SECURITY UPDATE: DoS via memory leak in MegaRAID SAS device
- debian/patches/CVE-2017-5856.patch: properly handle memory in
hw/scsi/megasas.c.
- CVE-2017-5856
* SECURITY UPDATE: DoS in CCID Card device
- debian/patches/CVE-2017-5898.patch: check ccid apdu length in
hw/usb/dev-smartcard-reader.c.
- CVE-2017-5898
* SECURITY UPDATE: DoS via infinite loop in USB xHCI controller emulator
- debian/patches/CVE-2017-5973.patch: apply limits to loops in
hw/usb/hcd-xhci.c, trace-events.
- CVE-2017-5973
* SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
- debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
handling in hw/sd/sdhci.c.
- CVE-2017-5987
* SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
- debian/patches/CVE-2017-6505.patch: limit the number of link eds in
hw/usb/hcd-ohci.c.
- CVE-2017-6505
* A work-around to fix live migrations (LP: #1647389)
- debian/patches/CVE-2016-5403-5.patch: fix vq->inuse recalc after
migration in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-6.patch: make sure vdev->vq[i].inuse
never goes below 0 in hw/virtio/virtio.c.
-- Marc Deslauriers <email address hidden> Wed, 05 Apr 2017 11:59:07 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.32) trusty; urgency=medium
[ Dave Chiluk ]
* Qemu VM crash with error
"bdrv_error_action: Assertion `error >= 0' failed"
(LP: #1655225)
-- Christian Ehrhardt <email address hidden> Tue, 31 Jan 2017 11:26:19 +0100
-
qemu (2.0.0+dfsg-2ubuntu1.31) trusty; urgency=medium
* aio: fix qemu_bh_schedule() bh->ctx race condition (LP: #1640382)
- d/p/0001-aio-fix-qemu_bh_schedule-bh-ctx-race-condition.patch
* aio: strengthen memory barriers for bottom half scheduling
(LP: #1587039)
- d/p/0002-aio-strengthen-memory-barriers-for-bottom-half-sched.patch
-- Seyeong Kim <email address hidden> Thu, 24 Nov 2016 10:44:55 +0100
-
qemu (2.0.0+dfsg-2ubuntu1.30) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/CVE-2016-5403.patch: re-enable original patch.
- debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
migration in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
virtqueue_discard() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
virtio_reset() in hw/virtio/virtio.c.
- CVE-2016-5403
* SECURITY UPDATE: use after free while writing in vmxnet3
- debian/patches/CVE-2016-6833.patch: check for device_active before
write in hw/net/vmxnet3.c.
- CVE-2016-6833
* SECURITY UPDATE: DoS via infinite loop during packet fragmentation
- debian/patches/CVE-2016-6834.patch: check fragment length during
fragmentation in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6834
* SECURITY UPDATE: Buffer overflow in vmxnet_tx_pkt_parse_headers()
- debian/patches/CVE-2016-6835.patch: check IP header length in
hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6835
* SECURITY UPDATE: Information leak in vmxnet3_complete_packet
- debian/patches/CVE-2016-6836.patch: initialise local tx descriptor in
hw/net/vmxnet3.c.
- CVE-2016-6836
* SECURITY UPDATE: Integer overflow in packet initialisation in VMXNET3
- debian/patches/CVE-2016-6888.patch: use g_new for pkt initialisation
in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6888
* SECURITY UPDATE: directory traversal flaw in 9p virtio backend
- debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
hw/9pfs/virtio-9p.c.
- debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
in hw/9pfs/virtio-9p.c.
- debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
directory in hw/9pfs/virtio-9p.*.
- debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
walk in hw/9pfs/virtio-9p.c.
- CVE-2016-7116
* SECURITY UPDATE: OOB read and infinite loop in pvscsi
- debian/patches/CVE-2016-7155.patch: check page count while
initialising descriptor rings in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7155
* SECURITY UPDATE: infinite loop when building SG list in pvscsi
- debian/patches/CVE-2016-7156.patch: limit loop to fetch SG list in
hw/scsi/vmw_pvscsi.c.
- CVE-2016-7156
* SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
- debian/patches/CVE-2016-7161.patch: fix a heap overflow in
hw/net/xilinx_ethlite.c.
- CVE-2016-7161
* SECURITY UPDATE: OOB stack memory access in vmware_vga
- debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
checks in hw/display/vmware_vga.c.
- CVE-2016-7170
* SECURITY UPDATE: Infinite loop when processing IO requests in pvscsi
- debian/patches/CVE-2016-7421.patch: limit process IO loop to ring
size in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7421
* SECURITY UPDATE: denial of service in mcf via invalid count
- debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
hw/net/mcf_fec.c.
- CVE-2016-7908
* SECURITY UPDATE: denial of service in pcnet via invalid length
- debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
length in hw/net/pcnet.c.
- CVE-2016-7909
* SECURITY UPDATE: denial of service via infinite loop in xhci
- debian/patches/CVE-2016-8576.patch: limit the number of link trbs we
are willing to process in hw/usb/hcd-xhci.c.
- CVE-2016-8576
* SECURITY UPDATE: host memory leakage in 9pfs
- debian/patches/CVE-2016-8577.patch: fix potential host memory leak in
v9fs_read in hw/9pfs/virtio-9p.c.
- CVE-2016-8577
* SECURITY UPDATE: NULL dereference in 9pfs
- debian/patches/CVE-2016-8578.patch: allocate space for guest
originated empty strings in fsdev/virtio-9p-marshal.c,
hw/9pfs/virtio-9p.c.
- CVE-2016-8578
* SECURITY UPDATE: infinite loop in Intel HDA controller
- debian/patches/CVE-2016-8909.patch: check stream entry count during
transfer in hw/audio/intel-hda.c.
- CVE-2016-8909
* SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
- debian/patches/CVE-2016-8910.patch: limit processing of ring
descriptors in hw/net/rtl8139.c.
- CVE-2016-8910
* SECURITY UPDATE: memory leakage at device unplug in eepro100
- debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
in hw/net/eepro100.c.
- CVE-2016-9101
* SECURITY UPDATE: denial of service via memory leak in 9pfs
- debian/patches/CVE-2016-9102.patch: fix memory leak in
v9fs_xattrcreate in hw/9pfs/virtio-9p.c.
- CVE-2016-9102
* SECURITY UPDATE: information leakage via xattribute in 9pfs
- debian/patches/CVE-2016-9103.patch: fix information leak in xattr
read in hw/9pfs/virtio-9p.c.
- CVE-2016-9103
* SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
- debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
xattr read/write in hw/9pfs/virtio-9p.c.
- CVE-2016-9104
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
hw/9pfs/virtio-9p.c.
- CVE-2016-9105
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9106.patch: fix memory leak in v9fs_write in
hw/9pfs/virtio-9p.c.
- CVE-2016-9106
-- Marc Deslauriers <email address hidden> Mon, 07 Nov 2016 15:47:33 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.29) trusty; urgency=medium
* Drop pc-1.0-qemu-kvm alias to pc-1.0, which is a duplicate id to the
pc-1.0-qemu-kvm type, to fix migration from precise (LP: #1536331).
-- Christian Ehrhardt <email address hidden> Mon, 10 Oct 2016 09:06:28 +0200
-
qemu (2.0.0+dfsg-2ubuntu1.28) trusty; urgency=medium
[ Ryan Harper ]
* Apply upstream fix for memory slot alignement (LP: #1606940)
- debian/patches/kvm-fix-memory-slot-page-alignment-logic.patch
-- Chris J Arges <email address hidden> Thu, 15 Sep 2016 09:58:23 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.27) trusty-security; urgency=medium
* SECURITY REGRESSION: crash on migration with memory stats enabled
(LP: #1612089)
- debian/patches/CVE-2016-5403.patch: disable for now pending
investigation.
-- Marc Deslauriers <email address hidden> Fri, 12 Aug 2016 08:48:20 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.26) trusty-security; urgency=medium
* SECURITY UPDATE: DoS and possible host code execution in 53C9X Fast
SCSI Controller
- debian/patches/CVE-2016-4439.patch: check length in hw/scsi/esp.c.
- CVE-2016-4439
* SECURITY UPDATE: DoS in 53C9X Fast SCSI Controller
- debian/patches/CVE-2016-4441.patch: check DMA length in
hw/scsi/esp.c.
- CVE-2016-4441
* SECURITY UPDATE: infinite loop in vmware_vga
- debian/patches/CVE-2016-4453.patch: limit fifo commands in
hw/display/vmware_vga.c.
- CVE-2016-4453
* SECURITY UPDATE: DoS or host memory leakage in vmware_vga
- debian/patches/CVE-2016-4454.patch: fix sanity checks in
hw/display/vmware_vga.c.
- CVE-2016-4454
* SECURITY UPDATE: DoS in VMWARE PVSCSI paravirtual SCSI bus
- debian/patches/CVE-2016-4952.patch: check command descriptor ring
buffer size in hw/scsi/vmw_pvscsi.c.
- CVE-2016-4952
* SECURITY UPDATE: MegaRAID SAS 8708EM2 host memory leakage
- debian/patches/CVE-2016-5105.patch: initialise local configuration
data buffer in hw/scsi/megasas.c.
- CVE-2016-5105
* SECURITY UPDATE: DoS in MegaRAID SAS 8708EM2
- debian/patches/CVE-2016-5106.patch: use appropriate property buffer
size in hw/scsi/megasas.c.
- CVE-2016-5106
* SECURITY UPDATE: DoS in MegaRAID SAS 8708EM2
- debian/patches/CVE-2016-5107.patch: check read_queue_head index
value in hw/scsi/megasas.c.
- CVE-2016-5107
* SECURITY UPDATE: DoS or code execution via crafted iSCSI asynchronous
I/O ioctl call
- debian/patches/CVE-2016-5126.patch: avoid potential overflow in
block/iscsi.c.
- CVE-2016-5126
* SECURITY UPDATE: DoS in 53C9X Fast SCSI Controller
- debian/patches/CVE-2016-5238.patch: check buffer length before
reading scsi command in hw/scsi/esp.c.
- CVE-2016-5238
* SECURITY UPDATE: MegaRAID SAS 8708EM2 host memory leakage
- debian/patches/CVE-2016-5337.patch: null terminate bios version
buffer in hw/scsi/megasas.c.
- CVE-2016-5337
* SECURITY UPDATE: DoS or code execution in 53C9X Fast SCSI Controller
- debian/patches/CVE-2016-5338.patch: check TI buffer index in
hw/scsi/esp.c.
- CVE-2016-5338
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
- CVE-2016-5403
* SECURITY UPDATE: oob write access while reading ESP command
- debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
maximum CDB size and handle migration in hw/scsi/esp.c,
include/hw/scsi/esp.h, include/migration/vmstate.h.
- CVE-2016-6351
-- Marc Deslauriers <email address hidden> Wed, 03 Aug 2016 14:01:20 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.25) trusty; urgency=medium
[Kai Storbeck]
* backport patch to fix guest hangs after live migration (LP: #1297218)
-- Serge Hallyn <email address hidden> Fri, 01 Jul 2016 14:25:20 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.24) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via multiple eof_timers in ohci
- debian/patches/CVE-2016-2391.patch: allocate timer only once in
hw/usb/hcd-ohci.c.
- CVE-2016-2391
* SECURITY UPDATE: denial of service in in remote NDIS control message
handling
- debian/patches/CVE-2016-2392.patch: check USB configuration
descriptor object in hw/usb/dev-network.c.
- CVE-2016-2392
* SECURITY UPDATE: denial of service or host information leak in USB Net
device emulation support
- debian/patches/CVE-2016-2538.patch: check RNDIS buffer offsets and
length in hw/usb/dev-network.c.
- CVE-2016-2538
* SECURITY UPDATE: denial of service via infinite loop in ne2000
- debian/patches/CVE-2016-2841.patch: heck ring buffer control
registers in hw/net/ne2000.c.
- CVE-2016-2841
* SECURITY UPDATE: denial of service via payload length in crafted packet
- debian/patches/CVE-2016-2857.patch: check packet payload length in
net/checksum.c.
- CVE-2016-2857
* SECURITY UPDATE: denial of service in PRNG support
- debian/patches/CVE-2016-2858.patch: add request queue support to
rng-random in backends/rng-egd.c, backends/rng-random.c,
backends/rng.c, include/sysemu/rng.h.
- CVE-2016-2858
* SECURITY UPDATE: arbitrary host code execution via VGA module
- debian/patches/CVE-2016-3710.patch: fix banked access bounds checking
in hw/display/vga.c.
- CVE-2016-3710
* SECURITY UPDATE: denial of service via VGA module
- debian/patches/CVE-2016-3712.patch: make sure vga register setup for
vbe stays intact in hw/display/vga.c.
- CVE-2016-3712
* SECURITY UPDATE: denial of service in Luminary Micro Stellaris Ethernet
- debian/patches/CVE-2016-4001.patch: check packet length against
receive buffer in hw/net/stellaris_enet.c.
- CVE-2016-4001
* SECURITY UPDATE: denial of sevice and possible code execution in
MIPSnet
- debian/patches/CVE-2016-4002.patch: check size in hw/net/mipsnet.c.
- CVE-2016-4002
* SECURITY UPDATE: host information leak via TPR access
- debian/patches/CVE-2016-4020.patch: initialize variable in
hw/i386/kvmvapic.c.
- CVE-2016-4020
* SECURITY UPDATE: denial of service via infinite loop in in usb_ehci
- debian/patches/CVE-2016-4037.patch: apply limit to iTD/sidt
descriptors in hw/usb/hcd-ehci.c.
- CVE-2016-4037
* This package does _not_ contain the changes from 2.0.0+dfsg-2ubuntu1.23
in trusty-proposed.
-- Marc Deslauriers <email address hidden> Tue, 10 May 2016 14:58:04 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.23) trusty-proposed; urgency=medium
* seccomp-add-shmctl-mlock-and-munlock.patch (LP: #1525457)
* tcg-commit-on-log-global-start.patch: fix live migration in tcg-only
mode. Thanks Pavel Boldin. (LP: #1493049)
-- Serge Hallyn <email address hidden> Tue, 29 Mar 2016 17:49:11 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.22) trusty-security; urgency=medium
* SECURITY UPDATE: msi-x null pointer dereference
- debian/patches/CVE-2015-7549.patch: implement pba write in
hw/pci/msix.c.
- CVE-2015-7549
* SECURITY UPDATE: vnc floating point exception
- debian/patches/CVE-2015-8504.patch: handle zero values in ui/vnc.c.
- CVE-2015-8504
* SECURITY UPDATE: paravirtualized drivers incautious about shared memory
contents
- debian/patches/CVE-2015-8550-1.patch: avoid double access in
hw/block/xen_blkif.h.
- debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
hw/display/xenfb.c.
- CVE-2015-8550
* SECURITY UPDATE: infinite loop in ehci_advance_state
- debian/patches/CVE-2015-8558.patch: make idt processing more robust
in hw/usb/hcd-ehci.c.
- CVE-2015-8558
* SECURITY UPDATE: host memory leakage in vmxnet3
- debian/patches/CVE-2015-856x.patch: avoid memory leakage in
hw/net/vmxnet3.c.
- CVE-2015-8567
- CVE-2015-8568
* SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
- debian/patches/CVE-2015-8613.patch: initialise info object with
appropriate size in hw/scsi/megasas.c.
- CVE-2015-8613
* SECURITY UPDATE: DoS via Human Monitor Interface
- debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
in hmp.c, include/ui/console.h, ui/input-legacy.c.
- CVE-2015-8619
* SECURITY UPDATE: buffer overrun during VM migration
- debian/patches/CVE-2015-8666.patch: handle full length bytes in
hw/acpi/core.c.
- CVE-2015-8666
* SECURITY UPDATE: ne2000 OOB r/w in ioport operations
- debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
operations in hw/net/ne2000.c.
- CVE-2015-8743
* SECURITY UPDATE: incorrect l2 header validation in vmxnet3
- debian/patches/CVE-2015-8744.patch: properly validate header in
hw/net/vmxnet3.c, hw/net/vmxnet_tx_pkt.c.
- CVE-2015-8744
* SECURITY UPDATE: crash via reading IMR registers in vmxnet3
- debian/patches/CVE-2015-8745.patch: support reading IMR registers in
hw/net/vmxnet3.c.
- CVE-2015-8745
* SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
- debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
error in hw/ide/ahci.c.
- CVE-2016-1568
* SECURITY UPDATE: firmware configuration device OOB rw access
- debian/patches/CVE-2016-1714.patch: avoid calculating invalid current
entry pointer in hw/nvram/fw_cfg.c.
- CVE-2016-1714
* SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
- debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
hw/i386/kvmvapic.c.
- CVE-2016-1922
* SECURITY UPDATE: e1000 infinite loop
- debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
out-of-bounds transfer start in hw/net/e1000.c
- CVE-2016-1981
* SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
- debian/patches/CVE-2016-2198.patch: add capability mmio write
function in hw/usb/hcd-ehci.c.
- CVE-2016-2198
-- Marc Deslauriers <email address hidden> Tue, 02 Feb 2016 07:32:36 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.21) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via jumbo frame flood in virtio
- debian/patches/CVE-2015-7295.patch: drop truncated packets in
hw/net/virtio-net.c, hw/virtio/virtio.c, include/hw/virtio/virtio.h.
- CVE-2015-7295
* SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
- debian/patches/CVE-2015-7504.patch: leave room for CRC code in
hw/net/pcnet.c.
- CVE-2015-7504
* SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
- debian/patches/CVE-2015-7512.patch: check packet length in
hw/net/pcnet.c.
- CVE-2015-7512
* SECURITY UPDATE: infinite loop in eepro100
- debian/patches/CVE-2015-8345.patch: prevent endless loop in
hw/net/eepro100.c.
- CVE-2015-8345
-- Marc Deslauriers <email address hidden> Tue, 01 Dec 2015 16:01:17 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.20) trusty; urgency=low
* debian/patches/upstream-fix-irq-route-entries.patch
Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
(LP: #1465935)
-- Stefan Bader <email address hidden> Fri, 09 Oct 2015 17:16:30 +0200
-
qemu (2.0.0+dfsg-2ubuntu1.19) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via vnc infinite loop
- debian/patches/CVE-2015-5239.patch: limit client_cut_text msg payload
size in ui/vnc.c.
- CVE-2015-5239
* SECURITY UPDATE: denial of service via NE2000 driver
- debian/patches/CVE-2015-5278.patch: fix infinite loop in
hw/net/ne2000.c.
- CVE-2015-5278
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in NE2000 driver
- debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
hw/net/ne2000.c.
- CVE-2015-5279
* SECURITY UPDATE: denial of service via e1000 infinite loop
- debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
- CVE-2015-6815
* SECURITY UPDATE: denial of service via illegal ATAPI commands
- debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
hw/ide/core.c.
- CVE-2015-6855
-- Marc Deslauriers <email address hidden> Wed, 23 Sep 2015 15:13:35 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.18) trusty-proposed; urgency=medium
* qemu-nbd-fix-vdi-corruption.patch:
qemu-nbd: fix corruption while writing VDI volumes (LP: #1422307)
-- Pierre Schweitzer <email address hidden> Mon, 17 Aug 2015 11:43:39 +0200
-
qemu (2.0.0+dfsg-2ubuntu1.17) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via PRDT with zero complete sectors
- debian/patches/CVE-2014-9718.patch: refactor return codes in
hw/ide/ahci.c, hw/ide/core.c, hw/ide/internal.h, hw/ide/macio.c,
hw/ide/pci.c.
- CVE-2014-9718
* SECURITY UPDATE: process heap memory disclosure
- debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
- CVE-2015-5165
* SECURITY UPDATE: denial of service via virtio-serial
- debian/patches/CVE-2015-5745.patch: don't assume a specific layout
for control messages in hw/char/virtio-serial-bus.c.
- CVE-2015-5745
-- Marc Deslauriers <email address hidden> Tue, 25 Aug 2015 10:03:25 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.16) trusty; urgency=medium
* Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
(LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
* debian/control-in: Add kvm-ipxe-precise to qemu-system-x86's Suggests
field to match debian/control. Without this, this relationship gets
dropped when debian/control is regenerated.
-- dann frazier <email address hidden> Wed, 05 Aug 2015 08:28:04 -0600
-
qemu (2.0.0+dfsg-2ubuntu1.15) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
- debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
- CVE-2015-3214
* SECURITY UPDATE: heap overflow when processing ATAPI commands
- debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
- CVE-2015-5154
-- Marc Deslauriers <email address hidden> Mon, 27 Jul 2015 14:23:15 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.14) trusty; urgency=medium
* ubuntu/Add-machine-type-pc-i440fx-1.5-qemu-kvm-for-live-migrate.patch:
enable migration from 13.10 hosts (LP: #1425619)
-- Chris J Arges <email address hidden> Mon, 15 Jun 2015 12:26:17 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.13) trusty-security; urgency=medium
* SECURITY UPDATE: heap overflow in PCNET controller
- debian/patches/CVE-2015-3209-pre.patch: fix negative array index read
in hw/net/pcnet.c.
- debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
- CVE-2015-3209
* SECURITY UPDATE: unsafe /tmp filename use by slirp
- debian/patches/CVE-2015-4037.patch: use mkdtemp in net/slirp.c.
- CVE-2015-4037
* SECURITY UPDATE: denial of service via MSI message data field write
- debian/patches/CVE-2015-4103.patch: properly gate writes in
hw/xen/xen_pt.c, hw/xen/xen_pt.h, hw/xen/xen_pt_config_init.c.
- CVE-2015-4103
* SECURITY UPDATE: denial of service via MSI mask bits access
- debian/patches/CVE-2015-4104.patch: don't allow guest access in
hw/pci/msi.c, hw/xen/xen_pt_config_init.c, include/hw/pci/pci_regs.h.
- CVE-2015-4104
* SECURITY UPDATE: denial of service via PCI MSI-X pass-through error
message logging
- debian/patches/CVE-2015-4105.patch: limit messages in
hw/xen/xen_pt.h, hw/xen/xen_pt_msi.c.
- CVE-2015-4105
* SECURITY UPDATE: denial of service or possible privilege escalation via
write access to PCI config space
- debian/patches/CVE-2015-4106-*.patch: multiple upstream commits to
restrict passthough in hw/xen/xen_pt_config_init.c, hw/xen/xen_pt.h,
hw/xen/xen_pt.c.
- CVE-2015-4106
* WARNING: this package does _not_ contain the changes from the qemu
2.0.0+dfsg-2ubuntu1.12 package in trusty-proposed.
-- Marc Deslauriers <email address hidden> Tue, 09 Jun 2015 09:40:05 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.12) trusty-proposed; urgency=medium
* ubuntu/Add-machine-type-pc-i440fx-1.5-qemu-kvm-for-live-migrate.patch:
enable migration from 13.10 hosts (LP: #1425619)
-- Serge Hallyn <email address hidden> Wed, 13 May 2015 14:00:27 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.11) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in vnc web
- debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
- debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
websockets clients in ui/vnc-ws.c.
- CVE-2015-1779
* SECURITY UPDATE: denial of service via PCI command register access
- debian/patches/CVE-2015-2756.patch: limit PCI command register access
in hw/xen/xen_pt.c, hw/xen/xen_pt_config_init.c.
- CVE-2015-2756
* SECURITY UPDATE: host code execution via floppy device (VEMON)
- debian/patches/CVE-2015-3456.patch: force the fifo access to be in
bounds of the allocated buffer in hw/block/fdc.c.
- CVE-2015-3456
-- Marc Deslauriers <email address hidden> Wed, 13 May 2015 07:59:08 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.10) trusty; urgency=low
* Apply an upstream qemu patch to fix issues with persistent grants
on qcow images accessed by dom0 (LP: #1394327).
-- Stefan Bader <email address hidden> Mon, 15 Dec 2014 09:56:34 +0100
-
qemu (2.0.0+dfsg-2ubuntu1.9) trusty-security; urgency=medium
* SECURITY UPDATE: code execution via savevm data
- debian/patches/CVE-2014-7840.patch: validate parameters in
arch_init.c.
- CVE-2014-7840
* SECURITY UPDATE: code execution via cirrus vga blit regions
(LP: #1400775)
- debian/patches/CVE-2014-8106.patch: properly validate blit regions in
hw/display/cirrus_vga.c.
- CVE-2014-8106
-- Marc Deslauriers <email address hidden> Wed, 10 Dec 2014 16:00:51 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.8) trusty-proposed; urgency=medium
* debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a
container. (LP: #1370199)
* Cherrypick upstream patch to fix intermittent qemu-img corruption
(LP: #1368815)
- 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
- (note - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (which was
also needed in utopic) appears to be unneeded here as the code being
changed has not yet been switched to using try_fiemap)
-- Serge Hallyn <email address hidden> Thu, 20 Nov 2014 11:24:51 -0600
-
qemu (2.0.0+dfsg-2ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: information disclosure via vga driver
- debian/patches/CVE-2014-3615.patch: return the correct memory size,
sanity check register writes, and don't use fixed buffer sizes in
hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
ui/spice-display.c.
- CVE-2014-3615
* SECURITY UPDATE: denial of service via slirp NULL pointer deref
- debian/patches/CVE-2014-3640.patch: make sure socket is not just a
stub in slirp/udp.c.
- CVE-2014-3640
* SECURITY UPDATE: possible privilege escalation via vmware-vga driver
- debian/patches/CVE-2014-3689.patch: verify rectangles in
hw/display/vmware_vga.c.
- CVE-2014-3689
* SECURITY UPDATE: denial of service and possible privilege escalation
via vmstate_xhci_event
- debian/patches/CVE-2014-5263.patch: fix unterminated field list in
hw/usb/hcd-xhci.c.
- CVE-2014-5263
* SECURITY UPDATE: possible privilege escalation via pcihp out-of-bounds
- debian/patches/CVE-2014-5388.patch: fix bounds checking in
hw/acpi/pcihp.c.
- CVE-2014-5388
* SECURITY UPDATE: denial of service via VNC console
- debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
ui/vnc.c.
- CVE-2014-7815
-- Marc Deslauriers <email address hidden> Tue, 11 Nov 2014 14:17:45 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.6) trusty-proposed; urgency=medium
* Support incoming migration from 12.04 (LP: #1374612)
- d/p/ubutu/add-machine-type-pc-1.0-qemu-kvm-for-live-migrate-co.patch
- add note in README.Debian
- d/control: have qemu-system-x86 suggest kvm-ipxe-precise
-- Serge Hallyn <email address hidden> Mon, 06 Oct 2014 17:47:08 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.5) trusty-proposed; urgency=medium
* move reload of kvm_intel qemu-system-x86.postinst. (LP: #1324174)
qemu (2.0.0+dfsg-2ubuntu1.4) trusty-proposed; urgency=medium
* reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
-- Serge Hallyn <email address hidden> Sun, 14 Sep 2014 19:40:42 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.4) trusty-proposed; urgency=medium
* reload kvm_intel if needed to set the nested=Y flag (LP: #1324174)
-- Serge Hallyn <email address hidden> Tue, 09 Sep 2014 15:08:12 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows on invalid state load
- debian/patches: added large number of upstream patches pulled from
git tree.
- CVE-2013-4148
- CVE-2013-4149
- CVE-2013-4150
- CVE-2013-4151
- CVE-2013-4526
- CVE-2013-4527
- CVE-2013-4529
- CVE-2013-4530
- CVE-2013-4531
- CVE-2013-4532
- CVE-2013-4533
- CVE-2013-4534
- CVE-2013-4535
- CVE-2013-4536
- CVE-2013-4537
- CVE-2013-4538
- CVE-2013-4539
- CVE-2013-4540
- CVE-2013-4541
- CVE-2013-4542
- CVE-2013-6399
- CVE-2014-0182
- CVE-2014-0222
- CVE-2014-0223
- CVE-2014-3461
- CVE-2014-3471
-- Marc Deslauriers <email address hidden> Tue, 12 Aug 2014 08:10:08 -0400
-
qemu (2.0.0+dfsg-2ubuntu1.2) trusty-proposed; urgency=medium
* d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
/usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)
-- Serge Hallyn <email address hidden> Fri, 25 Jul 2014 08:59:57 -0500
-
qemu (2.0.0+dfsg-2ubuntu1.1) trusty-proposed; urgency=low
* remove alternatives for qemu: different architectures
aren't really alternatives and never had been (LP: #1316829)
* debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
* debian/control: drop the versioning requirement from libfdt-dev
build-dependency, as it is longer needed (LP: #1295072)
-- Serge Hallyn <email address hidden> Wed, 07 May 2014 17:31:39 -0500
-
qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium
* Merge 2.0.0+dfsg-2
* Incorporates a fix for spice users (LP: #1309452)
* drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
the regression requiring it was reverted for 2.0 upstream.
* remove qemu-system-common depends on the qemu-system-aarch64 metapackage
* debian/qemu-debootstrap: add arm64
* Remaining changes from debian:
- keep qemu 'alternative' (not something to change in SRU)
- debian/control and debian/control-in:
* versioned libfdt-dev check, until libfdt is fixed in precise
* enable rbd
* remove ovmf Recommends, as it is in multiverse
* use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
* add a qemu-system-aarch64 metapackage for transitions from trusty
development version. This can be removed after trusty.
- qemu-system-common.install: add debian/tmp/usr/lib to install the
qemu-bridge-helper
- qemu-system-common.postinst: fix /dev/kvm acls
- qemu-system-common.preinst: add kvm group if needed
- qemu-system-x86.links: add eepro100.rom link, drop links which we
have in ipxe-qemu package.
- qemu-system-x86.modprobe: set module options for older releases
- qemu-system-x86.qemu-kvm.default: defaults for the upstart job
- qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
- qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
- debian/rules
* add legacy kvm-spice link
* fix ppc and arm slections
* add aarch64 to user_targets
- debian/patches/ubuntu/define-trusty-machine-type.patch: define a
pc-i440fx-trusty machine type as the default.
- debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
default in qemu64 cpu time.
qemu (2.0.0+dfsg-2) unstable; urgency=medium
* resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
Debian kFreeBSD system still.
qemu (2.0.0+dfsg-1) unstable; urgency=low
* 2.0 actually does not close #739589,
remove it from from last changelog entry
* mention closing of #707629 by 2.0
* mention a list of CVE IDs closed by #742730
* mention closing of CVE-2013-4377 by 1.7.0-6
* do not set --enable-uname-release=2.6.32 for qemu-user anymore
(was needed for old ubuntu builders)
* removed 02_kfreebsd.patch: it adds configure check for futimens() and
futimesat() syscalls on FreeBSD, however futimens() appeared in FreeBSD
5.0, and futimesat() in 8.0, and 8.0 is the earliest supported version
* kmod dependency is linux-any
* doc-grammify-allows-to.patch: fix some lintian warnings
* remove alternatives for qemu: different architectures
aren't really alternatives and never had been
* update Standards-Version to 3.9.5 (no changes needed)
* exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
or 2.0, among other things
qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
* new upstream release candidate (2.0-rc1)
Closes: #742730 -- image format processing issues:
CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145
CVE-2014-0146 CVE-2014-0147 CVE-2014-0148
Closes: #743235, #707629
* refreshed patches:
02_kfreebsd.patch
retry-pxe-after-efi.patch
use-fixed-data-path.patch
* removed patches applied upstream:
qemu-1.7.1.diff
address_space_translate-do-not-cross-page-boundaries.diff
fix-smb-security-share.patch
slirp-smb-redirect-port-445-too.patch
implement-posix-timers.diff
linux-user-fixed-s390x-clone-argument-order.patch
* added bios-256k.bin symlink and bump seabios dependency to >= 1.7.4-2
* recommend ovmf package for qemu-system-x86 to support UEFI boot
(Closes: #714249)
* switch from sdl1 to sdl2 (build-depend on libsdl2-dev)
* output last 50 lines of config.log in case configure failed
-- Serge Hallyn <email address hidden> Fri, 18 Apr 2014 09:23:27 -0500
-
qemu (2.0.0~rc1+dfsg-0ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: possible arbitrary code execution via vmxnet3 device
- debian/patches/CVE-2013-4544.patch: add more validation in
hw/net/vmxnet3.c.
- CVE-2013-4544
* SECURITY UPDATE: arbitrary code execution via MAC address table update
- debian/patches/CVE-2014-0150.patch: fix overflow in
hw/net/virtio-net.c.
- CVE-2014-0150
* SECURITY UPDATE: denial of service and possible code execution via
smart self test counter
- debian/patches/CVE-2014-2894.patch: correct self-test count in
hw/ide/core.c.
- CVE-2014-2894
-- Marc Deslauriers <email address hidden> Thu, 24 Apr 2014 16:07:57 -0400
-
qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium
* d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch
don't abort() just because the kernel has no dirty bitmap.
(LP: #1303926)
-- Serge Hallyn <email address hidden> Tue, 08 Apr 2014 22:32:00 -0500
-
qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium
* define-trusty-machine-type.patch: update the trusty machine type name to
pc-i440fx-trusty (LP: #1304107)
-- Serge Hallyn <email address hidden> Tue, 08 Apr 2014 11:49:04 -0500
-
qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium
* Merge 2.0.0-rc1
* debian/rules: consolidate ppc filter entries.
* Move qemu-system-arch64 into qemu-system-arm
* debian/patches/define-trusty-machine-type.patch: define a trusty machine
type, currently the same as pc-i440fx-2.0, to put is in a better position
to enable live migrations from trusty onward. (LP: #1294823)
* debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072)
* Merge latest upstream git to commit dc9528f
* Debian/rules:
- remove -enable-uname-release=2.6.32
- don't make the aarch64 target Ubuntu-specific.
* Remove patches which are now upstream:
- fix-smb-security-share.patch
- slirp-smb-redirect-port-445-too.patch
- linux-user-Implement-sendmmsg-syscall.patch (better version is upstream)
- signal-added-a-wrapper-for-sigprocmask-function.patch
- ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
- ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
- ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch
* add link for /usr/share/qemu/bios-256k.bin
* Remove all linaro patches.
* Remove all arm64/ patches. Many but not all are upstream.
* Remove CVE-2013-4377.patch which is upstream.
* debian/control-in: don't make qemu-system-aarch64 ubuntu-specific
-- Serge Hallyn <email address hidden> Tue, 25 Feb 2014 22:31:43 -0600
-
qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low
* No-change rebuild to build with libxen-4.4.
-- Stefan Bader <email address hidden> Fri, 21 Mar 2014 10:04:36 +0100
-
qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium
* d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick
upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682)
-- Serge Hallyn <email address hidden> Tue, 11 Mar 2014 00:03:00 -0500
-
qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium
[ dann frazier ]
* Add patches from the susematz tree to avoid intermittent segfaults:
- ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch
- ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch
- ubuntu/Don-t-block-SIGSEGV-at-more-places.patch
[ Serge Hallyn ]
* Modify do_sigprocmask to only change behavior for aarch64.
(LP: #1285363)
-- Serge Hallyn <email address hidden> Thu, 06 Mar 2014 16:15:50 -0600
-
qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium
[ Steve Langasek ]
* Merge debian/control with unreleased Debian branch: our architecture
lists should now be in sync.
[ Dann Frazier ]
* ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS
on arm64 and maybe others. (LP: #1284344)
[ Serge Hallyn ]
* Move the OVMF.fd link to the ovmf package.
-- Serge Hallyn <email address hidden> Fri, 21 Feb 2014 12:14:53 -0800
-
qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium
* Add ppc64el to the architecture list (supposedly added in the previous
upload, but really wasn't).
-- Steve Langasek <email address hidden> Thu, 20 Feb 2014 23:40:07 -0800
-
qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium
* Backport changes to enable qemu-user-static support for aarch64
* debian/control: add ppc64el to Architectures
* debian/rules: only install qemu-system-aarch64 on arm64.
Fixes a FTBFS when built twice in a row on non-arm64 due to a stale
debian/qemu-system-aarch64 directory
-- dann frazier <email address hidden> Tue, 11 Feb 2014 15:41:53 -0700
-
qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium
* Fix broken filter_binfmts
* Remove use of dpkg-version in postinsts, as we're not Depending on
dpkg-dev.
qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
* Merge 1.7.0+dfsg-3 from debian. Remaining changes:
- debian/patches/ubuntu:
* expose-vmx_qemu64cpu.patch
* linaro (omap3) and arm64 patches
* ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
on ppc
* ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
- debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
- debian/control:
* add arm64 to Architectures
* add qemu-common and qemu-system-aarch64 packages
- debian/qemu-system-common.install: add debian/tmp/usr/lib
- debian/qemu-system-common.preinst: add kvm group
- debian/qemu-system-common.postinst: remove acl placed by udev,
and add udevadm trigger.
- qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
pxe-e1000 and pxe-rtl8139.
- add qemu-system-x86.qemu-kvm.upstart and .default
- qemu-user-static.postinst-in: remove arm64 binfmt
- debian/rules:
* allow parallel build
* add aarch64 to system_targets and sys_systems
* add qemu-kvm-spice links
* install qemu-system-x86.modprobe
- add debian/qemu-system-common.links for OVMF.fd link
* Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
qemu (1.7.0+dfsg-3) unstable; urgency=low
* qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
* qemu-system-ppc: depend on openbios-ppc >= 1.1+svn1229 to fix boot issues
* qemu-system-sparc: depend on openbios-sparc >= 1.1+svn1229 too
* remove unused lintian overrides for qemu-user from qemu (meta)package
* qemu-system-*: depend on unversioned qemu-keymaps and qemu-system-common
packages (no particular version of any is hard-required)
* remove debian/README.source (was from quilt)
* add myself to debian/copyright
* reorder d/control to have Recommends:/Suggests: closer to Depends.
* rename d/control to d/control-in and add a d/rules rule to build it
based on ${VENDOR}
* allow different content in d/control for debian/ubuntu
* added debian/README-components-versions
* fixed qemu-armeb binfmt (Closes: #735078)
* added powerpcspe host arch (Closes: #734696)
* do not check for presence of update-alternatives which is part of dpkg
(Closes: #733222)
* do not call update-alternative --remove from postrm:remove
(lintian complains about this)
* add efi netrom links. This requires new ipxe-qemu.
-- Serge Hallyn <email address hidden> Wed, 05 Feb 2014 21:57:38 -0600
-
qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium
* Merge 1.7.0+dfsg-3 from debian. Remaining changes:
- debian/patches/ubuntu:
* expose-vmx_qemu64cpu.patch
* linaro (omap3) and arm64 patches
* ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS
on ppc
* ubuntu/CVE-2013-4377.patch: fix denial of service via virtio
- debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options
- debian/control:
* add arm64 to Architectures
* add qemu-common and qemu-system-aarch64 packages
- debian/qemu-system-common.install: add debian/tmp/usr/lib
- debian/qemu-system-common.preinst: add kvm group
- debian/qemu-system-common.postinst: remove acl placed by udev,
and add udevadm trigger.
- qemu-system-x86.links: add eepro100.rom, remove pxe-virtio,
pxe-e1000 and pxe-rtl8139.
- add qemu-system-x86.qemu-kvm.upstart and .default
- qemu-user-static.postinst-in: remove arm64 binfmt
- debian/rules:
* allow parallel build
* add aarch64 to system_targets and sys_systems
* add qemu-kvm-spice links
* install qemu-system-x86.modprobe
- add debian/qemu-system-common.links for OVMF.fd link
* Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks.
qemu (1.7.0+dfsg-3) unstable; urgency=low
* qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
* qemu-system-ppc: depend on openbios-ppc >= 1.1+svn1229 to fix boot issues
* qemu-system-sparc: depend on openbios-sparc >= 1.1+svn1229 too
* remove unused lintian overrides for qemu-user from qemu (meta)package
* qemu-system-*: depend on unversioned qemu-keymaps and qemu-system-common
packages (no particular version of any is hard-required)
* remove debian/README.source (was from quilt)
* add myself to debian/copyright
* reorder d/control to have Recommends:/Suggests: closer to Depends.
* rename d/control to d/control-in and add a d/rules rule to build it
based on ${VENDOR}
* allow different content in d/control for debian/ubuntu
* added debian/README-components-versions
* fixed qemu-armeb binfmt (Closes: #735078)
* added powerpcspe host arch (Closes: #734696)
* do not check for presence of update-alternatives which is part of dpkg
(Closes: #733222)
* do not call update-alternative --remove from postrm:remove
(lintian complains about this)
* add efi netrom links. This requires new ipxe-qemu.
-- Serge Hallyn <email address hidden> Tue, 04 Feb 2014 12:13:08 -0600
-
qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium
* debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which
may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654)
-- Serge Hallyn <email address hidden> Tue, 28 Jan 2014 14:41:20 +0000
-
qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium
* SECURITY UPDATE: denial of service via virtio device hot-plugging
- debian/patches/CVE-2013-4377.patch: upstream commits to refactor
virtio device unplugging.
- CVE-2013-4377
-- Marc Deslauriers <email address hidden> Mon, 27 Jan 2014 09:10:37 -0500
-
qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium
* d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on
powerpc.
-- Serge Hallyn <email address hidden> Wed, 22 Jan 2014 11:59:26 -0600
-
qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium
[ Serge Hallyn ]
* add arm64 patchset from upstream. The three arm virt patches previously
pushed are in that set, so drop them.
[ dann frazier ]
* Add packaging for qemu-system-aarch64. This package is currently only
available for arm64, as full software emulation is not yet supported.
-- Serge Hallyn <email address hidden> Fri, 10 Jan 2014 12:19:08 -0600
-
qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium
* Drop d/p/fix-pci-add: upstream does not intend for pci_add to be
supported any longer.
* Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing
* Refresh debian/patches/hw_arm_add_virt_platform.patch against context
churn caused by linaro patchset.
* debian/rules: enable parallel builds.
-- Serge Hallyn <email address hidden> Fri, 03 Jan 2014 10:53:17 -0600
-
qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium
* d/control: enable usbredir (LP: 1126390)
-- Serge Hallyn <email address hidden> Thu, 02 Jan 2014 08:55:43 -0600
-
qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium
* add missing arm virt patches from the mach-virt-v7 branch of
git://git.linaro.org/people/cdall/qemu-arm.git
-- Serge Hallyn <email address hidden> Wed, 18 Dec 2013 12:25:59 -0600
-
qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium
* debian/control: add arm64 to list of architectures.
-- Serge Hallyn <email address hidden> Thu, 12 Dec 2013 10:22:47 -0600
-
qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low
* Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes:
- debian/control
* update maintainer
* remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
from build-deps
* enable rbd
* add qemu-system and qemu-common B/R to qemu-keymaps
* add D:udev, R:qemu, R:qemu-common and B:qemu-common to
qemu-system-common
* qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
- add qemu-common, qemu-kvm, kvm to B/R
- remove openbios-sparc from qemu-system-sparc D
- drop openbios-ppc and openhackware Depends to Suggests (for now)
* qemu-system-x86:
- add qemu-common to Breaks/Replaces.
- add cpu-checker to Recommends.
* qemu-user: add B/R:qemu-kvm
* qemu-kvm:
- add armhf armel powerpc sparc to Architecture
- C/R/P: qemu-kvm-spice
* add qemu-common package
* drop qemu-slof which is not packaged in ubuntu
- add qemu-system-common.links for tap ifup/down scripts and OVMF link.
- qemu-system-x86.links:
* remove pxe rom links which are in kvm-ipxe
- debian/rules
* add kvm-spice symlink to qemu-kvm
* call dh_installmodules for qemu-system-x86
* update dh_installinit to install upstart script
* run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
- Add qemu-utils.links for kvm-* symlinks.
- Add qemu-system-x86.qemu-kvm.upstart and .default
- Add qemu-system-x86.modprobe to set nesting=1
- Add qemu-system-common.preinst to add kvm group
- qemu-system-common.postinst: remove bad group acl if there, then have
udev relabel /dev/kvm.
- New linaro patches from qemu-linaro rebasing branch
- Dropped patches:
* linaro patchset
* mach-virt patchset
- Kept patches:
* expose_vms_qemu64cpu.patch
* fix-pci-add
* qemu-system-common.install: add debian/tmp/usr/lib to install the
qemu-bridge-helper
-- Serge Hallyn <email address hidden> Sat, 07 Dec 2013 06:08:11 +0000
-
qemu (1.6.0+dfsg-2ubuntu4) trusty; urgency=low
* Tweak qemu-deboostrap for arm64 support:
- Specify lpia & arm64 combinations that do not require qemu.
- Add arm64 to the list of supported qemu-debootstrap arches.
-- Dmitrijs Ledkovs <email address hidden> Thu, 28 Nov 2013 11:07:07 +0000
-
qemu (1.6.0+dfsg-2ubuntu3) trusty; urgency=low
* add aarch64 patches from https://github.com/susematz/qemu.git
* add aarch64/force-aarch64-uname-to-3.7.0-to-appease-glibc patch
from infinity until we properly fix
* debian/binfmts: add qemu-arm64 entry
* debian/rules:
. add amd64 to list of user_targets
. add arm64 to arm64 filter_binfmts.
* remove empty linar-patch 0005
-- Serge Hallyn <email address hidden> Wed, 27 Nov 2013 12:32:52 -0600
-
qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low
* debian/control: qemu-utils must Replace: qemu-kvm as it did in raring,
to prevent lts-to-lts updates from breaking. (LP: #1243403)
-- Serge Hallyn <email address hidden> Wed, 23 Oct 2013 14:31:05 -0500
-
qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low
* Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes:
- debian/control
* update maintainer
* remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev
from build-deps
* enable rbd
* add qemu-system and qemu-common B/R to qemu-keymaps
* add D:udev, R:qemu, R:qemu-common and B:qemu-common to
qemu-system-common
* qemu-system-arm, qemu-system-ppc, qemu-system-sparc:
- add qemu-kvm to Provides
- add qemu-common, qemu-kvm, kvm to B/R
- remove openbios-sparc from qemu-system-sparc D
- drop openbios-ppc and openhackware Depends to Suggests (for now)
* qemu-system-x86:
- add qemu-common to Breaks/Replaces.
- add cpu-checker to Recommends.
* qemu-user: add B/R:qemu-kvm
* qemu-kvm:
- add armhf armel powerpc sparc to Architecture
- C/R/P: qemu-kvm-spice
* add qemu-common package
* drop qemu-slof which is not packaged in ubuntu
- add qemu-system-common.links for tap ifup/down scripts and OVMF link.
- qemu-system-x86.links:
* remove pxe rom links which are in kvm-ipxe
* add symlink for kvm.1 manpage
- debian/rules
* add kvm-spice symlink to qemu-kvm
* call dh_installmodules for qemu-system-x86
* update dh_installinit to install upstart script
* run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2)
- Add qemu-utils.links for kvm-* symlinks.
- Add qemu-system-x86.qemu-kvm.upstart and .default
- Add qemu-system-x86.modprobe to set nesting=1
- Add qemu-system-common.preinst to add kvm group
- qemu-system-common.postinst: remove bad group acl if there, then have
udev relabel /dev/kvm.
- New linaro patches from qemu-linaro rebasing branch
- Dropped patches:
* xen-simplify-xen_enabled.patch
* sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
* main_loop-do-not-set-nonblocking-if-xen_enabled.patch
* xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch
* virtio-rng-fix-crash
- Kept patches:
* expose_vms_qemu64cpu.patch - updated
* linaro arm patches from qemu-linaro rebasing branch
- New patches:
* fix-pci-add: change CONFIG variable in ifdef to make sure that
pci_add is defined.
* Add linaro patches
* Add experimental mach-virt patches for arm virtualization.
* qemu-system-common.install: add debian/tmp/usr/lib to install the
qemu-bridge-helper
qemu (1.6.0+dfsg-2) unstable; urgency=low
* Build-depend in seccomp again once it is in -testing
* 1.6.1 upstream bugfix release (Closes: #725944, #721713)
* fix "allows [one] to" in qemu-ga description
* fix descriptions for qemu-system and qemu-system-common packages
qemu (1.6.0+dfsg-1) unstable; urgency=low
[ Michael Tokarev ]
* final upstream v1.6.0 (Closes: #718180, #714273, #605525, #701855)
* removed configure-explicitly-disable-virtfs-if-softmmu=no.patch
* mention closing of #717724 by 1.6
* mention closing of #710971 by 1.5 (which disabled gtk support)
[ Riku Voipio ]
* - set --cross-prefix in debian/rules when cross-compiling
qemu (1.6.0~rc0+dfsg-1exp) experimental; urgency=low
* uploading to experimental (rc0)
* new upstream release (release candidate) (Closes: #718016, #717724)
* removed patches:
- qemu-1.5.1.diff
- sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch
* refreshed use-fixed-data-path.patch
* ship new qemu_logo_no_text.svg
* stop shipping sgabios symlink, it is moved to sgabios package
* bump version of libseccomp build dependency to 2.1 (minimum
required to build) and disable libseccomp for now (because it
isn't available in debian yet)
qemu (1.5.0+dfsg-5) unstable; urgency=low
* new upstream 1.5.1 stable/bugfix release (as qemu-1.5.1.diff)
removed qemu_openpty_raw-helper.patch (included upstream)
* configure-explicitly-disable-virtfs-if-softmmu=no.patch -- do not
build virtfs-proxy-helper stuff if not building system emulator
(fix FTBFS on s390)
* disable gtk ui and build dependencies, as it adds almost nothing
compared with sdl (well, except bugs and limitations), and has
lots of additional dependencies (Closes: #710971)
* remove obsolete /etc/init.d/qemu-kvm (Closes: #712898)
* fix versions of obsolete qemu-kvm conffiles to be removed
* provide manpage for obsolete kvm (Closes: #716891, #586973)
* add --daemonize option to the guest-agent startup script (Closes: #715502)
* clarify what qemu-guest-agent does (Closes: #714270) and provide
its json schema as a doc
qemu (1.5.0+dfsg-4) unstable; urgency=medium
* urgency is medium to make it go faster because, on one hand, we've
been in unstable for quite a bit longer than needed already and
have nothing but (build) fixes in there, but on the other hand
we're holding migration of other packages which are waiting for
us, again, for too long already
* added qemu_openpty_raw-helper.patch - a cleanup patch submitted upstream
which removes #include <termios.h> from common header and hence works
around FTBFS problem on debian sparc where somehow, <termios.h> conflicts
with <linux/termio.h>.
-- Serge Hallyn <email address hidden> Tue, 22 Oct 2013 22:47:07 -0500
-
qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low
* No change rebuild for new seccomp.
-- Stephane Graber <email address hidden> Mon, 21 Oct 2013 18:34:50 -0400
-
qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low
* Cherrypick upstream patch to fix crash with rng device (LP: #1235017)
- virtio-rng-fix-crash
-- Serge Hallyn <email address hidden> Wed, 09 Oct 2013 17:46:49 -0500
