qemu 1:7.2+dfsg-4ubuntu1 source package in Ubuntu

Changelog

qemu (1:7.2+dfsg-4ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993438), among many other fixes
    this resolvs these bugs:
    (LP: #1957924) - support for querying stats,
    (LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
    (LP: #1959966) - guest dump encryption with customer keys (s390x)
    (LP: #1999885) - pv: don't allow userspace to set the clock under PV
    (LP: #1957924) - add filtering of statistics by target vCPU
    remaining changes:
    - qemu-kvm to systemd unit
      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
        hugepages and architecture specifics
      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
        qemu-kvm-init
      - d/qemu-system-common.install: install helper script
      - d/qemu-system-common.qemu-kvm.default: defaults for
        /etc/default/qemu-kvm
      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
    - Distribution specific machine type
      (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
        types containing release versioned machine attributes
      - d/qemu-system-x86.NEWS Info on fixed machine type defintions
        for host-phys-bits=true
      - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
      - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
    - Enable nesting by default
      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
        in qemu64 on amd
        [ No more strictly needed, but required for backward compatibility ]
    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.
    - d/qemu-system-x86.README.Debian: add info about updated nesting changes
    - Ease the use of module retention on upgrades (LP 1913421)
      - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
    - d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
      landed in Debian but under a different name.
    - Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
      + d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
        fix qboot FTBFS with LTO
  * Dropped Changes [now part of upstream v7.2.0]
    - d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
      error 'migration was active, but no RAM info was set' (LP 1994002)
    - d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
      Fix FTBFS with libbpf 1.0.1-2.
      + Header updates that were added as part of the libbpf fixes
        but not mentioned in changelog
    - d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
    - Fix I/O stalls when using NVMe storage (LP 1970737).
      + d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
        in laio_io_unplug.
    - SECURITY UPDATE: heap overflow in floppy disk emulator
      + debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
        hw/block/fdc.c.
    - SECURITY UPDATE: use-after-free vulnerability
      + debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
        lsi_do_msgout
    - SECURITY UPDATE: heap overflow vulnerability
      + debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
        memories
    - SECURITY UPDATE: integer underflow vulnerability
      + debian/patches/CVE-2022-3165.patch: fix integer underflow in
        vnc_client_cut_text_ext
  * Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
    [not all are needed in lunar]
    -  d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
       Silence -Warray-bounds false positive [no more needed]
    - d/rules: set -O1 for alpha firmware build
    - d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
      further FTBFS fixup
  * Dropped Changes [in Debian 1:7.2+dfsg-3]
    - d/rules: disable LTO on non-amd64 builds (LP 1921664)
  * Added Changes
    - d/control-in: libnfs is in main since focal, enable direct nfs
      storage support (LP: #1988704)
    - d/control-in: libsndio is in universe in ubuntu

qemu (1:7.2+dfsg-4) unstable; urgency=medium

  * block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch:
    re-pick now from master (the same patch, moved to master/).
  * revert x86-don-t-let-decompressed-kernel-image-clobber-setu.patch
    Closes: ##1031682 .
    This turned out to be wrong move, breaking more stuff than fixing.
    Upstream is going to revert it too.

qemu (1:7.2+dfsg-3) unstable; urgency=medium

  [ Paride Legovini ]
  * Disable LTO on non-amd64 builds (LP: #1921664)

  [ Michael Tokarev ]
  * target-arm-Fix-physical-address-resolution-for-Stage2.patch:
    re-fetch now from master branch
  * 4 more patches picked from master:
    x86-don-t-let-decompressed-kernel-image-clobber-setu.patch
    migration-ram-Fix-error-handling-in-ram_write_tracki.patch
    migration-ram-Fix-populate_read_range.patch
    qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch
  * 5 fixes picked from current pullreqs:
    block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch
    tests_tcg_i386-introduce-and-use-reg_t-consistently.patch
    target_i386-fix-BEXTR-instruction.patch
    target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
    target_i386-fix-ADOX-followed-by-ADCX.patch
  * disable dwz on certain architectures for older dwz
    (FTBFS on bullseye, #968670)

qemu (1:7.2+dfsg-2) unstable; urgency=medium

  * d/rules: add -ffile-prefix-map when building skiboot
  * d/control: provide qemu-kvm in qemu-system-misc on s390x
    (Closes: #1029309)
  * d/control: drop dependency of qemu-guest-agent on lsb-base
  * Picked patches from qemu master branch tagged for qemu-stable
    up to commit deabea6e88 (2023-02-02):
    target-sh4-Mask-restore-of-env-flags-from-tb-flags.patch
    vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch
    virtio-mem-Fix-the-bitmap-index-of-the-section-offse.patch
    virtio-mem-Fix-the-iterator-variable-in-a-vmem-rdl_l.patch
    target-arm-fix-handling-of-HLT-semihosting-in-system.patch
    meson-accept-relative-symlinks-in-meson-introspect-i.patch
    target-riscv-Set-pc_succ_insn-for-rvc-illegal-insn.patch
    acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch
    hw-nvme-fix-missing-endian-conversions-for-doorbell-.patch
    hw-nvme-fix-missing-cq-eventidx-update.patch
    configure-fix-GLIB_VERSION-for-cross-compilation.patch
    target-arm-Fix-sve_probe_page.patch
    target-arm-allow-writes-to-SCR_EL3.HXEn-bit-when-FEA.patch
    target-arm-Fix-in_debug-path-in-S1_ptw_translate.patch
  * Also: target-arm-Fix-physical-address-resolution-for-Stage.patch

qemu (1:7.2+dfsg-1) unstable; urgency=medium

  * new upstream release
    Closes: #1025123 CVE-2022-4172
    (erst: undefined behavior in memcpy in write_erst_record)
    Closes: #1021981 qemu-user: faccessat2 is not implemented
    Closes: #1021019 CVE-2022-3165 (VNC: integer underflow in
    vnc_client_cut_text_ext leads to CPU exhaustion)
  * remove patches applied upstream
  * refresh note-missing-module-pkg-name.diff
  * slirp is always external package now, not a submodule anymore
  * d/control: require meson >> 0.61.5~ for build
  * spelling.diff: update with more spelling error
  * add some lintian-overrides
  * fix minor spelling errors in patches
  * d/control: Bump Standards-Version to 4.6.1
  * debian shell programs use "which" instead of the "command -v",
    fix that (Closes: #1018254)
  * Better fix for #1019011 (gcc ICE building palcode-clipper), use -O1
    instead of -O2 for the failing compile when it actually fails
    (no need to depend on gcc-11, Closes: #1011003)

qemu (1:7.1+dfsg-2) unstable; urgency=medium

  * tulip-restrict-DMA-engine-to-memories-CVE-2022-2962.patch
    fix possible stack or heap overflow (tulip: DMA reentrancy issue)
    Closes: #1018055, CVE-2022-2962
  * hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
    fix possible use-after-free in paravirtual RDMA device.
    Closes: #1014589, CVE-2022-1050
  * mention closing of #979677 (CVE-2020-14394) by 7.1
  * d/rules: parametrify extra-cflags & extra-ldflags
  * d/rules: explicitly disable pie on arm64 due to
    https://sourceware.org/bugzilla/show_bug.cgi?id=29514
    Fixes FTBFS.

qemu (1:7.1+dfsg-1) unstable; urgency=medium

  * new upstream release (7.1)
    Closes: #1014958, CVE-2022-35414
    Closes: #1014590, CVE-2022-0216
    Closes: #979677, CVE-2020-14394
    Closes: #987410, CVE-2021-3507
    Closes: #988333, #1018913
  * d/copyright:
   - remove mentions of slirp (packaged separately)
   - blindly convert to dep-5 (it needs a complete rewrite)
   - add Files-Excluded from d/get-orig-source.sh
  * d/gbp.conf: remove filter= (and whole [import-orig])
  * d/watch: verify upstream tarballs
  * d/rules: stop faking skiboot version, it is now properly included in
    roms/skiboot/.version file. Add a dependency on this file too
  * d/patches:
   - remove use-fixed-data-path.patch: not needed anymore
   - linux-user-binfmt-P.diff: refresh
   - remove patches applied upstream
  * d/control:
   - it is --enable-capstone now, not --enable-capstone=system
   - it is --enable-png now, not --enable-vnc-png
  * d/rules: fix --enable-vhost-* options
  * d/rules: remove vnc-png for xen too
  * openbios-array-bounds-gcc12.patch
  * opensbi-fix-build-with-binutils-2.38.patch
  * d/rules: adopt vof build changes
  * d/qemu-system-data.docs: omit ccid.txt (removed)
  * temporary workaround for gcc-12 bug #1019011: use gcc-11-alpha-linux-gnu
    instead of gcc-alpha-linux-gnu (another option is to use -Os)
  * d/control: temporarily build-depend on libva-dev till #1019485 is fixed
  * add loongarch64 qemu-user and qemu-user arch

 -- Christian Ehrhardt <email address hidden>  Wed, 04 Jan 2023 13:18:43 +0100