-
qemu (1:4.2-3ubuntu6.28) focal-security; urgency=medium
* SECURITY UPDATE: infinite loop in USB xHCI controller
- debian/patches/CVE-2020-14394.patch: Fix unbounded loop in
xhci_ring_chain_length() in hw/usb/hcd-xhci.c.
- CVE-2020-14394
* SECURITY UPDATE: code execution in TCG Accelerator
- debian/patches/CVE-2020-24165.patch: fix race in cpu_exec_step_atomic
in accel/tcg/cpu-exec.c.
- CVE-2020-24165
* SECURITY UPDATE: OOB access in ATI VGA device
- debian/patches/CVE-2021-3638.patch: Fix buffer overflow in ati_2d_blt
in hw/display/ati_2d.c.
- CVE-2021-3638
* SECURITY UPDATE: OOB read in RDMA device
- debian/patches/CVE-2023-1544.patch: protect against buggy or
malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
- CVE-2023-1544
* SECURITY UPDATE: 9pfs special file access
- debian/patches/CVE-2023-2861.patch: prevent opening special files in
fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
- CVE-2023-2861
* SECURITY UPDATE: heap overflow in crypto device
- debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
sym request in hw/virtio/virtio-crypto.c.
- CVE-2023-3180
* SECURITY UPDATE: DoS in VNC server
- debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
closed during handshake in include/io/channel-tls.h,
io/channel-tls.c.
- CVE-2023-3354
* SECURITY UPDATE: disk offset 0 access
- debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
resetting state in hw/ide/core.c.
- CVE-2023-5088
-- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 14:45:57 -0500
-
qemu (1:4.2-3ubuntu6.27) focal-security; urgency=medium
* SECURITY UPDATE: user-after-free issue
- debian/patches/CVE-2022-1050.patch: Protect against buggy or
malicious guest driver
- CVE-2022-1050
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2022-4144-*.patch: Have qxl_log_command Return
early if no log_cmd handler; Document qxl_phys2virt(); Pass requested
buffer size to qxl_phys2virt(); Avoid buffer overrun in qxl_phys2virt;
Assert memory slot fits in preallocated MemoryRegion
- CVE-2022-4144
* SECURITY UPDATE: reentrancy problem
- debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
controller
- CVE-2023-0330
-- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 16:58:54 +0530
-
qemu (1:4.2-3ubuntu6.26) focal; urgency=medium
* d/p/u/lp-1999885-s390x-tod-kvm-don-t-save-restore-the-TOD-in-PV-guest.patch:
avoid timer issues in s390x secure execution guests (LP: #1999885)
-- Christian Ehrhardt <email address hidden> Thu, 23 Mar 2023 08:18:28 +0100
-
qemu (1:4.2-3ubuntu6.25) focal; urgency=medium
[ Brett Milford ]
* d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP: #1994002)
[ Mauricio Faria de Oliveira ]
* d/p/u/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch: Add hint
to VFIO_MAP_DMA error on AMD IOMMU for VMs with ~1TB+ RAM (LP: #2009048)
-- Mauricio Faria de Oliveira <email address hidden> Thu, 02 Mar 2023 18:07:21 -0300
-
qemu (1:4.2-3ubuntu6.24) focal-security; urgency=medium
* SECURITY UPDATE: DMA reentrancy issue
- debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
field and MEMTX_ACCESS_ERROR
- CVE-2021-3750
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- CVE-2022-0216
-- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:45:56 +0530
-
qemu (1:4.2-3ubuntu6.23) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock.c.
- CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:35:04 -0400
-
qemu (1:4.2-3ubuntu6.22) focal; urgency=medium
* d/p/u/lp-1967814-*: avoid interpreting failed scsi requests as
good which could lead to silent data corruption (LP: #1967814)
This refactors handling of sense codes and SCSI status to be able
detect, handle and pass that information to the guest as needed.
-- Christian Ehrhardt <email address hidden> Wed, 06 Apr 2022 14:24:56 +0200
-
qemu (1:4.2-3ubuntu6.21) focal-security; urgency=medium
* SECURITY UPDATE: crash or code exec in USB redirector device emulation
- debian/patches/CVE-2021-3682.patch: fix free call in
hw/usb/redirect.c.
- CVE-2021-3682
* SECURITY UPDATE: heap use-after-free in virtio_net_receive_rcu
- debian/patches/CVE-2021-3748.patch: fix use after unmap/free for sg
in hw/net/virtio-net.c.
- CVE-2021-3748
* SECURITY UPDATE: off-by-one error in mode_sense_page()
- debian/patches/CVE-2021-3930.patch: MODE_PAGE_ALLS not allowed in
MODE SELECT commands in hw/scsi/scsi-disk.c.
- CVE-2021-3930
* SECURITY UPDATE: NULL dereference in floppy disk emulator
- debian/patches/CVE-2021-20196-1.patch: Extract
blk_create_empty_drive() in hw/block/fdc.c.
- debian/patches/CVE-2021-20196-2.patch: kludge missing floppy drive in
hw/block/fdc.c.
- CVE-2021-20196
* SECURITY UPDATE: integer overflow in vmxnet3 NIC emulator
- debian/patches/CVE-2021-20203.patch: validate configuration values
during activate in hw/net/vmxnet3.c.
- CVE-2021-20203
-- Marc Deslauriers <email address hidden> Tue, 22 Feb 2022 12:44:44 -0500
-
qemu (1:4.2-3ubuntu6.20) focal; urgency=medium
* d/p/u/lp1953338-*: KVM hardware diagnose 318 data improvements
(LP: #1953338)
-- Christian Ehrhardt <email address hidden> Mon, 24 Jan 2022 11:37:27 +0100
-
qemu (1:4.2-3ubuntu6.19) focal; urgency=medium
* d/p/u/lp-1749393-linux-user-Reserve-space-for-brk.patch: fix static
use cases needing a lot of brk space (LP: #1749393)
* d/p/u/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch:
fix uretprobe in s390x TCG (LP: #1929926)
-- Christian Ehrhardt <email address hidden> Mon, 26 Apr 2021 11:11:19 +0200
-
qemu (1:4.2-3ubuntu6.18) focal; urgency=medium
* enhance loading of old modules post upgrade (LP: #1913421)
- d/rules: d/qemu-system-gui.{prerm,postrm}.in: do not save gui modules
(can't be loaded late)
- d/qemu-block-extra.postrm.in: clear all (current and former) modules
on purge
- d/qemu-block-extra.prerm.in: test for exec and prepare /var/run/qemu
if needed
-- Christian Ehrhardt <email address hidden> Thu, 19 Aug 2021 14:10:54 +0200
-
qemu (1:4.2-3ubuntu6.17) focal-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
- debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
hw/pci-host/prep.c.
- debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
hw/pci-host/designware.c.
- debian/patches/CVE-2020-15469-3.patch: add quirk device write method
in hw/vfio/pci-quirks.c.
- debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
hw/ppc/prep_systemio.c.
- debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
method in hw/nvram/nrf51_nvm.c.
- debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
hw/ppc/spapr_pci.c.
- debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
in hw/misc/tz-ppc.c.
- debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
in hw/misc/imx7_ccm.c.
- CVE-2020-15469
* SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
- debian/patches/CVE-2020-35504.patch: always check current_req is not
NULL before use in DMA callbacks in hw/scsi/esp.c.
- CVE-2020-35504
* SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
- debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
current_dev is non-NULL in hw/scsi/esp.c.
- CVE-2020-35505
* SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
- debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
- CVE-2021-3392
* SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
- debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
command time out in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
register when transfer is in progress in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-3.patch: correctly set the controller
status for ADMA in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-4.patch: limit block size only when
SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
s->fifo_buffer[] when a different block size is programmed in
hw/sd/sdhci.c.
- CVE-2021-3409
* SECURITY UPDATE: stack overflow via infinite loop issue in various NIC
- debian/patches/CVE-2021-3416-1.patch: introduce qemu_receive_packet()
in include/net/net.h, include/net/queue.h, net/net.c, net/queue.c.
- debian/patches/CVE-2021-3416-2.patch: switch to use
qemu_receive_packet() for loopback in hw/net/e1000.c.
- debian/patches/CVE-2021-3416-3.patch: switch to use
qemu_receive_packet() for loopback packet in hw/net/dp8393x.c.
- debian/patches/CVE-2021-3416-5.patch: switch to use
qemu_receive_packet() for loopback in hw/net/sungem.c.
- debian/patches/CVE-2021-3416-6.patch: switch to use
qemu_receive_packet_iov() for loopback in hw/net/net_tx_pkt.c.
- debian/patches/CVE-2021-3416-7.patch: switch to use
qemu_receive_packet() for loopback in hw/net/rtl8139.c.
- debian/patches/CVE-2021-3416-8.patch: switch to use
qemu_receive_packet() for loopback in hw/net/pcnet.c.
- debian/patches/CVE-2021-3416-9.patch: switch to use
qemu_receive_packet() for loopback in hw/net/cadence_gem.c.
- debian/patches/CVE-2021-3416-10.patch: switch to use
qemu_receive_packet() for loopback in hw/net/lan9118.c.
- CVE-2021-3416
* SECURITY UPDATE: DoS in USB redirector device
- debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
in hw/usb/redirect.c.
- debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
in hw/usb/combined-packet.c.
- CVE-2021-3527
* SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
- debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-2.patch: fix resource leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-3.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-4.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-5.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-6.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-7.patch: fix OOB write in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
in contrib/vhost-user-gpu/vhost-user-gpu.c,
contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
- CVE-2021-3544
- CVE-2021-3545
- CVE-2021-3546
* SECURITY UPDATE: mremap overflow in the pvrdma device
- debian/patches/CVE-2021-3582.patch: check lengths in
hw/rdma/vmw/pvrdma_cmd.c.
- CVE-2021-3582
* SECURITY UPDATE: integer overflow in pvrdma device
- debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
in hw/rdma/vmw/pvrdma_main.c.
- CVE-2021-3607
* SECURITY UPDATE: uninitialized memory unmap in pvrdma device
- debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
hw/rdma/vmw/pvrdma_dev_ring.c.
- CVE-2021-3608
* SECURITY UPDATE: out-of-bounds access issue in ARM Generic Interrupt
Controller
- debian/patches/CVE-2021-20221.patch: fix interrupt ID in GICD_SGIR
register in hw/intc/arm_gic.c.
- CVE-2021-20221
* SECURITY UPDATE: infinite loop while processing transmit descriptors
- debian/patches/CVE-2021-20257.patch: fail early for evil descriptor
in hw/net/e1000.c.
- CVE-2021-20257
-- Marc Deslauriers <email address hidden> Mon, 12 Jul 2021 11:03:37 -0400
-
qemu (1:4.2-3ubuntu6.16) focal; urgency=medium
* d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
(LP: #1921754)
* d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
(LP: #1921880)
-- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200
-
qemu (1:4.2-3ubuntu6.15) focal; urgency=medium
* d/p/u/lp-1921468-*: fix issues handling boot menu index on s390x
(LP: #1921468)
* d/p/u/lp-1887535-configure-replace-enable-disable-git-update-with-wit.patch,
d/rules: Backport --with-git-submodules param so building from git repo
doesn't fail (LP: #1887535)
* Fix byte aligned writes when writing to image stored on NFS
server, as they aren't required to be 4kib aligned. (LP: #1921665)
- d/p/u/lp-1921665-1-block-Require-aligned-image-size-to-avoid-assert.patch
- d/p/u/lp-1921665-2-file-posix-Allow-byte-aligned-O_DIRECT-with-NFS.patch
-- Christian Ehrhardt <email address hidden> Fri, 26 Mar 2021 10:38:47 +0100
-
qemu (1:4.2-3ubuntu6.14) focal-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions caused by CVE-2020-13754
security update (LP: #1914883)
- debian/patches/ubuntu/CVE-2020-13754-3.patch: log invalid memory
accesses in memory.c.
- debian/patches/ubuntu/CVE-2020-13754-4.patch: allow 16-bit writes to
memory region in hw/riscv/sifive_test.c.
- debian/patches/ubuntu/CVE-2020-13754-5.patch: allow 64-bit accesses
in hw/timer/slavio_timer.c.
- debian/patches/ubuntu/CVE-2020-13754-6.patch: allow less than 32-bit
accesses in hw/char/bcm2835_aux.c.
- debian/patches/ubuntu/CVE-2020-13754-9.patch: fix
valid.max_access_size to access address registers in
hw/usb/hcd-xhci.c.
-- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 08:17:08 -0500
-
qemu (1:4.2-3ubuntu6.13) focal; urgency=medium
* d/p/u/lp-1903864-tpm_emulator-Report-an-error-if-chardev-is-missing.patch:
fix tpm-emulator: parameter 'chardev' is missing (LP: #1903864)
* d/p/u/lp-1913395-*: qemu s390x/pci: Honor vfio DMA limiting (LP: #1913395)
-- Christian Ehrhardt <email address hidden> Thu, 28 Jan 2021 09:20:37 +0100
-
qemu (1:4.2-3ubuntu6.12) focal-security; urgency=medium
* SECURITY UPDATE: heap overread in iscsi_aio_ioctl_cb
- debian/patches/ubuntu/CVE-2020-11947.patch: fix heap-buffer-overflow
in block/iscsi.c.
- CVE-2020-11947
* SECURITY UPDATE: use-after-free in e1000e
- debian/patches/ubuntu/CVE-2020-15859.patch: forbid the reentrant RX
in net/queue.c.
- CVE-2020-15859
* SECURITY UPDATE: OOB write to MSI-X table
- debian/patches/ubuntu/CVE-2020-27821.patch: clamp cached translation
in case it points to an MMIO region in exec.c.
- CVE-2020-27821
* SECURITY UPDATE: infinite loop in e1000e
- debian/patches/ubuntu/CVE-2020-28916.patch: advance desc_offset in
case of null descriptor in hw/net/e1000e_core.c.
- CVE-2020-28916
* SECURITY UPDATE: out of bounds read in atapi
- debian/patches/ubuntu/CVE-2020-29443-1.patch: assert that the buffer
pointer is in range in hw/ide/atapi.c.
- debian/patches/ubuntu/CVE-2020-29443-2.patch: check logical block
address and read size in hw/ide/atapi.c.
- CVE-2020-29443
* SECURITY UPDATE: use after free in 9p
- debian/patches/ubuntu/CVE-2021-20181.patch: fully restart unreclaim
loop in hw/9pfs/9p.c.
- CVE-2021-20181
-- Marc Deslauriers <email address hidden> Wed, 03 Feb 2021 10:56:08 -0500
-
qemu (1:4.2-3ubuntu6.11) focal; urgency=medium
* d/p/ubuntu/lp-1907656-s390x-s390-virtio-ccw-Reset-PCI-devices-during-subsy:
avoid PCI devices to become unavailable on reset (LP: #1907656)
-- Christian Ehrhardt <email address hidden> Tue, 05 Jan 2021 15:52:00 +0100
-
qemu (1:4.2-3ubuntu6.10) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
- debian/patches/ubuntu/CVE-2020-17380.patch: fix DMA Transfer Block
Size field in hw/sd/sdhci.c.
- CVE-2020-17380
- CVE-2020-25085
* SECURITY UPDATE: use-after-free via unchecked return value
- debian/patches/ubuntu/CVE-2020-25084.patch: check return value of
'usb_packet_map' in hw/usb/hcd-xhci.c.
- CVE-2020-25084
* SECURITY UPDATE: out-of-bound access issue
- debian/patches/ubuntu/CVE-2020-25624.patch: check len and
frame_number variables in hw/usb/hcd-ohci.c.
- CVE-2020-25624
* SECURITY UPDATE: infinite loop when a TD list has a loop
- debian/patches/ubuntu/CVE-2020-25625.patch: check for processed TD
before retire in hw/usb/hcd-ohci.c.
- CVE-2020-25625
* SECURITY UPDATE: assertion failure through usb_packet_unmap()
- debian/patches/ubuntu/CVE-2020-25723.patch: check return value of
'usb_packet_map' in hw/usb/hcd-ehci.c.
- CVE-2020-25723
* SECURITY UPDATE: bounds issue in ati_2d_blt
- debian/patches/ubuntu/CVE-2020-27616.patch: check x y display
parameter values in hw/display/ati_2d.c.
- CVE-2020-27616
* SECURITY UPDATE: assertion failure
- debian/patches/ubuntu/CVE-2020-27617.patch: remove an assert call in
eth_get_gso_type in net/eth.c.
- CVE-2020-27617
-- Marc Deslauriers <email address hidden> Fri, 20 Nov 2020 08:12:00 -0500
-
qemu (1:4.2-3ubuntu6.9) focal; urgency=medium
* d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
machine type to match how it originally was released (LP: #1902654)
-- Christian Ehrhardt <email address hidden> Wed, 04 Nov 2020 15:34:47 +0100
-
qemu (1:4.2-3ubuntu6.8) focal; urgency=medium
* d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
-- Christian Ehrhardt <email address hidden> Mon, 21 Sep 2020 15:35:30 +0200
-
qemu (1:4.2-3ubuntu6.7) focal; urgency=medium
* d/p/ubuntu/lp-1882774-*: add newer EPYC processor types (LP: #1887490)
* d/p/u/lp-1896751-exec-rom_reset-Free-rom-data-during-inmigrate-skip.patch:
fix reboot after migration (LP: #1896751)
* d/p/u/lp-1849644-io-channel-websock-treat-binary-and-no-sub-protocol-.patch:
fix websocket compatibility with newer versions of noVNC (LP: #1849644)
-- Christian Ehrhardt <email address hidden> Mon, 27 Jul 2020 11:45:26 +0200
-
qemu (1:4.2-3ubuntu6.6) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read/write in USB emulator
- debian/patches/ubuntu/CVE-2020-14364.patch: fix setup_len init in
hw/usb/core.c.
- CVE-2020-14364
-- Marc Deslauriers <email address hidden> Tue, 15 Sep 2020 10:02:08 -0400
-
qemu (1:4.2-3ubuntu6.5) focal; urgency=medium
* further stabilize qemu by importing patches of qemu v4.2.1
Fixes (LP: #1891203) and (LP: #1891877)
- d/p/stable/lp-1891877-*
- as part of the stabilization this also fixes an
riscv emulation issue due to the CVE-2020-13754 fixes via
d/p/ubuntu/hw-riscv-Allow-64-bit-access-to-SiFive-CLINT.patch
* fix s390x SQXBR emulation (LP: #1883984)
- d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch
* fix -no-reboot for s390x protvirt guests (LP: #1890154)
- d/p/ubuntu/lp-1890154-s390x-protvirt-allow-to-IPL-secure-guests-with-*
-- Christian Ehrhardt <email address hidden> Wed, 19 Aug 2020 13:40:49 +0200
-
qemu (1:4.2-3ubuntu6.4) focal-security; urgency=medium
* SECURITY UPDATE: assert failure in nbd
- debian/patches/ubuntu/CVE-2020-10761.patch: avoid long error message
assertions in nbd/server.c, tests/qemu-iotests/143,
tests/qemu-iotests/143.out.
- CVE-2020-10761
* SECURITY UPDATE: out-of-bounds read and write in sm501
- debian/patches/ubuntu/CVE-2020-12829-pre1.patch: convert printf +
abort to qemu_log_mask.
- debian/patches/ubuntu/CVE-2020-12829-pre2.patch: shorten long
variable names in sm501_2d_operation.
- debian/patches/ubuntu/CVE-2020-12829-pre3.patch: use BIT(x) macro to
shorten constant.
- debian/patches/ubuntu/CVE-2020-12829-pre4.patch: clean up local
variables in sm501_2d_operation.
- debian/patches/ubuntu/CVE-2020-12829.patch: replace hand written
implementation with pixman where possible.
- debian/patches/ubuntu/CVE-2020-12829-2.patch: optimize small
overlapping blits.
- debian/patches/ubuntu/CVE-2020-12829-3.patch: fix bounds checks.
- debian/patches/ubuntu/CVE-2020-12829-4.patch: drop unneded variable.
- debian/patches/ubuntu/CVE-2020-12829-5.patch: do not allow guest to
set invalid format.
- debian/patches/ubuntu/CVE-2020-12829-6.patch: introduce variable for
commonly used value for better readability.
- debian/patches/ubuntu/CVE-2020-12829-7.patch: fix and optimize
overlap check.
- CVE-2020-12829
* SECURITY UPDATE: out-of-bounds read during sdhci_write() operations
- debian/patches/ubuntu/CVE-2020-13253.patch: do not switch to
ReceivingData if address is invalid in hw/sd/sd.c.
- CVE-2020-13253
* SECURITY UPDATE: out-of-bounds access during es1370_write() operation
- debian/patches/ubuntu/CVE-2020-13361.patch: check total frame count
against current frame in hw/audio/es1370.c.
- CVE-2020-13361
* SECURITY UPDATE: out-of-bounds read via crafted reply_queue_head
- debian/patches/ubuntu/CVE-2020-13362-1.patch: use unsigned type for
reply_queue_head and check index in hw/scsi/megasas.c.
- debian/patches/ubuntu/CVE-2020-13362-2.patch: avoid NULL pointer
dereference in hw/scsi/megasas.c.
- debian/patches/ubuntu/CVE-2020-13362-3.patch: use unsigned type for
positive numeric fields in hw/scsi/megasas.c.
- CVE-2020-13362
* SECURITY UPDATE: NULL pointer dereference related to BounceBuffer
- debian/patches/ubuntu/CVE-2020-13659.patch: set map length to zero
when returning NULL in exec.c, include/exec/memory.h.
- CVE-2020-13659
* SECURITY UPDATE: out-of-bounds access via msi-x mmio operation
- debian/patches/ubuntu/CVE-2020-13754-1.patch: revert accepting
mismatching sizes in memory_region_access_valid in memory.c.
- debian/patches/ubuntu/CVE-2020-13754-2.patch: accept byte and word
access to core ACPI registers in hw/acpi/core.c.
- CVE-2020-13754
* SECURITY UPDATE: infinite recursion in ati-vga
- debian/patches/ubuntu/CVE-2020-13800.patch: check mm_index before
recursive call in hw/display/ati.c.
- CVE-2020-13800
* SECURITY UPDATE: division by zero in oss_write()
- debian/patches/ubuntu/CVE-2020-14415.patch: fix buffer pos
calculation in audio/ossaudio.c.
- CVE-2020-14415
* SECURITY UPDATE: buffer overflow in XGMAC Ethernet controller
- debian/patches/ubuntu/CVE-2020-15863.patch: check bounds in
hw/net/xgmac.c.
- CVE-2020-15863
* SECURITY UPDATE: reachable assertion failure
- debian/patches/ubuntu/CVE-2020-16092.patch: fix assertion failure in
hw/net/net_tx_pkt.c.
- CVE-2020-16092
-- Marc Deslauriers <email address hidden> Tue, 11 Aug 2020 12:30:06 -0400
-
qemu (1:4.2-3ubuntu6.3) focal; urgency=medium
* debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP: #1878973)
* d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
supporting to set them (LP: #1882774)
-- Christian Ehrhardt <email address hidden> Tue, 02 Jun 2020 10:42:49 +0200
-
qemu (1:4.2-3ubuntu6.2) focal; urgency=medium
* d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP: #1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
-- Rafael David Tinoco <email address hidden> Wed, 27 May 2020 21:19:20 +0000
-
qemu (1:4.2-3ubuntu6.1) focal-security; urgency=medium
* SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
- debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
- CVE-2020-11869
-- Marc Deslauriers <email address hidden> Thu, 14 May 2020 08:25:24 -0400
-
qemu (1:4.2-3ubuntu6) focal; urgency=medium
[ Christian Ehrhardt ]
* enable riscv build (LP: #1872931)
[ changes picked from Debian ]
- enable support for riscv64 hosts
- only enable librbd on architectures where it is built
- ceph: do not list librados-dev as we only use librbd-dev and the latter
depends on the former
- seccomp grew up, no need in versioned build-dep
- enable seccomp only on architectures where it can be built
* d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
* d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
and clobbered doubles (LP: #1872945)
[ William Grant ]
* d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
-- Christian Ehrhardt <email address hidden> Wed, 15 Apr 2020 14:27:15 +0200
-
qemu (1:4.2-3ubuntu5) focal; urgency=medium
* d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
(LP: #1871830)
* Security and packaging fixes (LP: #1872937)
- arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
- net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
CVE-2020-10702
CVE-2020-11102
- fix external spice UI
+ install ui-spice-app.so in qemu-system-common
+ install ui-spice-app.so only if built, spice is optional
- switch binfmt registration to use update-binfmts --[un]import (#866756)
- qemu-system-gui: Multi-Arch=same, not foreign (#956763)
- qemu-system-data: s/highcolor/hicolor/ (#955741)
* d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107)
-- Christian Ehrhardt <email address hidden> Wed, 15 Apr 2020 11:26:44 +0200
-
qemu (1:4.2-3ubuntu4) focal; urgency=medium
* d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546)
* remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
to avoid broken nesting (LP: #1868692)
-- Christian Ehrhardt <email address hidden> Fri, 20 Mar 2020 08:02:16 +0100
-
qemu (1:4.2-3ubuntu3) focal; urgency=medium
* d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
patches @qemu-stable (LP: #1867519)
-- Christian Ehrhardt <email address hidden> Wed, 18 Mar 2020 13:57:57 +0100
-
qemu (1:4.2-3ubuntu2) focal; urgency=medium
* allow qemu to load old modules post upgrade (LP: #1847361)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
* d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
avoid unnecessary IOTLB transactions (LP: #1866207)
-- Christian Ehrhardt <email address hidden> Mon, 02 Mar 2020 15:21:27 +0100
-
qemu (1:4.2-3ubuntu1) focal; urgency=medium
* Merge with Debian testing, remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- improved s390x support
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390-netboot.img with upstream Makefile
- arch aware kvm wrappers
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP 1857033)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
- Dropped changes [ in Debian ]
- d/control: update VCS links
- d/control-in: bump debhelper build-dep for compat 12
- d/control: disable bluetooth being deprecated
- d/not-installed: ignore new interop docs and extra icons for now
- d/not-installed: do not install elf2dmp until namespaced
- d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
[ not needed ]
- d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- d/control*: enable libpmem support for nvdimms (LP 1790856)
* Added changes
- d/control: regenerate debian/control out of control-in
- qemu-system-x86-microvm package
In addition to the generic multi-purpose qemu also provide a minimal
feature binary that is loading faster for use cases with microvm machine
type and qboot bios
- d/control-in: add a new qemu-system-x86-microvm package
- d/rules: add an extra config/build step to get the minimal qemu
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
vhost-user-gpu
- d/rules: report config log from the correct subdir
- d/rules: --disable-xen for user-static builds
qemu (1:4.2-3) unstable; urgency=medium
* mention closing of #909743 in previous changelog (Closes: #909743)
* do not link to qemu-skiboot from qemu-system-ppc (Closes: #950431)
* provide+conflict qemu-skiboot from qemu-system-data,
as we are not using this package anymore
qemu (1:4.2-2) unstable; urgency=medium
[ Fabrice Bauzac ]
* Fix a typo in the description of the qemu binary package
[ Frédéric Bonnard ]
* Enable powernv emulation with skiboot firmware
[ Michael R. Crusoe ]
* Modernize watch file (Closes: #909743)
[ Christian Ehrhardt ]
* d/control-in: promote qemu-efi/ovmf in Ubuntu
* d/control-in: bump debhelper build-dep for compat 12
* - d/control-in: update VCS links
* - d/control-in: disable bluetooth being deprecated
* d/not-installed: ignore new interop docs and extra icons for now
* do not install elf2dmp until namespaced
* d/control-in: Enable numa support for s390x
* Create qemu-system-s390x package (Ubuntu only for now)
[ Michael Tokarev ]
* stop using inttypes.h in qboot code;
this makes dependency on libc6-dev-i386 to be unnecessary
* qboot-no-jump-tables.diff - use #pragma for one file in qboot
* do not install qemu-edid and qemu-keymap for now
* no need in bluetooth patches as bluetooth is disabled
* scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch
(Closes: #949731, CVE-2020-1711)
* enable libpmem support on amd64|arm64|ppc64el (Closes: #935327)
-- Christian Ehrhardt <email address hidden> Wed, 12 Feb 2020 15:21:56 +0100
-
qemu (1:4.2-1ubuntu2) focal; urgency=medium
* d/control: avoid upgrade issues triggered by moving ivshmem tools after
Debian. Fixed by by bumping the related Breaks/Replaces to the
Version Ubuntu introduced the change (LP: #1862287)
-- Christian Ehrhardt <email address hidden> Fri, 07 Feb 2020 07:31:21 +0100
-
qemu (1:4.2-1ubuntu1) focal; urgency=medium
* Merge with Debian testing, Among many other things this fixes LP Bugs:
LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
LP: #1812822 - avoid crashes on detaching vhost_net interfaces
LP: #1852744 - Crypto Passthrough Interrupt Support
LP: #1853316 - CCW IPL Support
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- Enable nesting by default
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390-netboot.img with upstream Makefile
- arch aware kvm wrappers
- d/control: update VCS links
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/control: disable bluetooth being deprecated
- d/not-installed: ignore new interop docs and extra icons for now
- d/not-installed: do not install elf2dmp until namespaced
- d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
- d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- Dropped changes (in Debian)
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- enable RDMA config option
- add libibumad-dev build-dep
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
As that hack to build s390-ccw.img rom can't build s390x-netboot.img
replace it with a build-indep using the upstream makefiles.
This is less prone to miss future changes/fixes that are done to the
makefiles
- remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
- d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
- d/rules: fix qemu-kvm service for debhelper compat >=12
- Refreshed patches for v4.0 context changes
- d/control*: remove sdlabi which was removed upstream
- d/control*: enable docs (now explicit) and provide new build-dep
python3-sphinx
- d/qemu-system-data.install: use new paths for formerly used icons
- Merge with Upstream release of qemu 4.0
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
- Dropped changes (Upstream)
- d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
- d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
- d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
fix i386 build error
- d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
fix naming of the new vector facitlity (LP 1836066)
- d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
for missing SIOCGSTAMP definition; final fix is still in discussion
upstream (LP: 1836159)
- d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
s390x machines (LP 1836154)
- d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
(LP 1841066)
- d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
update the z15 model name (LP 1842774)
- d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
fix a potential hang when qemu or qemu-img where accessing http backed
disks via libcurl (LP 1848556)
- d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
- d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
toleration for future machines (LP 1830704)
- SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- d/p/ubuntu/enable-md-no.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
- SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- CVE-2018-20815
- SECURITY UPDATE: device driver denial of service via NULL pointer
dereference
- d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
routine
- CVE-2019-5008
- SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
- d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
unimplement.patch: properly return architecture defined exception
on bad subcodes of diag 308 (LP 1812384)
* Dropped changes (no more needed)
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile.
[ only needed between disco and eoan ]
- disable pvrdma
[ CVEs all fixed now ]
- d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
avoid misdetection of simplified nesting blocking all migrations
[ qemu now detects and handles nesting - needs kernel >=4.20 ]
- Enable nesting by default
- d/qemu-system-x86.modprobe: set nested=1 module option on intel.
(is default on amd)
- d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
without nested=1
[ nesting is default in kernel modules and default selected cpu types ]
* Added changes
- d/control: regenerate debian/control out of control-in
- updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
- added ubuntu focal types for qemu 4.2
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP: #1857033)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
- fix typos in changelog and d/qemu-system-x86.NEWS
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
- d/control*: enable libpmem support for nvdimms (LP: #1790856)
qemu (1:4.2-1) unstable; urgency=medium
* new upstream release (4.2.0)
* removed patches: v4.1.1.diff, enable-pschange-mc-no.patch
* do not make sgabios.bin executable (lintian)
* add s390-netboot.img lintian overrides for qemu-system-data
* build qboot (bios-microvm.bin)
* build-depend-indep on libc6-dev-i386 for qboot
(includes some system headers)
qemu (1:4.1-3) unstable; urgency=medium
* mention #939869 (CVE-2019-15890) in previous changelog entry
* add Provides: sgabios to qemu-data (Closes: #945924)
* fix qemu-debootsrtap (add hppa arch, print correct error message)
thanks to Helge Deller (Closes: #923410)
* enable long binfmt masks again for mips/mips32 (Closes: #829243)
qemu (1:4.1-2) unstable; urgency=medium
* build sgabios in build-indep, conflict with sgabios package
* qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb
* remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog
* move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img
* imported v4.1.1.diff - upstream stable branch
Closes: CVE-2019-12068
Closes: #945258, #945072
* enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature
to allow disabling ITLB multihit mitigations in nested hypervisors
Closes: #944623
* build-depend on nettle-dev, enable nettle, and clarify --enable-lzo
* switch to system libslirp, build-depend on libslirp-dev
Closes: #939869, CVE-2019-15890
qemu (1:4.1-1) unstable; urgency=medium
* new upstream release v4.1
Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly)
(use internal slirp copy for now)
Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME)
Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity)
Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug)
Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE)
Closes: #927924 (new upstream version)
Closes: #897054 (AMD Zen CPU support)
Closes: #935324 (FTBFS due to gluster API change)
Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.)
Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c)
* remove patches which are applied upstream, refresh remaining patches
(bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream,
bluetooth subsystem is going to be removed, we keep it for now)
* debian/source/options: ignore slirp/ submodule
* use python3 for building, not python
* debian/optionrom.mk: add pvh.bin
* switch from libssh2 to libssh, and enable libssh support in ubuntu
* bump spice version requiriment to 0.12.5
* enable pvrdma
* debian/control-in: remove reference to libsdl
* debian/rules: add new objects for s390-ccw fw
* debian/control: add build dependency on python3-sphinx for docs
* install ui/icons/qemu.svg and qemu.desktop
* debian/rules: remove pc-bios/bamboo.dtb before building it
* install vhost-user-gpu binary and 50-qemu-gpu.json
* debian/rules: remove old maintscript-helper invocations, not needed anymore
* remove +dfsg for now, upload whole upstream source, will trim it later
-- Christian Ehrhardt <email address hidden> Wed, 08 Jan 2020 15:27:42 +0100
-
qemu (1:4.0+dfsg-0ubuntu11) focal; urgency=medium
* SECURITY UPDATE: infinite loop when executing LSI scsi adapter
emulator scripts
- d/p/u/CVE-2019-12068.patch: Move the existing loop exit
- CVE-2019-12068
* SECURITY UPDATE: null pointer dereference in qxl display driver
- d/p/u/CVE-2019-12155.patch: qxl: check release info object
- CVE-2019-12155
* SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
- d/p/u/CVE-2019-13164.patch: qemu-bridge-helper: restrict
interface name to IFNAMSIZ
- CVE-2019-13164
* SECURITY UPDATE: heap overflow in slirp
- d/p/u/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
on big packet input
- CVE-2019-14378
* SECURITY UPDATE: use after free vulnerability in slirp
- d/p/u/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
- CVE-2019-15890
* Add support for exposing "taa-no" flag to guests:
- d/p/u/CVE-2019-11135-taa-no.patch
- CVE-2019-11135
* Add support for exposing "pschange-mc-no" to guests:
- d/p/u/pschange-mce.patch
-- Steve Beattie <email address hidden> Thu, 07 Nov 2019 20:54:32 -0800
-
qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium
* d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
fix a potential hang when qemu or qemu-img where accessing http backed
disks via libcurl (LP: #1848556)
* d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
-- Christian Ehrhardt <email address hidden> Mon, 21 Oct 2019 14:51:45 +0200
-
qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
* d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
update the z15 model name (LP: #1842774)
-- Christian Ehrhardt <email address hidden> Tue, 24 Sep 2019 11:42:58 +0200
