-
qemu (1:5.0-5ubuntu9.9) groovy-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
- debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
hw/pci-host/prep.c.
- debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
hw/pci-host/designware.c.
- debian/patches/CVE-2020-15469-3.patch: add quirk device write method
in hw/vfio/pci-quirks.c.
- debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
hw/ppc/prep_systemio.c.
- debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
method in hw/nvram/nrf51_nvm.c.
- debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
hw/ppc/spapr_pci.c.
- debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
in hw/misc/tz-ppc.c.
- debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
in hw/misc/imx7_ccm.c.
- CVE-2020-15469
* SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
- debian/patches/CVE-2020-35504.patch: always check current_req is not
NULL before use in DMA callbacks in hw/scsi/esp.c.
- CVE-2020-35504
* SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
- debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
current_dev is non-NULL in hw/scsi/esp.c.
- CVE-2020-35505
* SECURITY UPDATE: host privilege escalation issue in virtio-fs
- debian/patches/CVE-2020-35517-1.patch: extract lo_do_open() from
lo_open() in tools/virtiofsd/passthrough_ll.c.
- debian/patches/CVE-2020-35517-2.patch: optionally return inode
pointer from lo_do_lookup() in tools/virtiofsd/passthrough_ll.c.
- debian/patches/CVE-2020-35517-3.patch: prevent opening of special
files in tools/virtiofsd/passthrough_ll.c.
- CVE-2020-35517
* SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
- debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
- CVE-2021-3392
* SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
- debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
command time out in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
register when transfer is in progress in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-3.patch: correctly set the controller
status for ADMA in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-4.patch: limit block size only when
SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
s->fifo_buffer[] when a different block size is programmed in
hw/sd/sdhci.c.
- CVE-2021-3409
* SECURITY UPDATE: stack overflow via infinite loop issue in various NIC
- debian/patches/CVE-2021-3416-1.patch: introduce qemu_receive_packet()
in include/net/net.h, include/net/queue.h, net/net.c, net/queue.c.
- debian/patches/CVE-2021-3416-2.patch: switch to use
qemu_receive_packet() for loopback in hw/net/e1000.c.
- debian/patches/CVE-2021-3416-3.patch: switch to use
qemu_receive_packet() for loopback packet in hw/net/dp8393x.c.
- debian/patches/CVE-2021-3416-5.patch: switch to use
qemu_receive_packet() for loopback in hw/net/sungem.c.
- debian/patches/CVE-2021-3416-6.patch: switch to use
qemu_receive_packet_iov() for loopback in hw/net/net_tx_pkt.c.
- debian/patches/CVE-2021-3416-7.patch: switch to use
qemu_receive_packet() for loopback in hw/net/rtl8139.c.
- debian/patches/CVE-2021-3416-8.patch: switch to use
qemu_receive_packet() for loopback in hw/net/pcnet.c.
- debian/patches/CVE-2021-3416-9.patch: switch to use
qemu_receive_packet() for loopback in hw/net/cadence_gem.c.
- debian/patches/CVE-2021-3416-10.patch: switch to use
qemu_receive_packet() for loopback in hw/net/lan9118.c.
- CVE-2021-3416
* SECURITY UPDATE: DoS in USB redirector device
- debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
in hw/usb/redirect.c.
- debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
in hw/usb/combined-packet.c.
- CVE-2021-3527
* SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
- debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-2.patch: fix resource leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-3.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-4.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-5.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-6.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-7.patch: fix OOB write in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
in contrib/vhost-user-gpu/vhost-user-gpu.c,
contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
- CVE-2021-3544
- CVE-2021-3545
- CVE-2021-3546
* SECURITY UPDATE: mremap overflow in the pvrdma device
- debian/patches/CVE-2021-3582.patch: check lengths in
hw/rdma/vmw/pvrdma_cmd.c.
- CVE-2021-3582
* SECURITY UPDATE: integer overflow in pvrdma device
- debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
in hw/rdma/vmw/pvrdma_main.c.
- CVE-2021-3607
* SECURITY UPDATE: uninitialized memory unmap in pvrdma device
- debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
hw/rdma/vmw/pvrdma_dev_ring.c.
- CVE-2021-3608
* SECURITY UPDATE: out-of-bounds access issue in ARM Generic Interrupt
Controller
- debian/patches/CVE-2021-20221.patch: fix interrupt ID in GICD_SGIR
register in hw/intc/arm_gic.c.
- CVE-2021-20221
* SECURITY UPDATE: infinite loop while processing transmit descriptors
- debian/patches/CVE-2021-20257.patch: fail early for evil descriptor
in hw/net/e1000.c.
- CVE-2021-20257
-- Marc Deslauriers <email address hidden> Mon, 12 Jul 2021 07:07:45 -0400
-
qemu (1:5.0-5ubuntu9.8) groovy; urgency=medium
* d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
(LP: #1921754)
* d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
(LP: #1921880)
-- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200
-
qemu (1:5.0-5ubuntu9.7) groovy; urgency=medium
* d/p/u/lp-1921468-*: fix issues handling boot menu index on s390x
(LP: #1921468)
* d/p/u/lp-1887535-configure-replace-enable-disable-git-update-with-wit.patch,
d/rules: Backport --with-git-submodules param so building from git repo
doesn't fail (LP: #1887535)
* Fix byte aligned writes when writing to image stored on NFS
server, as they aren't required to be 4kib aligned. (LP: #1921665)
- d/p/u/lp-1921665-1-block-Require-aligned-image-size-to-avoid-assert.patch
- d/p/u/lp-1921665-2-file-posix-Allow-byte-aligned-O_DIRECT-with-NFS.patch
-- Christian Ehrhardt <email address hidden> Fri, 26 Mar 2021 10:36:31 +0100
-
qemu (1:5.0-5ubuntu9.6) groovy-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions caused by CVE-2020-13754
security update (LP: #1914883)
- debian/patches/ubuntu/CVE-2020-13754-3.patch: log invalid memory
accesses in memory.c.
- debian/patches/ubuntu/CVE-2020-13754-4.patch: allow 16-bit writes to
memory region in hw/riscv/sifive_test.c.
- debian/patches/ubuntu/CVE-2020-13754-5.patch: allow 64-bit accesses
in hw/timer/slavio_timer.c.
- debian/patches/ubuntu/CVE-2020-13754-6.patch: allow less than 32-bit
accesses in hw/char/bcm2835_aux.c.
- debian/patches/ubuntu/CVE-2020-13754-7.patch: unbreak size mismatch
memory accesses in hw/display/artist.c.
-- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 08:10:20 -0500
-
qemu (1:5.0-5ubuntu9.5) groovy; urgency=medium
* d/p/u/lp-1903864-tpm_emulator-Report-an-error-if-chardev-is-missing.patch:
fix tpm-emulator: parameter 'chardev' is missing (LP: #1903864)
* d/p/u/lp-1913395-*: qemu s390x/pci: Honor vfio DMA limiting (LP: #1913395)
-- Christian Ehrhardt <email address hidden> Thu, 28 Jan 2021 09:20:37 +0100
-
qemu (1:5.0-5ubuntu9.4) groovy-security; urgency=medium
* SECURITY UPDATE: use-after-free in e1000e
- debian/patches/ubuntu/CVE-2020-15859.patch: forbid the reentrant RX
in net/queue.c.
- CVE-2020-15859
* SECURITY UPDATE: OOB write to MSI-X table
- debian/patches/ubuntu/CVE-2020-27821.patch: clamp cached translation
in case it points to an MMIO region in exec.c.
- CVE-2020-27821
* SECURITY UPDATE: infinite loop in e1000e
- debian/patches/ubuntu/CVE-2020-28916.patch: advance desc_offset in
case of null descriptor in hw/net/e1000e_core.c.
- CVE-2020-28916
* SECURITY UPDATE: out of bounds read in atapi
- debian/patches/ubuntu/CVE-2020-29443-1.patch: assert that the buffer
pointer is in range in hw/ide/atapi.c.
- debian/patches/ubuntu/CVE-2020-29443-2.patch: check logical block
address and read size in hw/ide/atapi.c.
- CVE-2020-29443
* SECURITY UPDATE: use after free in 9p
- debian/patches/ubuntu/CVE-2021-20181.patch: fully restart unreclaim
loop in hw/9pfs/9p.c.
- CVE-2021-20181
-- Marc Deslauriers <email address hidden> Wed, 03 Feb 2021 10:35:16 -0500
-
qemu (1:5.0-5ubuntu9.3) groovy; urgency=medium
* d/p/ubuntu/lp-1907656-s390x-s390-virtio-ccw-Reset-PCI-devices-during-subsy:
avoid PCI devices to become unavailable on reset (LP: #1907656)
* d/rules: fix qemu-user-static to really be static (LP: #1908331)
-- Christian Ehrhardt <email address hidden> Tue, 05 Jan 2021 15:46:16 +0100
-
qemu (1:5.0-5ubuntu9.2) groovy-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
- debian/patches/ubuntu/CVE-2020-17380.patch: fix DMA Transfer Block
Size field in hw/sd/sdhci.c.
- CVE-2020-17380
- CVE-2020-25085
* SECURITY UPDATE: use-after-free via unchecked return value
- debian/patches/ubuntu/CVE-2020-25084.patch: check return value of
'usb_packet_map' in hw/usb/hcd-xhci.c.
- CVE-2020-25084
* SECURITY UPDATE: out-of-bound access issue
- debian/patches/ubuntu/CVE-2020-25624.patch: check len and
frame_number variables in hw/usb/hcd-ohci.c.
- CVE-2020-25624
* SECURITY UPDATE: infinite loop when a TD list has a loop
- debian/patches/ubuntu/CVE-2020-25625.patch: check for processed TD
before retire in hw/usb/hcd-ohci.c.
- CVE-2020-25625
* SECURITY UPDATE: assertion failure through usb_packet_unmap()
- debian/patches/ubuntu/CVE-2020-25723.patch: check return value of
'usb_packet_map' in hw/usb/hcd-ehci.c.
- CVE-2020-25723
* SECURITY UPDATE: bounds issue in ati_2d_blt
- debian/patches/ubuntu/CVE-2020-27616.patch: check x y display
parameter values in hw/display/ati_2d.c.
- CVE-2020-27616
* SECURITY UPDATE: assertion failure
- debian/patches/ubuntu/CVE-2020-27617.patch: remove an assert call in
eth_get_gso_type in net/eth.c.
- CVE-2020-27617
* Assertion failure via zero mmap_min_addr (LP: #1897854)
- debian/patches/ubuntu/lp1897854-Ensure-mmap_min_addr-is-non-zero.patch:
ensure mmap_min_addr is non-zero in linux-user/main.c.
-- Marc Deslauriers <email address hidden> Fri, 20 Nov 2020 08:02:13 -0500
-
qemu (1:5.0-5ubuntu9.1) groovy; urgency=medium
* d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
machine type to match how it originally was released (LP: #1902654)
-- Christian Ehrhardt <email address hidden> Mon, 09 Nov 2020 08:19:07 +0100
-
qemu (1:5.0-5ubuntu9) groovy; urgency=medium
* d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
setup_len
CVE-2020-14364
-- Christian Ehrhardt <email address hidden> Tue, 22 Sep 2020 16:53:18 +0200
-
qemu (1:5.0-5ubuntu8) groovy; urgency=medium
* d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930)
qemu (1:5.0-5ubuntu7) groovy; urgency=medium
* d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
-- Christian Ehrhardt <email address hidden> Mon, 14 Sep 2020 08:23:49 +0200
-
qemu (1:5.0-5ubuntu7) groovy; urgency=medium
* d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)
-- Christian Ehrhardt <email address hidden> Wed, 09 Sep 2020 08:47:12 +0200
-
qemu (1:5.0-5ubuntu6) groovy; urgency=medium
* d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
from vfio-ccw (LP: #1887935)
qemu (1:5.0-5ubuntu5) groovy; urgency=medium
* fix qemu-user-static initialization to allow executing systemd
(LP: #1890881)
- d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
- d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
- d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
- d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
- d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
- d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
* fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
CVE-2020-16092
- d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
-- Christian Ehrhardt <email address hidden> Tue, 25 Aug 2020 11:09:12 +0200
-
qemu (1:5.0-5ubuntu5) groovy; urgency=medium
* fix qemu-user-static initialization to allow executing systemd
(LP: #1890881)
- d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch
- d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch
- d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch
- d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch
- d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch
- d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch
* fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187)
CVE-2020-16092
- d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch
-- Christian Ehrhardt <email address hidden> Wed, 19 Aug 2020 07:19:42 +0200
-
qemu (1:5.0-5ubuntu4) groovy; urgency=medium
* xen: provide compat links to what libxen-dev reports where to find
the binaries (LP: #1890005)
* d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
SQXBR (LP: #1883984)
* d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)
-- Christian Ehrhardt <email address hidden> Mon, 03 Aug 2020 07:15:28 +0200
-
qemu (1:5.0-5ubuntu3) groovy; urgency=medium
* d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
environments (LP: #1887763)
* Pick further changes for groovy from debian/master since 5.0-5
- ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
infinite recursion via a crafted mm_index value during
ati_mm_read or ati_mm_write call.
- revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
- exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
- megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
- megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
- megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
- nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
This flaw occurs when an nbd-client sends a spec-compliant request that is
near the boundary of maximum permitted request length. A remote nbd-client
could use this flaw to crash the qemu-nbd server resulting in a DoS.
- es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
properly validate the frame count, which allows guest OS users to trigger
an out-of-bounds access during an es1370_write() operation
- a few patches from the stable series:
- fix-tulip-breakage.patch
The tulip network driver in a qemu-system-hppa emulation is broken in
the sense that bigger network packages aren't received any longer and
thus even running e.g. "apt update" inside the VM fails. Fix this.
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
- acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
- reapply CVE-2020-13253 fixed from upstream:
sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
Closes: #961297, CVE-2020-13253
- linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
(Closes: #965109)
- linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
- d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
- qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
- acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
- acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
- xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
- do not install outdated (0.12 and before) Changelog (Closes: #965381)
- xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
- sm501 OOB read/write due to integer overflow in sm501_2d_operation()
List of patches:
sm501-convert-printf-abort-to-qemu_log_mask.patch
sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
sm501-use-BIT-macro-to-shorten-constant.patch
sm501-clean-up-local-variables-in-sm501_2d_operation.patch
sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
Closes: #961451, CVE-2020-12829
- riscv-allow-64-bit-access-to-SiFive-CLINT.patch
another fix for revert-memory-accept-.. CVE-2020-13754
- seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
qemu (1:5.0-5ubuntu2) groovy; urgency=medium
* No change rebuild against new libnettle8 and libhogweed6 ABI.
qemu (1:5.0-5ubuntu1) groovy; urgency=medium
* Merge with Debian testing (LP: #1749393), remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- arch aware kvm wrappers
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes --disable-xen for user-static builds]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
* Dropped changes (no more needed)
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/control: avoid upgrade issues triggered by moving ivshmem tools after
Debian. Fixed by bumping the related Breaks/Replaces to the
Version Ubuntu introduced the change (LP 1862287)
* Dropped changes (in Debian)
- improved s390x support
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- qemu-system-x86-microvm package
In addition to the generic multi-purpose qemu also provide a minimal
feature binary that is loading faster for use cases with microvm machine
type and qboot bios
- d/control-in: add a new qemu-system-x86-microvm package
- d/rules: add an extra config/build step to get the minimal qemu
- Security and packaging fixes (LP 1872937)
- arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
- net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
CVE-2020-10702
CVE-2020-11102
- fix external spice UI
+ install ui-spice-app.so in qemu-system-common
+ install ui-spice-app.so only if built, spice is optional
- switch binfmt registration to use update-binfmts --[un]import (#866756)
- qemu-system-gui: Multi-Arch=same, not foreign (#956763)
- qemu-system-data: s/highcolor/hicolor/ (#955741)
- enable riscv build (LP 1872931)
[ changes picked from Debian ]
- enable support for riscv64 hosts
- only enable librbd on architectures where it is built
- ceph: do not list librados-dev as we only use librbd-dev and the latter
depends on the former
- seccomp grew up, no need in versioned build-dep
- enable seccomp only on architectures where it can be built
* Dropped changes (upstream)
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP 1857033)
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
- d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
vhost-user-gpu
- d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
avoid unnecessary IOTLB transactions (LP 1866207)
- d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
patches @qemu-stable (LP 1867519)
- remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
to avoid broken nesting (LP 1868692)
- d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
(LP 1871830)
- d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
- d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
- d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
and clobbered doubles (LP 1872945)
- SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
- debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
- CVE-2020-11869
- d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP 1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
- d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
supporting to set them (LP 1882774)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
* Added Changes:
- d/control: regenerate debian/control out of control-in
- update d/p/ubuntu/lp-1835546-* to the final versions
- 11 patches dropped as they are in 5.0
- 20 patches updated to how they will be in 5.1
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
- d/control-in: build-dep libcap is no more needed
- d/rules: update arch aware kvm wrappers
- d/qemu-system-x86.README.Debian: fix typo
qemu (1:5.0-5) unstable; urgency=medium
* more binfmt-install updates
* CVE-2020-10717 fix from upstream:
virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and
virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch
(Closes: #959746, CVE-2020-10717)
* 2 patches from upstream/stable to fix io_uring fd set buildup:
aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch
aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch
* upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch
* upstream stable fix:
net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch
qemu (1:5.0-4) unstable; urgency=medium
* fix binfmt registration (Closes: #959222)
* disable PIE for user-static build on x32 too, not only i386
qemu (1:5.0-3) unstable; urgency=medium
* do not explicitly enable -static-pie on non-i386 architectures.
Apparenly only amd64 actually support -static-pie for now, and
it is correctly detected.
qemu (1:5.0-2) unstable; urgency=medium
* (temporarily) disable pie on i386 static build
For now -static-pie fails on i386 with the following error message:
/usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o):
unsupported non-PIC call to IFUNC `memset'
* install qemu-system docs in qemu-system-common, not qemu-system-data,
since docs require ./configure run
qemu (1:5.0-1) unstable; urgency=medium
* new upstream release (5.0)
Closes: #958926
Closes: CVE-2020-11869
* refresh patches, remove patches applied upstream
* do not mention openhackware, it is not used anymore
* do not disable bluez (support removed)
* new system arch "rx"
* dont install qemu-doc.* for now,
but install virtiofsd & qemu-storage-daemon
* add shared-lib-without-dependency-information tag
to qemu-user-static.lintian-overrides
* add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common)
* do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools
* install qemu-user html docs for qemu-user & qemu-user-static
* build hppa-firmware.img from roms/seabios-hppa
(and Build-Depeds-Indep on gcc-hppa-linux-gnu)
* enable liburing on linux (build-depend on liburing-dev)
* add upstream signing-key.asc (Michael Roth <email address hidden>)
* build opensbi firmware
(for riscv64 only, riscv32 is possible with compiler flags)
* add source-level lintian-overrides for binaries-without-sources
(lintian can't find sources for a few firmware images which are in roms/)
qemu (1:4.2-7) unstable; urgency=medium
* qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763)
* x32 arch is in the same family as i386 & x86_64, omit binfmt registration
* check systemd-detect-virt before running update-binfmt
* gluster is de-facto linux-only, do not build-depend on it on non-linux
* virglrenderer is also essentially linux-specific
* qemu-user-static does not depend on shlibs
* disable parallel building of targets of d/rules
* add lintian overrides (arch-dependent static binaries) for openbios binaries
* separate binary-indep target into install-indep-prep and binary-indep
* split out various components of qemu-system-data into independent
build/install rules and add infrastructure for more components:
x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper,
slof, s390x-fw
* iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
qemu (1:4.2-6) unstable; urgency=medium
* d/rules: fix FTBFS (brown-paper-bag bug) in last upload
qemu (1:4.2-5) unstable; urgency=medium
* no error-out on address-of-packet-member in openbios
* install ui-spice-app.so only if built, spice is optional
* arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch -
Closes: CVE-2020-10702, weak signature generation
in Pointer Authentication support for ARM
* (temporarily) enable seccomp only on architectures where it can be built
(Closes: #956624)
* seccomp has grown up, no need in versioned build-dep
* do not list librados-dev in build-dep as we only use librbd-dev
and the latter depends on the former
* only enable librbd on architectures where it is buildable
qemu (1:4.2-4) unstable; urgency=medium
[ Michael Tokarev ]
* d/rules: build minimal configuration for qboot/microvm usage
* set microvm to be the default machine type for microvm case
* install ui-spice-app.so in qemu-system-common
* do not depend on libattr-dev, functions are now in libc6 (Closes: #953910)
* net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
(Closes: #956145, CVE-2020-11102, tulip nic buffer overflow)
* qemu-system-data: s/highcolor/hicolor/ (Closes: #955741)
* switch binfmt registration to use update-binfmts --[un]import
(Closes: #866756)
* build openbios-ppc & openbios-sparc binaries in qemu-system-data,
and replace corresponding binary packages.
Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep
* build and provide/replace qemu-slof too
[ Aurelien Jarno ]
* enable support for riscv64 hosts
-- Christian Ehrhardt <email address hidden> Tue, 28 Jul 2020 13:21:31 +0200
-
qemu (1:5.0-5ubuntu2) groovy; urgency=medium
* No change rebuild against new libnettle8 and libhogweed6 ABI.
-- Dimitri John Ledkov <email address hidden> Mon, 29 Jun 2020 22:32:55 +0100
-
qemu (1:5.0-5ubuntu1) groovy; urgency=medium
* Merge with Debian testing (LP: #1749393), remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- arch aware kvm wrappers
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes --disable-xen for user-static builds]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
* Dropped changes (no more needed)
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/control: avoid upgrade issues triggered by moving ivshmem tools after
Debian. Fixed by bumping the related Breaks/Replaces to the
Version Ubuntu introduced the change (LP 1862287)
* Dropped changes (in Debian)
- improved s390x support
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- qemu-system-x86-microvm package
In addition to the generic multi-purpose qemu also provide a minimal
feature binary that is loading faster for use cases with microvm machine
type and qboot bios
- d/control-in: add a new qemu-system-x86-microvm package
- d/rules: add an extra config/build step to get the minimal qemu
- Security and packaging fixes (LP 1872937)
- arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
- net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
CVE-2020-10702
CVE-2020-11102
- fix external spice UI
+ install ui-spice-app.so in qemu-system-common
+ install ui-spice-app.so only if built, spice is optional
- switch binfmt registration to use update-binfmts --[un]import (#866756)
- qemu-system-gui: Multi-Arch=same, not foreign (#956763)
- qemu-system-data: s/highcolor/hicolor/ (#955741)
- enable riscv build (LP 1872931)
[ changes picked from Debian ]
- enable support for riscv64 hosts
- only enable librbd on architectures where it is built
- ceph: do not list librados-dev as we only use librbd-dev and the latter
depends on the former
- seccomp grew up, no need in versioned build-dep
- enable seccomp only on architectures where it can be built
* Dropped changes (upstream)
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP 1857033)
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
- d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
vhost-user-gpu
- d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
avoid unnecessary IOTLB transactions (LP 1866207)
- d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
patches @qemu-stable (LP 1867519)
- remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
to avoid broken nesting (LP 1868692)
- d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
(LP 1871830)
- d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
- d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
- d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
and clobbered doubles (LP 1872945)
- SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
- debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
- CVE-2020-11869
- d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP 1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
- d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
supporting to set them (LP 1882774)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
* Added Changes:
- d/control: regenerate debian/control out of control-in
- update d/p/ubuntu/lp-1835546-* to the final versions
- 11 patches dropped as they are in 5.0
- 20 patches updated to how they will be in 5.1
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
- d/control-in: build-dep libcap is no more needed
- d/rules: update arch aware kvm wrappers
- d/qemu-system-x86.README.Debian: fix typo
qemu (1:5.0-5) unstable; urgency=medium
* more binfmt-install updates
* CVE-2020-10717 fix from upstream:
virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and
virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch
(Closes: #959746, CVE-2020-10717)
* 2 patches from upstream/stable to fix io_uring fd set buildup:
aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch
aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch
* upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch
* upstream stable fix:
net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch
qemu (1:5.0-4) unstable; urgency=medium
* fix binfmt registration (Closes: #959222)
* disable PIE for user-static build on x32 too, not only i386
qemu (1:5.0-3) unstable; urgency=medium
* do not explicitly enable -static-pie on non-i386 architectures.
Apparenly only amd64 actually support -static-pie for now, and
it is correctly detected.
qemu (1:5.0-2) unstable; urgency=medium
* (temporarily) disable pie on i386 static build
For now -static-pie fails on i386 with the following error message:
/usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o):
unsupported non-PIC call to IFUNC `memset'
* install qemu-system docs in qemu-system-common, not qemu-system-data,
since docs require ./configure run
qemu (1:5.0-1) unstable; urgency=medium
* new upstream release (5.0)
Closes: #958926
Closes: CVE-2020-11869
* refresh patches, remove patches applied upstream
* do not mention openhackware, it is not used anymore
* do not disable bluez (support removed)
* new system arch "rx"
* dont install qemu-doc.* for now,
but install virtiofsd & qemu-storage-daemon
* add shared-lib-without-dependency-information tag
to qemu-user-static.lintian-overrides
* add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common)
* do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools
* install qemu-user html docs for qemu-user & qemu-user-static
* build hppa-firmware.img from roms/seabios-hppa
(and Build-Depeds-Indep on gcc-hppa-linux-gnu)
* enable liburing on linux (build-depend on liburing-dev)
* add upstream signing-key.asc (Michael Roth <email address hidden>)
* build opensbi firmware
(for riscv64 only, riscv32 is possible with compiler flags)
* add source-level lintian-overrides for binaries-without-sources
(lintian can't find sources for a few firmware images which are in roms/)
qemu (1:4.2-7) unstable; urgency=medium
* qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763)
* x32 arch is in the same family as i386 & x86_64, omit binfmt registration
* check systemd-detect-virt before running update-binfmt
* gluster is de-facto linux-only, do not build-depend on it on non-linux
* virglrenderer is also essentially linux-specific
* qemu-user-static does not depend on shlibs
* disable parallel building of targets of d/rules
* add lintian overrides (arch-dependent static binaries) for openbios binaries
* separate binary-indep target into install-indep-prep and binary-indep
* split out various components of qemu-system-data into independent
build/install rules and add infrastructure for more components:
x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper,
slof, s390x-fw
* iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
qemu (1:4.2-6) unstable; urgency=medium
* d/rules: fix FTBFS (brown-paper-bag bug) in last upload
qemu (1:4.2-5) unstable; urgency=medium
* no error-out on address-of-packet-member in openbios
* install ui-spice-app.so only if built, spice is optional
* arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch -
Closes: CVE-2020-10702, weak signature generation
in Pointer Authentication support for ARM
* (temporarily) enable seccomp only on architectures where it can be built
(Closes: #956624)
* seccomp has grown up, no need in versioned build-dep
* do not list librados-dev in build-dep as we only use librbd-dev
and the latter depends on the former
* only enable librbd on architectures where it is buildable
qemu (1:4.2-4) unstable; urgency=medium
[ Michael Tokarev ]
* d/rules: build minimal configuration for qboot/microvm usage
* set microvm to be the default machine type for microvm case
* install ui-spice-app.so in qemu-system-common
* do not depend on libattr-dev, functions are now in libc6 (Closes: #953910)
* net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
(Closes: #956145, CVE-2020-11102, tulip nic buffer overflow)
* qemu-system-data: s/highcolor/hicolor/ (Closes: #955741)
* switch binfmt registration to use update-binfmts --[un]import
(Closes: #866756)
* build openbios-ppc & openbios-sparc binaries in qemu-system-data,
and replace corresponding binary packages.
Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep
* build and provide/replace qemu-slof too
[ Aurelien Jarno ]
* enable support for riscv64 hosts
-- Christian Ehrhardt <email address hidden> Tue, 16 Jun 2020 16:50:09 +0200
-
qemu (1:4.2-3ubuntu10) groovy; urgency=medium
* No-change rebuild against libnettle8
-- Steve Langasek <email address hidden> Mon, 20 Jul 2020 16:12:37 +0000
-
qemu (1:4.2-3ubuntu9) groovy; urgency=medium
* debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP: #1878973)
* d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
supporting to set them (LP: #1882774)
-- Christian Ehrhardt <email address hidden> Tue, 02 Jun 2020 10:42:49 +0200
-
qemu (1:4.2-3ubuntu8) groovy; urgency=medium
* d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP: #1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
-- Rafael David Tinoco <email address hidden> Wed, 27 May 2020 21:47:21 +0000
-
qemu (1:4.2-3ubuntu7) groovy; urgency=medium
* SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
- debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
- CVE-2020-11869
-- Marc Deslauriers <email address hidden> Thu, 21 May 2020 14:43:19 -0400
-
qemu (1:4.2-3ubuntu6) focal; urgency=medium
[ Christian Ehrhardt ]
* enable riscv build (LP: #1872931)
[ changes picked from Debian ]
- enable support for riscv64 hosts
- only enable librbd on architectures where it is built
- ceph: do not list librados-dev as we only use librbd-dev and the latter
depends on the former
- seccomp grew up, no need in versioned build-dep
- enable seccomp only on architectures where it can be built
* d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
* d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
and clobbered doubles (LP: #1872945)
[ William Grant ]
* d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
-- Christian Ehrhardt <email address hidden> Wed, 15 Apr 2020 14:27:15 +0200
