-
qemu (1:6.2+dfsg-2ubuntu6.21) jammy-security; urgency=medium
* SECURITY REGRESSION: 9pfs restrictions on sockets (LP: #2065579)
- debian/patches/ubuntu/lp-2065579-9pfs-allow-sockets.patch: allow
sockets and FIFOs to be opened in hw/9pfs/9p-util.h. The fix for
CVE-2023-2861 was too restrictive for some use-cases.
-- Marc Deslauriers <email address hidden> Wed, 05 Jun 2024 12:25:53 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.20) jammy; urgency=medium
* d/p/u/lp-2064914-properly-reset-tsc-on-reset.patch: Properly reset
TSC on reset, fixing Windows hang after reboot. (LP: #2064914).
-- Sergio Durigan Junior <email address hidden> Thu, 09 May 2024 14:30:38 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.19) jammy; urgency=medium
* d/p/u/lp2012763-maxcpus-too-low.patch: Bump max_cpus to 1024 on
amd64. (LP: #2012763)
-- Sergio Durigan Junior <email address hidden> Mon, 18 Mar 2024 16:38:25 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.18) jammy; urgency=medium
* d/p/u/lp-2046439-s390x-*.patch: Fix emulation of
"COMPARE HALFWORD RELATIVE LONG" on s390x.
(LP: #2046439)
-- Sergio Durigan Junior <email address hidden> Wed, 21 Feb 2024 15:44:50 -0500
-
qemu (1:6.2+dfsg-2ubuntu6.17) jammy; urgency=medium
* d/rules: modify qemu-block-extra postinst to avoid
restarting run-qemu.mount (LP: #2051153)
-- Christian Ehrhardt <email address hidden> Mon, 29 Jan 2024 11:43:30 +0100
-
qemu (1:6.2+dfsg-2ubuntu6.16) jammy-security; urgency=medium
* SECURITY UPDATE: infinite loop in USB xHCI controller
- debian/patches/CVE-2020-14394.patch: fix unbounded loop in
hw/usb/hcd-xhci.c.
- CVE-2020-14394
* SECURITY UPDATE: OOB read in RDMA device
- debian/patches/CVE-2023-1544.patch: protect against buggy or
malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
- CVE-2023-1544
* SECURITY UPDATE: 9pfs special file access
- debian/patches/CVE-2023-2861.patch: prevent opening special files in
fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
- CVE-2023-2861
* SECURITY UPDATE: heap overflow in crypto device
- debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
sym request in hw/virtio/virtio-crypto.c.
- CVE-2023-3180
* SECURITY UPDATE: infinite loop in VNC server
- debian/patches/CVE-2023-3255.patch: fix infinite loop in
inflate_buffer in ui/vnc-clipboard.c.
- CVE-2023-3255
* SECURITY UPDATE: race in virtio-net hot-unplug
- debian/patches/CVE-2023-3301.patch: do not cleanup the vdpa/vhost-net
structures if peer nic is present in net/vhost-vdpa.c.
- CVE-2023-3301
* SECURITY UPDATE: DoS in VNC server
- debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
closed during handshake in include/io/channel-tls.h,
io/channel-tls.c.
- CVE-2023-3354
* SECURITY UPDATE: disk offset 0 access
- debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
resetting state in hw/ide/core.c.
- CVE-2023-5088
* SECURITY UPDATE: DoS in Intel HD Audio device
- debian/patches/CVE-2021-3611-*.patch: add MemTxAttrs argument to
DMA functions and use it in hw/audio/intel-hda.c.
- CVE-2021-3611
-- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 09:53:27 -0500
-
qemu (1:6.2+dfsg-2ubuntu6.15) jammy; urgency=medium
* d/rules: remove --no-start for qemu-guest-agent (LP: #2028124)
-- Mitchell Dzurick <email address hidden> Fri, 15 Sep 2023 14:39:05 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.14) jammy; urgency=medium
* d/u/lp-2033957-virtiofsd-Fix-breakage-due-to-fuse_init_in.patch:
Fix virtiofsd breakage due to fuse_init_in size change, which
happened because of the Linux kernel 5.17 headers that were
imported in a previous patch. (LP: #2033957)
-- Sergio Durigan Junior <email address hidden> Tue, 05 Sep 2023 22:58:36 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.13) jammy; urgency=medium
* d/p/u/lp-1853307-*.patch: Backport patches to implement Enhanced
Interpretation for PCI Functions (s390x). (LP: #1853307)
-- Sergio Durigan Junior <email address hidden> Wed, 05 Jul 2023 10:47:05 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.12) jammy; urgency=medium
[ Chengen Du ]
* d/p/u/lp2025591-block-use-the-request-length-for-iov-alignment.patch:
Fix boot error on the HWE 6.2 kernel with direct IO (eg, cache=none)
if the logical block size is smaller than in the host (LP: #2025591)
-- Mauricio Faria de Oliveira <email address hidden> Mon, 03 Jul 2023 18:00:25 -0300
-
qemu (1:6.2+dfsg-2ubuntu6.11) jammy-security; urgency=medium
* SECURITY UPDATE: user-after-free issue
- debian/patches/CVE-2022-1050.patch: Protect against buggy or
malicious guest driver
- CVE-2022-1050
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2022-4144-*.patch: Have qxl_log_command Return
early if no log_cmd handler; Document qxl_phys2virt(); Pass requested
buffer size to qxl_phys2virt(); Avoid buffer overrun in qxl_phys2virt;
Assert memory slot fits in preallocated MemoryRegion
- CVE-2022-4144
* SECURITY UPDATE: reentrancy problem
- debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
controller
- CVE-2023-0330
-- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 17:03:25 +0530
-
qemu (1:6.2+dfsg-2ubuntu6.10) jammy; urgency=medium
* d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
hot-unplug requests by making ACPI PCI able to requeue them.
(LP: #2018733)
-- Sergio Durigan Junior <email address hidden> Fri, 26 May 2023 17:40:31 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.9) jammy; urgency=medium
* d/p/u/lp-2019766-target-arm-kvm-Retry-KVM_CREATE_VM-call-if-it-fails-.patch:
ARM: Retry KVM_CREATE_VM when it returns EINTR (LP: #2019766)
-- dann frazier <email address hidden> Tue, 16 May 2023 14:59:54 -0600
-
qemu (1:6.2+dfsg-2ubuntu6.8) jammy; urgency=medium
* d/p/u/lp-1999885-s390x-tod-kvm-don-t-save-restore-the-TOD-in-PV-guest.patch:
avoid timer issues in s390x secure execution guests (LP: #1999885)
* d/p/u/lp-2011832-*: fix emulation issues in mips and powerpc (LP: #2011832)
-- Christian Ehrhardt <email address hidden> Thu, 23 Mar 2023 08:18:28 +0100
-
qemu (1:6.2+dfsg-2ubuntu6.7) jammy; urgency=medium
[ Brett Milford ]
* d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP: #1994002)
[ Mauricio Faria de Oliveira ]
* d/p/u/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch: Add hint
to VFIO_MAP_DMA error on AMD IOMMU for VMs with ~1TB+ RAM (LP: #2009048)
* d/rules: move "Disable LTO on non-amd64" before buildflags.mk on Jammy.
[ Michal Maloszewski ]
* d/rules: Disable LTO on non-amd 64 architectures to prevent QEMU
coroutines from failing (LP: #1921664)
-- Mauricio Faria de Oliveira <email address hidden> Mon, 06 Mar 2023 17:00:46 -0300
-
qemu (1:6.2+dfsg-2ubuntu6.6) jammy-security; urgency=medium
* SECURITY UPDATE: DMA reentrancy issue
- debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
field and MEMTX_ACCESS_ERROR
- CVE-2021-3750
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- CVE-2022-0216
* SECURITY UPDATE: integer underflow vulnerability
- debian/patches/CVE-2022-3165.patch: fix integer underflow in
vnc_client_cut_text_ext
- CVE-2022-3165
-- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:47:27 +0530
-
qemu (1:6.2+dfsg-2ubuntu6.5) jammy; urgency=medium
* d/p/u/lp-1981339-*: Fix s390x emulation of newer kernels (LP: #1981339)
-- Christian Ehrhardt <email address hidden> Tue, 13 Sep 2022 10:23:19 +0200
-
qemu (1:6.2+dfsg-2ubuntu6.4) jammy; urgency=medium
* Fix ppc64le: fatal: Tried to call a TRAP (LP: #1980896)
- linux-user/ppc: Use force_sig_fault
- linux-user/ppc: deliver SIGTRAP on POWERPC_EXCP_TRAP
- tests/tcg/ppc64le: change signal_save_restore_xer to use SIGTRAP
-- You-Sheng Yang <email address hidden> Thu, 07 Jul 2022 02:52:56 +0000
-
qemu (1:6.2+dfsg-2ubuntu6.3) jammy; urgency=medium
* Fix unbalanced plugged counter in laio_io_unplug (LP: #1970737)
- d/p/lp1970737-linux-aio-*.patch: Upstream patches.
-- Sergio Durigan Junior <email address hidden> Tue, 21 Jun 2022 17:07:50 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.2) jammy-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: use-after-free in nvme
- debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
device itself in hw/nvme/ctrl.c.
- CVE-2021-3929
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: potential privilege escalation in virtiofsd
- debian/patches/CVE-2022-0358.patch: Drop membership of all
supplementary groups in tools/virtiofsd/passthrough_ll.c.
- CVE-2022-0358
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock-common.c.
- CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:22:05 -0400
-
qemu (1:6.2+dfsg-2ubuntu6.1) jammy; urgency=medium
* d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
in vnc connections (LP: #1970563)
-- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:25:20 +0200
-
qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
* debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
* Fix diff handling on ceph that can cause data corruption (LP: #1968258)
- d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
- d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
-- Christian Ehrhardt <email address hidden> Fri, 08 Apr 2022 09:36:34 +0200
-
qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium
* d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
tcg on s390x.
qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium
* No-change rebuild to update maintainer scripts, see LP: 1959054
qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium
* Merge with Debian unstable, remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
add patch to workaround FTBFS when building against OpenSSL 3.0.
- d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
-fcf-protection being unavailble on -march=i486 (LP 1940029)
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
* Dropped Changes [now part of 1:6.1+dfsg-8]:
- updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
(#993658) (LP 1947860)
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
* Dropped Changes [now part of upstream]
- d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
and 3932 machines (LP 1932175)
- d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
migration with audio devices present (LP 1940288)
* Added changes:
- update patches for qemu v6.2.0
- d/p/u/enable-svm-by-default.patch
- d/p/u/define-ubuntu-machine-types.patch
- d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
- d/rules: xen libexec dir is no more versioned
- d/rules: ensure xen is built on x86
- d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
Allow long kernel command lines for QEMU (LP: #1959984)
- d/kvm-spice: fix when acceleration is already defined on the commandline
- d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
qemu (1:6.2+dfsg-2) unstable; urgency=medium
* bump meson build-dep to 0.59.3
* build & include multiboot_dma.bin (Closes: #1003930)
* libxml2 is not needed for parallels.
Enable parallels block image format (Closes: #1003162)
* acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch
Closes: CVE-2021-4158
* acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
(Closes: #1004017)
* acpi-fix-OEM_ID-padding.patch
* debian/get-orig-source.sh: repack dfsg archive differently
* mention closing of a few CVEs by 6.2.0
qemu (1:6.2+dfsg-1) unstable; urgency=medium
[ Christian Ehrhardt ]
* 6.2.0 upstream release
Closes: #984452, CVE-2021-20203
(integer overflow issue in the vmxnet3 NIC emulator)
Closes: #984453, CVE-2021-20196
(fdc: check drive block device before usage)
Closes: #984451, CVE-2021-20255
(infinite recursion / DMA reentrancy in eepro100 i8255x device emulator)
* d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean
* Drop patches upstream in v6.2.0
* d/p/spelling.diff: update for v6.2.0 (partially accepted)
* d/rules: use new --disable-install-blobs build arg
* Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe",
it is now in main (LP: #1934510)
* d/rules: bump skiboot version for qemu v6.2.0
* d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue
due to dfsg removal of blobs
* d/rules: drop --disable-fdt on microvm builds
(now strictly required on any x86 build)
* d/rules: select default PARISC config for hppa-firmware
qemu (1:6.1+dfsg-8) unstable; urgency=medium
* fix keymaps definitions placement in last upload
(Closes: #997925, #997926)
qemu (1:6.1+dfsg-7) unstable; urgency=medium
* qemu-system-data: do not install qemu.desktop (Closes: #995628)
* remove qemu-user-static.README.Debian (#995633)
* d/rules: update configure rules for different qemu builds
* qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64
* promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86
since it uses the same modules actually
* enable zstd compression support (Build-Depends)
* qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp
for the sdl ui
* d/control: fix wrong relation (< vs <<)
* d/control: use :native version of python3-sphynx (Closes: #995622)
* do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu
* quieten gcc11 warnings/errors so roms will compile (Closes: #997082)
* move d/qemu-system-data.install to d/rules
qemu (1:6.1+dfsg-6) unstable; urgency=medium
* virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
* ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
Closes: #992726, CVE-2021-3638:
inconsistent check in ati_2d_blt() may lead to out-of-bounds write
* refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch}
from upstream
* hmp-unbreak-change-vnc.patch from upstream
to fix 'change vnc passwd' command
qemu (1:6.1+dfsg-5) unstable; urgency=medium
* updated debian/patches/linux-user-binfmt-P.diff
to work with in-kernel code
Closes: #993658
* d/rules: do not mark configure target as .PHONY
since it is a real file
qemu (1:6.1+dfsg-4) unstable; urgency=medium
* qemu-sockets-fix-unix-socket-path-copy-again.patch
replacing socket-unix-maxlen.patch
Closes: #993145
* enable more devices for the microvm build:
virtio-gpu & vhost-user-gpu
virtio-input-host & vhost_user_input
* move vhost-user-gpu files from qemu-system-common to qemu-system-gui
this elminates X11 dependencies from non-gui qemu-system install
* build and install vof.bin firmware
* rearrange d/rules a bit to make different qemu builds
to be consistent with sysdata-components
* move ppc dtb firmware files from qemu-system-ppc to qemu-system-data
* device-tree-compiler is now needed in build-indep-depends,
not in build-depends
* d/rules: use CROSSPFX variables
* ubuntu only:
- Revert commit from the previous release which restores
relation between qemu-system-xen and qemu-system-gui
since -xen is not compatible with -gui modules
- qemu-system-xen does not suggest qemu-block-extra (incompatible too)
- qemu-system-s390x recommends qemu-block-extra not suggests it
qemu (1:6.1+dfsg-3) unstable; urgency=medium
* fix brown-paper bag in last upload (--enable-libudev)
* ubuntu only: restore relations (depends/recommends)
between qemu-system-gui and qemu-system-xen since -xen
replaces full qemu-system-x86 and acts the same way
qemu (1:6.1+dfsg-2) unstable; urgency=medium
* rearrange d/rules to be able to configure/build/install
various different kinds of qemu builds (main/microvm/xen/static)
separately, by splitting targets of d/rules into subtargets
* enable many virtio devices for microvm build (Closes: #992029)
* disable libudev and fuse for microvm build
* rearrange options for microvm build in d/rules
* tidy newly added assert in unix-domain socket handling code
to account for extra \0 terminator for socket pathname,
socket-unix-maxlen.patch (Closes: #993145)
* upstream qemu added ignoring of *.patch to .gitignore,
unignore them in d/.gitignore
* re-add 4 patches which were lost from git
during preparation for 6.1
(not affecting the source package)
* uas-add-stream-number-sanity-checks-CVE-2021-3713.diff
Closes: #992727, CVE-2021-3713
* Mention (some) bugs closed by 6.1 upstream
* Mention closing of #947349
qemu (1:6.1+dfsg-1) unstable; urgency=medium
* new upstream release (6.1.0)
Closes: CVE-2021-3607 (pvrdma: ensure correct input on ring init)
Closes: CVE-2021-3608 (pvrdma: unmap initialized dma address)
Closes: #989042, CVE-2021-3544 (vhost-user-gpu resource leaks)
Closes: #989042, CVE-2021-3545 (vhost-user-gpu memory disclosure)
Closes: #989042, CVE-2021-3546 (vhost-user-gpu OOBwr virgl_cmd_get_capset)
Closes: #991911, CVE-2021-3682 (pvrdma: possible mremap overflow)
* refresh patches, remove patches which were applied upstream
* remove newly appeared pc-bios/vof.bin in dfsg-clean
* add python3-sphinx-rtd-theme to build-depends
* removed qemu-system-moxie arch
* actually build many qemu modules as modules, and install
them in qemu-system-common.
* make strong versioned dependency between various qemu-system-*
packages, so that modules works correctly.
* drop very old versions from Build-Depends, Depends and Recommends
for packages which long has much more recent versions in debian
* up qemu-block-extra dependecy level from Suggests to Recommends
* d/control: stop suggesting sgabios by qemu-system-x86
* (experimental for now, needs more work) print name of the package
name for a module which can't be loaded, to give a clue what other
package one may need to install for the requested functionality
* fix some spelling mistakes in visible messages (spelling.diff)
* enable jack audio backend (in qemu-system-gui) (Closes: #984726)
* other small/internal changes in packaging:
- removed --disable-sheepdog which were dropped upstream
- install gui modules in d/rules not in d/q-s-gui.install
to be able to use wildcard in d/q-s-common.install
- recommend qemu-block-extra, not suggest it and not depend on it (ubuntu)
for qemu-system-* and qemu-utils
- reformat qemu "deps" for qemu-system-gui, stop listing -xen there
(it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only
- d/control: stop recommending -gui for xen package
(it is of no use for xen)
- d/control: reformat Depends for qemu-block-extra, do not include -xen
version there, mark -x390x as ubuntu-only,
and allow qemu-utils to satisfy the dependency
- do not install docs which does not exist anymore
- stop omiting Changelog from dh_installchangelog: the file is long gone
- d/rules: explicitly state version of skiboot as it is stored
in a git tag only, or else skiboot does not build (hack)
- put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so
to qemu-system-gui as it pulls in X11
qemu (1:6.0+dfsg-4) unstable; urgency=medium
* d/rules: fix last ubuntu merge, xen is x86-only, not all-debian
qemu (1:6.0+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* enable /run/qemu mount on ubuntu only
* usbredir-fix-free-call-CVE-2021-3682.patchi
Closes: #991911, CVE-2021-3682
[ Christian Ehrhardt ]
* ubuntu-only changes:
- d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra
- d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe package
qemu-system-x86-xen as alternative
* d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch:
avoid segfaults by uretprobes (LP 1929926)
-- Christian Ehrhardt <email address hidden> Thu, 17 Feb 2022 09:54:36 +0100
-
qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium
* No-change rebuild to update maintainer scripts, see LP: 1959054
-- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:28:14 +0000
-
qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium
* Merge with Debian unstable, remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
add patch to workaround FTBFS when building against OpenSSL 3.0.
- d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
-fcf-protection being unavailble on -march=i486 (LP 1940029)
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
* Dropped Changes [now part of 1:6.1+dfsg-8]:
- updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
(#993658) (LP 1947860)
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
* Dropped Changes [now part of upstream]
- d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
and 3932 machines (LP 1932175)
- d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
migration with audio devices present (LP 1940288)
* Added changes:
- update patches for qemu v6.2.0
- d/p/u/enable-svm-by-default.patch
- d/p/u/define-ubuntu-machine-types.patch
- d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
- d/rules: xen libexec dir is no more versioned
- d/rules: ensure xen is built on x86
- d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
Allow long kernel command lines for QEMU (LP: #1959984)
- d/kvm-spice: fix when acceleration is already defined on the commandline
- d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
qemu (1:6.2+dfsg-2) unstable; urgency=medium
* bump meson build-dep to 0.59.3
* build & include multiboot_dma.bin (Closes: #1003930)
* libxml2 is not needed for parallels.
Enable parallels block image format (Closes: #1003162)
* acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch
Closes: CVE-2021-4158
* acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
(Closes: #1004017)
* acpi-fix-OEM_ID-padding.patch
* debian/get-orig-source.sh: repack dfsg archive differently
* mention closing of a few CVEs by 6.2.0
qemu (1:6.2+dfsg-1) unstable; urgency=medium
[ Christian Ehrhardt ]
* 6.2.0 upstream release
Closes: #984452, CVE-2021-20203
(integer overflow issue in the vmxnet3 NIC emulator)
Closes: #984453, CVE-2021-20196
(fdc: check drive block device before usage)
Closes: #984451, CVE-2021-20255
(infinite recursion / DMA reentrancy in eepro100 i8255x device emulator)
* d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean
* Drop patches upstream in v6.2.0
* d/p/spelling.diff: update for v6.2.0 (partially accepted)
* d/rules: use new --disable-install-blobs build arg
* Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe",
it is now in main (LP: #1934510)
* d/rules: bump skiboot version for qemu v6.2.0
* d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue
due to dfsg removal of blobs
* d/rules: drop --disable-fdt on microvm builds
(now strictly required on any x86 build)
* d/rules: select default PARISC config for hppa-firmware
qemu (1:6.1+dfsg-8) unstable; urgency=medium
* fix keymaps definitions placement in last upload
(Closes: #997925, #997926)
qemu (1:6.1+dfsg-7) unstable; urgency=medium
* qemu-system-data: do not install qemu.desktop (Closes: #995628)
* remove qemu-user-static.README.Debian (#995633)
* d/rules: update configure rules for different qemu builds
* qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64
* promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86
since it uses the same modules actually
* enable zstd compression support (Build-Depends)
* qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp
for the sdl ui
* d/control: fix wrong relation (< vs <<)
* d/control: use :native version of python3-sphynx (Closes: #995622)
* do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu
* quieten gcc11 warnings/errors so roms will compile (Closes: #997082)
* move d/qemu-system-data.install to d/rules
qemu (1:6.1+dfsg-6) unstable; urgency=medium
* virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
* ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
Closes: #992726, CVE-2021-3638:
inconsistent check in ati_2d_blt() may lead to out-of-bounds write
* refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch}
from upstream
* hmp-unbreak-change-vnc.patch from upstream
to fix 'change vnc passwd' command
qemu (1:6.1+dfsg-5) unstable; urgency=medium
* updated debian/patches/linux-user-binfmt-P.diff
to work with in-kernel code
Closes: #993658
* d/rules: do not mark configure target as .PHONY
since it is a real file
qemu (1:6.1+dfsg-4) unstable; urgency=medium
* qemu-sockets-fix-unix-socket-path-copy-again.patch
replacing socket-unix-maxlen.patch
Closes: #993145
* enable more devices for the microvm build:
virtio-gpu & vhost-user-gpu
virtio-input-host & vhost_user_input
* move vhost-user-gpu files from qemu-system-common to qemu-system-gui
this elminates X11 dependencies from non-gui qemu-system install
* build and install vof.bin firmware
* rearrange d/rules a bit to make different qemu builds
to be consistent with sysdata-components
* move ppc dtb firmware files from qemu-system-ppc to qemu-system-data
* device-tree-compiler is now needed in build-indep-depends,
not in build-depends
* d/rules: use CROSSPFX variables
* ubuntu only:
- Revert commit from the previous release which restores
relation between qemu-system-xen and qemu-system-gui
since -xen is not compatible with -gui modules
- qemu-system-xen does not suggest qemu-block-extra (incompatible too)
- qemu-system-s390x recommends qemu-block-extra not suggests it
qemu (1:6.1+dfsg-3) unstable; urgency=medium
* fix brown-paper bag in last upload (--enable-libudev)
* ubuntu only: restore relations (depends/recommends)
between qemu-system-gui and qemu-system-xen since -xen
replaces full qemu-system-x86 and acts the same way
qemu (1:6.1+dfsg-2) unstable; urgency=medium
* rearrange d/rules to be able to configure/build/install
various different kinds of qemu builds (main/microvm/xen/static)
separately, by splitting targets of d/rules into subtargets
* enable many virtio devices for microvm build (Closes: #992029)
* disable libudev and fuse for microvm build
* rearrange options for microvm build in d/rules
* tidy newly added assert in unix-domain socket handling code
to account for extra \0 terminator for socket pathname,
socket-unix-maxlen.patch (Closes: #993145)
* upstream qemu added ignoring of *.patch to .gitignore,
unignore them in d/.gitignore
* re-add 4 patches which were lost from git
during preparation for 6.1
(not affecting the source package)
* uas-add-stream-number-sanity-checks-CVE-2021-3713.diff
Closes: #992727, CVE-2021-3713
* Mention (some) bugs closed by 6.1 upstream
* Mention closing of #947349
qemu (1:6.1+dfsg-1) unstable; urgency=medium
* new upstream release (6.1.0)
Closes: CVE-2021-3607 (pvrdma: ensure correct input on ring init)
Closes: CVE-2021-3608 (pvrdma: unmap initialized dma address)
Closes: #989042, CVE-2021-3544 (vhost-user-gpu resource leaks)
Closes: #989042, CVE-2021-3545 (vhost-user-gpu memory disclosure)
Closes: #989042, CVE-2021-3546 (vhost-user-gpu OOBwr virgl_cmd_get_capset)
Closes: #991911, CVE-2021-3682 (pvrdma: possible mremap overflow)
* refresh patches, remove patches which were applied upstream
* remove newly appeared pc-bios/vof.bin in dfsg-clean
* add python3-sphinx-rtd-theme to build-depends
* removed qemu-system-moxie arch
* actually build many qemu modules as modules, and install
them in qemu-system-common.
* make strong versioned dependency between various qemu-system-*
packages, so that modules works correctly.
* drop very old versions from Build-Depends, Depends and Recommends
for packages which long has much more recent versions in debian
* up qemu-block-extra dependecy level from Suggests to Recommends
* d/control: stop suggesting sgabios by qemu-system-x86
* (experimental for now, needs more work) print name of the package
name for a module which can't be loaded, to give a clue what other
package one may need to install for the requested functionality
* fix some spelling mistakes in visible messages (spelling.diff)
* enable jack audio backend (in qemu-system-gui) (Closes: #984726)
* other small/internal changes in packaging:
- removed --disable-sheepdog which were dropped upstream
- install gui modules in d/rules not in d/q-s-gui.install
to be able to use wildcard in d/q-s-common.install
- recommend qemu-block-extra, not suggest it and not depend on it (ubuntu)
for qemu-system-* and qemu-utils
- reformat qemu "deps" for qemu-system-gui, stop listing -xen there
(it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only
- d/control: stop recommending -gui for xen package
(it is of no use for xen)
- d/control: reformat Depends for qemu-block-extra, do not include -xen
version there, mark -x390x as ubuntu-only,
and allow qemu-utils to satisfy the dependency
- do not install docs which does not exist anymore
- stop omiting Changelog from dh_installchangelog: the file is long gone
- d/rules: explicitly state version of skiboot as it is stored
in a git tag only, or else skiboot does not build (hack)
- put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so
to qemu-system-gui as it pulls in X11
qemu (1:6.0+dfsg-4) unstable; urgency=medium
* d/rules: fix last ubuntu merge, xen is x86-only, not all-debian
qemu (1:6.0+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* enable /run/qemu mount on ubuntu only
* usbredir-fix-free-call-CVE-2021-3682.patchi
Closes: #991911, CVE-2021-3682
[ Christian Ehrhardt ]
* ubuntu-only changes:
- d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra
- d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe package
qemu-system-x86-xen as alternative
* d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch:
avoid segfaults by uretprobes (LP 1929926)
-- Christian Ehrhardt <email address hidden> Wed, 05 Jan 2022 12:18:25 +0100
-
qemu (1:6.2+dfsg-2ubuntu2) jammy; urgency=medium
* Merge with Debian unstable, remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
add patch to workaround FTBFS when building against OpenSSL 3.0.
- d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
-fcf-protection being unavailble on -march=i486 (LP 1940029)
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
* Dropped Changes [now part of 1:6.1+dfsg-8]:
- updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
(#993658) (LP 1947860)
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
* Dropped Changes [now part of upstream]
- d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
and 3932 machines (LP 1932175)
- d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
migration with audio devices present (LP 1940288)
* Added changes:
- update patches for qemu v6.2.0
- d/p/u/enable-svm-by-default.patch
- d/p/u/define-ubuntu-machine-types.patch
- d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
- d/rules: xen libexec dir is no more versioned
- d/rules: ensure xen is built on x86
- d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
Allow long kernel command lines for QEMU (LP: #1959984)
- d/kvm-spice: fix when acceleration is already defined on the commandline
- d/kvm-spice,d/qemu-system-x86_64-spice: also fix the other spice
compat wrapper
- d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
qemu (1:6.2+dfsg-2) unstable; urgency=medium
* bump meson build-dep to 0.59.3
* build & include multiboot_dma.bin (Closes: #1003930)
* libxml2 is not needed for parallels.
Enable parallels block image format (Closes: #1003162)
* acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch
Closes: CVE-2021-4158
* acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
(Closes: #1004017)
* acpi-fix-OEM_ID-padding.patch
* debian/get-orig-source.sh: repack dfsg archive differently
* mention closing of a few CVEs by 6.2.0
qemu (1:6.2+dfsg-1) unstable; urgency=medium
[ Christian Ehrhardt ]
* 6.2.0 upstream release
Closes: #984452, CVE-2021-20203
(integer overflow issue in the vmxnet3 NIC emulator)
Closes: #984453, CVE-2021-20196
(fdc: check drive block device before usage)
Closes: #984451, CVE-2021-20255
(infinite recursion / DMA reentrancy in eepro100 i8255x device emulator)
* d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean
* Drop patches upstream in v6.2.0
* d/p/spelling.diff: update for v6.2.0 (partially accepted)
* d/rules: use new --disable-install-blobs build arg
* Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe",
it is now in main (LP: #1934510)
* d/rules: bump skiboot version for qemu v6.2.0
* d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue
due to dfsg removal of blobs
* d/rules: drop --disable-fdt on microvm builds
(now strictly required on any x86 build)
* d/rules: select default PARISC config for hppa-firmware
qemu (1:6.1+dfsg-8) unstable; urgency=medium
* fix keymaps definitions placement in last upload
(Closes: #997925, #997926)
qemu (1:6.1+dfsg-7) unstable; urgency=medium
* qemu-system-data: do not install qemu.desktop (Closes: #995628)
* remove qemu-user-static.README.Debian (#995633)
* d/rules: update configure rules for different qemu builds
* qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64
* promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86
since it uses the same modules actually
* enable zstd compression support (Build-Depends)
* qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp
for the sdl ui
* d/control: fix wrong relation (< vs <<)
* d/control: use :native version of python3-sphynx (Closes: #995622)
* do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu
* quieten gcc11 warnings/errors so roms will compile (Closes: #997082)
* move d/qemu-system-data.install to d/rules
qemu (1:6.1+dfsg-6) unstable; urgency=medium
* virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
* ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
Closes: #992726, CVE-2021-3638:
inconsistent check in ati_2d_blt() may lead to out-of-bounds write
* refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch}
from upstream
* hmp-unbreak-change-vnc.patch from upstream
to fix 'change vnc passwd' command
qemu (1:6.1+dfsg-5) unstable; urgency=medium
* updated debian/patches/linux-user-binfmt-P.diff
to work with in-kernel code
Closes: #993658
* d/rules: do not mark configure target as .PHONY
since it is a real file
qemu (1:6.1+dfsg-4) unstable; urgency=medium
* qemu-sockets-fix-unix-socket-path-copy-again.patch
replacing socket-unix-maxlen.patch
Closes: #993145
* enable more devices for the microvm build:
virtio-gpu & vhost-user-gpu
virtio-input-host & vhost_user_input
* move vhost-user-gpu files from qemu-system-common to qemu-system-gui
this elminates X11 dependencies from non-gui qemu-system install
* build and install vof.bin firmware
* rearrange d/rules a bit to make different qemu builds
to be consistent with sysdata-components
* move ppc dtb firmware files from qemu-system-ppc to qemu-system-data
* device-tree-compiler is now needed in build-indep-depends,
not in build-depends
* d/rules: use CROSSPFX variables
* ubuntu only:
- Revert commit from the previous release which restores
relation between qemu-system-xen and qemu-system-gui
since -xen is not compatible with -gui modules
- qemu-system-xen does not suggest qemu-block-extra (incompatible too)
- qemu-system-s390x recommends qemu-block-extra not suggests it
qemu (1:6.1+dfsg-3) unstable; urgency=medium
* fix brown-paper bag in last upload (--enable-libudev)
* ubuntu only: restore relations (depends/recommends)
between qemu-system-gui and qemu-system-xen since -xen
replaces full qemu-system-x86 and acts the same way
qemu (1:6.1+dfsg-2) unstable; urgency=medium
* rearrange d/rules to be able to configure/build/install
various different kinds of qemu builds (main/microvm/xen/static)
separately, by splitting targets of d/rules into subtargets
* enable many virtio devices for microvm build (Closes: #992029)
* disable libudev and fuse for microvm build
* rearrange options for microvm build in d/rules
* tidy newly added assert in unix-domain socket handling code
to account for extra \0 terminator for socket pathname,
socket-unix-maxlen.patch (Closes: #993145)
* upstream qemu added ignoring of *.patch to .gitignore,
unignore them in d/.gitignore
* re-add 4 patches which were lost from git
during preparation for 6.1
(not affecting the source package)
* uas-add-stream-number-sanity-checks-CVE-2021-3713.diff
Closes: #992727, CVE-2021-3713
* Mention (some) bugs closed by 6.1 upstream
* Mention closing of #947349
qemu (1:6.1+dfsg-1) unstable; urgency=medium
* new upstream release (6.1.0)
Closes: CVE-2021-3607 (pvrdma: ensure correct input on ring init)
Closes: CVE-2021-3608 (pvrdma: unmap initialized dma address)
Closes: #989042, CVE-2021-3544 (vhost-user-gpu resource leaks)
Closes: #989042, CVE-2021-3545 (vhost-user-gpu memory disclosure)
Closes: #989042, CVE-2021-3546 (vhost-user-gpu OOBwr virgl_cmd_get_capset)
Closes: #991911, CVE-2021-3682 (pvrdma: possible mremap overflow)
* refresh patches, remove patches which were applied upstream
* remove newly appeared pc-bios/vof.bin in dfsg-clean
* add python3-sphinx-rtd-theme to build-depends
* removed qemu-system-moxie arch
* actually build many qemu modules as modules, and install
them in qemu-system-common.
* make strong versioned dependency between various qemu-system-*
packages, so that modules works correctly.
* drop very old versions from Build-Depends, Depends and Recommends
for packages which long has much more recent versions in debian
* up qemu-block-extra dependecy level from Suggests to Recommends
* d/control: stop suggesting sgabios by qemu-system-x86
* (experimental for now, needs more work) print name of the package
name for a module which can't be loaded, to give a clue what other
package one may need to install for the requested functionality
* fix some spelling mistakes in visible messages (spelling.diff)
* enable jack audio backend (in qemu-system-gui) (Closes: #984726)
* other small/internal changes in packaging:
- removed --disable-sheepdog which were dropped upstream
- install gui modules in d/rules not in d/q-s-gui.install
to be able to use wildcard in d/q-s-common.install
- recommend qemu-block-extra, not suggest it and not depend on it (ubuntu)
for qemu-system-* and qemu-utils
- reformat qemu "deps" for qemu-system-gui, stop listing -xen there
(it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only
- d/control: stop recommending -gui for xen package
(it is of no use for xen)
- d/control: reformat Depends for qemu-block-extra, do not include -xen
version there, mark -x390x as ubuntu-only,
and allow qemu-utils to satisfy the dependency
- do not install docs which does not exist anymore
- stop omiting Changelog from dh_installchangelog: the file is long gone
- d/rules: explicitly state version of skiboot as it is stored
in a git tag only, or else skiboot does not build (hack)
- put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so
to qemu-system-gui as it pulls in X11
qemu (1:6.0+dfsg-4) unstable; urgency=medium
* d/rules: fix last ubuntu merge, xen is x86-only, not all-debian
qemu (1:6.0+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* enable /run/qemu mount on ubuntu only
* usbredir-fix-free-call-CVE-2021-3682.patchi
Closes: #991911, CVE-2021-3682
[ Christian Ehrhardt ]
* ubuntu-only changes:
- d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra
- d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe package
qemu-system-x86-xen as alternative
* d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch:
avoid segfaults by uretprobes (LP 1929926)
-- Christian Ehrhardt <email address hidden> Wed, 05 Jan 2022 12:18:25 +0100
-
qemu (1:6.2+dfsg-2ubuntu1) jammy; urgency=medium
* Merge with Debian unstable, remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
add patch to workaround FTBFS when building against OpenSSL 3.0.
- d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
-fcf-protection being unavailble on -march=i486 (LP 1940029)
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
* Dropped Changes [now part of 1:6.1+dfsg-8]:
- updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
(#993658) (LP 1947860)
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
* Dropped Changes [now part of upstream]
- d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
and 3932 machines (LP 1932175)
- d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
migration with audio devices present (LP 1940288)
* Added changes:
- update patches for qemu v6.2.0
- d/p/u/enable-svm-by-default.patch
- d/p/u/define-ubuntu-machine-types.patch
- d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch
- d/rules: xen libexec dir is no more versioned
- d/rules: ensure xen is built on x86
- d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
Allow long kernel command lines for QEMU (LP: #1959984)
- d/kvm-spice: fix when acceleration is already defined on the commandline
- d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
qemu (1:6.2+dfsg-2) unstable; urgency=medium
* bump meson build-dep to 0.59.3
* build & include multiboot_dma.bin (Closes: #1003930)
* libxml2 is not needed for parallels.
Enable parallels block image format (Closes: #1003162)
* acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch
Closes: CVE-2021-4158
* acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
(Closes: #1004017)
* acpi-fix-OEM_ID-padding.patch
* debian/get-orig-source.sh: repack dfsg archive differently
* mention closing of a few CVEs by 6.2.0
qemu (1:6.2+dfsg-1) unstable; urgency=medium
[ Christian Ehrhardt ]
* 6.2.0 upstream release
Closes: #984452, CVE-2021-20203
(integer overflow issue in the vmxnet3 NIC emulator)
Closes: #984453, CVE-2021-20196
(fdc: check drive block device before usage)
Closes: #984451, CVE-2021-20255
(infinite recursion / DMA reentrancy in eepro100 i8255x device emulator)
* d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean
* Drop patches upstream in v6.2.0
* d/p/spelling.diff: update for v6.2.0 (partially accepted)
* d/rules: use new --disable-install-blobs build arg
* Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe",
it is now in main (LP: #1934510)
* d/rules: bump skiboot version for qemu v6.2.0
* d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue
due to dfsg removal of blobs
* d/rules: drop --disable-fdt on microvm builds
(now strictly required on any x86 build)
* d/rules: select default PARISC config for hppa-firmware
qemu (1:6.1+dfsg-8) unstable; urgency=medium
* fix keymaps definitions placement in last upload
(Closes: #997925, #997926)
qemu (1:6.1+dfsg-7) unstable; urgency=medium
* qemu-system-data: do not install qemu.desktop (Closes: #995628)
* remove qemu-user-static.README.Debian (#995633)
* d/rules: update configure rules for different qemu builds
* qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64
* promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86
since it uses the same modules actually
* enable zstd compression support (Build-Depends)
* qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp
for the sdl ui
* d/control: fix wrong relation (< vs <<)
* d/control: use :native version of python3-sphynx (Closes: #995622)
* do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu
* quieten gcc11 warnings/errors so roms will compile (Closes: #997082)
* move d/qemu-system-data.install to d/rules
qemu (1:6.1+dfsg-6) unstable; urgency=medium
* virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
* ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
Closes: #992726, CVE-2021-3638:
inconsistent check in ati_2d_blt() may lead to out-of-bounds write
* refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch}
from upstream
* hmp-unbreak-change-vnc.patch from upstream
to fix 'change vnc passwd' command
qemu (1:6.1+dfsg-5) unstable; urgency=medium
* updated debian/patches/linux-user-binfmt-P.diff
to work with in-kernel code
Closes: #993658
* d/rules: do not mark configure target as .PHONY
since it is a real file
qemu (1:6.1+dfsg-4) unstable; urgency=medium
* qemu-sockets-fix-unix-socket-path-copy-again.patch
replacing socket-unix-maxlen.patch
Closes: #993145
* enable more devices for the microvm build:
virtio-gpu & vhost-user-gpu
virtio-input-host & vhost_user_input
* move vhost-user-gpu files from qemu-system-common to qemu-system-gui
this elminates X11 dependencies from non-gui qemu-system install
* build and install vof.bin firmware
* rearrange d/rules a bit to make different qemu builds
to be consistent with sysdata-components
* move ppc dtb firmware files from qemu-system-ppc to qemu-system-data
* device-tree-compiler is now needed in build-indep-depends,
not in build-depends
* d/rules: use CROSSPFX variables
* ubuntu only:
- Revert commit from the previous release which restores
relation between qemu-system-xen and qemu-system-gui
since -xen is not compatible with -gui modules
- qemu-system-xen does not suggest qemu-block-extra (incompatible too)
- qemu-system-s390x recommends qemu-block-extra not suggests it
qemu (1:6.1+dfsg-3) unstable; urgency=medium
* fix brown-paper bag in last upload (--enable-libudev)
* ubuntu only: restore relations (depends/recommends)
between qemu-system-gui and qemu-system-xen since -xen
replaces full qemu-system-x86 and acts the same way
qemu (1:6.1+dfsg-2) unstable; urgency=medium
* rearrange d/rules to be able to configure/build/install
various different kinds of qemu builds (main/microvm/xen/static)
separately, by splitting targets of d/rules into subtargets
* enable many virtio devices for microvm build (Closes: #992029)
* disable libudev and fuse for microvm build
* rearrange options for microvm build in d/rules
* tidy newly added assert in unix-domain socket handling code
to account for extra \0 terminator for socket pathname,
socket-unix-maxlen.patch (Closes: #993145)
* upstream qemu added ignoring of *.patch to .gitignore,
unignore them in d/.gitignore
* re-add 4 patches which were lost from git
during preparation for 6.1
(not affecting the source package)
* uas-add-stream-number-sanity-checks-CVE-2021-3713.diff
Closes: #992727, CVE-2021-3713
* Mention (some) bugs closed by 6.1 upstream
* Mention closing of #947349
qemu (1:6.1+dfsg-1) unstable; urgency=medium
* new upstream release (6.1.0)
Closes: CVE-2021-3607 (pvrdma: ensure correct input on ring init)
Closes: CVE-2021-3608 (pvrdma: unmap initialized dma address)
Closes: #989042, CVE-2021-3544 (vhost-user-gpu resource leaks)
Closes: #989042, CVE-2021-3545 (vhost-user-gpu memory disclosure)
Closes: #989042, CVE-2021-3546 (vhost-user-gpu OOBwr virgl_cmd_get_capset)
Closes: #991911, CVE-2021-3682 (pvrdma: possible mremap overflow)
* refresh patches, remove patches which were applied upstream
* remove newly appeared pc-bios/vof.bin in dfsg-clean
* add python3-sphinx-rtd-theme to build-depends
* removed qemu-system-moxie arch
* actually build many qemu modules as modules, and install
them in qemu-system-common.
* make strong versioned dependency between various qemu-system-*
packages, so that modules works correctly.
* drop very old versions from Build-Depends, Depends and Recommends
for packages which long has much more recent versions in debian
* up qemu-block-extra dependecy level from Suggests to Recommends
* d/control: stop suggesting sgabios by qemu-system-x86
* (experimental for now, needs more work) print name of the package
name for a module which can't be loaded, to give a clue what other
package one may need to install for the requested functionality
* fix some spelling mistakes in visible messages (spelling.diff)
* enable jack audio backend (in qemu-system-gui) (Closes: #984726)
* other small/internal changes in packaging:
- removed --disable-sheepdog which were dropped upstream
- install gui modules in d/rules not in d/q-s-gui.install
to be able to use wildcard in d/q-s-common.install
- recommend qemu-block-extra, not suggest it and not depend on it (ubuntu)
for qemu-system-* and qemu-utils
- reformat qemu "deps" for qemu-system-gui, stop listing -xen there
(it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only
- d/control: stop recommending -gui for xen package
(it is of no use for xen)
- d/control: reformat Depends for qemu-block-extra, do not include -xen
version there, mark -x390x as ubuntu-only,
and allow qemu-utils to satisfy the dependency
- do not install docs which does not exist anymore
- stop omiting Changelog from dh_installchangelog: the file is long gone
- d/rules: explicitly state version of skiboot as it is stored
in a git tag only, or else skiboot does not build (hack)
- put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so
to qemu-system-gui as it pulls in X11
qemu (1:6.0+dfsg-4) unstable; urgency=medium
* d/rules: fix last ubuntu merge, xen is x86-only, not all-debian
qemu (1:6.0+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* enable /run/qemu mount on ubuntu only
* usbredir-fix-free-call-CVE-2021-3682.patchi
Closes: #991911, CVE-2021-3682
[ Christian Ehrhardt ]
* ubuntu-only changes:
- d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra
- d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe package
qemu-system-x86-xen as alternative
* d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch:
avoid segfaults by uretprobes (LP 1929926)
-- Christian Ehrhardt <email address hidden> Wed, 05 Jan 2022 12:18:25 +0100
-
qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium
* d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
add patch to workaround FTBFS when building against OpenSSL 3.0.
Thanks to Christian Ehrhardt (LP: #1952448)
-- Paride Legovini <email address hidden> Fri, 26 Nov 2021 15:47:51 +0100
-
qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium
* No-change rebuild against liburing2
-- Paride Legovini <email address hidden> Mon, 22 Nov 2021 18:00:26 +0100
-
qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium
* updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code
(#993658) (LP: #1947860)
-- Christian Ehrhardt <email address hidden> Wed, 03 Nov 2021 14:10:56 +0100
-
qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium
* Merge with Debian experimental, remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
- d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
for v6.0
- d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
* Dropped Changes [in 1:6.0+dfsg-2exp]:
- d/control-in: Disable capstone disassembler library support (universe)
- Disable fuse export (universe dependency)
- Ease the use of module retention on upgrades (LP 1913421)
- d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
- d/rules: only save modules if /run/qemu isn't noexec
- d/rules: clear all (current and former) modules on purge
- d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
upgrade issues (LP 1932264)
- Enable SDL as secondary UI backend (LP 1256185)
- d/control: add build dependency libsdl2-dev
- d/control: enable sdl graphics on build
- d/qemu-system-gui.install: add ui-sdl.so
- d/control: add runtime dependency to libgl1
* Dropped Changes [no more needed]
- let qemu-utils recommend sharutils
* Added changes:
- d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
-fcf-protection being unavailble on -march=i486 (LP: #1940029)
- d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931
and 3932 machines (LP: #1932175)
- d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix
migration with audio devices present (LP: #1940288)
qemu (1:6.0+dfsg-2exp) experimental; urgency=medium
[ Christian Ehrhardt ]
* qemu 6.0 broke libvirt <7.2, add a Breaks
to avoid partial upgrade issues (LP: #1932264)
* enable SDL as secondary UI backend (LP: #1256185)
* clear all (current and former) modules on purge
* only save modules if /run/qemu isn't noexec
* provide run-qemu.mount in qemu-block-extra
(disabled in debian for now)
* Disable capstone disassembler library support in ubuntu (universe)
[ Michael Tokarev ]
* qemu does not ship Changelog file anymore
* drop version from libfuse-dev build-depends (noticed by Ville Skyttä)
* a few patches from upstream stable:
- target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch
fix various crashes in ppc system emulation.
Thanks to Christian Ehrhardt for pointing this out
- pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch
(Closes: #990565, CVE-2021-3582)
- pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch
(Closes: #990564, CVE-2021-3607)
- pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch
(Closes: #990563, CVE-2021-3608)
- usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch
usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch
(Closes: #988157, CVE-2021-3527)
* mention closing of 3 bugs in am53c974 (ESP) device emulation by 6.0
(Closes: #979679, CVE-2020-35504)
(Closes: #984455, CVE-2020-35505)
(Closes: #984454, CVE-2020-35506)
* make fuse debian-only, since libfuse3 in ubuntu is in universe
* fix microvm default machine type for a new build system (LP: #1936894)
-- Christian Ehrhardt <email address hidden> Thu, 12 Aug 2021 15:35:12 +0200