-
qemu (1:7.0+dfsg-7ubuntu2.6) kinetic-security; urgency=medium
* SECURITY UPDATE: user-after-free issue
- debian/patches/CVE-2022-1050.patch: Protect against buggy or
malicious guest driver
- CVE-2022-1050
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2022-4144-*.patch: Have qxl_log_command Return
early if no log_cmd handler; Document qxl_phys2virt(); Pass requested
buffer size to qxl_phys2virt(); Avoid buffer overrun in qxl_phys2virt;
Assert memory slot fits in preallocated MemoryRegion
- CVE-2022-4144
* SECURITY UPDATE: integer and buffer overflow issue
- debian/patches/CVE-2022-4172.patch: Fix memory handling issues
- CVE-2022-4172
* SECURITY UPDATE: reentrancy problem
- debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
controller
- CVE-2023-0330
-- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 17:04:15 +0530
-
qemu (1:7.0+dfsg-7ubuntu2.5) kinetic; urgency=medium
* d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
hot-unplug requests by making ACPI PCI able to requeue them.
(LP: #2018733)
-- Sergio Durigan Junior <email address hidden> Fri, 26 May 2023 17:38:19 -0400
-
qemu (1:7.0+dfsg-7ubuntu2.4) kinetic; urgency=medium
* d/p/u/lp-2019766-target-arm-kvm-Retry-KVM_CREATE_VM-call-if-it-fails-.patch:
ARM: Retry KVM_CREATE_VM when it returns EINTR (LP: #2019766)
-- dann frazier <email address hidden> Tue, 16 May 2023 14:59:50 -0600
-
qemu (1:7.0+dfsg-7ubuntu2.3) kinetic; urgency=medium
* d/p/u/lp-1999885-s390x-tod-kvm-don-t-save-restore-the-TOD-in-PV-guest.patch:
avoid timer issues in s390x secure execution guests (LP: #1999885)
* d/p/u/lp-2011832-*: fix emulation issues in mips (LP: #2011832)
-- Christian Ehrhardt <email address hidden> Thu, 23 Mar 2023 08:18:28 +0100
-
qemu (1:7.0+dfsg-7ubuntu2.2) kinetic; urgency=medium
[ Brett Milford ]
* d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP: #1994002)
[ Mauricio Faria de Oliveira ]
* d/p/u/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch: Add hint
to VFIO_MAP_DMA error on AMD IOMMU for VMs with ~1TB+ RAM (LP: #2009048)
-- Mauricio Faria de Oliveira <email address hidden> Thu, 02 Mar 2023 17:29:05 -0300
-
qemu (1:7.0+dfsg-7ubuntu2.1) kinetic-security; urgency=medium
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- CVE-2022-0216
* SECURITY UPDATE: heap overflow vulnerability
- debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
memories
- CVE-2022-2962
* SECURITY UPDATE: integer underflow vulnerability
- debian/patches/CVE-2022-3165.patch: fix integer underflow in
vnc_client_cut_text_ext
- CVE-2022-3165
-- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:52:29 +0530
-
qemu (1:7.0+dfsg-7ubuntu2) kinetic; urgency=medium
[ Paride Legovini ]
* d/rules: disable LTO on non-amd64 builds (LP: #1921664)
* GCC-12 FTBFS (LP: #1988710)
- d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
Silence -Warray-bounds false positive (treated as error)
[ Christian Ehrhardt ]
* More on GCC-12 FTBFS (LP 1988710)
- d/rules: set -O1 for alpha firmware build
- d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
further FTBFS fixup
-- Christian Ehrhardt <email address hidden> Mon, 19 Sep 2022 08:07:24 +0200
-
qemu (1:7.0+dfsg-7ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1971315)(LP: #1980896), remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- Fix I/O stalls when using NVMe storage (LP 1970737).
- d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
in laio_io_unplug.
- SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* Dropped Changes [now part of 1:7.0+dfsg-7]:
- d/rules: xen libexec dir is no more versioned
- d/rules: ensure xen is built on x86
- d/kvm-spice: fix when acceleration is already defined on the commandline
- debian/control[-in]: no more disable glusterfs in Ubuntu (LP 1246924)
* Dropped Changes [now part of upstream v7.0.0]
- d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
Allow long kernel command lines for QEMU (LP 1959984)
- d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list
- d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
tcg on s390x.
- Fix diff handling on ceph that can cause data corruption (LP 1968258)
- d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
- d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
- d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
in vnc connections (LP 1970563)
- All CVE fixes of 1:6.2+dfsg-2ubuntu8 except CVE-2021-3507
* Dropped Changes
- d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch:
add patch to workaround FTBFS when building against OpenSSL 3.0.
[ now working with OpenSSL 3.0 ]
- d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix
-fcf-protection being unavailble on -march=i486 (LP 1940029)
[ fixed in compiler toolchain ]
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
[ no more needed]
* Added Changes
- d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
landed in Debian but under a different name.
- d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch: fix qboot FTBFS
with LTO
- d/p/u/lp-1981339-*: fix s390x system emulation (LP: #1981339)
qemu (1:7.0+dfsg-7) unstable; urgency=medium
* d/tests/test-qemu-user: rework ls/glob test a bit
* d/tests/test-qemu-user: fix ppc64le qemu architecture name
* d/binfmt-install: use proper name for binfmt.d (*.conf)
Hopefully closes: #1011003
* two virtio-scsi bugfixes from upstream:
virtio-scsi-fix-ctrl-and-event-handler-functions-in-dataplane.patch
virtio-scsi-don-t-waste-CPU-polling-the-event-virtqueue.patch
* 3 patches from upstream to fix possible coroutine crashes:
coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
coroutine-rename-qemu_coroutine_inc-dec_pool_size.patch
coroutine-revert-to-constant-batch-size.patch
* target-i386-do-not-consult-nonexistent-host-leaves.patch
* d/control: stop suggesting sudo for qemu-user-static
* Revert "d/rules: do not try to enable tcg-interpreter on unsupported
targets, it does not help anymore" - it does help but it needs a bit
more work
* disable xen support for qemu-system-x86 build and create a wrapper
for -i386 to redirect xen-related usage to xen-specific binary
with a warning (for bookworm only)
* common-user-no-user.patch: fix one of FTBFS on unsupported architectures
* d/rules: use regular variable assignment for BUILD_PACKAGES
* two trivial patches to fix spelling in roms:
openbios-spelling-endianess.patch
slof-spelling-seperator.patch
qemu (1:7.0+dfsg-6) unstable; urgency=medium
* d/rules: the forgotten --enable-xen-pci-passthrough for the xen build
* d/tests/test-qemu-user: rewrite to be more robust and complete and
include test for qemu-user-static too.
qemu (1:7.0+dfsg-5) unstable; urgency=medium
* d/tests/test-qemu-user.sh: more arch-specific debugging/updates
qemu (1:7.0+dfsg-4) unstable; urgency=medium
* d/tests/: fix failing tests.
- test-qemu-user: depend on gcc for dpkg-architecture to work,
and print debugging info for future switch to uname -m
- test-qemu-img: switch from using file to qemu-img info
qemu (1:7.0+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* d/binfmt-install: also generate binfmt.d/ entries for systemd
* d/control: use systemd as preferred alternative to binfmt-support
hopefully Closes: #789011 (Minimal dependencies to register binfmt)
Closes: #985889 (make binfmt setup configurable)
* d/control: remove Riku Voipio from Uploaders. Thank you Riku!
* d/rules: simplify DEB_BUILD_OPTIONS=parallel=N parsing
[ Guido Günther ]
* Add minimal autopkgtest (Closes: #832982)
qemu (1:7.0+dfsg-2) unstable; urgency=medium
* d/control: add Rules-Requires-Root: no
* d/control: switch to debhelper-compat=13
* d/control: drop "qemu" empty/dummy pseudopackage
* d/control: do not build linux-user* on ia64 and powerpc
(not supported by upstream anymore)
* d/control: add Breaks for qemu-system-data for other packages from which
it borrowed files in the past (Closes: #1008095)
* d/rules: switch to the dh sequence (but keep build-{arch,indep}),
rearrange some rules.
This brings us dh_dwz (very slow) and dh_strip_nondeterminism.
* d/rules: do not explicitly turn off slirp & capstone (now properly
controlled by --with[out]-default-features option)
* d/rules: do not try to enable tcg-interpreter on the unsupported
targets, it does not help to build tools anymore
* d/rules: do not chown -w d/control, it breaks dpkg-source
* d/rules: clean up the clean target
* d/not-installed: list many documentation files and qemu-plugin.h
* configure-make-fortify_source-yes-by-default.patch: enable
fortify-source for minimal builds too
* d/changelog: mention #990562 (CVE-2021-3611) closed by 7.0
qemu (1:7.0+dfsg-1) unstable; urgency=medium
* update to 7.0 release
qemu (1:7.0~rc4+dfsg-1) experimental; urgency=medium
* New upstream 7.0 (rc)
Closes: #990562, CVE-2021-3611
* remove patches applied upstream
* remove new binary file, pc-bios/edk2-x86_64-microvm.fd.bz2
* d/control: remove libxfs-dev build dependency,
the ioctl is implemented inline
* d/control: stop build-depend-indep on libc6.1-dev-alpha-cross,
not needed anymore
* d/rules: update skiboot version check (skiboot hasn't canged since 6.1)
* build & install vbootrom (npcm7xx_bootrom.bin), and
build-depend-indep on gcc-arm-none-eabi
* create a new binary package, qemu-system-xen, which provides
/usr/libexec/xen-qemu-system-i386 binary for use by xen only.
Once xen switches to use this binary instead of usual qemu-system-i386,
xen support will be removed from the regular qemu-system-x86 build
* use a fast inline version of /usr/share/dpkg/architecture.mk
qemu (1:6.2+dfsg-3) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/rules: ensure xen is built on x86
* d/rules: xen libexec dir is no more versioned
* d/kvm-spice: fix when acceleration is already defined on the commandline
[ Michael Tokarev ]
* d/control, d/rules: do not compile xen support on i386,
since it is amd64-only now (since 4.16)
* d/control: add libbpf-dev & --enable-bpf for eBPF support
(Closes: #994573)
-- Christian Ehrhardt <email address hidden> Tue, 05 Jul 2022 12:07:19 +0200
-
qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: use-after-free in nvme
- debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
device itself in hw/nvme/ctrl.c.
- CVE-2021-3929
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: potential privilege escalation in virtiofsd
- debian/patches/CVE-2022-0358.patch: Drop membership of all
supplementary groups in tools/virtiofsd/passthrough_ll.c.
- CVE-2022-0358
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock-common.c.
- CVE-2022-26354
[ Sergio Durigan Junior ]
* Fix I/O stalls when using NVMe storage (LP: #1970737).
- d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
in laio_io_unplug.
-- Sergio Durigan Junior <email address hidden> Wed, 22 Jun 2022 15:38:37 -0400
-
qemu (1:6.2+dfsg-2ubuntu7) kinetic; urgency=medium
* d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
in vnc connections (LP: #1970563)
-- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:25:20 +0200
-
qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
* debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
* Fix diff handling on ceph that can cause data corruption (LP: #1968258)
- d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
- d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
-- Christian Ehrhardt <email address hidden> Fri, 08 Apr 2022 09:36:34 +0200