-
qemu (1:7.2+dfsg-5ubuntu2.4) lunar-security; urgency=medium
* SECURITY UPDATE: OOB read in RDMA device
- debian/patches/CVE-2023-1544.patch: protect against buggy or
malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
- CVE-2023-1544
* SECURITY UPDATE: 9pfs special file access
- debian/patches/CVE-2023-2861.patch: prevent opening special files in
fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
- CVE-2023-2861
* SECURITY UPDATE: heap overflow in crypto device
- debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
sym request in hw/virtio/virtio-crypto.c.
- CVE-2023-3180
* SECURITY UPDATE: infinite loop in VNC server
- debian/patches/CVE-2023-3255.patch: fix infinite loop in
inflate_buffer in ui/vnc-clipboard.c.
- CVE-2023-3255
* SECURITY UPDATE: race in virtio-net hot-unplug
- debian/patches/CVE-2023-3301.patch: do not cleanup the vdpa/vhost-net
structures if peer nic is present in net/vhost-vdpa.c.
- CVE-2023-3301
* SECURITY UPDATE: DoS in VNC server
- debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
closed during handshake in include/io/channel-tls.h,
io/channel-tls.c.
- CVE-2023-3354
* SECURITY UPDATE: division by zero via scsi block size
- debian/patches/CVE-2023-42467.patch: disallow block sizes smaller
than 512 in hw/scsi/scsi-disk.c.
- CVE-2023-42467
* SECURITY UPDATE: disk offset 0 access
- debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
resetting state in hw/ide/core.c.
- CVE-2023-5088
-- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 08:34:55 -0500
-
qemu (1:7.2+dfsg-5ubuntu2.3) lunar; urgency=medium
* d/rules: remove --no-start for qemu-guest-agent (LP: #2028124)
-- Mitchell Dzurick <email address hidden> Thu, 31 Aug 2023 05:38:41 -0700
-
qemu (1:7.2+dfsg-5ubuntu2.2) lunar-security; urgency=medium
* SECURITY UPDATE: reentrancy problem
- debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
controller
- CVE-2023-0330
-- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 17:07:25 +0530
-
qemu (1:7.2+dfsg-5ubuntu2.1) lunar; urgency=medium
* d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
hot-unplug requests by making ACPI PCI able to requeue them.
(LP: #2018733)
-- Sergio Durigan Junior <email address hidden> Fri, 26 May 2023 15:57:03 -0400
-
qemu (1:7.2+dfsg-5ubuntu2) lunar; urgency=medium
* Fix FTBFS with glibc >= 2.36. (LP: #2015418)
- d/p/fix-ftbfs-glibc-*.patch: Revert now-unnecessary
upstream commits that were working around a glibc issue.
-- Sergio Durigan Junior <email address hidden> Wed, 05 Apr 2023 20:10:13 -0400
-
qemu (1:7.2+dfsg-5ubuntu1) lunar; urgency=medium
* Re-merge with Debian unstable to pick up stabilization fixes
remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
landed in Debian but under a different name.
- Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
+ d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
fix qboot FTBFS with LTO
- d/control-in: libnfs is in main since focal, enable direct nfs
storage support (LP 1988704)
- d/control-in: libsndio is in universe in ubuntu
qemu (1:7.2+dfsg-5) unstable; urgency=medium
* d/qemu-guest-agent.udev: fix missing comma
(Christian Schneider <email address hidden>, Closes: #1031838)
* remove qemu-make-debian-root.
Ths script debian/qemu-make-debian-root has been broken for ages.
In 2023, it creates /etc/fstab with a reference to /dev/hda1, and
edits /etc/inittab which does not exist. And no one noticed, - so
it's safe to assume it is not used anymore. Just remove it.
* re-pick qemu-stable patches from master (the same patch contents):
master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch
master/target-i386-Fix-BEXTR-instruction.patch
master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
master/target-i386-fix-ADOX-followed-by-ADCX.patch
* 20 more changes picked from upstream/master:
master/target-i386-Fix-BZHI-instruction.patch
master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch
master/hw-smbios-fix-field-corruption-in-type-4-table.patch
master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch
master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch
master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch
master/Revert-x86-use-typedef-for-SetupData-struct.patch
master/Revert-x86-return-modified-setup_data-only-if-read-a.patch
master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch
master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch
master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch
master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch
master/virtio-rng-pci-fix-migration-compat-for-vectors.patch
master/virtio-rng-pci-fix-transitional-migration-compat-for.patch
master/hw-timer-hpet-Fix-expiration-time-overflow.patch
master/vdpa-stop-all-svq-on-device-deletion.patch
master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch
master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch
master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch
master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch
master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch
-- Christian Ehrhardt <email address hidden> Tue, 07 Mar 2023 08:50:45 +0100
-
qemu (1:7.2+dfsg-4ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993438), among many other fixes
this resolvs these bugs:
(LP: #1957924) - support for querying stats,
(LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
(LP: #1959966) - guest dump encryption with customer keys (s390x)
(LP: #1999885) - pv: don't allow userspace to set the clock under PV
(LP: #1957924) - add filtering of statistics by target vCPU
remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
landed in Debian but under a different name.
- Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
+ d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
fix qboot FTBFS with LTO
* Dropped Changes [now part of upstream v7.2.0]
- d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP 1994002)
- d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
Fix FTBFS with libbpf 1.0.1-2.
+ Header updates that were added as part of the libbpf fixes
but not mentioned in changelog
- d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
- Fix I/O stalls when using NVMe storage (LP 1970737).
+ d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
in laio_io_unplug.
- SECURITY UPDATE: heap overflow in floppy disk emulator
+ debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- SECURITY UPDATE: use-after-free vulnerability
+ debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- SECURITY UPDATE: heap overflow vulnerability
+ debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
memories
- SECURITY UPDATE: integer underflow vulnerability
+ debian/patches/CVE-2022-3165.patch: fix integer underflow in
vnc_client_cut_text_ext
* Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
[not all are needed in lunar]
- d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
Silence -Warray-bounds false positive [no more needed]
- d/rules: set -O1 for alpha firmware build
- d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
further FTBFS fixup
* Dropped Changes [in Debian 1:7.2+dfsg-3]
- d/rules: disable LTO on non-amd64 builds (LP 1921664)
* Added Changes
- d/control-in: libnfs is in main since focal, enable direct nfs
storage support (LP: #1988704)
- d/control-in: libsndio is in universe in ubuntu
qemu (1:7.2+dfsg-4) unstable; urgency=medium
* block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch:
re-pick now from master (the same patch, moved to master/).
* revert x86-don-t-let-decompressed-kernel-image-clobber-setu.patch
Closes: ##1031682 .
This turned out to be wrong move, breaking more stuff than fixing.
Upstream is going to revert it too.
qemu (1:7.2+dfsg-3) unstable; urgency=medium
[ Paride Legovini ]
* Disable LTO on non-amd64 builds (LP: #1921664)
[ Michael Tokarev ]
* target-arm-Fix-physical-address-resolution-for-Stage2.patch:
re-fetch now from master branch
* 4 more patches picked from master:
x86-don-t-let-decompressed-kernel-image-clobber-setu.patch
migration-ram-Fix-error-handling-in-ram_write_tracki.patch
migration-ram-Fix-populate_read_range.patch
qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch
* 5 fixes picked from current pullreqs:
block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch
tests_tcg_i386-introduce-and-use-reg_t-consistently.patch
target_i386-fix-BEXTR-instruction.patch
target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
target_i386-fix-ADOX-followed-by-ADCX.patch
* disable dwz on certain architectures for older dwz
(FTBFS on bullseye, #968670)
qemu (1:7.2+dfsg-2) unstable; urgency=medium
* d/rules: add -ffile-prefix-map when building skiboot
* d/control: provide qemu-kvm in qemu-system-misc on s390x
(Closes: #1029309)
* d/control: drop dependency of qemu-guest-agent on lsb-base
* Picked patches from qemu master branch tagged for qemu-stable
up to commit deabea6e88 (2023-02-02):
target-sh4-Mask-restore-of-env-flags-from-tb-flags.patch
vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch
virtio-mem-Fix-the-bitmap-index-of-the-section-offse.patch
virtio-mem-Fix-the-iterator-variable-in-a-vmem-rdl_l.patch
target-arm-fix-handling-of-HLT-semihosting-in-system.patch
meson-accept-relative-symlinks-in-meson-introspect-i.patch
target-riscv-Set-pc_succ_insn-for-rvc-illegal-insn.patch
acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch
hw-nvme-fix-missing-endian-conversions-for-doorbell-.patch
hw-nvme-fix-missing-cq-eventidx-update.patch
configure-fix-GLIB_VERSION-for-cross-compilation.patch
target-arm-Fix-sve_probe_page.patch
target-arm-allow-writes-to-SCR_EL3.HXEn-bit-when-FEA.patch
target-arm-Fix-in_debug-path-in-S1_ptw_translate.patch
* Also: target-arm-Fix-physical-address-resolution-for-Stage.patch
qemu (1:7.2+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #1025123 CVE-2022-4172
(erst: undefined behavior in memcpy in write_erst_record)
Closes: #1021981 qemu-user: faccessat2 is not implemented
Closes: #1021019 CVE-2022-3165 (VNC: integer underflow in
vnc_client_cut_text_ext leads to CPU exhaustion)
* remove patches applied upstream
* refresh note-missing-module-pkg-name.diff
* slirp is always external package now, not a submodule anymore
* d/control: require meson >> 0.61.5~ for build
* spelling.diff: update with more spelling error
* add some lintian-overrides
* fix minor spelling errors in patches
* d/control: Bump Standards-Version to 4.6.1
* debian shell programs use "which" instead of the "command -v",
fix that (Closes: #1018254)
* Better fix for #1019011 (gcc ICE building palcode-clipper), use -O1
instead of -O2 for the failing compile when it actually fails
(no need to depend on gcc-11, Closes: #1011003)
qemu (1:7.1+dfsg-2) unstable; urgency=medium
* tulip-restrict-DMA-engine-to-memories-CVE-2022-2962.patch
fix possible stack or heap overflow (tulip: DMA reentrancy issue)
Closes: #1018055, CVE-2022-2962
* hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
fix possible use-after-free in paravirtual RDMA device.
Closes: #1014589, CVE-2022-1050
* mention closing of #979677 (CVE-2020-14394) by 7.1
* d/rules: parametrify extra-cflags & extra-ldflags
* d/rules: explicitly disable pie on arm64 due to
https://sourceware.org/bugzilla/show_bug.cgi?id=29514
Fixes FTBFS.
qemu (1:7.1+dfsg-1) unstable; urgency=medium
* new upstream release (7.1)
Closes: #1014958, CVE-2022-35414
Closes: #1014590, CVE-2022-0216
Closes: #979677, CVE-2020-14394
Closes: #987410, CVE-2021-3507
Closes: #988333, #1018913
* d/copyright:
- remove mentions of slirp (packaged separately)
- blindly convert to dep-5 (it needs a complete rewrite)
- add Files-Excluded from d/get-orig-source.sh
* d/gbp.conf: remove filter= (and whole [import-orig])
* d/watch: verify upstream tarballs
* d/rules: stop faking skiboot version, it is now properly included in
roms/skiboot/.version file. Add a dependency on this file too
* d/patches:
- remove use-fixed-data-path.patch: not needed anymore
- linux-user-binfmt-P.diff: refresh
- remove patches applied upstream
* d/control:
- it is --enable-capstone now, not --enable-capstone=system
- it is --enable-png now, not --enable-vnc-png
* d/rules: fix --enable-vhost-* options
* d/rules: remove vnc-png for xen too
* openbios-array-bounds-gcc12.patch
* opensbi-fix-build-with-binutils-2.38.patch
* d/rules: adopt vof build changes
* d/qemu-system-data.docs: omit ccid.txt (removed)
* temporary workaround for gcc-12 bug #1019011: use gcc-11-alpha-linux-gnu
instead of gcc-alpha-linux-gnu (another option is to use -Os)
* d/control: temporarily build-depend on libva-dev till #1019485 is fixed
* add loongarch64 qemu-user and qemu-user arch
-- Christian Ehrhardt <email address hidden> Wed, 04 Jan 2023 13:18:43 +0100
-
qemu (1:7.2+dfsg-3ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993438), among many other fixes
this resolvs these bugs:
(LP: #1957924) - support for querying stats,
(LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
(LP: #1959966) - guest dump encryption with customer keys (s390x)
(LP: #1999885) - pv: don't allow userspace to set the clock under PV
(LP: #1957924) - add filtering of statistics by target vCPU
remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
landed in Debian but under a different name.
- Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
+ d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
fix qboot FTBFS with LTO
* Dropped Changes [now part of upstream v7.2.0]
- d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP 1994002)
- d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
Fix FTBFS with libbpf 1.0.1-2.
+ Header updates that were added as part of the libbpf fixes
but not mentioned in changelog
- d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
- Fix I/O stalls when using NVMe storage (LP 1970737).
+ d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
in laio_io_unplug.
- SECURITY UPDATE: heap overflow in floppy disk emulator
+ debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- SECURITY UPDATE: use-after-free vulnerability
+ debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- SECURITY UPDATE: heap overflow vulnerability
+ debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
memories
- SECURITY UPDATE: integer underflow vulnerability
+ debian/patches/CVE-2022-3165.patch: fix integer underflow in
vnc_client_cut_text_ext
* Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
[not all are needed in lunar]
- d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
Silence -Warray-bounds false positive [no more needed]
- d/rules: set -O1 for alpha firmware build
- d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
further FTBFS fixup
* Dropped Changes [in Debian 1:7.2+dfsg-3]
- d/rules: disable LTO on non-amd64 builds (LP 1921664)
* Added Changes
- d/control-in: libnfs is in main since focal, enable direct nfs
storage support (LP: #1988704)
- d/control-in: libsndio is in universe in ubuntu
qemu (1:7.2+dfsg-3) unstable; urgency=medium
[ Paride Legovini ]
* Disable LTO on non-amd64 builds (LP: #1921664)
[ Michael Tokarev ]
* target-arm-Fix-physical-address-resolution-for-Stage2.patch:
re-fetch now from master branch
* 4 more patches picked from master:
x86-don-t-let-decompressed-kernel-image-clobber-setu.patch
migration-ram-Fix-error-handling-in-ram_write_tracki.patch
migration-ram-Fix-populate_read_range.patch
qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch
* 5 fixes picked from current pullreqs:
block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch
tests_tcg_i386-introduce-and-use-reg_t-consistently.patch
target_i386-fix-BEXTR-instruction.patch
target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
target_i386-fix-ADOX-followed-by-ADCX.patch
* disable dwz on certain architectures for older dwz
(FTBFS on bullseye, #968670)
qemu (1:7.2+dfsg-2) unstable; urgency=medium
* d/rules: add -ffile-prefix-map when building skiboot
* d/control: provide qemu-kvm in qemu-system-misc on s390x
(Closes: #1029309)
* d/control: drop dependency of qemu-guest-agent on lsb-base
* Picked patches from qemu master branch tagged for qemu-stable
up to commit deabea6e88 (2023-02-02):
target-sh4-Mask-restore-of-env-flags-from-tb-flags.patch
vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch
virtio-mem-Fix-the-bitmap-index-of-the-section-offse.patch
virtio-mem-Fix-the-iterator-variable-in-a-vmem-rdl_l.patch
target-arm-fix-handling-of-HLT-semihosting-in-system.patch
meson-accept-relative-symlinks-in-meson-introspect-i.patch
target-riscv-Set-pc_succ_insn-for-rvc-illegal-insn.patch
acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch
hw-nvme-fix-missing-endian-conversions-for-doorbell-.patch
hw-nvme-fix-missing-cq-eventidx-update.patch
configure-fix-GLIB_VERSION-for-cross-compilation.patch
target-arm-Fix-sve_probe_page.patch
target-arm-allow-writes-to-SCR_EL3.HXEn-bit-when-FEA.patch
target-arm-Fix-in_debug-path-in-S1_ptw_translate.patch
* Also: target-arm-Fix-physical-address-resolution-for-Stage.patch
qemu (1:7.2+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #1025123 CVE-2022-4172
(erst: undefined behavior in memcpy in write_erst_record)
Closes: #1021981 qemu-user: faccessat2 is not implemented
Closes: #1021019 CVE-2022-3165 (VNC: integer underflow in
vnc_client_cut_text_ext leads to CPU exhaustion)
* remove patches applied upstream
* refresh note-missing-module-pkg-name.diff
* slirp is always external package now, not a submodule anymore
* d/control: require meson >> 0.61.5~ for build
* spelling.diff: update with more spelling error
* add some lintian-overrides
* fix minor spelling errors in patches
* d/control: Bump Standards-Version to 4.6.1
* debian shell programs use "which" instead of the "command -v",
fix that (Closes: #1018254)
* Better fix for #1019011 (gcc ICE building palcode-clipper), use -O1
instead of -O2 for the failing compile when it actually fails
(no need to depend on gcc-11, Closes: #1011003)
qemu (1:7.1+dfsg-2) unstable; urgency=medium
* tulip-restrict-DMA-engine-to-memories-CVE-2022-2962.patch
fix possible stack or heap overflow (tulip: DMA reentrancy issue)
Closes: #1018055, CVE-2022-2962
* hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
fix possible use-after-free in paravirtual RDMA device.
Closes: #1014589, CVE-2022-1050
* mention closing of #979677 (CVE-2020-14394) by 7.1
* d/rules: parametrify extra-cflags & extra-ldflags
* d/rules: explicitly disable pie on arm64 due to
https://sourceware.org/bugzilla/show_bug.cgi?id=29514
Fixes FTBFS.
qemu (1:7.1+dfsg-1) unstable; urgency=medium
* new upstream release (7.1)
Closes: #1014958, CVE-2022-35414
Closes: #1014590, CVE-2022-0216
Closes: #979677, CVE-2020-14394
Closes: #987410, CVE-2021-3507
Closes: #988333, #1018913
* d/copyright:
- remove mentions of slirp (packaged separately)
- blindly convert to dep-5 (it needs a complete rewrite)
- add Files-Excluded from d/get-orig-source.sh
* d/gbp.conf: remove filter= (and whole [import-orig])
* d/watch: verify upstream tarballs
* d/rules: stop faking skiboot version, it is now properly included in
roms/skiboot/.version file. Add a dependency on this file too
* d/patches:
- remove use-fixed-data-path.patch: not needed anymore
- linux-user-binfmt-P.diff: refresh
- remove patches applied upstream
* d/control:
- it is --enable-capstone now, not --enable-capstone=system
- it is --enable-png now, not --enable-vnc-png
* d/rules: fix --enable-vhost-* options
* d/rules: remove vnc-png for xen too
* openbios-array-bounds-gcc12.patch
* opensbi-fix-build-with-binutils-2.38.patch
* d/rules: adopt vof build changes
* d/qemu-system-data.docs: omit ccid.txt (removed)
* temporary workaround for gcc-12 bug #1019011: use gcc-11-alpha-linux-gnu
instead of gcc-alpha-linux-gnu (another option is to use -Os)
* d/control: temporarily build-depend on libva-dev till #1019485 is fixed
* add loongarch64 qemu-user and qemu-user arch
-- Christian Ehrhardt <email address hidden> Wed, 04 Jan 2023 13:18:43 +0100
-
qemu (1:7.2+dfsg-2ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993438), among many other fixes
this resolvs these bugs:
(LP: #1957924) - support for querying stats,
(LP: #1853307) - Enhanced Interpretation for PCI Functions (s390x)
(LP: #1959966) - guest dump encryption with customer keys (s390x)
(LP: #1999885) - pv: don't allow userspace to set the clock under PV
(LP: #1957924) - add filtering of statistics by target vCPU
remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP: 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- Ease the use of module retention on upgrades (LP 1913421)
- debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- d/control-in: switch qemu-system-x86-xen to qemu-system-xen as this
landed in Debian but under a different name.
- Remaining GCC-12 FTBFS (LP 1988710 + LP 1921664)
+ d/p/u/qboot-Disable-LTO-for-ELF-binary-build-step.patch:
fix qboot FTBFS with LTO
+ d/rules: disable LTO on non-amd64 builds (LP 1921664)
* Dropped Changes [now part of upstream v7.2.0]
- d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP 1994002)
- d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
Fix FTBFS with libbpf 1.0.1-2.
+ Header updates that were added as part of the libbpf fixes
but not mentioned in changelog
- d/p/u/lp-1981339-*: fix s390x system emulation (LP 1981339)
- Fix I/O stalls when using NVMe storage (LP 1970737).
+ d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
in laio_io_unplug.
- SECURITY UPDATE: heap overflow in floppy disk emulator
+ debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- SECURITY UPDATE: use-after-free vulnerability
+ debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- SECURITY UPDATE: heap overflow vulnerability
+ debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
memories
- SECURITY UPDATE: integer underflow vulnerability
+ debian/patches/CVE-2022-3165.patch: fix integer underflow in
vnc_client_cut_text_ext
* Dropped Changes in regard to GCC-12 FTBFS (LP 1988710)
[not all are needed in lunar]
- d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
Silence -Warray-bounds false positive [no more needed]
- d/rules: set -O1 for alpha firmware build
- d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
further FTBFS fixup
* Added Changes
- d/control-in: libnfs is in main since focal, enable direct nfs
storage support (LP: #1988704)
-- Christian Ehrhardt <email address hidden> Wed, 04 Jan 2023 13:18:43 +0100
-
qemu (1:7.0+dfsg-7ubuntu4) lunar; urgency=medium
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- CVE-2022-0216
* SECURITY UPDATE: heap overflow vulnerability
- debian/patches/CVE-2022-2962.patch: tulip: Restrict DMA engine to
memories
- CVE-2022-2962
* SECURITY UPDATE: integer underflow vulnerability
- debian/patches/CVE-2022-3165.patch: fix integer underflow in
vnc_client_cut_text_ext
- CVE-2022-3165
-- Nishit Majithia <email address hidden> Fri, 09 Dec 2022 10:25:52 +0530
-
qemu (1:7.0+dfsg-7ubuntu3) lunar; urgency=medium
[ Brett Milford ]
* d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
error 'migration was active, but no RAM info was set' (LP: #1994002)
[ Mauricio Faria de Oliveira ]
* d/p/u/ebpf-replace-deprecated-bpf_program__set_socket_filt.patch:
Fix FTBFS with libbpf 1.0.1-2.
-- Mauricio Faria de Oliveira <email address hidden> Wed, 30 Nov 2022 12:17:51 -0300
-
qemu (1:7.0+dfsg-7ubuntu2) kinetic; urgency=medium
[ Paride Legovini ]
* d/rules: disable LTO on non-amd64 builds (LP: #1921664)
* GCC-12 FTBFS (LP: #1988710)
- d/p/u/lp1988710-silence-openbios-array-bounds-false-positive.patch.
Silence -Warray-bounds false positive (treated as error)
[ Christian Ehrhardt ]
* More on GCC-12 FTBFS (LP 1988710)
- d/rules: set -O1 for alpha firmware build
- d/p/u/lp1988710-opensbi-Makefile-fix-build-with-binutils-2.38.patch:
further FTBFS fixup
-- Christian Ehrhardt <email address hidden> Mon, 19 Sep 2022 08:07:24 +0200
