Publishing details
Changelog
qemu (1:2.11+dfsg-1ubuntu1~ubuntu16.04.1~c42.ppa1) xenial; urgency=medium
* No-change backport to xenial
qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium
* Merge with Debian testing, among other fixes this includes
- fix fatal error on negative maxcpus (LP: #1722495)
- fix segfault on dump-guest-memory on guests without memory (LP: #1723381)
- linux user threading issues (LP: #1350435)
- TOD-Clock Epoch Extension Support on s390x (LP: #1732691)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- ppc64[le] support
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- arch aware kvm wrappers
* Added Changes
- update VCS-git to match the bionic branch
- sdl2 is yet too unstable for the LTS Ubuntu release given the reports
we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
so we revert related changes to stick with the proven for now:
- 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
depends on it)
- 9594f820 - switch from sdl1.2 to sdl2 (#870025)
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- update Ubuntu machine types for qemu 2.11
- qemu-guest-agent: freeze-hook fixes (LP: #1484990)
- d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- Create and install pxe netboot images for KVM s390x (LP: #1732094)
- d/rules enable install s390x-netboot.img
- debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
- d/control-in: enable RDMA support in qemu (LP: #1692476)
- on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560)
- d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch
- d/p/ubuntu/linux-headers-update-4.15-rc9.patch
- d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch
- d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch
- tolerate ipxe size change on migrations to >=18.04 (LP: #1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: enable seccomp on s390x
* Dropped changes (no more needed):
- Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm
The functionality is retained for upgraders, but is deprecated.
Post 18.04 the implementation for these configurations will be removed.
* Dropped changes (in Debian now):
- ppc64[le] support
- Enable seccomp for ppc64el
- bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
- disable missing x32 architecture
- d/rules: or32 is now named or1k (since 4a09d0bb)
- d/qemu-system-common.docs: new paths since (ac06724a)
- d/qemu-system-common.install: qmp-commands.txt removed, but replaced
by qapi-schema.json which is already packaged (since 4d8bb958)
- d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
to Debian patch to match qemu 2.10)
- d/qemu-system-common.docs: adapt new path of live-block-operations.rst
since 8508eee7
- d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
- make nios2/hppa not installed explicitly until further stablized
- d/qemu-guest-agent.install: add the new guest agent reference man page
qemu-ga-ref
- d/qemu-system-common.install: add the now generated qapi/qmp reference
along the qapi intro
- d/not-installed: ignore further generated (since 56e8bdd4) files in
dh_missing that are already provided in other formats qemu-doc,
qemu-qmp-ref,qemu-ga-ref
* Dropped changes (integrated upstream):
- d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
on arm64 when doing suspend/resume and reboots due to older kernels not
supporting ITS (LP 1731051).
- Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
James Cowgill to prevent qemu-user from forwarding prctl seccomp
calls (LP 1726394)
- update to upstream 2.10.1 point release (LP 1722808)
qemu (1:2.11+dfsg-1) unstable; urgency=medium
[ Michael Tokarev ]
* update to new upstream (2.11) release
Closes: #883625, CVE-2017-17381
Closes: #880832, CVE-2017-15289
Closes: #880836, CVE-2017-15268
Closes: #883399, CVE-2017-15119
Closes: #883406, CVE-2017-15118
* update to new upstream, remove old patches, refresh debian patches
* disable sdl audio driver (pulse or oss should work fine)
* do not build-depend on libx11-dev (libsdl2-dev already depends on it)
* move libpulse-dev build-dep to a better place
* clean up d/control from various old conflicts/replaces/provides
* remove --with-system-pixman, not used anymore
* remove ubuntu-specific qemu-system-aarch64 transitional package (trusty)
* remove ubuntu-specific mentions of old qemu-kvm-spice package (precise)
* remove old comment about /etc/kvm from qemu-kvm description
* add Suggests: openbios-sparc for qemu-system-sparc on ubuntu
(similar to what is done for qemu-system-ppc)
* update get-orig-source.sh with new blobs/submodules
* update debian/watch a bit
[ Aurelien Jarno ]
* debian/control-in: build qemu-system and qemu-user on mips64 and
mips64el. Closes: #880485.
[ Christian Ehrhardt ]
* ppc64[le]: provide symlink matching arch name
* d/control-in: Enable seccomp for ppc64el,
this bumps minimum libseccomp version
qemu (1:2.10.0+dfsg-2) unstable; urgency=medium
* update to upstream 2.10.1 point release
Closes: #877160
Closes: CVE-2017-13673
* remove 3 patches included upstream:
multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch
slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch
* 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch
Closes: #877890, CVE-2017-15038
* remove-trailing-whitespace-from-qemu-options.hx.patch
Closes: #875711
* drop dh_makeshlibs call (was for libcacard)
* drop linux-libc-dev build-dependency (it gets pulled by libc-dev)
* switch from sdl1 to sdl2 (Closes: #870025)
qemu (1:2.10.0+dfsg-1) unstable; urgency=medium
* remove blobs, to DFSG'ify it again (there's still
no source for some blobs included in upstream tarball)
There's no way to revert to 2-number version due to prev. upload
* update from upstream git (no changes but include date & commit-id):
multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
* update previous changelog entry (fix bug/closes refs):
Closes: #873851, CVE-2017-13672
Closes: #874606, CVE-2017-14167
Closes: #873875, CVE-2017-13711
qemu (1:2.10.0-1) unstable; urgency=medium
* new upstream release, 2.10
Closes: #865754, CVE-2017-9503
Closes: #864219, CVE-2017-9375
Closes: #869945
Closes: #867978
Closes: #871648, #871702, #872257
Closes: #851694
Closed in this upstream release:
#865755, CVE-2017-9524
#863840, CVE-2017-9310
#863943, CVE-2017-9330
#864216, CVE-2017-9373
#864568, CVE-2017-9374
#869171, CVE-2017-11434
#869173, CVE-2017-11334
#869706, CVE-2017-10911
#867751, CVE-2017-10806
#866674, CVE-2017-10664
#873849, CVE-2017-12809
* dropped all fixes, applied upstream
* dropped 02_kfreebsd.patch - apparently not relevant anymore
* dropped +dfsg, use upstream tarball directly: we do not use
binaries shipped there, and even for those, upstream tarball
contains the sources
* refreshed list of targets:
qemu-or32, qemu-system-or32 => qemu-or1k, qemu-system-or1k
+qemu-nios2, qemu-system-nios2
+qemu-hppa
* added hppa binfmt entry
* refreshed docs lists for various packages
* new (security) patches:
vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch
Closes: #873851, CVE-2017-13672
multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
Closes: #874606, CVE-2017-14167
slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch
Closes: #873875, CVE-2017-13711
qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium
* d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes
on arm64 when doing suspend/resume and reboots due to older kernels not
supporting ITS (LP: #1731051).
qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium
* Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from
James Cowgill to prevent qemu-user from forwarding prctl seccomp
calls (LP: #1726394)
qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium
* fix enablement of qemu-kvm service (LP: #1720397)
- rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
- d/rules: add proper enablement debhelper calls
- d/qemu-system-common.install: install covered by dh_installinit
qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium
* update to upstream 2.10.1 point release (LP: #1722808)
qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium
* Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- ppc64[le] support
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- Enable seccomp for ppc64el
- bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
- arch aware kvm wrappers
- update VCS-git to match the Artful branch
- disable missing x32 architecture
- d/rules: or32 is now named or1k (since 4a09d0bb)
- d/qemu-system-common.docs: new paths since (ac06724a)
- d/qemu-system-common.install: qmp-commands.txt removed, but replaced
by qapi-schema.json which is already packaged (since 4d8bb958)
- d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
to Debian patch to match qemu 2.10)
- s390x package now builds correctly on all architectures (LP 1710695)
- d/qemu-system-common.docs: adapt new path of live-block-operations.rst
since 8508eee7
- d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
- make nios2/hppa not installed explicitly until further stablized
- d/qemu-guest-agent.install: add the new guest agent reference man page
qemu-ga-ref
- d/qemu-system-common.install: add the now generated qapi/qmp reference
along the qapi intro
- d/not-installed: ignore further generated (since 56e8bdd4) files in
dh_missing that are already provided in other formats qemu-doc,
qemu-qmp-ref,qemu-ga-ref
qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
* Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- ppc64[le] support
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- Enable seccomp for ppc64el
- bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
- arch aware kvm wrappers
- update VCS-git to match the Artful branch
- disable missing x32 architecture
- d/rules: or32 is now named or1k (since 4a09d0bb)
- d/qemu-system-common.docs: new paths since (ac06724a)
- d/qemu-system-common.install: qmp-commands.txt removed, but replaced
by qapi-schema.json which is already packaged (since 4d8bb958)
- d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
to Debian patch to match qemu 2.10)
- s390x package now builds correctly on all architectures (LP 1710695)
* Added changes:
- d/qemu-system-common.docs: adapt new path of live-block-operations.rst
since 8508eee7
- d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
- make nios2/hppa not installed explicitly until further stablized
- d/qemu-guest-agent.install: add the new guest agent reference man page
qemu-ga-ref
- d/qemu-system-common.install: add the now generated qapi/qmp reference
along the qapi intro
- d/not-installed: ignore further generated (since 56e8bdd4) files in
dh_missing that are already provided in other formats qemu-doc,
qemu-qmp-ref,qemu-ga-ref
- d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
changes in 2.10-rc4
qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
* Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
a set of bugs
- [FFE] Qemu 2.10 in Artful (LP: #1699968)
- CPU hot unplug fails after migrating a CPU hotplugged guest
from source (LP: #1677552)
- [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
- New KVM 288 Pass Through (LP: #1672447)
- aarch64: MSI is not supported by interrupt controller (LP: #1706630)
* Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- ppc64[le] support
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- Enable seccomp for ppc64el
- bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
- arch aware kvm wrappers
- disable missing x32 architecture
- update VCS links
* Added changes
- d/rules: or32 is now named or1k (since 4a09d0bb)
- d/qemu-system-common.docs: new paths since (ac06724a)
- d/qemu-system-common.install: qmp-commands.txt removed, but replaced
by qapi-schema.json which is already packaged (since 4d8bb958)
- Updates in debian/patches to match qemu 2.10
- d/p/02_kfreebsd.patch: utimensat is no more optional upstream
- d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
- d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
- update VCS-git to match the Artful branch
- s390x package now builds correctly on all architectures (LP: #1710695)
* Dropped changes (integrated upstream):
- d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
"spapr/pci: populate PCI DT in reverse order" (LP 1670481).
- All CVE fixes formerly applied are upstream and thereby dropped.
qemu (1:2.8+dfsg-7) unstable; urgency=medium
* uploading to unstable all fixes which went to stretch-security
(exactly the same as 2.8+dfsg-6+deb9u2)
qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high
* actually apply the nbd server patches, not only include in debian/patches/
Really closes: #865755, CVE-2017-9524
* slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch
Closes: #869171, CVE-2017-11434
* exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch
Closes: #869173, CVE-2017-11334
* usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch
Closes: #867751, CVE-2017-10806
* add reference to #869706 to
xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
* disable xhci recursive calls fix for now, as it causes instant crash
(xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch)
Reopens: #864219, CVE-2017-9375
Closes: #869945
qemu (1:2.8+dfsg-6+deb9u1) stretch-security; urgency=high
* net-e1000e-fix-an-infinite-loop-issue-CVE-2017-9310.patch
Closes: #863840, CVE-2017-9310
* usb-ohci-fix-error-return-code-in-servicing-iso-td-CVE-2017-9330.patch
Closes: #863943, CVE-2017-9330
* ide-ahci-call-cleanup-function-in-ahci-unit-CVE-2017-9373.patch
Closes: #864216, CVE-2017-9373
* xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch
Closes: #864219, CVE-2017-9375
* usb-ehci-fix-memory-leak-in-ehci-CVE-2017-9374.patch
Closes: #864568, CVE-2017-9374
* nbd-ignore-SIGPIPE-CVE-2017-10664.patch
Closes: #866674, CVE-2017-10664
* nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch
nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch
Closes: #865755, CVE-2017-9524
* xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
Closes: CVE-2017-10911
qemu (1:2.8+dfsg-6) unstable; urgency=high
* 9pfs-local-forbid-client-access-to-metadata-CVE-2017-7493.patch
Closes: CVE-2017-7493
* group all 9p patches together
* drop obsolete comment about libiscsi on ubuntu from d/control
qemu (1:2.8+dfsg-5) unstable; urgency=high
* Security fix release
* 9pfs-local-set-path-of-export-root-to-dot-CVE-2017-7471.patch
Closes: #860785, CVE-2017-7471
* 9pfs-xattr-fix-memory-leak-in-v9fs_list_xattr-CVE-2017-8086.patch
Closes: #861348, CVE-2017-8086
* vmw_pvscsi-check-message-ring-page-count-at-init-CVE-2017-8112.patch
Closes: #861351, CVE-2017-8112
* scsi-avoid-an-off-by-one-error-in-megasas_mmio_write-CVE-2017-8380.patch
Closes: #862282, CVE-2017-8380
* input-limit-kbd-queue-depth-CVE-2017-8379.patch
Closes: #862289, CVE-2017-8379
* audio-release-capture-buffers-CVE-2017-8309.patch
Closes: #862280, CVE-2017-8309
qemu (1:2.8+dfsg-4) unstable; urgency=high
* usb-ohci-limit-the-number-of-link-eds-CVE-2017-6505.patch
Closes: #856969, CVE-2017-6505
* linux-user-fix-apt-get-update-on-linux-user-hppa.patch
Closes: #846084
* update to 2.8.1 upstream stable/bugfix release
(v2.8.1.diff from upstream, except of seabios blob bits).
Closes: #857744, CVE-2016-9603
Patches dropped because they're included in 2.8.1 release:
9pfs-symlink-attack-fixes-CVE-2016-9602.patch
char-fix-ctrl-a-b-not-working.patch
cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
cirrus-fix-oob-access-issue-CVE-2017-2615.patch
cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
linux-user-fix-s390x-safe-syscall-for-z900.patch
nbd_client-fix-drop_sync-CVE-2017-2630.patch
s390x-use-qemu-cpu-model-in-user-mode.patch
sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
* bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1
* 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
(Closes: #859854, CVE-2017-7377)
* dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch
Closes: #840950, CVE-2016-8667
* make d/control un-writable to stop users from changing a generated file
* two patches from upstream to fix user-mode network with IPv6
slirp-make-RA-build-more-flexible.patch
slirp-send-RDNSS-in-RA-only-if-host-has-an-IPv6-DNS.patch
(Closes: #844566)
qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium
* debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
This was inadvertently dropped on 2.8 merge.
qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
* SECURITY UPDATE: denial of service via leak in virtFS
- debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
hw/9pfs/9p.c.
- CVE-2017-7377
* SECURITY UPDATE: denial of service in cirrus_vga
- debian/patches/CVE-2017-7718.patch: check parameters in
hw/display/cirrus_vga_rop.h.
- CVE-2017-7718
* SECURITY UPDATE: code execution via cirrus_vga OOB r/w
- debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-6.patch: stop passing around dst
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-7.patch: stop passing around src
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
hw/display/cirrus_vga_rop.h.
- debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
hw/display/cirrus_vga.c.
- CVE-2017-7980
* SECURITY UPDATE: denial of service via memory leak in virtFS
- debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
- CVE-2017-8086
* SECURITY UPDATE: denial of service via leak in audio
- debian/patches/CVE-2017-8309.patch: release capture buffers in
audio/audio.c.
- CVE-2017-8309
* SECURITY UPDATE: denial of service via leak in keyboard
- debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
ui/input.c.
- debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
ui/input.c.
- CVE-2017-8379
qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
* SECURITY UPDATE: DoS in virtio GPU device
- debian/patches/CVE-2016-10028.patch: check virgl capabilities
max_size in hw/display/virtio-gpu-3d.c.
- CVE-2016-10028
* SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
- debian/patches/CVE-2016-8667.patch: limit interval timer reload value
in hw/dma/rc4030.c.
- CVE-2016-8667
* SECURITY UPDATE: host filesystem access via virtFS
- debian/patches/CVE-2016-9602.patch: don't follow symlinks in
hw/9pfs/*.
- CVE-2016-9602
* SECURITY UPDATE: arbitrary code execution via Cirrus VGA
- debian/patches/CVE-2016-9603.patch: remove bitblit support from
console code in hw/display/cirrus_vga.c, include/ui/console.h,
ui/console.c, ui/vnc.c.
- CVE-2016-9603
* SECURITY UPDATE: information leak in virtio GPU device
- debian/patches/CVE-2016-9908.patch: properly clear out memory in
hw/display/virtio-gpu-3d.c.
- CVE-2016-9908
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2016-9912.patch: properly free memory in
hw/display/virtio-gpu.c.
- CVE-2016-9912
* SECURITY UPDATE: DoS via virtFS
- debian/patches/CVE-2016-9914.patch: add cleanup operations to
fsdev/file-op-9p.h, hw/9pfs/9p.c.
- CVE-2016-9914
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2017-5552.patch: check return value in
hw/display/virtio-gpu-3d.c.
- CVE-2017-5552
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2017-5578.patch: check res->iov in
hw/display/virtio-gpu.c.
- CVE-2017-5578
* SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
- debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
handling in hw/sd/sdhci.c.
- CVE-2017-5987
* SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
- debian/patches/CVE-2017-6505.patch: limit the number of link eds in
hw/usb/hcd-ohci.c.
- CVE-2017-6505
qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
* d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
"spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
* Merge with Debian;
This fixes several CVEs that were reported against qemu 2.8 and also
includes a few important functional backports (LP: #1667033); remaining
changes:
- add qemu-kvm init script and defaults file
(d/qemu-system-common.qemu-kvm.*)
- d/rules, d/qemu-kvm-init: add and install script loading kvm
modules and handling /etc/default/qemu-kvm
- qemu-system-common.preinst: add kvm group if needed
- Enable nesting by default on intel.
- set default module option
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
default in qemu64 cpu type.
- Enable svm by default for qemu64 on amd
- d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
define distro machine types to ease future live vm migration (includes
all former follow up fixes).
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- qemu-system-common.postinst:
- change acl placed by udev, and add udevadm trigger.
- d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
- Several changes were applied but missing in the changelog so far
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- arch aware kvm wrapper
- update VCS links
- let qemu-utils recommend sharutils
- disable x32 architecture
- Enable seccomp for ppc64el
- Enable numa support for s390x
- d/qemu-system-common.qemu-kvm.init: fix lintian error type
init.d-script-missing-dependency-on-remote_fs
- d/qemu-system-common.postinst: fix lintian error type
command-with-path-in-maintainer-script
- Transition qemu-kvm to a systemd unit
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
that it shows up where the user expects (sytemctl status, kvm stdout)
- d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
- add arch aware kvm wrapper for s390x
* Dropped Changes (in Debian now):
- d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
- d/control-in: change dependencies for fix of wrong acl for newly
created device node on ubuntu
- have qemu-system-arm suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
- Disable glusterfs (Universe dependency)
- no more skip disable libiscsi on Ubuntu
- d/rules, d/control-in: avoid people editing d/control
* Added Changes:
- d/control: bump libseccomp-dev dependency as enabling libseccomp for
power makes 2.3 the minimum level.
qemu (1:2.8+dfsg-3) unstable; urgency=high
* urgency high due to security fixes
[ Michael Tokarev ]
* serial-fix-memory-leak-in-serial-exit-CVE-2017-5579.patch
Closes: #853002, CVE-2017-5579
* cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
(needed for the next patch, CVE-2017-2620 fix)
* cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
Closes: #855791, CVE-2017-2620
* nbd_client-fix-drop_sync-CVE-2017-2630.diff
Closes: #855227, CVE-2017-2630
* sd-sdhci-check-transfer-mode-register-in-multi-block-CVE-2017-5987.patch
Closes: #855159, CVE-2017-5987
* vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
Closes: #855616, CVE-2017-6058
* 3 CVE fixes from upstream for #853996:
sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
megasas-fix-guest-triggered-memory-leak-CVE-2017-5856.patch
virtio-gpu-fix-resource-leak-in-virgl_cmd_resource-CVE-2017-5857.patch
Closes: #853996, CVE-2017-5667, CVE-2017-5856, CVE-2017-5857
* usb-ccid-check-ccid-apdu-length-CVE-2017-5898.patch
Closes: #854729, CVE-2017-5898
* virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
Closes: #854730, CVE-2017-5931
* xhci-apply-limits-to-loops-CVE-2017-5973.patch
Closes: #855611, CVE-2017-5973
* net-imx-limit-buffer-descriptor-count-CVE-2016-7907.patch
Closes: #839986, CVE-2016-7907
* cirrus-fix-oob-access-issue-CVE-2017-2615.patch
Closes: #854731, CVE-2017-2615
* 9pfs-symlink-attack-fixes-CVE-2016-9602.patch
Closes: #853006
* vnc-do-not-disconnect-on-EAGAIN.patch
Closes: #854032
* xhci-fix-event-queue-IRQ-handling.patch (win7 xhci issue fix)
* xhci-only-free-completed-transfers.patch
Closes: #855659
* char-fix-ctrl-a-b-not-working.patch
Closes: https://bugs.launchpad.net/bugs/1654137
* char-drop-data-written-to-a-disconnected-pty.patch
Closes: https://bugs.launchpad.net/bugs/1667033
* s390x-use-qemu-cpu-model-in-user-mode.patch
Closes: #854893
* d/control is autogenerated, add comment
* check if debootstrap is available in qemu-debootstrap
Closes: #846497
[ Christian Ehrhardt ]
* (ubuntu) no more skip enable libiscsi (now in main)
* (ubuntu) Disable glusterfs (Universe dependency)
* (ubuntu) have qemu-system-arm suggest: qemu-efi;
this should be a stronger relationship, but qemu-efi is still
in universe right now.
* (ubuntu) change dependencies for fix of wrong acl for newly
created device node on ubuntu
qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
* Merge with Debian; remaining changes:
- add qemu-kvm init script and defaults file
(d/qemu-system-common.qemu-kvm.*)
- d/rules, d/qemu-kvm-init: add and install script loading kvm
modules and handling /etc/default/qemu-kvm
- qemu-system-common.preinst: add kvm group if needed
- Enable nesting by default on intel.
- set default module option
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
default in qemu64 cpu type.
- Enable svm by default for qemu64 on amd
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- qemu-system-common.postinst:
- change acl placed by udev, and add udevadm trigger.
- d/control-in: change dependencies for fix of wrong acl for newly
created device node on ubuntu
- have qemu-system-arm suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
- d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
- Several changes were applied but missing in the changelog so far
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- arch aware kvm wrapper
- update VCS links
- no more skip disable libiscsi on Ubuntu
- let qemu-utils recommend sharutils
- disable x32 architecture
* Dropped Changes:
- Several changes were applied but missing in the changelog so far
but are no more needed
- no pie for relocatable LD calls, with toolchain defaulting to
pie (fixed upstream)
- enable libnuma-dev (now in Debian)
- transition for moved init scripts (can be dropped after LTS
containing >=2.5 which is Xenial)
- --enable-seccomp related whitespace change (had no effect)
- apport hook for qemu source package (In Debian)
- add upstart script (d/qemu-system-common.qemu-kvm.upstart)
- d/qemu-system-x86.maintscript: transition off of
/etc/init.d/qemu-system-x86 (can be dropped after Xenial)
- Enable pie by default, on ubuntu/s390x. (Is the default since
>=Xenial, no cloud archive backport <=Xenial to consider)
- no pie for relocatable LD calls (fixed upstream in commit
7ecf44a5)
- CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
- Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
(Improved fix included by upstream)
- Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
- Fixed wrong migration blocker when vhost is used (is upstream in
qemu 2.8)
* Added Changes:
- d/rules, d/control-in: avoid people editing d/control by warning
header and non writable permissions
- fixed moving trusty machine type definition which made it
ambiguous (LP: #1641532)
- d/qemu-system-x86.NEWS describe the issue
- Enable seccomp for ppc64el (LP: #1644639)
- Enable numa support for s390x
- d/qemu-system-common.qemu-kvm.init: fix lintian error type
init.d-script-missing-dependency-on-remote_fs
- d/qemu-system-common.postinst: fix lintian error type
command-with-path-in-maintainer-script
- Transition qemu-kvm to a systemd unit
- Disable glusterfs (Universe dependency)
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
that it shows up where the user expects (sytemctl status, kvm stdout)
- d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
- add arch aware kvm wrapper for s390x
- d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
- Enable DDW in Yakkety machine type because "Enable GPU Passthru for
ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
qemu (1:2.8+dfsg-2) unstable; urgency=medium
* Revert "update binfmt registration for mipsn32"
Reopens: #829243
Closes: #843032
Will re-enable it for stretch+1, since for now upgrades
from jessie are broken (jessie comes with 3.16 kernel),
and there's no easy fix for this
* Revert "enable virtio gpu (virglrenderer) and opengl support"
Revert "switch from sdl1 to gtk3"
Revert other gtk2/drm/vte/virgl-related changes
Reopens: #813658, #839695
The change were too close to stretch release and too large,
bringing too much graphics stuff for headless servers,
will re-think this for stretch+1.
sdl1 back: Closes: #851509
virtio-3d bugs: Closes: #849798, #852119
* mention closing of #769983 (multi-threaded linux-user) by 2.7
* mention closing of #842455, CVE-2016-9101 by 2.8
* audio-ac97-add-exit-function-CVE-2017-5525.patch (Closes: #852021)
* audio-es1370-add-exit-function-CVE-2017-5526.patch (Closes: #851910)
* watchdog-6300esb-add-exit-function-CVE-2016-10155.patch (Closes: #852232)
qemu (1:2.8+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #837191, CVE-2016-7156
Closes: #837316, CVE-2016-7170
Closes: #839835, CVE-2016-7908
Closes: #839834, CVE-2016-7909
Closes: #840228, CVE-2016-7994
Closes: #840236, CVE-2016-7995
Closes: #840343, CVE-2016-8576
Closes: #840341, CVE-2016-8577
Closes: #840340, CVE-2016-8578
Closes: #840948, CVE-2016-8668
Closes: #840945, CVE-2016-8669
Closes: #841950, CVE-2016-8909
Closes: #841955, CVE-2016-8910
Closes: #842463, CVE-2016-9102 CVE-2016-9103 CVE-2016-9104
CVE-2016-9105 CVE-2016-9106
Closes: #846797, CVE-2016-9776
Closes: #847381, CVE-2016-9845
Closes: #847382, CVE-2017-9846
Closes: #847953, CVE-2016-9907
Closes: #847400, CVE-2016-9908
Closes: #847951, CVE-2016-9911
Closes: #847391, CVE-2016-9912
Closes: #847496, CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916
Closes: #847960, CVE-2016-9921 CVE-2016-9922
Closes: #847957, CVE-2016-9923
Closes: #842455, CVE-2016-9101 (git2634ab7fe29b3f75d0865b719caf8f310d634aae)
Closes: #819755, #833162
Hopefully closes: #844361
* remove unicore32 linux-user target, removed upstream
* remove all patches which were applied upstream (most of them)
* actually fix #841060
* doc-don-t-mention-memory-it-is-m.patch, Closes: #833619
* don't pass --enable-uuid (always enabled)
* build-depend on libncursesw5-dev, not libncurses5-dev
* install trace-events-all in qemu-system-common
* do not install qemu-tech.html (not provided by upstream anymore)
* switch from sdl1 to gtk3 (Closes: #839695)
* enable virtio gpu (virglrenderer) and opengl support (Closes: #813658)
* strip out -ldrm out of OPENGL_LIBS, since libdrm is actually not needed
* enable nfs support (libnfs-dev), in qemu-block-extra
* enable glusterfs support (glusterfs-common), in qemu-block-extra
(Closes: #775431)
* enable numa support (libnuma-dev) (Closes: #758189)
qemu (1:2.7+dfsg-3) unstable; urgency=medium
* add PIE.patch to change loadable modules linker flags, from Adrian
(Closes: #837574)
* linux-user-fix-s390x-safe-syscall-for-z900.patch - fix FTBFS on s390x
* mention CVE-2016-7466 for 2.7+dfsg-1 (Closes: #838687, CVE-2016-7466)
qemu (1:2.7+dfsg-2) unstable; urgency=medium
* fix distribution field in previous changelog entry
* add depends: on seabios >= 1.9 with linuxboot_dma.bin
(Closes: #840853, #841060, #842161)
* add more links for openbios-sparc to qemu-system-sparc,
bump dependency (Closes: #827456)
* include license for qemu logo files (Closes: #785362)
qemu (1:2.7+dfsg-1) unstable; urgency=medium
* Acknowledge the previous NMU. Thank you Andrew!
* New upstream release, 2.7 (Closes: #748043, #839292)
Closes: #838850, CVE-2016-7161
Closes: #473240 (qcow encryption support has been removed)
Closes: #769983 (multi-threaded linux-user)
* removed patches which went upstream, refreshed use-data-path.patch
* renamed remaining patches to include CVE#s and added Bug-Debian headers
* added Depends on lsb-base to qemu-guest-agent (Closes: #840740)
* update binfmt registration for mipsn32 (Closes: #829243)
Thank you Adam Borowski for investigation and the patch
* replace CVE-2016-7156 (#837339) patch with actual code from upstream
* scsi-mptsas-use-g_new0-to-allocate-MPTSASRequest-obj-CVE-2016-7423.patch
(Closes: #838145, CVE-2016-7423)
* virtio-add-check-for-descriptor-s-mapped-address-CVE-2016-7422.patch
(Closes: #838146, CVE-2016-7422)
* scsi-pvscsi-limit-process-IO-loop-to-ring-size-CVE-2016-7421.patch
(Closes: #838147, CVE-2016-7421)
* usb-xhci-fix-memory-leak-in-usb_xhci_exit-CVE-2016-7466.patch
(Closes: #838687, CVE-2016-7466)
qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
* No-change rebuild to compile against new libxen version.
qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
* retain older xenial machine type to avoid issues starting guests
created on xenial prior to the SRU for bug 1621042. In that regard the old
broken xenial machine type and the new fixed one have both to be considered
as valid LTS machine types (LP: #1626070).
qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
* fix default ubuntu machine types. (LP: #1621042)
- add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
- remove double default and double ubuntu alias
- drop former devel releases utopic, vivid, wily
- add xenial and yakkety machine types
- add q35 based ubuntu machine type starting at xenial
- add ubuntu machine types on ppc64el and s390x starting at xenial
qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
* Enable GPU Passthru for ppc64le (LP: #1541902)
- 0001-spapr-ensure-device-trees-are-always-associated-with.patch
- 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
- 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
- 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
- 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
- 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
- 0007-spapr_iommu-Migrate-full-state.patch
- 0008-spapr_iommu-Add-root-memory-region.patch
- 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
- 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
- 0011-memory-Add-reporting-of-supported-page-sizes.patch
- 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
- 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
- 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
- 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
- 0016-vfio-Add-host-side-DMA-window-capabilities.patch
- 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
- 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
- 0019-vfio-spapr-Remove-stale-ioctl-call.patch
- 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
- 0021-memory-Fix-IOMMU-replay-base-address.patch
qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
* New upstream release. LP: #1617055.
* Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
qemu (1:2.6+dfsg-3.1) unstable; urgency=high
* Non-maintainer upload.
* Security fixes from upstream:
- virtio-error-out-if-guest-exceeds-virtqueue-size-CVE-2015-5403.patch
(Closes: #832619, CVE-2015-5403)
- scsi-pvscsi-avoid-infinite-loop-while-building-SG-list.patch
(Closes: #837339, CVE-2016-7156)
- scsi-pvscsi-check-page-count-while-initialising-descriptor-rings.patch
(Closes: #837174, CVE-2016-7155)
- CVE-2016-6351: scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
and scsi-esp-fix-migration.patch (Closes: #832621, CVE-2016-6351)
- virtio-check-vring-descriptor-buffer-length.patch
(Closes: #832767, CVE-2016-6490)
- net-vmxnet3-check-for-device_active-before-write.patch
(Closes: #834904, CVE-2016-6833)
- net-check-fragment-length-during-fragmentation.patch
(Closes: #834905, CVE-2016-6834)
- net-vmxnet-check-IP-header-length.patch (Closes: #835031, CVE-2016-6835)
- net-vmxnet-initialise-local-tx-descriptor.patch
(Closes: #834944, CVE-2016-6836)
- net-vmxnet-use-g_new-for-pkt-initialisation.patch
(Closes: #834902, CVE-2016-6888)
- CVE-2016-7116: 9pfs-forbid-.-and-.-in-file-names.patch,
9pfs-forbid-illegal-path-names.patch and
9pfs-handle-walk-of-.-in-the-root-directory.patch
(Closes: #836502, CVE-2016-7116)
- CVE-2016-7157: scsi-mptconfig-fix-an-assert-expression.patch and
scsi-mptconfig-fix-misuse-of-MPTSAS_CONFIG_PACK.patch
(Closes: #837603, CVE-2016-7157)
qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
- CVE-2016-5403
* SECURITY UPDATE: oob write access while reading ESP command
- debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
maximum CDB size and handle migration in hw/scsi/esp.c,
include/hw/scsi/esp.h, include/migration/vmstate.h.
- CVE-2016-6351
* SECURITY UPDATE: infinite loop in virtqueue_pop
- debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
length in hw/virtio/virtio.c.
- CVE-2016-6490
qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes:
- debian/rules: do not drop the init scripts loading kvm modules
(still needed in precise in cloud archive)
- qemu-system-common.postinst:
* remove acl placed by udev, and add udevadm trigger.
* reload kvm_intel if needed to set nested=1
- qemu-system-common.preinst: add kvm group if needed
- add qemu-kvm upstart job and defaults file (rules,
qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
- rules,qemu-system-x86.modprobe: support use under older udevs which
do not auto-load the kvm kernel module. Enable nesting by default
on intel.
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- apport hook for qemu source package: d/source_qemu-kvm.py,
d/qemu-system-common.install
- Make qemu-system-common and qemu-utils depend on qemu-block-extra
to fix errors with missing block backends.
- s390x:
* Create qemu-system-s390x package
* Enable pie by default, on ubuntu/s390x.
* Enable svm by default for qemu64 on amd
* Include s390-ccw.img firmware
* have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
qemu (1:2.6+dfsg-3) unstable; urgency=high
* more security fixes picked from upstream:
- CVE-2016-4454 fix (vmsvga) (Closes: CVE-2016-4454)
vmsvga-add-more-fifo-checks-CVE-2016-4454.patch
vmsvga-move-fifo-sanity-checks-to-vmsvga_fifo_length-CVE-2016-4454.patch
vmsvga-shadow-fifo-registers-CVE-2016-4454.patch
- vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch
(Closes: CVE-2016-4453)
- scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch
(Closes: #826152, CVE-2016-5238)
* set urgency to high due to the amount of
security fixes accumulated so far
qemu (1:2.6+dfsg-2) unstable; urgency=medium
* add missing log entries for previous upload,
remove closing of #807006 (it is not closed)
* Added vga-add-sr_vbe-register-set.patch from upstream
This fixes regression (in particular with win7 installer)
introduced by the fix for CVE-2016-3712 (commit fd3c136)
* fix-linking-relocatable-objects-on-sparc.patch (Closes: #807006)
* Lots of security patches from upstream:
- net-mipsnet-check-packet-length-against-buffer-CVE-2016-4002.patch
(Closes: #821061, CVE-2016-4002)
- i386-kvmvapic-initialise-imm32-variable-CVE-2016-4020.patch
(Closes: #821062, CVE-2016-4020)
- esp-check-command-buffer-length-before-write-CVE-2016-4439.patch,
esp-check-dma-length-before-reading-scsi-command-CVE-2016-4441.patch
(Closes: #824856, CVE-2016-4439, CVE-2016-4441)
- scsi-mptsas-infinite-loop-while-fetching-requests-CVE-2016-4964.patch
(Closes: #825207, CVE-2016-4964)
- scsi-pvscsi-check-command-descriptor-ring-buffer-size-CVE-2016-4952.patch
(Closes: #825210, CVE-2016-4952)
- scsi-megasas-use-appropriate-property-buffer-size-CVE-2016-5106.patch
(Closes: #825615, CVE-2016-5106)
- scsi-megasas-initialise-local-configuration-data-buffer-CVE-2016-5105.patch
(Closes: #825614, CVE-2016-5105)
- scsi-megasas-check-read_queue_head-index-value-CVE-2016-5107.patch
(Closes: #825616, CVE-2016-5107)
- block-iscsi-avoid-potential-overflow-of-acb-task-cdb-CVE-2016-5126.patch
(Closes: #826151, CVE-2016-5126)
- scsi-esp-check-TI-buffer-index-before-read-write-CVE-2016-5338.patch
(Closes: #827024, CVE-2016-5338)
- scsi-megasas-null-terminate-bios-version-buffer-CVE-2016-5337.patch
(Closes: #827026, CVE-2016-5337)
* hw-dma-omap-spelling-fix-endianness.patch (lintian)
* arm-spelling-fix-mismatch.patch (lintian)
qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes: (LP: #1583775)
- debian/rules: do not drop the init scripts loading kvm modules
(still needed in precise in cloud archive)
- qemu-system-common.postinst:
* remove acl placed by udev, and add udevadm trigger.
* reload kvm_intel if needed to set nested=1
- qemu-system-common.preinst: add kvm group if needed
- add qemu-kvm upstart job and defaults file (rules,
qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
- rules,qemu-system-x86.modprobe: support use under older udevs which
do not auto-load the kvm kernel module. Enable nesting by default
on intel.
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- apport hook for qemu source package: d/source_qemu-kvm.py,
d/qemu-system-common.install
- Make qemu-system-common and qemu-utils depend on qemu-block-extra
to fix errors with missing block backends. (LP: #1495895)
- s390x:
* Create qemu-system-s390x package
* Enable pie by default, on ubuntu/s390x.
* Enable svm by default for qemu64 on amd
* Include s390-ccw.img firmware
* have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
* Drop patches which have been applied upstream:
qemu (1:2.6+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #799115
Closes: #822369, #823588
Closes: #813698
Closes: #805827
Closes: #813585
Closes: #823830 CVE-2016-3710 CVE-2016-3712
Closes: #813193 CVE-2016-2198
Closes: #813194 CVE-2016-2197
Closes: #815008 CVE-2016-2392
Closes: #815009 CVE-2016-2391
Closes: #815680 CVE-2016-2538
Closes: #821038 CVE-2016-4001
Closes: #822344 CVE-2016-4037
Closes: #817181 CVE-2016-2841
Closes: #817182 CVE-2016-2857
Closes: #817183 CVE-2016-2858
- removed all patches applied upstream
- removed mjt-set-oem-in-rsdt-like-slic.diff, feature has been
implemented in upstream differently
- refreshed local patches
* do not recommend sharutils for qemu-utils anymore (Closes: #820449)
* typo fix in qemu-system-misc description (Closes: #822883)
* allow qemu-debootstrap to create mips64el chroot (Closes: #817234)
* switch VCS URLs from http to https (lintian)
* Bump Standards-Version to 3.9.8 (no changes)
* code spelling fixes from upstream
* added s390x-virtio-ccw-fix-spelling.patch from upstream
* added hw-ipmi-fix-spelling.patch from upstream
* added docs-specify-spell-fix.patch from upstream
* added fsdev-spelling-fix.patch from upstream
* fold long list of supported arches in package descriptions
qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
* Cherrypick upstream patches to support the query-gic-version QMP command
(LP: #1566564)
qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
[Stefan Bader]
* Enable svm by default for qemu64 on amd (LP: #1561019)
-- <email address hidden> (H.-Dirk Schmitt) Thu, 08 Feb 2018 12:33:28 +0100
Builds
Built packages
-
qemu
fast processor emulator
-
qemu-block-extra
extra block backend modules for qemu-system and qemu-utils
-
qemu-guest-agent
Guest-side qemu-system agent
-
qemu-kvm
QEMU Full virtualization on x86 hardware
-
qemu-system
QEMU full system emulation binaries
-
qemu-system-arm
QEMU full system emulation binaries (arm)
-
qemu-system-common
QEMU full system emulation binaries (common files)
-
qemu-system-mips
QEMU full system emulation binaries (mips)
-
qemu-system-misc
QEMU full system emulation binaries (miscellaneous)
-
qemu-system-ppc
QEMU full system emulation binaries (ppc)
-
qemu-system-s390x
QEMU full system emulation binaries (s390x)
-
qemu-system-sparc
QEMU full system emulation binaries (sparc)
-
qemu-system-x86
QEMU full system emulation binaries (x86)
-
qemu-user
QEMU user mode emulation binaries
-
qemu-user-binfmt
QEMU user mode binfmt registration for qemu-user
-
qemu-user-static
QEMU user mode emulation binaries (static version)
-
qemu-utils
QEMU utilities
Package files