[ubuntu-cloud-archive/pike-updates] qemu (Accepted)
James Page
james.page at ubuntu.com
Fri Sep 1 13:50:39 UTC 2017
qemu (1:2.10~rc4+dfsg-0ubuntu1~cloud0) xenial-pike; urgency=medium
.
* New upstream release for the Ubuntu Cloud Archive.
.
qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium
.
* Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602);
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- ppc64[le] support
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- Enable seccomp for ppc64el
- bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
- arch aware kvm wrappers
- update VCS-git to match the Artful branch
- disable missing x32 architecture
- d/rules: or32 is now named or1k (since 4a09d0bb)
- d/qemu-system-common.docs: new paths since (ac06724a)
- d/qemu-system-common.install: qmp-commands.txt removed, but replaced
by qapi-schema.json which is already packaged (since 4d8bb958)
- d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update
to Debian patch to match qemu 2.10)
- s390x package now builds correctly on all architectures (LP 1710695)
* Added changes:
- d/qemu-system-common.docs: adapt new path of live-block-operations.rst
since 8508eee7
- d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1
- make nios2/hppa not installed explicitly until further stablized
- d/qemu-guest-agent.install: add the new guest agent reference man page
qemu-ga-ref
- d/qemu-system-common.install: add the now generated qapi/qmp reference
along the qapi intro
- d/not-installed: ignore further generated (since 56e8bdd4) files in
dh_missing that are already provided in other formats qemu-doc,
qemu-qmp-ref,qemu-ga-ref
- d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new
changes in 2.10-rc4
.
qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium
.
* Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes
a set of bugs
- [FFE] Qemu 2.10 in Artful (LP: #1699968)
- CPU hot unplug fails after migrating a CPU hotplugged guest
from source (LP: #1677552)
- [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902)
- New KVM 288 Pass Through (LP: #1672447)
- aarch64: MSI is not supported by interrupt controller (LP: #1706630)
* Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- ppc64[le] support
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- Enable seccomp for ppc64el
- bump libseccomp-dev dependency, 2.3 is the minimum for ppc64
- arch aware kvm wrappers
- disable missing x32 architecture
- update VCS links
* Added changes
- d/rules: or32 is now named or1k (since 4a09d0bb)
- d/qemu-system-common.docs: new paths since (ac06724a)
- d/qemu-system-common.install: qmp-commands.txt removed, but replaced
by qapi-schema.json which is already packaged (since 4d8bb958)
- Updates in debian/patches to match qemu 2.10
- d/p/02_kfreebsd.patch: utimensat is no more optional upstream
- d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386
- d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types
- update VCS-git to match the Artful branch
- s390x package now builds correctly on all architectures (LP: #1710695)
* Dropped changes (integrated upstream):
- d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
"spapr/pci: populate PCI DT in reverse order" (LP 1670481).
- All CVE fixes formerly applied are upstream and thereby dropped.
.
qemu (1:2.8+dfsg-7) unstable; urgency=medium
.
* uploading to unstable all fixes which went to stretch-security
(exactly the same as 2.8+dfsg-6+deb9u2)
.
qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high
.
* actually apply the nbd server patches, not only include in debian/patches/
Really closes: #865755, CVE-2017-9524
* slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch
Closes: #869171, CVE-2017-11434
* exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch
Closes: #869173, CVE-2017-11334
* usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch
Closes: #867751, CVE-2017-10806
* add reference to #869706 to
xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
* disable xhci recursive calls fix for now, as it causes instant crash
(xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch)
Reopens: #864219, CVE-2017-9375
Closes: #869945
.
qemu (1:2.8+dfsg-6+deb9u1) stretch-security; urgency=high
.
* net-e1000e-fix-an-infinite-loop-issue-CVE-2017-9310.patch
Closes: #863840, CVE-2017-9310
* usb-ohci-fix-error-return-code-in-servicing-iso-td-CVE-2017-9330.patch
Closes: #863943, CVE-2017-9330
* ide-ahci-call-cleanup-function-in-ahci-unit-CVE-2017-9373.patch
Closes: #864216, CVE-2017-9373
* xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch
Closes: #864219, CVE-2017-9375
* usb-ehci-fix-memory-leak-in-ehci-CVE-2017-9374.patch
Closes: #864568, CVE-2017-9374
* nbd-ignore-SIGPIPE-CVE-2017-10664.patch
Closes: #866674, CVE-2017-10664
* nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch
nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch
Closes: #865755, CVE-2017-9524
* xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
Closes: CVE-2017-10911
.
qemu (1:2.8+dfsg-6) unstable; urgency=high
.
* 9pfs-local-forbid-client-access-to-metadata-CVE-2017-7493.patch
Closes: CVE-2017-7493
* group all 9p patches together
* drop obsolete comment about libiscsi on ubuntu from d/control
.
qemu (1:2.8+dfsg-5) unstable; urgency=high
.
* Security fix release
* 9pfs-local-set-path-of-export-root-to-dot-CVE-2017-7471.patch
Closes: #860785, CVE-2017-7471
* 9pfs-xattr-fix-memory-leak-in-v9fs_list_xattr-CVE-2017-8086.patch
Closes: #861348, CVE-2017-8086
* vmw_pvscsi-check-message-ring-page-count-at-init-CVE-2017-8112.patch
Closes: #861351, CVE-2017-8112
* scsi-avoid-an-off-by-one-error-in-megasas_mmio_write-CVE-2017-8380.patch
Closes: #862282, CVE-2017-8380
* input-limit-kbd-queue-depth-CVE-2017-8379.patch
Closes: #862289, CVE-2017-8379
* audio-release-capture-buffers-CVE-2017-8309.patch
Closes: #862280, CVE-2017-8309
.
qemu (1:2.8+dfsg-4) unstable; urgency=high
.
* usb-ohci-limit-the-number-of-link-eds-CVE-2017-6505.patch
Closes: #856969, CVE-2017-6505
* linux-user-fix-apt-get-update-on-linux-user-hppa.patch
Closes: #846084
* update to 2.8.1 upstream stable/bugfix release
(v2.8.1.diff from upstream, except of seabios blob bits).
Closes: #857744, CVE-2016-9603
Patches dropped because they're included in 2.8.1 release:
9pfs-symlink-attack-fixes-CVE-2016-9602.patch
char-fix-ctrl-a-b-not-working.patch
cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
cirrus-fix-oob-access-issue-CVE-2017-2615.patch
cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
linux-user-fix-s390x-safe-syscall-for-z900.patch
nbd_client-fix-drop_sync-CVE-2017-2630.patch
s390x-use-qemu-cpu-model-in-user-mode.patch
sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
* bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1
* 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
(Closes: #859854, CVE-2017-7377)
* dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch
Closes: #840950, CVE-2016-8667
* make d/control un-writable to stop users from changing a generated file
* two patches from upstream to fix user-mode network with IPv6
slirp-make-RA-build-more-flexible.patch
slirp-send-RDNSS-in-RA-only-if-host-has-an-IPv6-DNS.patch
(Closes: #844566)
Date: Wed, 30 Aug 2017 09:10:44 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: James Page <james.page at ubuntu.com>
More information about the Cloud-archive-changes
mailing list