[ubuntu/cosmic-proposed] qemu 1:2.12+dfsg-3ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Mon Jul 16 18:26:16 UTC 2018
qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
* Merge with Debian testing, Remaining Changes:
- Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
convenience with all meltdown/spectre workarounds enabled by default.
(LP: 1761372).
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- arch aware kvm wrappers
- update VCS-git (updated to match cosmic)
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- Create and install pxe netboot images for KVM s390x (LP: 1732094)
- d/rules enable install s390x-netboot.img
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- SECURITY UPDATE: Speculative Store Bypass
- debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
CPUID feature bit in target/i386/cpu.*.
- debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
- debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
target/i386/machine.c.
- CVE-2018-3639
* Added Changes:
- update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
- add cosmic types for base and -hpb
- drop no more supported types (zesty and yakkety)
- d/p/series: group machine type changes
- d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
merged upstream
- d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
computation while concatenating mbuf.
CVE-2018-11806
- d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
- d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
- d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
- d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
to POWER8
- d/qemu-kvm-init: drop old VM detection that was broken in some cases and
is no more needed with systemd-detect-virt being more mature and always
present.
- d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
- d/control-in: add libibumad-dev which is now needed for rdma
- d/rules: update s390x delta to match new Debian packaging
- d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
for powerpc64 to speed up translation (LP: #1781526)
- d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
cpu model for z14 ZR1 (LP: #1780773).
- Mark qemu-system-data foreign to be able to install it e.g. on i386
(Closes: 903562)
- d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
unreleased Debian version)
* Dropped Changes:
- debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
(No more removed when building DFSG orig tarball in Debian)
- sdl2 is yet too unstable for the LTS Ubuntu release given the reports
we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
so we revert related changes to stick with the proven for now:
- 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
depends on it)
- 9594f820 - switch from sdl1.2 to sdl2 (#870025)
(Debian switched to gtk which seems to work better and has all
dependencies in main.)
- d/control-in: enable seccomp on s390x (in Debian for Linux-any)
- Changes that are now upstream with qemu 2.12
- d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
newer versions of glibc >=2.27 (LP: 1753826)
- d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
- d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
SSE/AVX/AVX512 cpu features (LP: 1739665)
- d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
space+commpage continuous which avoids long startup times on
qemu-user-static (LP: 1740219)
- provide pseries-2.12-sxxm type (LP: 1761372)
- d/p/ubuntu/lp-1704312-1-* provide means to manually handle
filesystem-dax with pmem by backporting align and unarmed options
(LP: 1704312).
- d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
option to slirp's DHCP server (LP: 1762315)
- d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
Protection information (LP: 1762854).
- d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
migration (LP: 1763468).
- SECURITY UPDATE: out-of-bounds access during migration via ps2
CVE-2017-16845
- SECURITY UPDATE: arbitrary code execution via load_multiboot
CVE-2018-7550
- SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
CVE-2018-7858
Date: Thu, 21 Jun 2018 14:24:06 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.12+dfsg-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Jun 2018 14:24:06 +0200
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-s390x
Architecture: source
Version: 1:2.12+dfsg-3ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
qemu - fast processor emulator, dummy package
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-data - QEMU full system emulation (data files)
qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-s390x - QEMU full system emulation binaries (s390x)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 903562
Launchpad-Bugs-Fixed: 1763275 1780768 1780769 1780772 1780773 1781526
Changes:
qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium
.
* Merge with Debian testing, Remaining Changes:
- Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772)
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- set nested=1 module option on intel. (is default on amd)
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
- qemu-system-common.preinst: add kvm group if needed
- Distribution specific machine type
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
- d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
convenience with all meltdown/spectre workarounds enabled by default.
(LP: 1761372).
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- Enable numa support for s390x
- arch aware kvm wrappers
- update VCS-git (updated to match cosmic)
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- Create and install pxe netboot images for KVM s390x (LP: 1732094)
- d/rules enable install s390x-netboot.img
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- SECURITY UPDATE: Speculative Store Bypass
- debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd'
CPUID feature bit in target/i386/cpu.*.
- debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD
'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
- debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD
MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c,
target/i386/machine.c.
- CVE-2018-3639
* Added Changes:
- update machine type changes for qemu 2.12 and the Ubuntu Cosmic release
- add cosmic types for base and -hpb
- drop no more supported types (zesty and yakkety)
- d/p/series: group machine type changes
- d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
merged upstream
- d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
computation while concatenating mbuf.
CVE-2018-11806
- d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the
deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES.
- d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275)
- d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings
- d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply
to POWER8
- d/qemu-kvm-init: drop old VM detection that was broken in some cases and
is no more needed with systemd-detect-virt being more mature and always
present.
- d/kvm.powerpc: drop old powerpc (non-ppc64el) code.
- d/control-in: add libibumad-dev which is now needed for rdma
- d/rules: update s390x delta to match new Debian packaging
- d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
for powerpc64 to speed up translation (LP: #1781526)
- d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
cpu model for z14 ZR1 (LP: #1780773).
- Mark qemu-system-data foreign to be able to install it e.g. on i386
(Closes: 903562)
- d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
unreleased Debian version)
* Dropped Changes:
- debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch
(No more removed when building DFSG orig tarball in Debian)
- sdl2 is yet too unstable for the LTS Ubuntu release given the reports
we still see upstream and in Debian - furthermore sdl2 isn't in main yet,
so we revert related changes to stick with the proven for now:
- 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already
depends on it)
- 9594f820 - switch from sdl1.2 to sdl2 (#870025)
(Debian switched to gtk which seems to work better and has all
dependencies in main.)
- d/control-in: enable seccomp on s390x (in Debian for Linux-any)
- Changes that are now upstream with qemu 2.12
- d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with
newer versions of glibc >=2.27 (LP: 1753826)
- d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release
- d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new
SSE/AVX/AVX512 cpu features (LP: 1739665)
- d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm
space+commpage continuous which avoids long startup times on
qemu-user-static (LP: 1740219)
- provide pseries-2.12-sxxm type (LP: 1761372)
- d/p/ubuntu/lp-1704312-1-* provide means to manually handle
filesystem-dax with pmem by backporting align and unarmed options
(LP: 1704312).
- d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname
option to slirp's DHCP server (LP: 1762315)
- d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying
Protection information (LP: 1762854).
- d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9
migration (LP: 1763468).
- SECURITY UPDATE: out-of-bounds access during migration via ps2
CVE-2017-16845
- SECURITY UPDATE: arbitrary code execution via load_multiboot
CVE-2018-7550
- SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
CVE-2018-7858
Checksums-Sha1:
b1de557844b25ff7886fff7bb4d2fab7d4c50499 6709 qemu_2.12+dfsg-3ubuntu1.dsc
2d9e704e4a9d18bcdb7deda630b76e341144574a 31214224 qemu_2.12+dfsg.orig.tar.xz
e0fbaa7f272d4c02ee589b7afb3f7720d13b17a4 106448 qemu_2.12+dfsg-3ubuntu1.debian.tar.xz
18e5bf25c4dfdbe3b02ca150a07aaebbdc0beb3d 12803 qemu_2.12+dfsg-3ubuntu1_source.buildinfo
Checksums-Sha256:
1716803f85bad509d5652db15239d17f976033a0c18f794a1bbdea822cb7e4f0 6709 qemu_2.12+dfsg-3ubuntu1.dsc
bcc5c030e741544435ae6f42c06665bc5185e7286cb3672694d9d34900782a4b 31214224 qemu_2.12+dfsg.orig.tar.xz
5bf972f1a291f71c428c9f0512b9411c5f2ecc74f32125d718b1a1d67d38fb10 106448 qemu_2.12+dfsg-3ubuntu1.debian.tar.xz
4b87f62799b0ad530e70bdc856b6119eea3b561eec28e8852497651b1f4a1a78 12803 qemu_2.12+dfsg-3ubuntu1_source.buildinfo
Files:
c36ad406599f9d6a1a5459bbd48cc48d 6709 otherosfs optional qemu_2.12+dfsg-3ubuntu1.dsc
b4584775a438acd0ba9e0a69af70245b 31214224 otherosfs optional qemu_2.12+dfsg.orig.tar.xz
f43c90e34a71f738f7bb2b3bee5dfec6 106448 otherosfs optional qemu_2.12+dfsg-3ubuntu1.debian.tar.xz
17e87ad04bc7e00eab4955284b8b6947 12803 otherosfs optional qemu_2.12+dfsg-3ubuntu1_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAltM4vMACgkQuj4pM4KA
skLsEhAAgU5/+5mbjBTS8JvgLj+tju2WoF6j3qjqAJ2dptPY2iMcBMOUo1fsVlkc
hsA6YQkn8fGl4rsoV4o7vYsnYP2SjAZUJudYsAYyYY9oHu5aD4NNCL9/L1t7s0ib
47BU0wvfguCoZ8ihQGozbzNklf6JmcfLJiicKCGqaeUlMZmECoB3tmSYCt7yaj7E
yvs7szY6eD5AUJUW9p3pC8/RACevQgHOq9xh16gXmNarQJ6qykhzt989h2AJHoi5
KZeShCYtr9H7TUcPOhD0dlaWk8I26GpiHruA6xJ+Hm+c/LOHDC8qwB4OLMSTm/CA
cSUrzO9ZG4eAMvrhm0z6R3+53t7AvVRbCU2XZ7iNwZ3HON+exvUq/o2GWX8Km0vI
Fi/rxUt64rO7vDQQW55N76EbRzshNgH0+W3rdzDGBguAVrhw046dl5wdxhmEKns0
TUP7dQaBa9RTIUQZdKSaBUKf6HkI397eJdqTpTM850JdyrKp0/DT2uFWokdwdFFa
0H7Sztsfvgn2YkIa+CNuQdozkQALbyd0S28ZYAlV8WKzvsVuz1njkdAKkSa+p/hd
e4cNhO1rs5+4UJ5EDd7nIkV5crVbAfkEvWR6oeaDodIkqAXL7c0/86aOFUq6cv1/
ZQ2qVqvsUmd9zBrFfTFVrYC7bt2WOruZTNk3RW6T6siUsJVMmNg=
=u9Wj
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list