[ubuntu/groovy-proposed] qemu 1:5.0-5ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Mon Jun 29 15:18:25 UTC 2020
qemu (1:5.0-5ubuntu1) groovy; urgency=medium
* Merge with Debian testing (LP: #1749393), remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- arch aware kvm wrappers
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes --disable-xen for user-static builds]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
* Dropped changes (no more needed)
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/control: avoid upgrade issues triggered by moving ivshmem tools after
Debian. Fixed by bumping the related Breaks/Replaces to the
Version Ubuntu introduced the change (LP 1862287)
* Dropped changes (in Debian)
- improved s390x support
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- qemu-system-x86-microvm package
In addition to the generic multi-purpose qemu also provide a minimal
feature binary that is loading faster for use cases with microvm machine
type and qboot bios
- d/control-in: add a new qemu-system-x86-microvm package
- d/rules: add an extra config/build step to get the minimal qemu
- Security and packaging fixes (LP 1872937)
- arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
- net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
CVE-2020-10702
CVE-2020-11102
- fix external spice UI
+ install ui-spice-app.so in qemu-system-common
+ install ui-spice-app.so only if built, spice is optional
- switch binfmt registration to use update-binfmts --[un]import (#866756)
- qemu-system-gui: Multi-Arch=same, not foreign (#956763)
- qemu-system-data: s/highcolor/hicolor/ (#955741)
- enable riscv build (LP 1872931)
[ changes picked from Debian ]
- enable support for riscv64 hosts
- only enable librbd on architectures where it is built
- ceph: do not list librados-dev as we only use librbd-dev and the latter
depends on the former
- seccomp grew up, no need in versioned build-dep
- enable seccomp only on architectures where it can be built
* Dropped changes (upstream)
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP 1857033)
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
- d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
vhost-user-gpu
- d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
avoid unnecessary IOTLB transactions (LP 1866207)
- d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
patches @qemu-stable (LP 1867519)
- remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
to avoid broken nesting (LP 1868692)
- d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
(LP 1871830)
- d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
- d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
- d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
and clobbered doubles (LP 1872945)
- SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
- debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
- CVE-2020-11869
- d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP 1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
- d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
supporting to set them (LP 1882774)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
* Added Changes:
- d/control: regenerate debian/control out of control-in
- update d/p/ubuntu/lp-1835546-* to the final versions
- 11 patches dropped as they are in 5.0
- 20 patches updated to how they will be in 5.1
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
- d/control-in: build-dep libcap is no more needed
- d/rules: update arch aware kvm wrappers
- d/qemu-system-x86.README.Debian: fix typo
qemu (1:5.0-5) unstable; urgency=medium
* more binfmt-install updates
* CVE-2020-10717 fix from upstream:
virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and
virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch
(Closes: #959746, CVE-2020-10717)
* 2 patches from upstream/stable to fix io_uring fd set buildup:
aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch
aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch
* upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch
* upstream stable fix:
net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch
qemu (1:5.0-4) unstable; urgency=medium
* fix binfmt registration (Closes: #959222)
* disable PIE for user-static build on x32 too, not only i386
qemu (1:5.0-3) unstable; urgency=medium
* do not explicitly enable -static-pie on non-i386 architectures.
Apparenly only amd64 actually support -static-pie for now, and
it is correctly detected.
qemu (1:5.0-2) unstable; urgency=medium
* (temporarily) disable pie on i386 static build
For now -static-pie fails on i386 with the following error message:
/usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o):
unsupported non-PIC call to IFUNC `memset'
* install qemu-system docs in qemu-system-common, not qemu-system-data,
since docs require ./configure run
qemu (1:5.0-1) unstable; urgency=medium
* new upstream release (5.0)
Closes: #958926
Closes: CVE-2020-11869
* refresh patches, remove patches applied upstream
* do not mention openhackware, it is not used anymore
* do not disable bluez (support removed)
* new system arch "rx"
* dont install qemu-doc.* for now,
but install virtiofsd & qemu-storage-daemon
* add shared-lib-without-dependency-information tag
to qemu-user-static.lintian-overrides
* add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common)
* do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools
* install qemu-user html docs for qemu-user & qemu-user-static
* build hppa-firmware.img from roms/seabios-hppa
(and Build-Depeds-Indep on gcc-hppa-linux-gnu)
* enable liburing on linux (build-depend on liburing-dev)
* add upstream signing-key.asc (Michael Roth <flukshun at gmail.com>)
* build opensbi firmware
(for riscv64 only, riscv32 is possible with compiler flags)
* add source-level lintian-overrides for binaries-without-sources
(lintian can't find sources for a few firmware images which are in roms/)
qemu (1:4.2-7) unstable; urgency=medium
* qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763)
* x32 arch is in the same family as i386 & x86_64, omit binfmt registration
* check systemd-detect-virt before running update-binfmt
* gluster is de-facto linux-only, do not build-depend on it on non-linux
* virglrenderer is also essentially linux-specific
* qemu-user-static does not depend on shlibs
* disable parallel building of targets of d/rules
* add lintian overrides (arch-dependent static binaries) for openbios binaries
* separate binary-indep target into install-indep-prep and binary-indep
* split out various components of qemu-system-data into independent
build/install rules and add infrastructure for more components:
x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper,
slof, s390x-fw
* iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
qemu (1:4.2-6) unstable; urgency=medium
* d/rules: fix FTBFS (brown-paper-bag bug) in last upload
qemu (1:4.2-5) unstable; urgency=medium
* no error-out on address-of-packet-member in openbios
* install ui-spice-app.so only if built, spice is optional
* arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch -
Closes: CVE-2020-10702, weak signature generation
in Pointer Authentication support for ARM
* (temporarily) enable seccomp only on architectures where it can be built
(Closes: #956624)
* seccomp has grown up, no need in versioned build-dep
* do not list librados-dev in build-dep as we only use librbd-dev
and the latter depends on the former
* only enable librbd on architectures where it is buildable
qemu (1:4.2-4) unstable; urgency=medium
[ Michael Tokarev ]
* d/rules: build minimal configuration for qboot/microvm usage
* set microvm to be the default machine type for microvm case
* install ui-spice-app.so in qemu-system-common
* do not depend on libattr-dev, functions are now in libc6 (Closes: #953910)
* net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
(Closes: #956145, CVE-2020-11102, tulip nic buffer overflow)
* qemu-system-data: s/highcolor/hicolor/ (Closes: #955741)
* switch binfmt registration to use update-binfmts --[un]import
(Closes: #866756)
* build openbios-ppc & openbios-sparc binaries in qemu-system-data,
and replace corresponding binary packages.
Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep
* build and provide/replace qemu-slof too
[ Aurelien Jarno ]
* enable support for riscv64 hosts
Date: Tue, 16 Jun 2020 16:50:09 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:5.0-5ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Jun 2020 16:50:09 +0200
Source: qemu
Architecture: source
Version: 1:5.0-5ubuntu1
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Closes: 866756 953910 955741 956145 956624 956763 958926 959222 959746
Launchpad-Bugs-Fixed: 1749393
Changes:
qemu (1:5.0-5ubuntu1) groovy; urgency=medium
.
* Merge with Debian testing (LP: #1749393), remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- arch aware kvm wrappers
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes --disable-xen for user-static builds]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
* Dropped changes (no more needed)
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/control: avoid upgrade issues triggered by moving ivshmem tools after
Debian. Fixed by bumping the related Breaks/Replaces to the
Version Ubuntu introduced the change (LP 1862287)
* Dropped changes (in Debian)
- improved s390x support
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- qemu-system-x86-microvm package
In addition to the generic multi-purpose qemu also provide a minimal
feature binary that is loading faster for use cases with microvm machine
type and qboot bios
- d/control-in: add a new qemu-system-x86-microvm package
- d/rules: add an extra config/build step to get the minimal qemu
- Security and packaging fixes (LP 1872937)
- arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
- net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
CVE-2020-10702
CVE-2020-11102
- fix external spice UI
+ install ui-spice-app.so in qemu-system-common
+ install ui-spice-app.so only if built, spice is optional
- switch binfmt registration to use update-binfmts --[un]import (#866756)
- qemu-system-gui: Multi-Arch=same, not foreign (#956763)
- qemu-system-data: s/highcolor/hicolor/ (#955741)
- enable riscv build (LP 1872931)
[ changes picked from Debian ]
- enable support for riscv64 hosts
- only enable librbd on architectures where it is built
- ceph: do not list librados-dev as we only use librbd-dev and the latter
depends on the former
- seccomp grew up, no need in versioned build-dep
- enable seccomp only on architectures where it can be built
* Dropped changes (upstream)
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP 1857033)
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
- d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
vhost-user-gpu
- d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
avoid unnecessary IOTLB transactions (LP 1866207)
- d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
patches @qemu-stable (LP 1867519)
- remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
to avoid broken nesting (LP 1868692)
- d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
(LP 1871830)
- d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
- d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
- d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
and clobbered doubles (LP 1872945)
- SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
- debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
- CVE-2020-11869
- d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP 1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
- d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
supporting to set them (LP 1882774)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
* Added Changes:
- d/control: regenerate debian/control out of control-in
- update d/p/ubuntu/lp-1835546-* to the final versions
- 11 patches dropped as they are in 5.0
- 20 patches updated to how they will be in 5.1
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
- d/control-in: build-dep libcap is no more needed
- d/rules: update arch aware kvm wrappers
- d/qemu-system-x86.README.Debian: fix typo
.
qemu (1:5.0-5) unstable; urgency=medium
.
* more binfmt-install updates
* CVE-2020-10717 fix from upstream:
virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and
virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch
(Closes: #959746, CVE-2020-10717)
* 2 patches from upstream/stable to fix io_uring fd set buildup:
aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch
aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch
* upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch
* upstream stable fix:
net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch
.
qemu (1:5.0-4) unstable; urgency=medium
.
* fix binfmt registration (Closes: #959222)
* disable PIE for user-static build on x32 too, not only i386
.
qemu (1:5.0-3) unstable; urgency=medium
.
* do not explicitly enable -static-pie on non-i386 architectures.
Apparenly only amd64 actually support -static-pie for now, and
it is correctly detected.
.
qemu (1:5.0-2) unstable; urgency=medium
.
* (temporarily) disable pie on i386 static build
For now -static-pie fails on i386 with the following error message:
/usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o):
unsupported non-PIC call to IFUNC `memset'
* install qemu-system docs in qemu-system-common, not qemu-system-data,
since docs require ./configure run
.
qemu (1:5.0-1) unstable; urgency=medium
.
* new upstream release (5.0)
Closes: #958926
Closes: CVE-2020-11869
* refresh patches, remove patches applied upstream
* do not mention openhackware, it is not used anymore
* do not disable bluez (support removed)
* new system arch "rx"
* dont install qemu-doc.* for now,
but install virtiofsd & qemu-storage-daemon
* add shared-lib-without-dependency-information tag
to qemu-user-static.lintian-overrides
* add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common)
* do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools
* install qemu-user html docs for qemu-user & qemu-user-static
* build hppa-firmware.img from roms/seabios-hppa
(and Build-Depeds-Indep on gcc-hppa-linux-gnu)
* enable liburing on linux (build-depend on liburing-dev)
* add upstream signing-key.asc (Michael Roth <flukshun at gmail.com>)
* build opensbi firmware
(for riscv64 only, riscv32 is possible with compiler flags)
* add source-level lintian-overrides for binaries-without-sources
(lintian can't find sources for a few firmware images which are in roms/)
.
qemu (1:4.2-7) unstable; urgency=medium
.
* qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763)
* x32 arch is in the same family as i386 & x86_64, omit binfmt registration
* check systemd-detect-virt before running update-binfmt
* gluster is de-facto linux-only, do not build-depend on it on non-linux
* virglrenderer is also essentially linux-specific
* qemu-user-static does not depend on shlibs
* disable parallel building of targets of d/rules
* add lintian overrides (arch-dependent static binaries) for openbios binaries
* separate binary-indep target into install-indep-prep and binary-indep
* split out various components of qemu-system-data into independent
build/install rules and add infrastructure for more components:
x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper,
slof, s390x-fw
* iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
.
qemu (1:4.2-6) unstable; urgency=medium
.
* d/rules: fix FTBFS (brown-paper-bag bug) in last upload
.
qemu (1:4.2-5) unstable; urgency=medium
.
* no error-out on address-of-packet-member in openbios
* install ui-spice-app.so only if built, spice is optional
* arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch -
Closes: CVE-2020-10702, weak signature generation
in Pointer Authentication support for ARM
* (temporarily) enable seccomp only on architectures where it can be built
(Closes: #956624)
* seccomp has grown up, no need in versioned build-dep
* do not list librados-dev in build-dep as we only use librbd-dev
and the latter depends on the former
* only enable librbd on architectures where it is buildable
.
qemu (1:4.2-4) unstable; urgency=medium
.
[ Michael Tokarev ]
* d/rules: build minimal configuration for qboot/microvm usage
* set microvm to be the default machine type for microvm case
* install ui-spice-app.so in qemu-system-common
* do not depend on libattr-dev, functions are now in libc6 (Closes: #953910)
* net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
(Closes: #956145, CVE-2020-11102, tulip nic buffer overflow)
* qemu-system-data: s/highcolor/hicolor/ (Closes: #955741)
* switch binfmt registration to use update-binfmts --[un]import
(Closes: #866756)
* build openbios-ppc & openbios-sparc binaries in qemu-system-data,
and replace corresponding binary packages.
Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep
* build and provide/replace qemu-slof too
.
[ Aurelien Jarno ]
* enable support for riscv64 hosts
Checksums-Sha1:
fadfee5f4484ba70311c04d200683727354566a7 7395 qemu_5.0-5ubuntu1.dsc
52d1c0e6025a212d4fde471e4d9b5913f2615f86 62426192 qemu_5.0.orig.tar.xz
5e2b67c2c354a436b477067e98a245b85750366f 148364 qemu_5.0-5ubuntu1.debian.tar.xz
ecb7a24a1eca8920a23887ebdd6765037411924f 10277 qemu_5.0-5ubuntu1_source.buildinfo
Checksums-Sha256:
ccdeb60b4467802d740da81c1b6b2168acbdf80813fdbc032e9f614176cbb2c0 7395 qemu_5.0-5ubuntu1.dsc
2f13a92a0fa5c8b69ff0796b59b86b080bbb92ebad5d301a7724dd06b5e78cb6 62426192 qemu_5.0.orig.tar.xz
96b463f19be13432b80ccebfb06da9456606f32dd3039548934088c0749a721f 148364 qemu_5.0-5ubuntu1.debian.tar.xz
696144213255ce11ca180e38402fb9fd554eafd2c76dfcdb06335159f9059204 10277 qemu_5.0-5ubuntu1_source.buildinfo
Files:
850bedcc4807c3377505103520e625e7 7395 otherosfs optional qemu_5.0-5ubuntu1.dsc
ede6005d7143fe994dd089d31dc2cf6c 62426192 otherosfs optional qemu_5.0.orig.tar.xz
e44ebdd29a0f051c03f39a7451ae3a53 148364 otherosfs optional qemu_5.0-5ubuntu1.debian.tar.xz
81fb8df0db4ad014fe8e7f2641f8d039 10277 otherosfs optional qemu_5.0-5ubuntu1_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAl75+uoACgkQuj4pM4KA
skLzZQ//XZVqembaVQ8sbaKKJJ2A4dLBjOMGsug8oXy0FzAg4z5bY928Ersd0WeZ
P8/R25EAdGvD1v1SiOf9U+cg/5hnHALkpDtagG5htNt4ypuDE7AUacpyTzoljd1o
y4Fm/lIz/39gF1PNT5Mpvq2D6MV2zv6D8AjmvhdhBLZG6iA1YXH7aMmhE+/UL+wP
UZliSXjddk0AChnfZFdwsVsYr48O42OOlmboPHr1N06EKsl7s8O0kDqt5VY5LfwF
1lfp/m7NXOHJqUM93/7zUqCuahZN95+L/CCaxxR130j82T0NthJo5REh5ebl+3uW
yuxBusnQ8vk/xvC7cDc+Hy7yZIhfAJUsICUYj5691CjTB/GBNmAUuwyBTJEcF/J+
Dc6EXQZjx71blTDB3DL/Dl//zMc+ckdFL2pAq+EHqQjHohuL7hDPPSshs2MryVJu
Dhgf6LczO99yLF1LBJ4Zfy7QAJ36k7hLp6hUarZ09EMKOWOusHl1tgoxfKrCZ7sv
aX8CI6koWIQDrpBtAE6R8J/t6Z6pU96vJ0KempaJh53evShVeUamdJFtbr8foodR
7rldaagTKGrPePPWbWYSfTpyPRDGNIS7T7TKZG4gJss1nvOxc40OPBq2Zj1WRcvk
1SlaKp8K27qSRDDzRRUabV8GrqkujlH80RhMjz4nSJNa9QoWLX8=
=WXeq
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list