[ubuntu/hirsute-proposed] qemu 1:5.1+dfsg-4ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Nov 18 11:14:15 UTC 2020
qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
* Merge with Debian testing, remaining changes:
Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/control: regenerate debian/control out of control-in
* Dropped changes [in Debian or no more needed]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- Pick further changes for groovy from debian/master since 5.0-5
- ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
- revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
- exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
- megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
- megasas-use-unsigned-type-for-positive-numeric-fields.patch
- megasas-fix-possible-out-of-bounds-array-access.patch
- nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
- es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
- a few patches from the stable series:
- fix-tulip-breakage.patch
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
- acpi-tmr-allow-2-byte-reads.patch
- reapply CVE-2020-13253 fixes from upstream
- linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
- linux-user-add-netlink-RTM_SETLINK-command.patch
- d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
- qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
- acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
- acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
- xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
- do not install outdated (0.12 and before) Changelog
- xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
- sm501 OOB read/write due to integer overflow in sm501_2d_operation()
- riscv-allow-64-bit-access-to-SiFive-CLINT.patch
another fix for revert-memory-accept-.. CVE-2020-13754
- seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
- d/control-in: build-dep libcap is no more needed
- arch aware kvm wrappers
[upstream now automatically enables KVM if available and called with
kvm* name, provides KVM as before but with auto-fallback to tcg.
Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
* Dropped changes [upstream now]
- d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
setup_len
- d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
- d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
- d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
from vfio-ccw (LP 1887935)
- fix qemu-user-static initialization to allow executing systemd (LP 1890881)
- fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
- d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
SQXBR (LP 1883984)
- d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
- d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
environments (LP 1887763)
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
- update d/p/ubuntu/lp-1835546-* to the final versions
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
* Added Changes:
- update ubuntu machine types for hirsute at 5.1
- d/control: regenerated from d/control-in
- d/control, d/rules: build with gcc-9 on armhf as workaround until
resolved in gcc-10 (LP: 1890435)
qemu (1:5.1+dfsg-4) unstable; urgency=high
* mention closing of CVE-2020-16092 by 5.1
* usb-fix-setup_len-init-CVE-2020-14364.patch
Closes: #968947, CVE-2020-14364
(OOB r/w access in USB emulation)
qemu (1:5.1+dfsg-3) unstable; urgency=medium
* fix one more issue in last upload. This is what happens when
you do "obvious" stuff in a hurry without proper testing..
qemu (1:5.1+dfsg-2) unstable; urgency=medium
* fix brown-paper bag bug in last upload
qemu (1:5.1+dfsg-1) unstable; urgency=medium
* hw-display-qxl.so depends on spice so install it
only if it is built just like ui-spice-app
* note #931046 for libfdt
qemu (1:5.1+dfsg-0exp1) experimental; urgency=medium
* new upstream release 5.1.0. Make source DFSG-clean again
Closes: #968088
Closes: CVE-2020-16092 (net_tx_pkt_add_raw_fragment in e1000e & vmxnet3)
* remove all patches which are applied upstream
* do not install non-existing doc/qemu/*-ref.*
* qemu-pr-helper is now in /usr/lib/qemu not /usr/bin
* virtfs-proxy-helper is in /usr/lib/qemu now, not /usr/bin
* new architecture: qemu-system-avr
* refresh d/get-orig-source.sh
* d/get-orig-source.sh: report already removed files in dfsg-clean
* install common modules in qemu-system-common
* lintian tag renamed: shared-lib-without-dependency-information to
shared-library-lacks-prerequisites
qemu (1:5.0-14) unstable; urgency=high
* this is a bugfix release before breaking toys with the new upstream
* riscv-allow-64-bit-access-to-SiFive-CLINT.patch
(another fix for revert-memory-accept-..-CVE-2020-13754)
* install /usr/lib/*/qemu/ui-curses.so in qemu-system-common
Closes: #966517
qemu (1:5.0-13) unstable; urgency=medium
* seabios-hppa-fno-ipa-sra.patch
fix ftbfs with gcc-10
qemu (1:5.0-12) unstable; urgency=medium
* acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
* xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
* do not install outdated (0.12 and before) Changelog (Closes: #965381)
* xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
* sm501 OOB read/write due to integer overflow in sm501_2d_operation()
List of patches:
sm501-convert-printf-abort-to-qemu_log_mask.patch
sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
sm501-use-BIT-macro-to-shorten-constant.patch
sm501-clean-up-local-variables-in-sm501_2d_operation.patch
sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
Closes: #961451, CVE-2020-12829
qemu (1:5.0-11) unstable; urgency=high
* d/control-in: only enable opengl (libdrm&Co) on linux
* d/control-in: spice: drop versioned deps (even jessie version is enough),
drop libspice-protocol-dev (automatically pulled by libspice-server-dev),
and build on more architectures
* change from debhelper versioned dependency to debhelper-compat (=12)
* acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
Urgency = high due to this issue.
qemu (1:5.0-10) unstable; urgency=medium
* fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x)
* use the same $(if) construct to simplify #ifdeffery
qemu (1:5.0-9) unstable; urgency=medium
* move kvm executable/script from qemu-kvm to qemu-system-foo,
make it multi-arch, and remove qemu-kvm package
* remove libcacard leftovers from d/.gitignore
* linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
(Closes: #965109)
* linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
* libudev is linux-specific, do not build-depend on it
on kfreebsd and others
* install virtiofsd in d/rules (!sparc64) instead of
d/qemu-system-common.install (fixes FTBFS on sparc64)
* confirm -static-pie not working today still
* d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
* qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
* build all modules since there are modules anyway,
no need to hack them in d/rules
* fix spelling in a patch name/subject inlast upload
* d/rules: do not use dh_install and dh_movefiles for individual
pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files
listed in d/foo.install too, in addition to given on command-line
* remove trailing whitespace from d/changelog
qemu (1:5.0-8) unstable; urgency=medium
* d/control: rdma is linux-only, do not enable it on kfreebsd & hurd
* add comment about virtiofsd conditional to d/qemu-system-common.install
Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing
seccomp onn that platform, we should either make virtiofsd conditional
(!sparc64) or fix seccomp on sparc64 and build-depend on it
* openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466)
* seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467)
* slof-remove-user-and-host-from-release-version.patch (Closes: #963472)
* slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470)
* update previous changelog, mention #945997
* reapply CVE-2020-13253 fixed from upstream:
sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
Closes: #961297, CVE-2020-13253
qemu (1:5.0-7) unstable; urgency=medium
* Revert "d/rules: report config log from the correct subdir - base build"
* Revert "d/rules: report config log from the correct subdir - microvm build"
* acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
* remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch -
upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253)
* explicitly specify --enable-tools on hppa and do the same trick
with --enable-tcg-interpreter --enable-tools on a few other unsupported
arches (Closes: #964372, #945997)
qemu (1:5.0-6) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture
* d/rules: makefile definitions can't be recursive - sys_systems for s390x
* d/rules: report config log from the correct subdir - base build
* d/rules: report config log from the correct subdir - microvm build
* d/control-in: disable rbd support unavailable on riscv
* fix assert in qemu guest agent that crashes on shutdown (LP: #1878973)
* d/control-in: build-dep libcap is no more needed
* d/rules: update -spice compat (Ubuntu only)
[ Michael Tokarev ]
* save block modules on upgrades (LP: #1847361)
After upgrade a still running qemu of a former version can't load the
new modules e.g. for extended storage support. Qemu 5.0 has the code to
allow defining a path that it will load these modules from.
* ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
infinite recursion via a crafted mm_index value during
ati_mm_read or ati_mm_write call.
* revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
* exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
* megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
* megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
* megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
* nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
This flaw occurs when an nbd-client sends a spec-compliant request that is
near the boundary of maximum permitted request length. A remote nbd-client
could use this flaw to crash the qemu-nbd server resulting in a DoS.
* es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
properly validate the frame count, which allows guest OS users to trigger
an out-of-bounds access during an es1370_write() operation
* sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated
address, which leads to an out-of-bounds read during sdhci_write()
operations. A guest OS user can crash the QEMU process.
And a preparational patch,
sdcard-update-coding-style-to-make-checkpatch-happy.patch
* a few patches from the stable series:
- fix-tulip-breakage.patch
The tulip network driver in a qemu-system-hppa emulation is broken in
the sense that bigger network packages aren't received any longer and
thus even running e.g. "apt update" inside the VM fails. Fix this.
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
[ Aurelien Jarno ]
* Remove myself from maintainers
Date: Thu, 29 Oct 2020 12:37:31 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:5.1+dfsg-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Oct 2020 12:37:31 +0100
Source: qemu
Architecture: source
Version: 1:5.1+dfsg-4ubuntu1
Distribution: hirsute
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Closes: 945997 961297 961451 961887 963466 963467 963470 963472 964247 964289 964372 964793 965109 965381 966517 968088 968947
Launchpad-Bugs-Fixed: 1847361 1878973 1897854
Changes:
qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
.
* Merge with Debian testing, remaining changes:
Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/control: regenerate debian/control out of control-in
* Dropped changes [in Debian or no more needed]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- Pick further changes for groovy from debian/master since 5.0-5
- ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
- revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
- exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
- megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
- megasas-use-unsigned-type-for-positive-numeric-fields.patch
- megasas-fix-possible-out-of-bounds-array-access.patch
- nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
- es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
- a few patches from the stable series:
- fix-tulip-breakage.patch
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
- acpi-tmr-allow-2-byte-reads.patch
- reapply CVE-2020-13253 fixes from upstream
- linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
- linux-user-add-netlink-RTM_SETLINK-command.patch
- d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
- qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
- acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
- acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
- xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
- do not install outdated (0.12 and before) Changelog
- xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
- sm501 OOB read/write due to integer overflow in sm501_2d_operation()
- riscv-allow-64-bit-access-to-SiFive-CLINT.patch
another fix for revert-memory-accept-.. CVE-2020-13754
- seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
- d/control-in: build-dep libcap is no more needed
- arch aware kvm wrappers
[upstream now automatically enables KVM if available and called with
kvm* name, provides KVM as before but with auto-fallback to tcg.
Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
* Dropped changes [upstream now]
- d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
setup_len
- d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
- d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
- d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
from vfio-ccw (LP 1887935)
- fix qemu-user-static initialization to allow executing systemd (LP 1890881)
- fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
- d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
SQXBR (LP 1883984)
- d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
- d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
environments (LP 1887763)
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
- update d/p/ubuntu/lp-1835546-* to the final versions
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
* Added Changes:
- update ubuntu machine types for hirsute at 5.1
- d/control: regenerated from d/control-in
- d/control, d/rules: build with gcc-9 on armhf as workaround until
resolved in gcc-10 (LP: 1890435)
.
qemu (1:5.1+dfsg-4) unstable; urgency=high
.
* mention closing of CVE-2020-16092 by 5.1
* usb-fix-setup_len-init-CVE-2020-14364.patch
Closes: #968947, CVE-2020-14364
(OOB r/w access in USB emulation)
.
qemu (1:5.1+dfsg-3) unstable; urgency=medium
.
* fix one more issue in last upload. This is what happens when
you do "obvious" stuff in a hurry without proper testing..
.
qemu (1:5.1+dfsg-2) unstable; urgency=medium
.
* fix brown-paper bag bug in last upload
.
qemu (1:5.1+dfsg-1) unstable; urgency=medium
.
* hw-display-qxl.so depends on spice so install it
only if it is built just like ui-spice-app
* note #931046 for libfdt
.
qemu (1:5.1+dfsg-0exp1) experimental; urgency=medium
.
* new upstream release 5.1.0. Make source DFSG-clean again
Closes: #968088
Closes: CVE-2020-16092 (net_tx_pkt_add_raw_fragment in e1000e & vmxnet3)
* remove all patches which are applied upstream
* do not install non-existing doc/qemu/*-ref.*
* qemu-pr-helper is now in /usr/lib/qemu not /usr/bin
* virtfs-proxy-helper is in /usr/lib/qemu now, not /usr/bin
* new architecture: qemu-system-avr
* refresh d/get-orig-source.sh
* d/get-orig-source.sh: report already removed files in dfsg-clean
* install common modules in qemu-system-common
* lintian tag renamed: shared-lib-without-dependency-information to
shared-library-lacks-prerequisites
.
qemu (1:5.0-14) unstable; urgency=high
.
* this is a bugfix release before breaking toys with the new upstream
* riscv-allow-64-bit-access-to-SiFive-CLINT.patch
(another fix for revert-memory-accept-..-CVE-2020-13754)
* install /usr/lib/*/qemu/ui-curses.so in qemu-system-common
Closes: #966517
.
qemu (1:5.0-13) unstable; urgency=medium
.
* seabios-hppa-fno-ipa-sra.patch
fix ftbfs with gcc-10
.
qemu (1:5.0-12) unstable; urgency=medium
.
* acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
* xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
* do not install outdated (0.12 and before) Changelog (Closes: #965381)
* xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
* sm501 OOB read/write due to integer overflow in sm501_2d_operation()
List of patches:
sm501-convert-printf-abort-to-qemu_log_mask.patch
sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
sm501-use-BIT-macro-to-shorten-constant.patch
sm501-clean-up-local-variables-in-sm501_2d_operation.patch
sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
Closes: #961451, CVE-2020-12829
.
qemu (1:5.0-11) unstable; urgency=high
.
* d/control-in: only enable opengl (libdrm&Co) on linux
* d/control-in: spice: drop versioned deps (even jessie version is enough),
drop libspice-protocol-dev (automatically pulled by libspice-server-dev),
and build on more architectures
* change from debhelper versioned dependency to debhelper-compat (=12)
* acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
Urgency = high due to this issue.
.
qemu (1:5.0-10) unstable; urgency=medium
.
* fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x)
* use the same $(if) construct to simplify #ifdeffery
.
qemu (1:5.0-9) unstable; urgency=medium
.
* move kvm executable/script from qemu-kvm to qemu-system-foo,
make it multi-arch, and remove qemu-kvm package
* remove libcacard leftovers from d/.gitignore
* linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
(Closes: #965109)
* linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
* libudev is linux-specific, do not build-depend on it
on kfreebsd and others
* install virtiofsd in d/rules (!sparc64) instead of
d/qemu-system-common.install (fixes FTBFS on sparc64)
* confirm -static-pie not working today still
* d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
* qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
* build all modules since there are modules anyway,
no need to hack them in d/rules
* fix spelling in a patch name/subject inlast upload
* d/rules: do not use dh_install and dh_movefiles for individual
pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files
listed in d/foo.install too, in addition to given on command-line
* remove trailing whitespace from d/changelog
.
qemu (1:5.0-8) unstable; urgency=medium
.
* d/control: rdma is linux-only, do not enable it on kfreebsd & hurd
* add comment about virtiofsd conditional to d/qemu-system-common.install
Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing
seccomp onn that platform, we should either make virtiofsd conditional
(!sparc64) or fix seccomp on sparc64 and build-depend on it
* openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466)
* seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467)
* slof-remove-user-and-host-from-release-version.patch (Closes: #963472)
* slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470)
* update previous changelog, mention #945997
* reapply CVE-2020-13253 fixed from upstream:
sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
Closes: #961297, CVE-2020-13253
.
qemu (1:5.0-7) unstable; urgency=medium
.
* Revert "d/rules: report config log from the correct subdir - base build"
* Revert "d/rules: report config log from the correct subdir - microvm build"
* acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
* remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch -
upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253)
* explicitly specify --enable-tools on hppa and do the same trick
with --enable-tcg-interpreter --enable-tools on a few other unsupported
arches (Closes: #964372, #945997)
.
qemu (1:5.0-6) unstable; urgency=medium
.
[ Christian Ehrhardt ]
* d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture
* d/rules: makefile definitions can't be recursive - sys_systems for s390x
* d/rules: report config log from the correct subdir - base build
* d/rules: report config log from the correct subdir - microvm build
* d/control-in: disable rbd support unavailable on riscv
* fix assert in qemu guest agent that crashes on shutdown (LP: #1878973)
* d/control-in: build-dep libcap is no more needed
* d/rules: update -spice compat (Ubuntu only)
.
[ Michael Tokarev ]
* save block modules on upgrades (LP: #1847361)
After upgrade a still running qemu of a former version can't load the
new modules e.g. for extended storage support. Qemu 5.0 has the code to
allow defining a path that it will load these modules from.
* ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
infinite recursion via a crafted mm_index value during
ati_mm_read or ati_mm_write call.
* revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
* exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
* megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
* megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
* megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
* nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
This flaw occurs when an nbd-client sends a spec-compliant request that is
near the boundary of maximum permitted request length. A remote nbd-client
could use this flaw to crash the qemu-nbd server resulting in a DoS.
* es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
properly validate the frame count, which allows guest OS users to trigger
an out-of-bounds access during an es1370_write() operation
* sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated
address, which leads to an out-of-bounds read during sdhci_write()
operations. A guest OS user can crash the QEMU process.
And a preparational patch,
sdcard-update-coding-style-to-make-checkpatch-happy.patch
* a few patches from the stable series:
- fix-tulip-breakage.patch
The tulip network driver in a qemu-system-hppa emulation is broken in
the sense that bigger network packages aren't received any longer and
thus even running e.g. "apt update" inside the VM fails. Fix this.
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
.
[ Aurelien Jarno ]
* Remove myself from maintainers
Checksums-Sha1:
572b881cc849cc0c852ffb2eb3ce22b0b092fdfb 7386 qemu_5.1+dfsg-4ubuntu1.dsc
8e1db320d3f4ee4c7cd051ac4d877547c8063bd3 18742044 qemu_5.1+dfsg.orig.tar.xz
3dae7082ceb30e0823df81b5c76239a60f3e6128 127144 qemu_5.1+dfsg-4ubuntu1.debian.tar.xz
2cdf19a434b6e37652d0ecdaa6dcb0ada984c027 10907 qemu_5.1+dfsg-4ubuntu1_source.buildinfo
Checksums-Sha256:
4c05829d8534348ec3b4f50694047ba4b96f0812b0e0f153cdfe02ff919a1cf1 7386 qemu_5.1+dfsg-4ubuntu1.dsc
f419dcb24aabaed6ea4ea17f6dbd0b73c1651e9063ee8a416425fb4c81098d00 18742044 qemu_5.1+dfsg.orig.tar.xz
6cd4ac7162bde2c2d5febb5ed3bb5c226206f271627217474cfff01a97350891 127144 qemu_5.1+dfsg-4ubuntu1.debian.tar.xz
80a14f95b98c8991703118a2ece3a85df2a20dc76a6bada41d14e4da6808cd82 10907 qemu_5.1+dfsg-4ubuntu1_source.buildinfo
Files:
8ec03cd0d6a8453d967c7834cf318901 7386 otherosfs optional qemu_5.1+dfsg-4ubuntu1.dsc
4c5399660f7ec6a664eb2eb2c0c02558 18742044 otherosfs optional qemu_5.1+dfsg.orig.tar.xz
c56d94891020ddc8010a5b3b4dc79845 127144 otherosfs optional qemu_5.1+dfsg-4ubuntu1.debian.tar.xz
68f2518e70930d9c528c4630cdfab2bf 10907 otherosfs optional qemu_5.1+dfsg-4ubuntu1_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAl+1ARkACgkQuj4pM4KA
skJRJg//WzIguEqW7hOPOf/97/YhcoW5VvuOwDu43skhryH04OWidK2I9wj5cJFb
kfIHa+6yMffndvz9c66XvFNXaz57Y78NEY8IZWniGywXwYkzLIdCB5rRG/sFB4RG
xQPhhHwUt0P+0EE4wlUWInuLj64oYa1sfH0g7AqcNzvvT+NYSrr1XtpnwBVTWvdc
ZGIDlYI28xMoDb+SN9Nc9UdJvnUpf1CaDfb6wYoCGPsWM2SbGeDtRvAut2qDYeLM
rxODfs3wb+PfIOJOympdQm8PpOLeHyYC7C0hmBDXm38N+m1/5FnZPD13beMBt5Ml
9JpE01Vh17V0/rrDj9m5EnZxOn31DrRz7/83N746zq1W8xp3GZJNR/9w/QA2apJG
UsiMfuHQ1rQBvyXY/wUv0y0CTuMWFiuHHBYAm8KtL6XeoQOW3K3PQwVRnqhZaVCK
qcu6P5T2+TYHZAb3QE5DdB9J8/+UV2u2wc5GoYbxV+mHvjQPtpvApRk1VhtxRbfA
cP2Oq6+R3oDYlnPC56HMsGZTti9iG+TFGA1qDpPuxX/1U29/iCYIIUa9FPJIp0Gw
XjwhpT853PzKhLMHeXMnb/RKAyicCJCJVirN2XzD2j17+dMBg7ka6Tg0TqrSc2b7
21kzuZnAVEn/COCFmA+xnhjAbI8tyn2OkqS4YOMfqgOnnW2PPys=
=YAo5
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list