[ubuntu/trusty-security] qemu 2.0.0+dfsg-2ubuntu1.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Sep 8 17:16:47 UTC 2014 

qemu (2.0.0+dfsg-2ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple buffer overflows on invalid state load
    - debian/patches: added large number of upstream patches pulled from
      git tree.
    - CVE-2013-4148
    - CVE-2013-4149
    - CVE-2013-4150
    - CVE-2013-4151
    - CVE-2013-4526
    - CVE-2013-4527
    - CVE-2013-4529
    - CVE-2013-4530
    - CVE-2013-4531
    - CVE-2013-4532
    - CVE-2013-4533
    - CVE-2013-4534
    - CVE-2013-4535
    - CVE-2013-4536
    - CVE-2013-4537
    - CVE-2013-4538
    - CVE-2013-4539
    - CVE-2013-4540
    - CVE-2013-4541
    - CVE-2013-4542
    - CVE-2013-6399
    - CVE-2014-0182
    - CVE-2014-0222
    - CVE-2014-0223
    - CVE-2014-3461
    - CVE-2014-3471

qemu (2.0.0+dfsg-2ubuntu1.2) trusty-proposed; urgency=medium

  * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from
    /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551)

qemu (2.0.0+dfsg-2ubuntu1.1) trusty-proposed; urgency=low

  * remove alternatives for qemu: different architectures
    aren't really alternatives and never had been  (LP: #1316829)
  * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402)
  * debian/control: drop the versioning requirement from libfdt-dev
    build-dependency, as it is longer needed (LP: #1295072)

qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium

  * Merge 2.0.0+dfsg-2
  * Incorporates a fix for spice users (LP: #1309452)
  * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as
    the regression requiring it was reverted for 2.0 upstream.
  * remove qemu-system-common depends on the qemu-system-aarch64 metapackage
  * debian/qemu-debootstrap: add arm64
  * Remaining changes from debian:
    - keep qemu 'alternative' (not something to change in SRU)
    - debian/control and debian/control-in:
      * versioned libfdt-dev check, until libfdt is fixed in precise
      * enable rbd
      * remove ovmf Recommends, as it is in multiverse
      * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe
      * add a qemu-system-aarch64 metapackage for transitions from trusty
        development version.  This can be removed after trusty.
    - qemu-system-common.install: add debian/tmp/usr/lib to install the
      qemu-bridge-helper
    - qemu-system-common.postinst: fix /dev/kvm acls
    - qemu-system-common.preinst: add kvm group if needed
    - qemu-system-x86.links: add eepro100.rom link, drop links which we
      have in ipxe-qemu package.
    - qemu-system-x86.modprobe: set module options for older releases
    - qemu-system-x86.qemu-kvm.default: defaults for the upstart job
    - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job
    - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64
    - debian/rules
      * add legacy kvm-spice link
      * fix ppc and arm slections
      * add aarch64 to user_targets
    - debian/patches/ubuntu/define-trusty-machine-type.patch: define a
      pc-i440fx-trusty machine type as the default.
    - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by
      default in qemu64 cpu time.

qemu (2.0.0+dfsg-2) unstable; urgency=medium

  * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
    Debian kFreeBSD system still.

qemu (2.0.0+dfsg-1) unstable; urgency=low

  * 2.0 actually does not close #739589,
    remove it from from last changelog entry
  * mention closing of #707629 by 2.0
  * mention a list of CVE IDs closed by #742730
  * mention closing of CVE-2013-4377 by 1.7.0-6
  * do not set --enable-uname-release=2.6.32 for qemu-user anymore
    (was needed for old ubuntu builders)
  * removed 02_kfreebsd.patch: it adds configure check for futimens() and
    futimesat() syscalls on FreeBSD, however futimens() appeared in FreeBSD
    5.0, and futimesat() in 8.0, and 8.0 is the earliest supported version
  * kmod dependency is linux-any
  * doc-grammify-allows-to.patch: fix some lintian warnings
  * remove alternatives for qemu: different architectures
    aren't really alternatives and never had been 
  * update Standards-Version to 3.9.5 (no changes needed)
  * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
    fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
    or 2.0, among other things

qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low

  * new upstream release candidate (2.0-rc1)
    Closes: #742730 -- image format processing issues:
     CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145
     CVE-2014-0146 CVE-2014-0147 CVE-2014-0148
    Closes: #743235, #707629
  * refreshed patches:
    02_kfreebsd.patch
    retry-pxe-after-efi.patch
    use-fixed-data-path.patch
  * removed patches applied upstream:
    qemu-1.7.1.diff
    address_space_translate-do-not-cross-page-boundaries.diff
    fix-smb-security-share.patch
    slirp-smb-redirect-port-445-too.patch
    implement-posix-timers.diff
    linux-user-fixed-s390x-clone-argument-order.patch
  * added bios-256k.bin symlink and bump seabios dependency to >= 1.7.4-2
  * recommend ovmf package for qemu-system-x86 to support UEFI boot
    (Closes: #714249)
  * switch from sdl1 to sdl2 (build-depend on libsdl2-dev)
  * output last 50 lines of config.log in case configure failed

Date: 2014-08-12 15:33:13.096633+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/trusty/+source/qemu/2.0.0+dfsg-2ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list