[ubuntu/focal-proposed] qemu 1:4.2-1ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Sat Feb 1 09:46:24 UTC 2020
qemu (1:4.2-1ubuntu1) focal; urgency=medium
* Merge with Debian testing, Among many other things this fixes LP Bugs:
LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
LP: #1812822 - avoid crashes on detaching vhost_net interfaces
LP: #1852744 - Crypto Passthrough Interrupt Support
LP: #1853316 - CCW IPL Support
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- Enable nesting by default
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390-netboot.img with upstream Makefile
- arch aware kvm wrappers
- d/control: update VCS links
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/control: disable bluetooth being deprecated
- d/not-installed: ignore new interop docs and extra icons for now
- d/not-installed: do not install elf2dmp until namespaced
- d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
- d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- Dropped changes (in Debian)
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- enable RDMA config option
- add libibumad-dev build-dep
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
As that hack to build s390-ccw.img rom can't build s390x-netboot.img
replace it with a build-indep using the upstream makefiles.
This is less prone to miss future changes/fixes that are done to the
makefiles
- remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
- d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
- d/rules: fix qemu-kvm service for debhelper compat >=12
- Refreshed patches for v4.0 context changes
- d/control*: remove sdlabi which was removed upstream
- d/control*: enable docs (now explicit) and provide new build-dep
python3-sphinx
- d/qemu-system-data.install: use new paths for formerly used icons
- Merge with Upstream release of qemu 4.0
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
- Dropped changes (Upstream)
- d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
- d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
- d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
fix i386 build error
- d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
fix naming of the new vector facitlity (LP 1836066)
- d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
for missing SIOCGSTAMP definition; final fix is still in discussion
upstream (LP: 1836159)
- d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
s390x machines (LP 1836154)
- d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
(LP 1841066)
- d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
update the z15 model name (LP 1842774)
- d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
fix a potential hang when qemu or qemu-img where accessing http backed
disks via libcurl (LP 1848556)
- d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
- d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
toleration for future machines (LP 1830704)
- SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- d/p/ubuntu/enable-md-no.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
- SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- CVE-2018-20815
- SECURITY UPDATE: device driver denial of service via NULL pointer
dereference
- d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
routine
- CVE-2019-5008
- SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
- d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
unimplement.patch: properly return architecture defined exception
on bad subcodes of diag 308 (LP 1812384)
* Dropped changes (no more needed)
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile.
[ only needed between disco and eoan ]
- disable pvrdma
[ CVEs all fixed now ]
- d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
avoid misdetection of simplified nesting blocking all migrations
[ qemu now detects and handles nesting - needs kernel >=4.20 ]
- Enable nesting by default
- d/qemu-system-x86.modprobe: set nested=1 module option on intel.
(is default on amd)
- d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
without nested=1
[ nesting is default in kernel modules and default selected cpu types ]
* Added changes
- d/control: regenerate debian/control out of control-in
- updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
- added ubuntu focal types for qemu 4.2
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP: #1857033)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
- fix typos in changelog and d/qemu-system-x86.NEWS
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
- d/control*: enable libpmem support for nvdimms (LP: #1790856)
qemu (1:4.2-1) unstable; urgency=medium
* new upstream release (4.2.0)
* removed patches: v4.1.1.diff, enable-pschange-mc-no.patch
* do not make sgabios.bin executable (lintian)
* add s390-netboot.img lintian overrides for qemu-system-data
* build qboot (bios-microvm.bin)
* build-depend-indep on libc6-dev-i386 for qboot
(includes some system headers)
qemu (1:4.1-3) unstable; urgency=medium
* mention #939869 (CVE-2019-15890) in previous changelog entry
* add Provides: sgabios to qemu-data (Closes: #945924)
* fix qemu-debootsrtap (add hppa arch, print correct error message)
thanks to Helge Deller (Closes: #923410)
* enable long binfmt masks again for mips/mips32 (Closes: #829243)
qemu (1:4.1-2) unstable; urgency=medium
* build sgabios in build-indep, conflict with sgabios package
* qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb
* remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog
* move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img
* imported v4.1.1.diff - upstream stable branch
Closes: CVE-2019-12068
Closes: #945258, #945072
* enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature
to allow disabling ITLB multihit mitigations in nested hypervisors
Closes: #944623
* build-depend on nettle-dev, enable nettle, and clarify --enable-lzo
* switch to system libslirp, build-depend on libslirp-dev
Closes: #939869, CVE-2019-15890
qemu (1:4.1-1) unstable; urgency=medium
* new upstream release v4.1
Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly)
(use internal slirp copy for now)
Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME)
Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity)
Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug)
Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE)
Closes: #927924 (new upstream version)
Closes: #897054 (AMD Zen CPU support)
Closes: #935324 (FTBFS due to gluster API change)
Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.)
Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c)
* remove patches which are applied upstream, refresh remaining patches
(bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream,
bluetooth subsystem is going to be removed, we keep it for now)
* debian/source/options: ignore slirp/ submodule
* use python3 for building, not python
* debian/optionrom.mk: add pvh.bin
* switch from libssh2 to libssh, and enable libssh support in ubuntu
* bump spice version requiriment to 0.12.5
* enable pvrdma
* debian/control-in: remove reference to libsdl
* debian/rules: add new objects for s390-ccw fw
* debian/control: add build dependency on python3-sphinx for docs
* install ui/icons/qemu.svg and qemu.desktop
* debian/rules: remove pc-bios/bamboo.dtb before building it
* install vhost-user-gpu binary and 50-qemu-gpu.json
* debian/rules: remove old maintscript-helper invocations, not needed anymore
* remove +dfsg for now, upload whole upstream source, will trim it later
Date: Wed, 08 Jan 2020 15:27:42 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:4.2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 08 Jan 2020 15:27:42 +0100
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-s390x qemu-system-x86-xen
Architecture: source
Version: 1:4.2-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
qemu - fast processor emulator, dummy package
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-data - QEMU full system emulation (data files)
qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-s390x - QEMU full system emulation binaries (s390x)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-system-x86-xen - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 829243 897054 916442 922461 922923 923410 927924 931351 933741 935324 939869 944623 945072 945258 945924
Launchpad-Bugs-Fixed: 1790856 1812822 1847806 1852744 1853316 1857033 1859527
Changes:
qemu (1:4.2-1ubuntu1) focal; urgency=medium
.
* Merge with Debian testing, Among many other things this fixes LP Bugs:
LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc
LP: #1812822 - avoid crashes on detaching vhost_net interfaces
LP: #1852744 - Crypto Passthrough Interrupt Support
LP: #1853316 - CCW IPL Support
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- Enable nesting by default
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390-netboot.img with upstream Makefile
- arch aware kvm wrappers
- d/control: update VCS links
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/control: disable bluetooth being deprecated
- d/not-installed: ignore new interop docs and extra icons for now
- d/not-installed: do not install elf2dmp until namespaced
- d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
- d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617)
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- Dropped changes (in Debian)
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- enable RDMA config option
- add libibumad-dev build-dep
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
As that hack to build s390-ccw.img rom can't build s390x-netboot.img
replace it with a build-indep using the upstream makefiles.
This is less prone to miss future changes/fixes that are done to the
makefiles
- remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
- d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
- d/rules: fix qemu-kvm service for debhelper compat >=12
- Refreshed patches for v4.0 context changes
- d/control*: remove sdlabi which was removed upstream
- d/control*: enable docs (now explicit) and provide new build-dep
python3-sphinx
- d/qemu-system-data.install: use new paths for formerly used icons
- Merge with Upstream release of qemu 4.0
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch
- Dropped changes (Upstream)
- d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243)
- d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238)
- d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
fix i386 build error
- d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
fix naming of the new vector facitlity (LP 1836066)
- d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
for missing SIOCGSTAMP definition; final fix is still in discussion
upstream (LP: 1836159)
- d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
s390x machines (LP 1836154)
- d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
(LP 1841066)
- d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
update the z15 model name (LP 1842774)
- d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
fix a potential hang when qemu or qemu-img where accessing http backed
disks via libcurl (LP 1848556)
- d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*:
fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497)
- d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
toleration for future machines (LP 1830704)
- SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- d/p/ubuntu/enable-md-no.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
- SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- CVE-2018-20815
- SECURITY UPDATE: device driver denial of service via NULL pointer
dereference
- d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
routine
- CVE-2019-5008
- SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
- d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
unimplement.patch: properly return architecture defined exception
on bad subcodes of diag 308 (LP 1812384)
* Dropped changes (no more needed)
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile.
[ only needed between disco and eoan ]
- disable pvrdma
[ CVEs all fixed now ]
- d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
avoid misdetection of simplified nesting blocking all migrations
[ qemu now detects and handles nesting - needs kernel >=4.20 ]
- Enable nesting by default
- d/qemu-system-x86.modprobe: set nested=1 module option on intel.
(is default on amd)
- d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
without nested=1
[ nesting is default in kernel modules and default selected cpu types ]
* Added changes
- d/control: regenerate debian/control out of control-in
- updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal
- added ubuntu focal types for qemu 4.2
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP: #1857033)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
- fix typos in changelog and d/qemu-system-x86.NEWS
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527)
- d/control*: enable libpmem support for nvdimms (LP: #1790856)
.
qemu (1:4.2-1) unstable; urgency=medium
.
* new upstream release (4.2.0)
* removed patches: v4.1.1.diff, enable-pschange-mc-no.patch
* do not make sgabios.bin executable (lintian)
* add s390-netboot.img lintian overrides for qemu-system-data
* build qboot (bios-microvm.bin)
* build-depend-indep on libc6-dev-i386 for qboot
(includes some system headers)
.
qemu (1:4.1-3) unstable; urgency=medium
.
* mention #939869 (CVE-2019-15890) in previous changelog entry
* add Provides: sgabios to qemu-data (Closes: #945924)
* fix qemu-debootsrtap (add hppa arch, print correct error message)
thanks to Helge Deller (Closes: #923410)
* enable long binfmt masks again for mips/mips32 (Closes: #829243)
.
qemu (1:4.1-2) unstable; urgency=medium
.
* build sgabios in build-indep, conflict with sgabios package
* qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb
* remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog
* move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img
* imported v4.1.1.diff - upstream stable branch
Closes: CVE-2019-12068
Closes: #945258, #945072
* enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature
to allow disabling ITLB multihit mitigations in nested hypervisors
Closes: #944623
* build-depend on nettle-dev, enable nettle, and clarify --enable-lzo
* switch to system libslirp, build-depend on libslirp-dev
Closes: #939869, CVE-2019-15890
.
qemu (1:4.1-1) unstable; urgency=medium
.
* new upstream release v4.1
Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly)
(use internal slirp copy for now)
Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME)
Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity)
Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug)
Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE)
Closes: #927924 (new upstream version)
Closes: #897054 (AMD Zen CPU support)
Closes: #935324 (FTBFS due to gluster API change)
Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.)
Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c)
* remove patches which are applied upstream, refresh remaining patches
(bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream,
bluetooth subsystem is going to be removed, we keep it for now)
* debian/source/options: ignore slirp/ submodule
* use python3 for building, not python
* debian/optionrom.mk: add pvh.bin
* switch from libssh2 to libssh, and enable libssh support in ubuntu
* bump spice version requiriment to 0.12.5
* enable pvrdma
* debian/control-in: remove reference to libsdl
* debian/rules: add new objects for s390-ccw fw
* debian/control: add build dependency on python3-sphinx for docs
* install ui/icons/qemu.svg and qemu.desktop
* debian/rules: remove pc-bios/bamboo.dtb before building it
* install vhost-user-gpu binary and 50-qemu-gpu.json
* debian/rules: remove old maintscript-helper invocations, not needed anymore
* remove +dfsg for now, upload whole upstream source, will trim it later
Checksums-Sha1:
4030ae2b81c2a7b152549239006b1e0f878ce663 6955 qemu_4.2-1ubuntu1.dsc
b27aa828a8457bd8551ae3c81b80cc365e1f6bfe 62222068 qemu_4.2.orig.tar.xz
9572afe9d6c8a8ee4dbca9b0dbedfc49e53dd19b 117984 qemu_4.2-1ubuntu1.debian.tar.xz
856d67ddec705ea8204a3052653913791b947354 9652 qemu_4.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
978be9487f2b175b5f08cd41125e442a991a7a91e8085b8bfb997f16b521495d 6955 qemu_4.2-1ubuntu1.dsc
d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0 62222068 qemu_4.2.orig.tar.xz
c0fa11037fdbe8a674533b5ee9449d6d09382eb5b4c46063bfe792a35e368ecb 117984 qemu_4.2-1ubuntu1.debian.tar.xz
4478b08b1ce48073fc7915a97d15b36eb3616fd78616483c8969ebd2c0d317d6 9652 qemu_4.2-1ubuntu1_source.buildinfo
Files:
ae1920def12cb5d18557430e066d59fc 6955 otherosfs optional qemu_4.2-1ubuntu1.dsc
278eeb294e4b497e79af7a57e660cb9a 62222068 otherosfs optional qemu_4.2.orig.tar.xz
394f8c3f2269c97d18373de053a2bc73 117984 otherosfs optional qemu_4.2-1ubuntu1.debian.tar.xz
65ede785df24d17e14d7427496187329 9652 otherosfs optional qemu_4.2-1ubuntu1_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAl41R8kACgkQuj4pM4KA
skJCAA//X2FmWQrDzxrnzw+07Fy6ogALowFc2p21+X6AFDklTlXJf0Ykffwouh3G
19apMeigz2/03iAQvcobXiYz/7+BaX4B0IySu9I6aXugLv7stzvsykepiQOCdcH4
YdBHTDGSnf7f/KqvYj8an5omtmImY8jBJCmB+FMIFi5rocJ/4c/OKCp9+wlDLs6A
Dok7zXfwE0vxQfChjUZ+YDOM7VKK1t2VLmN/0nuBujmBpcc8HXsCmb9mWGhw4wqs
bWvY5XIjezOo2n77O5A8x7SswWbSZnBoKaWp7GghQYoAh66x0jNS1cPfmtsMl48S
CLRxcE4N+jBMhcOiFyz34I+pKrUCvSM1LQhQmAcBUnfQssbzsCiKKvLaBRx8Fd81
Y733/4aMCH7R+CoEsIdgpcwsJhPrpwFIKsfYkb6nVRZVrkxtQ7hS//0PmA/o82M4
ux37/UoZI1HWYLVSRx4xQ20RQ8tRAok582iZzylkHj3owDol53R1mXS4ASx5yZi7
r/Fhnz8MN55jBS3nYcaAusVSSYDv6k7hQ1xZv9bRNGn4Y+gpzs3SiSxNbGUeWpgP
VFB/T1DVA9AGUP1x0ctZ6ViLKrOi3SMXoRW02RcOmA12VSMRwTkCD1kBanKJriMK
/YEwH4evORYoCZ7XBpR/ecUJBBkuyBBjhz9Vfg68jSjM+is0KiY=
=XlB2
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list