-
qemu (1:8.1.2+ds-1) unstable; urgency=medium
* upstream 8.1.2 stable/bugfix release
* remove all stable-staging/ patches and two more
(all included into 8.1.2)
* d/rules: microvm build: do not explicitly enable avx2
-- Michael Tokarev <email address hidden> Tue, 17 Oct 2023 09:44:39 +0300
-
qemu (1:8.1.1+ds-2) unstable; urgency=medium
* d/rules: fix binary target to produce both arch and indep
binaries instead of omitting indep one(s)
* d/patches: sync with current staging-8.1 branch, many new fixes
* additional fixes:
+hw-ide-ahci-fix-legacy-software-reset.patch
+target-mips-Fix-MSA-BZ-BNZ-opcodes-displacement.patch
+hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
-- Michael Tokarev <email address hidden> Sun, 08 Oct 2023 12:28:55 +0300
-
qemu (1:8.1.1+ds-1) unstable; urgency=medium
* new upstream stable/bugfix release
* remove all stable-staging/ patches, keep
softmmu-Use-async_run_on_cpu-in-tcg_commit.patch
* vfio-display-fix-missing-update-to-set-backing-field.patch
* scsi-disk-disallow-small-block-sizes-CVE-2023-42467.patch
(Closes: #1051899, CVE-2023-42467)
* migration-qmp-Fix-crash-on-setting-tls-authz-with-nu.patch
* d/patches/move-vl-opts/ - stop linking everything with async-teardown.c,
un-FTBFS on ia64
* d/control: minor: remove old todo comments
* d/control: disable rbd (ceph) on 32bit platforms (Closes: #1053172)
* d/control: enable rbd on riscv64 once it's built there
* d/copyright: also remove subprojects/dtc
-- Michael Tokarev <email address hidden> Sun, 01 Oct 2023 22:11:24 +0300
-
qemu (1:8.1.0+ds-6) unstable; urgency=medium
* re-enable softmmu-Use-async_run_on_cpu-in-tcg_commit.patch
* add https://<email address hidden>/msg989073.html
fixing https://gitlab.com/qemu-project/qemu/-/issues/1866
* d/rules: reorder some definitions to evaluate in proper order
-- Michael Tokarev <email address hidden> Wed, 20 Sep 2023 23:31:59 +0300
-
qemu (1:8.1.0+ds-5) unstable; urgency=medium
* disable softmmu-Use-async_run_on_cpu-in-tcg_commit.patch
The change in softmmu-Use-async_run_on_cpu-in-tcg_commit.patch
which is a fix for https://gitlab.com/qemu-project/qemu/-/issues/1864
(x86 VM with TCG and SMP fails to start on 8.1.0)
introduces https://gitlab.com/qemu-project/qemu/-/issues/1866
* more patches from stable-staging
* re-introduce qemu-debootstrap for now until all users of it will
be converted to regular debootstrap
-- Michael Tokarev <email address hidden> Sun, 17 Sep 2023 19:10:34 +0300
-
qemu (1:8.1.0+ds-4) unstable; urgency=medium
* d/changelog: fix spelling
* +linux-user-Fixes-for-zero_bss.patch: fix linux-user zero_bss bug
* many small changes for d/rules
* d/rules: split out qemu-user build out out of main qemu build
When both system and linux-user builds are enabled, linux-user
build is getting features only relevant for system (softmmu)
configuration, like linking with liburing, libnuma and other
softmmu-only stuff. So build it separately.
This not only makes qemu-user smaller and neater, but it also
makes Built-Using field for qemu-user-static (which is generated
from Depends field of qemu-user) accurate.
* d/qemu-user[-static].docs: use unprocessed .rst doc instead of html
* d/rules: check for nocheck in DEB_BUILD_PROFILES too,
not only DEB_BUILD_OPTIONS
* d/rules, d/control: disable build-time test due to apparent dak bug
-- Michael Tokarev <email address hidden> Mon, 11 Sep 2023 14:19:32 +0300
-
qemu (1:8.1.0+ds-3) unstable; urgency=medium
* d/control: split out most of Build-Depends to Build-Depends-Arch, in order
to break B-D loop on qemu-system-data (it is only needed for -Arch) and
to reduce arch-all build time.
Only very few things left in common Build-Depends.
* Removing most things from B-D discovered that skiboot includes openssl
header(s) (!), so add libssl-dev to Build-Depends-Indep.
* d/control,d/rules: introduce build profiles to omit bulding some packages
(mostly debugging aid, to reduce test build run time).
* d/rules: use ninja directly for various qemu builds
(non-verbose build now shows errors/warnings nicely)
* d/control: Rules-Requires-Root: "binary-targets", not "no", -
this enables building as non-root, finally
* d/rules: add forgotten -p for mkdir b/user-static
* d/not-installed: list 2 files from user/ manual
(which is built even on unsupported architectures)
-- Michael Tokarev <email address hidden> Sun, 10 Sep 2023 01:30:15 +0300
-
qemu (1:8.1.0+ds-2) unstable; urgency=medium
* d/control: fix descriptions of qemu-system-gui and
qemu-system-modules-spice packages
* update lintian-overrides
* d/rules: enable verbose (-v) build for qboot
* d/rules: move lto control to where it actually works
* d/rules: remove usage of "standard dh sequencer".
It has mutliple issues. To name a few:
- it exports CFLAGS &Co which breaks badly when trying to compile
bios/firmware code (fixes FTBFS with new -fcf-protection)
- it performs multiple recursive calls to d/rules which is
slow when make variables are set using $(shell), - annoying
when debugging
- it hides actual actions being done at install/binary stages
- it is confusing in override_dh_foo{,-indep,-arch}
- it does just too much unknown magic, - just give the control
back.
-- Michael Tokarev <email address hidden> Sat, 09 Sep 2023 22:37:02 +0300
-
qemu (1:8.1.0+ds-1) unstable; urgency=medium
* d/changelog: mention closing of #984451, CVE-2021-20255 by 8.1
* d/changelog: mention closing of #1041471 by 8.1
* d/patches: add patches currenly staged for 8.1.1
* d/gbp.conf: switch from experimental to master
* upload to unstable
-- Michael Tokarev <email address hidden> Sat, 09 Sep 2023 17:03:54 +0300
-
qemu (1:8.0.4+dfsg-3) unstable; urgency=medium
* d/rules: export PYTHONDONTWRITEBYTECODE=1 to stop generating .pyc files
(Closes: #1046056)
* d/control: list more CPU types emulated by qemu in package descriptions
* d/control: refine qemu-system-gui package description
* d/rules: remove --interp-prefix= configure option
* late fix for 8.1: target-arm-Fix-SME-ST1Q.patch
* late fix for 8.1: target-arm-Fix-64-bit-SSRA.patch
* d/control: remove old versions from build-deps
-- Michael Tokarev <email address hidden> Tue, 22 Aug 2023 20:15:07 +0300
-
qemu (1:8.0.4+dfsg-2) unstable; urgency=medium
* remove linux-user-show-heap-address-in-proc-pid-maps.patch
* pick 2 nvme fixes from upstream:
- hw-nvme-fix-oob-memory-read-in-fdp-events-log-CVE-2023-4135.patch
Closes: #1050142, CVE-2023-4135
- hw-nvme-fix-null-pointer-access-in-directive-receive-CVE-2023-40360.patch
Closes: #1050140, CVE-2023-40360
* d/rules: --enable-virtfs (--enable-attr --enable-cap-ng) for xen build
to enable 9pfs (Closes: #1049925)
* d/rules: run-qemu.mount is linux-specific too
(if we ever do non-linux system build)
* d/control: disable sndio on debian too (disabled on ubuntu), for now anyway
* d/*.install, d/rules: explicitly list all qemu-system modules
* d/control: build-depend on libglib2.0-dev (forgotten!) and zlib1g-dev,
move the two to the top before all optional deps
* d/changelog: fix 7.1+dfsg-1 changelog entry (qemu-user and qemu-system)
-- Michael Tokarev <email address hidden> Mon, 21 Aug 2023 09:57:59 +0300
-
qemu (1:8.0.4+dfsg-1) unstable; urgency=medium
* new upstream stable/bugfix release
Closes: CVE-2023-3180 (virtual crypto virtio_crypto_handle_sym_req)
Closes: CVE-2023-3354 (VNC server QIOChannel NULL ptr deref)
Closes: CVE-2023-3255 (VNC: infinite loop in inflate_buffer)
* d/patches: remove patches picked up from stable-staging branch
which are applied in 8.0.4
* d/control: build-depend on libglib2.0-dev (forgotten!) and zlib1g-dev,
move the two to the top before all optional deps
* remove xen-specific wrapper for qemu-system-i386
(needed for bookworm upgrade only)
-- Michael Tokarev <email address hidden> Fri, 11 Aug 2023 22:13:36 +0300
-
qemu (1:8.0.3+dfsg-5) unstable; urgency=medium
* remove previous 2 mmap/brk patches for now
linux-user-optimize-memory-layout-for-static-and-dyn.patch
linux-user-load-pie-executables-at-upper-memory.patch
These are intended for 8.1, and causes other issues on 8.0.
Closes: #1042808
Reopens: #1040981
-- Michael Tokarev <email address hidden> Wed, 02 Aug 2023 10:55:50 +0300
-
qemu (1:8.0.3+dfsg-4) unstable; urgency=medium
* more linux-user address fixes from Helge Deller
Remove
stable-staging/linux-user-fix-qemu-arm-to-run-static-armhf-binaries.patch
linux-user-limit-brk-adjustment-wrt-interp.brk-to-arm32.patch
Add
linux-user-show-heap-address-in-proc-pid-maps.patch
linux-user-optimize-memory-layout-for-static-and-dyn.patch
linux-user-load-pie-executables-at-upper-memory.patch
This *might* fix #1041859.
* stable-staging/tcg-ppc-fix-race-in-goto_tb-implementation.patch
fix qemu sigsegv on ppc -smp. Should fix autopkgtests (debvm, others)
* Stop passing --no-start to qga's dh_installsystemd.
qga is activated from an udev rule, but we need to restart it on upgrade.
Change by Sergio Durigan. Closes: LP#2028124.
-- Michael Tokarev <email address hidden> Wed, 26 Jul 2023 07:51:20 +0300
-
qemu (1:8.0.3+dfsg-3) unstable; urgency=medium
* d/control: glusterfs: drop pre-buster glusterfs-common alternative,
restrict glusterfs support to 64bit (see #1039604)
* linux-user-limit-brk-adjustment-wrt-interp.brk-to-arm32.patch
Fix (band-aid for now) an unexpected breakage caused by the previous
patch in this area which fixes static executables loading on armhf.
* d/binfmt-install: update mips* magic strings from upstream commit
77d119dd335f910c7:
mips: allow nonzero EI_ABIVERSION, distinguish o32 and n32
(Closes: #1041597)
-- Michael Tokarev <email address hidden> Sat, 22 Jul 2023 11:53:38 +0300
-
qemu (1:8.0.3+dfsg-2) unstable; urgency=medium
* d/patches: set Forwarded: URLs for some patches
* add 5 qemu-user fixes staging for the next stable:
linux-user-make-sure-initial-brk-0-is-page-aligned.patch
linux-user-fix-qemu-brk-to-not-zero-bytes-on-current-page.patch
linux-user-prohibit-brk-to-to-shrink-below-initial-address.patch
linux-user-fix-signed-math-overflow-in-brk-syscall.patch
linux-user-fix-qemu-arm-to-run-static-armhf-binaries.patch
(Closes: #1040981)
-- Michael Tokarev <email address hidden> Thu, 20 Jul 2023 09:59:49 +0300
-
qemu (1:8.0.3+dfsg-1) unstable; urgency=medium
* new upstream stable/bugfix release 8.0.3
Including the following security fix(es):
- 9pfs: prevent opening special files (CVE-2023-2861)
* remove patches now included upstream:
- hw-mips-malta-fix-the-malta-machine-on-big-endian-hosts.patch
- qga-fix-suspend-on-linux-guests-without-systemd.patch
- hw_intc_allwinner-a10-pic-handle-IRQ-levels-other-than-0-or-1.patch
- linux-user-Avoid-mmap-of-the-last-byte-of-the-reserv.patch
* d/rules: omit qemu-systemd-data from dh_dwz run
* d/rules: create qemu-system-armhf & qemu-system-armel aliases
for qemu-system-arm (Closes: #1040209)
-- Michael Tokarev <email address hidden> Tue, 11 Jul 2023 15:07:04 +0300
-
qemu (1:8.0.2+dfsg-3) unstable; urgency=medium
* d/patches/*: update, add DEP-3 headers
* d/rules: strip ../../ prefix from compile paths
to undo sub-subdir build (-ffile-prefix-map)
* linux-user-Avoid-mmap-of-the-last-byte-of-the-reserv.patch:
(hackish) fix for recent memory failures
-- Michael Tokarev <email address hidden> Thu, 29 Jun 2023 18:36:33 +0300
-
qemu (1:8.0.2+dfsg-2) unstable; urgency=medium
* d/rules: --enable-libusb for xen build (Closes: #1037341)
* reapply linux-user-binfmt-P.diff.
Re-rely on qemu-user's argv0 to detect it is running in binfmt context.
The problem is that while we ship kernel which can pass this info the
qemu way, there are many containers which are running on older kernels
still, including bullseye kernel (5.10) which does not have this feature.
Keep it for a bit more.
* hw_intc_allwinner-a10-pic-handle-IRQ-levels-other-than-0-or-1.patch
Pick a patch from upstream mailinglist to fix regression in 8.0.2
-- Michael Tokarev <email address hidden> Thu, 15 Jun 2023 22:25:50 +0300
-
qemu (1:8.0.2+dfsg-1) unstable; urgency=medium
* new upstream stable/bugfix release
Closes: #1029155, CVE-2023-0330:
A DMA-MMIO reentrancy problem in lsi53c895a device
* keep full upstream version number, not just first 2 components
(Closes: #855966)
* d/copyright: remove stray newline
* d/control: drop libuuid-dev build-dep (not used)
* clarify files in d/not-installed just a little bit
* fixup qemu(1) refs in qemu-storage-daemon(1)
* move qemu-storage-daemon and qemu-block-drivers.7
from qemu-system-common to qemu-utils
* remove patches now included upstream:
- linux-user-fix-getgroups-setgroups-allocations.patch
- rtl8139-fix-large_send_mss-divide-by-zero.patch
- target_i386-Change-wrong-XFRM-value.patch
* qga-fix-suspend-on-linux-guests-without-systemd.patch
(hopefully Closes: #1004943)
* d/rules: disable pvrdma (Closes: #1034179, CVE-2023-1544)
CVE-2023-1544:
huge number of page tables for a ring of descriptors for CQ and
async events, potentially leading to an OOB read and crash
-- Michael Tokarev <email address hidden> Sun, 11 Jun 2023 11:49:17 +0300
-
qemu (1:7.2+dfsg-7) unstable; urgency=medium
* d/control: qemu-system-xen: add ipxe-qemu dependency (#1035676)
When installing qemu-system-xen on a new system, the boot roms are
not installed. Unfortunately this means HVM Xen DomUs can not be used
at all, because the boot roms are hard requiriment for qemu since 2014,
it fails to start without the boot roms even if (network) booting is
not requested.
Before bookworm, when qemu-system-xen was part of regular
qemu-system-x86 package, the dependency on ipxe-qemu was coming from
that package. But when splitting qemu-system-xen out of it, we forgot
that the boot roms are hard dependency now. This makes qemu-system-xen
unusable on a new install until ipxe-qemu is installed too.
An alternative would be to revert upstream commit 178e785fb
(from 2014) to make rom loading failure a non-fatal error.
-- Michael Tokarev <email address hidden> Sun, 14 May 2023 11:29:12 +0300
-
qemu (1:7.2+dfsg-6) unstable; urgency=medium
[ Michael Tokarev ]
* sync with upstream v7.2.1 stable release, into d/patches/v7.2.1.diff.
All patches from 7.2.1 (besides stuff not relevant for linux, such
as mingw compilation fixes) has already been in d/patches/master/,
now they're in single upstream patch file
* v7.2.2.diff: upstream 7.2.2 stable/bugfix release
* hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch:
remove, included in v7.2.2
* d/rules, d/qemu.desktop: provide an icon for gtk display (qemu.display)
* d/gbp.conf: set debian branch to debian-bookworm
* pick 3 more fixes from qemu-devel@:
rtl8139-fix-large_send_mss-divide-by-zero.patch
target_i386-Change-wrong-XFRM-value.patch
hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch
* +linux-user-fix-getgroups-setgroups-allocations.patch (Closes: #811087)
[ Vagrant Cascadian ]
* debian/rules: Use 'printf' instead of 'echo' to avoid differences
in underlying /bin/sh implementations. Closes: #1034431
-- Michael Tokarev <email address hidden> Sat, 29 Apr 2023 13:02:55 +0300
-
qemu (1:7.2+dfsg-5) unstable; urgency=medium
* d/qemu-guest-agent.udev: fix missing comma
(Christian Schneider <email address hidden>, Closes: #1031838)
* remove qemu-make-debian-root.
Ths script debian/qemu-make-debian-root has been broken for ages.
In 2023, it creates /etc/fstab with a reference to /dev/hda1, and
edits /etc/inittab which does not exist. And no one noticed, - so
it's safe to assume it is not used anymore. Just remove it.
* re-pick qemu-stable patches from master (the same patch contents):
master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch
master/target-i386-Fix-BEXTR-instruction.patch
master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
master/target-i386-fix-ADOX-followed-by-ADCX.patch
* 20 more changes picked from upstream/master:
master/target-i386-Fix-BZHI-instruction.patch
master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch
master/hw-smbios-fix-field-corruption-in-type-4-table.patch
master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch
master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch
master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch
master/Revert-x86-use-typedef-for-SetupData-struct.patch
master/Revert-x86-return-modified-setup_data-only-if-read-a.patch
master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch
master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch
master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch
master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch
master/virtio-rng-pci-fix-migration-compat-for-vectors.patch
master/virtio-rng-pci-fix-transitional-migration-compat-for.patch
master/hw-timer-hpet-Fix-expiration-time-overflow.patch
master/vdpa-stop-all-svq-on-device-deletion.patch
master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch
master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch
master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch
master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch
master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch
-- Michael Tokarev <email address hidden> Sun, 05 Mar 2023 20:09:04 +0300
-
qemu (1:7.2+dfsg-4) unstable; urgency=medium
* block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch:
re-pick now from master (the same patch, moved to master/).
* revert x86-don-t-let-decompressed-kernel-image-clobber-setu.patch
Closes: ##1031682 .
This turned out to be wrong move, breaking more stuff than fixing.
Upstream is going to revert it too.
-- Michael Tokarev <email address hidden> Mon, 20 Feb 2023 21:00:18 +0300
-
qemu (1:7.2+dfsg-3) unstable; urgency=medium
[ Paride Legovini ]
* Disable LTO on non-amd64 builds (LP: #1921664)
[ Michael Tokarev ]
* target-arm-Fix-physical-address-resolution-for-Stage2.patch:
re-fetch now from master branch
* 4 more patches picked from master:
x86-don-t-let-decompressed-kernel-image-clobber-setu.patch
migration-ram-Fix-error-handling-in-ram_write_tracki.patch
migration-ram-Fix-populate_read_range.patch
qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch
* 5 fixes picked from current pullreqs:
block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch
tests_tcg_i386-introduce-and-use-reg_t-consistently.patch
target_i386-fix-BEXTR-instruction.patch
target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
target_i386-fix-ADOX-followed-by-ADCX.patch
* disable dwz on certain architectures for older dwz
(FTBFS on bullseye, #968670)
-- Michael Tokarev <email address hidden> Fri, 10 Feb 2023 14:29:12 +0300
-
qemu (1:7.2+dfsg-2) unstable; urgency=medium
* d/rules: add -ffile-prefix-map when building skiboot
* d/control: provide qemu-kvm in qemu-system-misc on s390x
(Closes: #1029309)
* d/control: drop dependency of qemu-guest-agent on lsb-base
* Picked patches from qemu master branch tagged for qemu-stable
up to commit deabea6e88 (2023-02-02):
target-sh4-Mask-restore-of-env-flags-from-tb-flags.patch
vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch
virtio-mem-Fix-the-bitmap-index-of-the-section-offse.patch
virtio-mem-Fix-the-iterator-variable-in-a-vmem-rdl_l.patch
target-arm-fix-handling-of-HLT-semihosting-in-system.patch
meson-accept-relative-symlinks-in-meson-introspect-i.patch
target-riscv-Set-pc_succ_insn-for-rvc-illegal-insn.patch
acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch
hw-nvme-fix-missing-endian-conversions-for-doorbell-.patch
hw-nvme-fix-missing-cq-eventidx-update.patch
configure-fix-GLIB_VERSION-for-cross-compilation.patch
target-arm-Fix-sve_probe_page.patch
target-arm-allow-writes-to-SCR_EL3.HXEn-bit-when-FEA.patch
target-arm-Fix-in_debug-path-in-S1_ptw_translate.patch
* Also: target-arm-Fix-physical-address-resolution-for-Stage.patch
-- Michael Tokarev <email address hidden> Thu, 02 Feb 2023 21:17:10 +0300
-
qemu (1:7.2+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #1025123 CVE-2022-4172
(erst: undefined behavior in memcpy in write_erst_record)
Closes: #1021981 qemu-user: faccessat2 is not implemented
Closes: #1021019 CVE-2022-3165 (VNC: integer underflow in
vnc_client_cut_text_ext leads to CPU exhaustion)
* remove patches applied upstream
* refresh note-missing-module-pkg-name.diff
* slirp is always external package now, not a submodule anymore
* d/control: require meson >> 0.61.5~ for build
* spelling.diff: update with more spelling error
* add some lintian-overrides
* fix minor spelling errors in patches
* d/control: Bump Standards-Version to 4.6.1
* debian shell programs use "which" instead of the "command -v",
fix that (Closes: #1018254)
* Better fix for #1019011 (gcc ICE building palcode-clipper), use -O1
instead of -O2 for the failing compile when it actually fails
(no need to depend on gcc-11, Closes: #1011003)
-- Michael Tokarev <email address hidden> Thu, 15 Dec 2022 17:17:28 +0300
-
qemu (1:7.1+dfsg-2) unstable; urgency=medium
* tulip-restrict-DMA-engine-to-memories-CVE-2022-2962.patch
fix possible stack or heap overflow (tulip: DMA reentrancy issue)
Closes: #1018055, CVE-2022-2962
* hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
fix possible use-after-free in paravirtual RDMA device.
Closes: #1014589, CVE-2022-1050
* mention closing of #979677 (CVE-2020-14394) by 7.1
* d/rules: parametrify extra-cflags & extra-ldflags
* d/rules: explicitly disable pie on arm64 due to
https://sourceware.org/bugzilla/show_bug.cgi?id=29514
Fixes FTBFS.
-- Michael Tokarev <email address hidden> Tue, 13 Sep 2022 20:08:43 +0300
-
qemu (1:7.1+dfsg-1) unstable; urgency=medium
* new upstream release (7.1)
Closes: #1014958, CVE-2022-35414
Closes: #1014590, CVE-2022-0216
Closes: #988333
* d/copyright:
- remove mentions of slirp (packaged separately)
- blindly convert to dep-5 (it needs a complete rewrite)
- add Files-Excluded from d/get-orig-source.sh
* d/gbp.conf: remove filter= (and whole [import-orig])
* d/watch: verify upstream tarballs
* d/rules: stop faking skiboot version, it is now properly included in
roms/skiboot/.version file. Add a dependency on this file too
* d/patches:
- remove use-fixed-data-path.patch: not needed anymore
- linux-user-binfmt-P.diff: refresh
- remove patches applied upstream
* d/control:
- it is --enable-capstone now, not --enable-capstone=system
- it is --enable-png now, not --enable-vnc-png
* d/rules: fix --enable-vhost-* options
* d/rules: remove vnc-png for xen too
* openbios-array-bounds-gcc12.patch
* opensbi-fix-build-with-binutils-2.38.patch
* d/rules: adopt vof build changes
* d/qemu-system-data.docs: omit ccid.txt (removed)
* temporary workaround for gcc-12 bug #1019011: use gcc-11-alpha-linux-gnu
instead of gcc-alpha-linux-gnu (another option is to use -Os)
* d/control: temporarily build-depend on libva-dev till #1019485 is fixed
* add loongarch64 qemu-user and qemu-user arch
-- Michael Tokarev <email address hidden> Mon, 12 Sep 2022 11:50:53 +0300
-
qemu (1:7.0+dfsg-7) unstable; urgency=medium
* d/tests/test-qemu-user: rework ls/glob test a bit
* d/tests/test-qemu-user: fix ppc64le qemu architecture name
* d/binfmt-install: use proper name for binfmt.d (*.conf)
Hopefully closes: #1011003
* two virtio-scsi bugfixes from upstream:
virtio-scsi-fix-ctrl-and-event-handler-functions-in-dataplane.patch
virtio-scsi-don-t-waste-CPU-polling-the-event-virtqueue.patch
* 3 patches from upstream to fix possible coroutine crashes:
coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
coroutine-rename-qemu_coroutine_inc-dec_pool_size.patch
coroutine-revert-to-constant-batch-size.patch
* target-i386-do-not-consult-nonexistent-host-leaves.patch
* d/control: stop suggesting sudo for qemu-user-static
* Revert "d/rules: do not try to enable tcg-interpreter on unsupported
targets, it does not help anymore" - it does help but it needs a bit
more work
* disable xen support for qemu-system-x86 build and create a wrapper
for -i386 to redirect xen-related usage to xen-specific binary
with a warning (for bookworm only)
* common-user-no-user.patch: fix one of FTBFS on unsupported architectures
* d/rules: use regular variable assignment for BUILD_PACKAGES
* two trivial patches to fix spelling in roms:
openbios-spelling-endianess.patch
slof-spelling-seperator.patch
-- Michael Tokarev <email address hidden> Sun, 15 May 2022 15:49:12 +0300
-
qemu (1:7.0+dfsg-6) unstable; urgency=medium
* d/rules: the forgotten --enable-xen-pci-passthrough for the xen build
* d/tests/test-qemu-user: rewrite to be more robust and complete and
include test for qemu-user-static too.
-- Michael Tokarev <email address hidden> Mon, 09 May 2022 01:37:56 +0300
-
qemu (1:7.0+dfsg-5) unstable; urgency=medium
* d/tests/test-qemu-user.sh: more arch-specific debugging/updates
-- Michael Tokarev <email address hidden> Sat, 07 May 2022 12:22:26 +0300
-
qemu (1:7.0+dfsg-4) unstable; urgency=medium
* d/tests/: fix failing tests.
- test-qemu-user: depend on gcc for dpkg-architecture to work,
and print debugging info for future switch to uname -m
- test-qemu-img: switch from using file to qemu-img info
-- Michael Tokarev <email address hidden> Sat, 07 May 2022 11:33:23 +0300
-
qemu (1:7.0+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* d/binfmt-install: also generate binfmt.d/ entries for systemd
* d/control: use systemd as preferred alternative to binfmt-support
hopefully Closes: #789011 (Minimal dependencies to register binfmt)
Closes: #985889 (make binfmt setup configurable)
* d/control: remove Riku Voipio from Uploaders. Thank you Riku!
* d/rules: simplify DEB_BUILD_OPTIONS=parallel=N parsing
[ Guido Günther ]
* Add minimal autopkgtest (Closes: #832982)
-- Michael Tokarev <email address hidden> Sat, 07 May 2022 00:03:24 +0300
-
qemu (1:7.0+dfsg-2) unstable; urgency=medium
* d/control: add Rules-Requires-Root: no
* d/control: switch to debhelper-compat=13
* d/control: drop "qemu" empty/dummy pseudopackage
* d/control: do not build linux-user* on ia64 and powerpc
(not supported by upstream anymore)
* d/control: add Breaks for qemu-system-data for other packages from which
it borrowed files in the past (Closes: #1008095)
* d/rules: switch to the dh sequence (but keep build-{arch,indep}),
rearrange some rules.
This brings us dh_dwz (very slow) and dh_strip_nondeterminism.
* d/rules: do not explicitly turn off slirp & capstone (now properly
controlled by --with[out]-default-features option)
* d/rules: do not try to enable tcg-interpreter on the unsupported
targets, it does not help to build tools anymore
* d/rules: do not chown -w d/control, it breaks dpkg-source
* d/rules: clean up the clean target
* d/not-installed: list many documentation files and qemu-plugin.h
* configure-make-fortify_source-yes-by-default.patch: enable
fortify-source for minimal builds too
* d/changelog: mention #990562 (CVE-2021-3611) closed by 7.0
-- Michael Tokarev <email address hidden> Sat, 30 Apr 2022 13:38:12 +0300
-
qemu (1:7.0+dfsg-1) unstable; urgency=medium
* update to 7.0 release
-- Michael Tokarev <email address hidden> Thu, 21 Apr 2022 14:19:51 +0300
-
qemu (1:7.0~rc4+dfsg-1) experimental; urgency=medium
* start of 7.0 series
* remove patches applied upstream
* remove new binary file, pc-bios/edk2-x86_64-microvm.fd.bz2
* d/control: remove libxfs-dev build dependency,
the ioctl is implemented inline
* d/control: stop build-depend-indep on libc6.1-dev-alpha-cross,
not needed anymore
* d/rules: update skiboot version check (skiboot hasn't canged since 6.1)
* build & install vbootrom (npcm7xx_bootrom.bin), and
build-depend-indep on gcc-arm-none-eabi
* create a new binary package, qemu-system-xen, which provides
/usr/libexec/xen-qemu-system-i386 binary for use by xen only.
Once xen switches to use this binary instead of usual qemu-system-i386,
xen support will be removed from the regular qemu-system-x86 build
* use a fast inline version of /usr/share/dpkg/architecture.mk
-- Michael Tokarev <email address hidden> Sun, 17 Apr 2022 15:08:40 +0300
-
qemu (1:6.2+dfsg-3) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/rules: ensure xen is built on x86
* d/rules: xen libexec dir is no more versioned
* d/kvm-spice: fix when acceleration is already defined on the commandline
[ Michael Tokarev ]
* d/control, d/rules: do not compile xen support on i386,
since it is amd64-only now (since 4.16)
* d/control: add libbpf-dev & --enable-bpf for eBPF support
(Closes: #994573)
-- Michael Tokarev <email address hidden> Fri, 25 Feb 2022 12:01:46 +0300
-
qemu (1:6.2+dfsg-2) unstable; urgency=medium
* bump meson build-dep to 0.59.3
* build & include multiboot_dma.bin (Closes: #1003930)
* libxml2 is not needed for parallels.
Enable parallels block image format (Closes: #1003162)
* acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch
Closes: CVE-2021-4158
* acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
(Closes: #1004017)
* acpi-fix-OEM_ID-padding.patch
* debian/get-orig-source.sh: repack dfsg archive differently
* mention closing of a few CVEs by 6.2.0
-- Michael Tokarev <email address hidden> Thu, 20 Jan 2022 10:52:19 +0300
-
qemu (1:6.2+dfsg-1) unstable; urgency=medium
[ Christian Ehrhardt ]
* 6.2.0 upstream release
* d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean
* Drop patches upstream in v6.2.0
* d/p/spelling.diff: update for v6.2.0 (partially accepted)
* d/rules: use new --disable-install-blobs build arg
* Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe",
it is now in main (LP: #1934510)
* d/rules: bump skiboot version for qemu v6.2.0
* d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue
due to dfsg removal of blobs
* d/rules: drop --disable-fdt on microvm builds
(now strictly required on any x86 build)
* d/rules: select default PARISC config for hppa-firmware
-- Michael Tokarev <email address hidden> Sun, 09 Jan 2022 12:52:10 +0300
-
qemu (1:6.1+dfsg-8) unstable; urgency=medium
* fix keymaps definitions placement in last upload
(Closes: #997925, #997926)
-- Michael Tokarev <email address hidden> Wed, 27 Oct 2021 13:27:09 +0300
-
qemu (1:6.1+dfsg-7) unstable; urgency=medium
* qemu-system-data: do not install qemu.desktop (Closes: #995628)
* remove qemu-user-static.README.Debian (#995633)
* d/rules: update configure rules for different qemu builds
* qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64
* promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86
since it uses the same modules actually
* enable zstd compression support (Build-Depends)
* qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp
for the sdl ui
* d/control: fix wrong relation (< vs <<)
* d/control: use :native version of python3-sphynx (Closes: #995622)
* do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu
* quieten gcc11 warnings/errors so roms will compile (Closes: #997082)
* move d/qemu-system-data.install to d/rules
-- Michael Tokarev <email address hidden> Tue, 26 Oct 2021 10:35:02 +0300
-
qemu (1:6.1+dfsg-6) unstable; urgency=medium
* virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
* ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
Closes: #992726, CVE-2021-3638:
inconsistent check in ati_2d_blt() may lead to out-of-bounds write
* refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch}
from upstream
* hmp-unbreak-change-vnc.patch from upstream
to fix 'change vnc passwd' command
-- Michael Tokarev <email address hidden> Wed, 29 Sep 2021 13:41:47 +0300
-
qemu (1:6.1+dfsg-5) unstable; urgency=medium
* updated debian/patches/linux-user-binfmt-P.diff
to work with in-kernel code
Closes: #993658
* d/rules: do not mark configure target as .PHONY
since it is a real file
-- Michael Tokarev <email address hidden> Mon, 06 Sep 2021 01:20:59 +0300
-
qemu (1:6.1+dfsg-4) unstable; urgency=medium
* qemu-sockets-fix-unix-socket-path-copy-again.patch
replacing socket-unix-maxlen.patch
Closes: #993145
* enable more devices for the microvm build:
virtio-gpu & vhost-user-gpu
virtio-input-host & vhost_user_input
* move vhost-user-gpu files from qemu-system-common to qemu-system-gui
this elminates X11 dependencies from non-gui qemu-system install
* build and install vof.bin firmware
* rearrange d/rules a bit to make different qemu builds
to be consistent with sysdata-components
* move ppc dtb firmware files from qemu-system-ppc to qemu-system-data
* device-tree-compiler is now needed in build-indep-depends,
not in build-depends
* d/rules: use CROSSPFX variables
* ubuntu only:
- Revert commit from the previous release which restores
relation between qemu-system-xen and qemu-system-gui
since -xen is not compatible with -gui modules
- qemu-system-xen does not suggest qemu-block-extra (incompatible too)
- qemu-system-s390x recommends qemu-block-extra not suggests it
-- Michael Tokarev <email address hidden> Tue, 31 Aug 2021 22:27:25 +0300
-
qemu (1:6.1+dfsg-3) unstable; urgency=medium
* fix brown-paper bag in last upload (--enable-libudev)
* ubuntu only: restore relations (depends/recommends)
between qemu-system-gui and qemu-system-xen since -xen
replaces full qemu-system-x86 and acts the same way
-- Michael Tokarev <email address hidden> Tue, 31 Aug 2021 02:50:52 +0300
-
qemu (1:6.1+dfsg-1) unstable; urgency=medium
* new upstream release (6.1.0)
* refresh patches, remove patches which were applied upstream
* remove newly appeared pc-bios/vof.bin in dfsg-clean
* add python3-sphinx-rtd-theme to build-depends
* removed qemu-system-moxie arch
* actually build many qemu modules as modules, and install
them in qemu-system-common.
* make strong versioned dependency between various qemu-system-*
packages, so that modules works correctly.
* drop very old versions from Build-Depends, Depends and Recommends
for packages which long has much more recent versions in debian
* up qemu-block-extra dependecy level from Suggests to Recommends
* d/control: stop suggesting sgabios by qemu-system-x86
* (experimental for now, needs more work) print name of the package
name for a module which can't be loaded, to give a clue what other
package one may need to install for the requested functionality
* fix some spelling mistakes in visible messages (spelling.diff)
* enable jack audio backend (in qemu-system-gui) (Closes: #984726)
* other small/internal changes in packaging:
- removed --disable-sheepdog which were dropped upstream
- install gui modules in d/rules not in d/q-s-gui.install
to be able to use wildcard in d/q-s-common.install
- recommend qemu-block-extra, not suggest it and not depend on it (ubuntu)
for qemu-system-* and qemu-utils
- reformat qemu "deps" for qemu-system-gui, stop listing -xen there
(it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only
- d/control: stop recommending -gui for xen package
(it is of no use for xen)
- d/control: reformat Depends for qemu-block-extra, do not include -xen
version there, mark -x390x as ubuntu-only,
and allow qemu-utils to satisfy the dependency
- do not install docs which does not exist anymore
- stop omiting Changelog from dh_installchangelog: the file is long gone
- d/rules: explicitly state version of skiboot as it is stored
in a git tag only, or else skiboot does not build (hack)
- put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so
to qemu-system-gui as it pulls in X11
-- Michael Tokarev <email address hidden> Wed, 25 Aug 2021 15:59:26 +0300
-
qemu (1:6.0+dfsg-4) unstable; urgency=medium
* d/rules: fix last ubuntu merge, xen is x86-only, not all-debian
-- Michael Tokarev <email address hidden> Tue, 17 Aug 2021 19:04:30 +0300
-
qemu (1:6.0+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* enable /run/qemu mount on ubuntu only
* usbredir-fix-free-call-CVE-2021-3682.patchi
Closes: #991911, CVE-2021-3682
[ Christian Ehrhardt ]
* ubuntu-only changes:
- d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra
- d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe package
qemu-system-x86-xen as alternative
* d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch:
avoid segfaults by uretprobes (LP 1929926)
-- Michael Tokarev <email address hidden> Tue, 17 Aug 2021 17:49:10 +0300
-
qemu (1:5.2+dfsg-11) unstable; urgency=medium
* i386-acpi-restore-device-paths-for-pre-5.1-vms.patch
This fixes a serious issue in some VMs (in particuar, Windows & MacOS)
when migrating from buster qemu to bullseye qemu.
(Closes: #990675)
* pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch
(Closes: #990565, CVE-2021-3582)
* pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch
(Closes: #990564, CVE-2021-3607)
* pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch
(Closes: #990563, CVE-2021-3608)
* ide-atapi-check-logical-block-address-and-read-size-CVE-2020-29443.patch
(Closes: #983575, CVE-2020-29443)
* usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch
usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch
(Closes: #988157, CVE-2021-3527)
-- Michael Tokarev <email address hidden> Sun, 18 Jul 2021 16:14:41 +0300
-
qemu (1:5.2+dfsg-10) unstable; urgency=medium
* 5 sdhci fixes from upstream:
dont-transfer-any-data-when-command-time-out.patch
dont-write-to-SDHC_SYSAD-register-when-transfer-is-in-progress.patch
correctly-set-the-controller-status-for-ADMA.patch
limit-block-size-only-when-SDHC_BLKSIZE-register-is-writable.patch
reset-the-data-pointer-of-s-fifo_buffer-when-a-different-block-size...patch
(Closes: #986795, #970937, CVE-2021-3409, CVE-2020-17380, CVE-2020-25085)
* mptsas-remove-unused-MPTSASState.pending-CVE-2021-3392.patch
fix possible use-after-free in mptsas_free_request
(Cloese: #984449, CVE-2021-3392)
-- Michael Tokarev <email address hidden> Fri, 16 Apr 2021 12:43:36 +0300
-
qemu (1:5.2+dfsg-9) unstable; urgency=medium
* do not make qemu-system-data dependent on qemu-system-foo
(Closes: #985040)
* CVE-2021-20263 - implement dropping security.capability xattr
This adds two patches from upstream:
virtiofsd-save-error-code-early-at-the-failure-callsite.patch
virtiofsd-drop-remapped-security.capability-..-needed-CVE-2021-20263.patch
Closes: #985083, CVE-2021-20263
* CVE-2021-3416 fix from upstream
Fixes infinite loop in loopback mode of various network devices,
adding 10 patches from upstream
Closes: #984448, CVE-2021-3416
* net-e1000-fail-early-for-evil-descriptor-CVE-2021-20257.patch
Fix CVE-2021-20257 from upstream: e1000: infinite loop while processing
transmit descriptors
Closes: #984450, CVE-2021-20257
-- Michael Tokarev <email address hidden> Wed, 17 Mar 2021 21:02:30 +0300
-
qemu (1:5.2+dfsg-8) unstable; urgency=medium
* a no-change upload to fix broken previous upload
-- Michael Tokarev <email address hidden> Sun, 14 Mar 2021 12:21:37 +0300
-
qemu (1:5.2+dfsg-6) unstable; urgency=medium
* deprecate qemu-debootstrap. It is not needed anymore with
binfmt F flag, since everything now works without --foreign
debootstrap argument and copying the right qemu binary into
the chroot. Closes: #901197
* fix the brown-paper bag bug: wrong argument order
in the linux-user-binfmt patch (really closes: #970460)
-- Michael Tokarev <email address hidden> Tue, 16 Feb 2021 12:11:20 +0300
-
qemu (1:5.2+dfsg-5) unstable; urgency=medium
* d/rules: ensure b/ subdir exists before building palcode and qboot
* d/changelog: #959530 is not fixed by 5.2+dfsg-4
* 3 virtiofsd patches Closes: #980814, CVE-2020-35517
virtiofsd: potential privileged host device access from guest
- virtiofsd-extract-lo_do_open-from-lo_open.patch
- virtiofsd-optionally-return-inode-pointer-from-lo_do_lookup.patch
- virtiofsd-prevent-opening-of-special-files-CVE-2020-35517.patch
-- Michael Tokarev <email address hidden> Sun, 14 Feb 2021 17:44:06 +0300
-
qemu (1:5.2+dfsg-3) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/rules: fix qemu-user-static to really be static (LP: #1908331)
[ Michael Tokarev ]
* build most modules statically (besides block and gui parts).
This makes qemu-system-common package to be of less strict dependency
for other qemu-system-* packages, and also Closes: #977301, #978131
* especially remove removed binfmts in qemu-user-{static,binfmt}.preinst
(really Closes: #977015)
* memory-clamp-cached-translation-MMIO-region-CVE-2020-27821.patch
(Closes: #977616, CVE-2020-27821)
-- Michael Tokarev <email address hidden> Tue, 29 Dec 2020 15:07:03 +0300
-
qemu (1:5.2+dfsg-2) unstable; urgency=medium
* move ui-opengl.so module from qemu-system-gui to qemu-system-common,
as other modules want it (Closes: #976996, #977022)
* do not install dropped ppc64abi32 binfmt for qemu-user[-static]
(Closes: #977015)
-- Michael Tokarev <email address hidden> Thu, 10 Dec 2020 11:15:43 +0300
-
qemu (1:5.2+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #965978, CVE-2020-15859 (22dc8663d9fc7baa22100544c600b6285a63c7a3)
Closes: #970539, CVE-2020-25084 (21bc31524e8ca487e976f713b878d7338ee00df2)
Closes: #970540, CVE-2020-25085 (dfba99f17feb6d4a129da19d38df1bcd8579d1c3)
Closes: #970541, CVE-2020-25624 (1328fe0c32d5474604105b8105310e944976b058)
Closes: #970542, CVE-2020-25625 (1be90ebecc95b09a2ee5af3f60c412b45a766c4f)
Closes: #974687, CVE-2020-25707 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
Closes: #975276, CVE-2020-25723 (2fdb42d840400d58f2e706ecca82c142b97bcbd6)
Closes: #975265, CVE-2020-27616 (ca1f9cbfdce4d63b10d57de80fef89a89d92a540)
Closes: #973324, CVE-2020-27617 (7564bf7701f00214cdc8a678a9f7df765244def1)
Closes: #972864, CVE-2020-27661 (bea2a9e3e00b275dc40cfa09c760c715b8753e03)
Closes: CVE-2020-27821 (1370d61ae3c9934861d2349349447605202f04e9)
Closes: #976388, CVE-2020-28916 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
* remove obsolete patches
* refresh use-fixed-data-path.patch and debian/get-orig-source.sh
* bump minimum meson version required for build to 0.55.3
* update build rules for several components
* remove deprecated lm32 and unicore32 system emulators
* remove deprecated ppc64abi32 and tilegx linux-user emulators
* install ui-spice-core.so & chardev-spice.so in qemu-system-common
* install ui-egl-headless.so in qemu-system-common
* install hw-display-virtio-*.so in qemu-system-common
* install ui-opengl.so in qemu-system-gui
* install qemu-pr-helper.8 in qemu-system-common
* qemu-pr-helper moved to usr/bin/ again
* qboot.rom renamed from bios-microvm.bin
* remove several unused lintian overrides
* add spelling.diff patch to fix a few spelling errors
* update Standards-Version to 4.5.1
* fix a few trailing whitespaces in d/control and d/changelog
* require libcapstone >= 4.0.2 (v4) for build
-- Michael Tokarev <email address hidden> Wed, 09 Dec 2020 08:57:41 +0300
-
qemu (1:5.1+dfsg-4) unstable; urgency=high
* mention closing of CVE-2020-16092 by 5.1
* usb-fix-setup_len-init-CVE-2020-14364.patch
Closes: #968947, CVE-2020-14364
(OOB r/w access in USB emulation)
-- Michael Tokarev <email address hidden> Wed, 02 Sep 2020 16:14:52 +0300
-
qemu (1:5.1+dfsg-3) unstable; urgency=medium
* fix one more issue in last upload. This is what happens when
you do "obvious" stuff in a hurry without proper testing..
-- Michael Tokarev <email address hidden> Mon, 17 Aug 2020 22:19:55 +0300
-
qemu (1:5.1+dfsg-2) unstable; urgency=medium
* fix brown-paper bag bug in last upload
-- Michael Tokarev <email address hidden> Mon, 17 Aug 2020 20:58:52 +0300
-
qemu (1:5.0-14) unstable; urgency=high
* this is a bugfix release before breaking toys with the new upstream
* riscv-allow-64-bit-access-to-SiFive-CLINT.patch
(another fix for revert-memory-accept-..-CVE-2020-13754)
* install /usr/lib/*/qemu/ui-curses.so in qemu-system-common
Closes: #966517
-- Michael Tokarev <email address hidden> Fri, 31 Jul 2020 11:45:25 +0300
-
qemu (1:5.0-13) unstable; urgency=medium
* seabios-hppa-fno-ipa-sra.patch
fix ftbfs with gcc-10
-- Michael Tokarev <email address hidden> Wed, 22 Jul 2020 22:16:41 +0300
-
qemu (1:5.0-12) unstable; urgency=medium
* acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
* xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
* do not install outdated (0.12 and before) Changelog (Closes: #965381)
* xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
* sm501 OOB read/write due to integer overflow in sm501_2d_operation()
List of patches:
sm501-convert-printf-abort-to-qemu_log_mask.patch
sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
sm501-use-BIT-macro-to-shorten-constant.patch
sm501-clean-up-local-variables-in-sm501_2d_operation.patch
sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
Closes: #961451, CVE-2020-12829
-- Michael Tokarev <email address hidden> Wed, 22 Jul 2020 19:42:29 +0300
-
qemu (1:5.0-11) unstable; urgency=high
* d/control-in: only enable opengl (libdrm&Co) on linux
* d/control-in: spice: drop versioned deps (even jessie version is enough),
drop libspice-protocol-dev (automatically pulled by libspice-server-dev),
and build on more architectures
* change from debhelper versioned dependency to debhelper-compat (=12)
* acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
Urgency = high due to this issue.
-- Michael Tokarev <email address hidden> Mon, 20 Jul 2020 18:41:17 +0300
-
qemu (1:5.0-10) unstable; urgency=medium
* fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x)
* use the same $(if) construct to simplify #ifdeffery
-- Michael Tokarev <email address hidden> Sat, 18 Jul 2020 10:02:41 +0300
-
qemu (1:5.0-9) unstable; urgency=medium
* move kvm executable/script from qemu-kvm to qemu-system-foo,
make it multi-arch, and remove qemu-kvm package
* remove libcacard leftovers from d/.gitignore
* linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
(Closes: #965109)
* linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
* libudev is linux-specific, do not build-depend on it
on kfreebsd and others
* install virtiofsd in d/rules (!sparc64) instead of
d/qemu-system-common.install (fixes FTBFS on sparc64)
* confirm -static-pie not working today still
* d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
* qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
* build all modules since there are modules anyway,
no need to hack them in d/rules
* fix spelling in a patch name/subject inlast upload
* d/rules: do not use dh_install and dh_movefiles for individual
pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files
listed in d/foo.install too, in addition to given on command-line
* remove trailing whitespace from d/changelog
-- Michael Tokarev <email address hidden> Sat, 18 Jul 2020 08:29:38 +0300
-
qemu (1:5.0-8) unstable; urgency=medium
* d/control: rdma is linux-only, do not enable it on kfreebsd & hurd
* add comment about virtiofsd conditional to d/qemu-system-common.install
Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing
seccomp onn that platform, we should either make virtiofsd conditional
(!sparc64) or fix seccomp on sparc64 and build-depend on it
* openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466)
* seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467)
* slof-remove-user-and-host-from-release-version.patch (Closes: #963472)
* slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470)
* update previous changelog, mention #945997
* reapply CVE-2020-13253 fixed from upstream:
sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
Closes: #961297, CVE-2020-13253
-- Michael Tokarev <email address hidden> Fri, 17 Jul 2020 09:12:43 +0300
-
qemu (1:5.0-7) unstable; urgency=medium
* Revert "d/rules: report config log from the correct subdir - base build"
* Revert "d/rules: report config log from the correct subdir - microvm build"
* acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
* remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch -
upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253)
* explicitly specify --enable-tools on hppa and do the same trick
with --enable-tcg-interpreter --enable-tools on a few other unnsupported
arches (Closes: #964372)
-- Michael Tokarev <email address hidden> Thu, 16 Jul 2020 18:36:08 +0300
-
qemu (1:5.0-6) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture
* d/rules: makefile definitions can't be recursive - sys_systems for s390x
* d/rules: report config log from the correct subdir - base build
* d/rules: report config log from the correct subdir - microvm build
* d/control-in: disable rbd support unavailable on riscv
* fix assert in qemu guest agent that crashes on shutdown (LP: #1878973)
* d/control-in: build-dep libcap is no more needed
* d/rules: update -spice compat (Ubuntu only)
[ Michael Tokarev ]
* save block modules on upgrades (LP: #1847361)
After upgrade a still running qemu of a former version can't load the
new modules e.g. for extended storage support. Qemu 5.0 has the code to
allow defining a path that it will load these modules from.
* ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
infinite recursion via a crafted mm_index value during
ati_mm_read or ati_mm_write call.
* revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
* exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
* megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
* megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
* megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
* nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
This flaw occurs when an nbd-client sends a spec-compliant request that is
near the boundary of maximum permitted request length. A remote nbd-client
could use this flaw to crash the qemu-nbd server resulting in a DoS.
* es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
properly validate the frame count, which allows guest OS users to trigger
an out-of-bounds access during an es1370_write() operation
* sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated
address, which leads to an out-of-bounds read during sdhci_write()
operations. A guest OS user can crash the QEMU process.
And a preparational patch,
sdcard-update-coding-style-to-make-checkpatch-happy.patch
* a few patches from the stable series:
- fix-tulip-breakage.patch
The tulip network driver in a qemu-system-hppa emulation is broken in
the sense that bigger network packages aren't received any longer and
thus even running e.g. "apt update" inside the VM fails. Fix this.
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
[ Aurelien Jarno ]
* Remove myself from maintainers
-- Michael Tokarev <email address hidden> Fri, 03 Jul 2020 18:24:48 +0300
-
qemu (1:5.0-5) unstable; urgency=medium
* more binfmt-install updates
* CVE-2020-10717 fix from upstream:
virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and
virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch
(Closes: #959746, CVE-2020-10717)
* 2 patches from upstream/stable to fix io_uring fd set buildup:
aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch
aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch
* upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch
* upstream stable fix:
net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch
-- Michael Tokarev <email address hidden> Wed, 13 May 2020 12:57:19 +0300
-
qemu (1:5.0-4) unstable; urgency=medium
* fix binfmt registration (Closes: #959222)
* disable PIE for user-static build on x32 too, not only i386
-- Michael Tokarev <email address hidden> Fri, 01 May 2020 13:30:43 +0300
-
qemu (1:5.0-3) unstable; urgency=medium
* do not explicitly enable -static-pie on non-i386 architectures.
Apparenly only amd64 actually support -static-pie for now, and
it is correctly detected.
-- Michael Tokarev <email address hidden> Thu, 30 Apr 2020 08:05:31 +0300
-
qemu (1:5.0-2) unstable; urgency=medium
* (temporarily) disable pie on i386 static build
For now -static-pie fails on i386 with the following error message:
/usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o):
unsupported non-PIC call to IFUNC `memset'
* install qemu-system docs in qemu-system-common, not qemu-system-data,
since docs require ./configure run
-- Michael Tokarev <email address hidden> Wed, 29 Apr 2020 23:41:04 +0300
-
qemu (1:5.0-1) unstable; urgency=medium
* new upstream release (5.0)
Closes: #958926
Closes: CVE-2020-11869
* refresh patches, remove patches applied upstream
* do not mention openhackware, it is not used anymore
* do not disable bluez (support removed)
* new system arch "rx"
* dont install qemu-doc.* for now,
but install virtiofsd & qemu-storage-daemon
* add shared-lib-without-dependency-information tag
to qemu-user-static.lintian-overrides
* add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common)
* do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools
* install qemu-user html docs for qemu-user & qemu-user-static
* build hppa-firmware.img from roms/seabios-hppa
(and Build-Depeds-Indep on gcc-hppa-linux-gnu)
* enable liburing on linux (build-depend on liburing-dev)
* add upstream signing-key.asc (Michael Roth <email address hidden>)
* build opensbi firmware
(for riscv64 only, riscv32 is possible with compiler flags)
* add source-level lintian-overrides for binaries-without-sources
(lintian can't find sources for a few firmware images which are in roms/)
-- Michael Tokarev <email address hidden> Wed, 29 Apr 2020 12:00:12 +0300
-
qemu (1:4.2-7) unstable; urgency=medium
* qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763)
* x32 arch is in the same family as i386 & x86_64, omit binfmt registration
* check systemd-detect-virt before running update-binfmt
* gluster is de-facto linux-only, do not build-depend on it on non-linux
* virglrenderer is also essentially linux-specific
* qemu-user-static does not depend on shlibs
* disable parallel building of targets of d/rules
* add lintian overrides (arch-dependent static binaries) for openbios binaries
* separate binary-indep target into install-indep-prep and binary-indep
* split out various components of qemu-system-data into independent
build/install rules and add infrastructure for more components:
x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper,
slof, s390x-fw
* iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
-- Michael Tokarev <email address hidden> Mon, 20 Apr 2020 18:30:00 +0300
-
qemu (1:4.2-6) unstable; urgency=medium
* d/rules: fix FTBFS (brown-paper-bag bug) in last upload
-- Michael Tokarev <email address hidden> Tue, 14 Apr 2020 17:08:45 +0300
-
qemu (1:4.2-5) unstable; urgency=medium
* no error-out on address-of-packet-member in openbios
* install ui-spice-app.so only if built, spice is optional
* arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch -
Closes: CVE-2020-10702, weak signature generation
in Pointer Authentication support for ARM
* (temporarily) enable seccomp only on architectures where it can be built
(Closes: #956624)
* seccomp has grown up, no need in versioned build-dep
* do not list librados-dev in build-dep as we only use librbd-dev
and the latter depends on the former
* only enable librbd on architectures where it is buildable
-- Michael Tokarev <email address hidden> Tue, 14 Apr 2020 15:47:40 +0300
-
qemu (1:4.2-4) unstable; urgency=medium
[ Michael Tokarev ]
* d/rules: build minimal configuration for qboot/microvm usage
* set microvm to be the default machine type for microvm case
* install ui-spice-app.so in qemu-system-common
* do not depend on libattr-dev, functions are now in libc6 (Closes: #953910)
* net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
(Closes: #956145, CVE-2020-11102, tulip nic buffer overflow)
* qemu-system-data: s/highcolor/hicolor/ (Closes: #955741)
* switch binfmt registration to use update-binfmts --[un]import
(Closes: #866756)
* build openbios-ppc & openbios-sparc binaries in qemu-system-data,
and replace corresponding binary packages.
Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep
* build and provide/replace qemu-slof too
[ Aurelien Jarno ]
* enable support for riscv64 hosts
-- Michael Tokarev <email address hidden> Tue, 14 Apr 2020 12:44:43 +0300
-
qemu (1:4.2-3) unstable; urgency=medium
* mention closing of #909743 in previous changelog (Closes: #909743)
* do not link to qemu-skiboot from qemu-system-ppc (Closes: #950431)
* provide+conflict qemu-skiboot from qemu-system-data,
as we are not using this package anymore
-- Michael Tokarev <email address hidden> Sat, 01 Feb 2020 22:10:57 +0300
-
qemu (1:4.2-2) unstable; urgency=medium
[ Fabrice Bauzac ]
* Fix a typo in the description of the qemu binary package
[ Frédéric Bonnard ]
* Enable powernv emulation with skiboot firmware
[ Michael R. Crusoe ]
* Modernize watch file (Closes: #909743)
[ Christian Ehrhardt ]
* d/control-in: promote qemu-efi/ovmf in Ubuntu
* d/control-in: bump debhelper build-dep for compat 12
* - d/control-in: update VCS links
* - d/control-in: disable bluetooth being deprecated
* d/not-installed: ignore new interop docs and extra icons for now
* do not install elf2dmp until namespaced
* d/control-in: Enable numa support for s390x
* Create qemu-system-s390x package (Ubuntu only for now)
[ Michael Tokarev ]
* stop using inttypes.h in qboot code;
this makes dependency on libc6-dev-i386 to be unnecessary
* qboot-no-jump-tables.diff - use #pragma for one file in qboot
* do not install qemu-edid and qemu-keymap for now
* no need in bluetooth patches as bluetooth is disabled
* scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch
(Closes: #949731, CVE-2020-1711)
* enable libpmem support on amd64|arm64|ppc64el (Closes: #935327)
-- Michael Tokarev <email address hidden> Fri, 31 Jan 2020 23:51:09 +0300
-
qemu (1:4.2-1) unstable; urgency=medium
* new upstream release (4.2.0)
* removed patches: v4.1.1.diff, enable-pschange-mc-no.patch
* do not make sgabios.bin executable (lintian)
* add s390-netboot.img lintian overrides for qemu-system-data
* build qboot (bios-microvm.bin)
* build-depend-indep on libc6-dev-i386 for qboot
(includes some system headers)
-- Michael Tokarev <email address hidden> Sat, 14 Dec 2019 14:07:27 +0300
-
qemu (1:4.1-3) unstable; urgency=medium
* mention #939869 (CVE-2019-15890) in previous changelog entry
* add Provides: sgabios to qemu-data (Closes: #945924)
* fix qemu-debootsrtap (add hppa arch, print correct error message)
thanks to Helge Deller (Closes: #923410)
* enable long binfmt masks again for mips/mips32 (Closes: #829243)
-- Michael Tokarev <email address hidden> Mon, 02 Dec 2019 13:24:58 +0300
-
qemu (1:4.1-2) unstable; urgency=medium
* build sgabios in build-indep, conflict with sgabios package
* qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb
* remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog
* move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img
* imported v4.1.1.diff - upstream stable branch
Closes: CVE-2019-12068
Closes: #945258, #945072
* enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature
to allow disabling ITLB multihit mitigations in nested hypervisors
Closes: #944623
* build-depend on nettle-dev, enable nettle, and clarify --enable-lzo
* switch to system libslirp, build-depend on libslirp-dev
Closes: CVE-2019-15890
-- Michael Tokarev <email address hidden> Mon, 25 Nov 2019 12:54:05 +0300
-
qemu (1:4.1-1) unstable; urgency=medium
* new upstream release v4.1
Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly)
(use internal slirp copy for now)
Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME)
Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity)
Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug)
Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE)
Closes: #927924 (new upstream version)
Closes: #897054 (AMD Zen CPU support)
Closes: #935324 (FTBFS due to gluster API change)
Closes: #916442, CVE-2018-20123 (pvrdma: memleak after init error)
Closes: #922461, CVE-2018-20124 (pvrdma: OOB access with large num_sge)
Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.)
Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c)
* remove patches which are applied upstream, refresh remaining patches
(bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream,
bluetooth subsystem is going to be removed, we keep it for now)
* debian/source/options: ignore slirp/ submodule
* use python3 for building, not python
* debian/optionrom.mk: add pvh.bin
* switch from libssh2 to libssh, and enable libssh support in ubuntu
* bump spice version requiriment to 0.12.5
* enable pvrdma
* debian/control-in: remove reference to libsdl
* debian/rules: add new objects for s390-ccw fw
* debian/control: add build dependency on python3-sphinx for docs
* install ui/icons/qemu.svg and qemu.desktop
* debian/rules: remove pc-bios/bamboo.dtb before building it
* install vhost-user-gpu binary and 50-qemu-gpu.json
* debian/rules: remove old maintscript-helper invocations, not needed anymore
* remove +dfsg for now, upload whole upstream source, will trim it later
-- Michael Tokarev <email address hidden> Tue, 27 Aug 2019 12:43:43 +0300
-
qemu (1:3.1+dfsg-8) unstable; urgency=high
* sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
fixes a null-pointer dereference in sparc/sun4u emulated hw
Closes: #927439, CVE-2019-5008
* enable-md-no.patch & enable-md-clear.patch
mitigation for MDS (Microarchitectural Data Sampling) issues
Closes: #929067,
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* qxl-check-release-info-object-CVE-2019-12155.patch
fixes null-pointer deref in qxl cleanup code
Closes: #929353, CVE-2019-12155
* aarch32-exception-return-to-switch-from-hyp-mon.patch
fixes booting U-Boot in UEFI mode on aarch32
Closes: #927763
* stop qemu-system-common pre-depending on adduser
Closes: #929261
-- Michael Tokarev <email address hidden> Mon, 27 May 2019 07:49:25 +0300
-
qemu (1:3.1+dfsg-7) unstable; urgency=high
[ Michael Tokarev ]
* device_tree-don-t-use-load_image-CVE-2018-20815.patch
fix heap buffer overflow while loading device tree blob
(Closes: CVE-2018-20815)
[ Christian Ehrhardt ]
* qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
- d/qemu-guest-agent.install: use correct path for fsfreeze-hook
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile.
-- Michael Tokarev <email address hidden> Wed, 27 Mar 2019 14:24:06 +0300
-
qemu (1:3.1+dfsg-6) unstable; urgency=high
* slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
fix information leakage in slirp code (Closes: CVE-2019-9824)
-- Michael Tokarev <email address hidden> Mon, 18 Mar 2019 14:41:51 +0300
-
qemu (1:3.1+dfsg-5) unstable; urgency=high
* i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
Closes: #922635, CVE-2019-3812
-- Michael Tokarev <email address hidden> Mon, 11 Mar 2019 14:30:44 +0300
-
qemu (1:3.1+dfsg-4) unstable; urgency=medium
* mention closing of #855043 by 3.1+dfsg-3
* disable pvrdma for now, it is a bit too buggy.
Besides several security holes there are many other bugs there as well,
and the amount of patches applied upstream after 3.1 release is large
(Closes, or really makes unimportant again: CVE-2018-20123 CVE-2018-20124
CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216)
-- Michael Tokarev <email address hidden> Mon, 11 Feb 2019 14:00:09 +0300
-
qemu (1:3.1+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* mention #696289 closed by 2.10
* move ovmf to recommends on debian and update aarch ovmf refs
(Closes: #889885)
* remove /dev/kvm permission handling (moved to systemd 239-6)
(Closes: #892945)
* build qemu-palcode using alpha cross-compiler
(Closes: #913103)
* fix path in qemu-guest-agent.service (#918378), fixs Bind[s]To
(Closes: #918378
* use int for sparc64 timeval.tv_usec
(Closes: #920032)
* build-depend on libglusterfs-dev not glusterfs-common
(Closes: #919668, #881527)
* add breaks: qemu-system-data to qemu-system-common,
to close #916279 completely (all this can be removed after buster)
(Closes: #916279)
* scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
(Closes: #920222, CVE-2019-6501)
* slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
(Closes: #921525)
* pvrdma-release-device-resources-on-error-CVE-2018-20123.patch
(Closes: #916442, CVE-2018-20123)
* enable rdma and pvrdma, build-depend on
librdmacm-dev, libibverbs-dev, libibumad-dev
* sync debian/qemu-user-static.1 and debian/qemu-user.1 generate the latter
from the former (finally Closes: #901407)
* move ivshmem-server & ivshmem-client from qemu-utils to qemu-system-common
(the binaries are also specific to qemu-system, not useable alone)
* move qemu-pr-helper from qemu-utils to qemu-system-common -
this is an internal qemu-system helper, with possible socket activation,
not intended for use outside of qemu-system
[ Christian Ehrhardt ]
* qemu-guest-agent: freeze-hook to ignore dpkg files (packaging changes)
-- Michael Tokarev <email address hidden> Wed, 06 Feb 2019 12:23:01 +0300
-
qemu (1:3.1+dfsg-2) unstable; urgency=medium
* d/rules: split arch and indep builds
* enable s390x cross-compiler and build s390-ccw.img (Closes: #684909)
* build x86 optionrom in qemu-system-data (was in seabios/debian/)
* qemu-system-data: Multi-Arch: allowed=>foreign (Closes: #903562)
* fix Replaces: version for qemu-system-common (Closes: #916279)
* add simple udev rules file for systemd guest agent (Closes: #916674)
* usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
Race condition in usb_mtp implementation (Closes: #916397)
* bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch
Memory corruption in bluetooth subsystem (Closes: #916278)
* hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch (Closes: #917007)
* bump debhelper compat to 12 (>>11)
* d/rules: use dh_missing instead of dh_install --list-missing (compat=12)
* use dh_installsystemd for guest agent (Closes: #916625)
* mention closing by 3.1: Closes: #912655, CVE-2018-16847
* mention closing by 2.10:
Closes: #849798, CVE-2016-10028
Closes: CVE-2017-9060
Closes: CVE-2017-8284
-- Michael Tokarev <email address hidden> Fri, 21 Dec 2018 16:51:39 +0300
-
qemu (1:3.1+dfsg-1) unstable; urgency=medium
* new upstream release (3.1)
* Security bugs fixed by upstream:
Closes: #910431, CVE-2018-10839:
integer overflow leads to buffer overflow issue
Closes: #911468, CVE-2018-17962
pcnet: integer overflow leads to buffer overflow
Closes: #911469, CVE-2018-17963
net: ignore packets with large size
Closes: #908682, CVE-2018-3639
qemu should be able to pass the ssbd cpu flag
Closes: #901017, CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
via incoming fragmented datagrams
Closes: #902725, CVE-2018-12617
qmp_guest_file_read in qemu-ga has an integer overflow
Closes: #907500, CVE-2018-15746
qemu-seccomp might allow local OS guest users to cause a denial of service
Closes: #915884, CVE-2018-16867
dev-mtp: path traversal in usb_mtp_write_data of the MTP
Closes: #911499, CVE-2018-17958
Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
because an incorrect integer data type is used
Closes: #911470, CVE-2018-18438
integer overflows because IOReadHandler and its associated functions
use a signed integer data type for a size value
Closes: #912535, CVE-2018-18849
lsi53c895a: OOB msg buffer access leads to DoS
Closes: #914604, CVE-2018-18954
pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1
allows out-of-bounds write or read access to PowerNV memory
Closes: #914599, CVE-2018-19364
Use-after-free due to race condition while updating fid path
Closes: #914727, CVE-2018-19489
9pfs: crash due to race condition in renaming files
* remove patches which were applied upstream
* add new manpage qemu-cpu-models.7
* qemu-system-ppcemb is gone, use qemu-system-ppc[64]
* do-not-link-everything-with-xen.patch (trivial)
* get-orig-source: handle 3.x and 4.x, and remove roms again, as
upstream wants us to use separate source packages for that stuff
* move generated data from qemu-system-data back to qemu-system-common
* d/control: enable spice on arm64 (Closes: #902501)
(probably should enable on all)
* d/control: change git@salsa urls to https
* add qemu-guest-agent.service (Closes: #795486)
* enable opengl support and virglrenderer (Closes: #813658)
* simplify d/rules just a little bit
* build-depend on libudev-dev, for qga
-- Michael Tokarev <email address hidden> Sun, 02 Dec 2018 19:10:27 +0300
-
qemu (1:2.12+dfsg-3) unstable; urgency=medium
* make qemu-system-foo depending
on qemu-system-data >>ver~, not >>ver
(Closes: #900585)
* do not build qemu-system-gui on hppa
* use dh_lintian for lintian overrides
* update VCS fields to point to salsa.debian.org
-- Michael Tokarev <email address hidden> Fri, 01 Jun 2018 21:42:29 +0300
-
qemu (1:2.12+dfsg-2) unstable; urgency=medium
* create new package, qemu-system-gui,
and package GTK module and audio modules in there
Closes: #850584
* add an item about qemu-system-gui to debian/qemu-system-common.NEWS
* qemu-system-*: require more recent qemu-system-common
* switch all builds to be in a single b/ subdir
* d/get-orig-source: remove .oco (object) files from roms/SLOF/
* refresh patches/use-fixed-data-path.patch: remove now-unused local var too
* ccid-card-passthru-fix-regression-in-realize.patch (Closes: #900006)
* debian/control-in: enable seccomp on linux-any (Closes: #900055)
* create new arch-indep package qemu-system-data, for data and firmware files.
Move common data files from qemu-system-common to it, for now
* fix sata/ahci stalls (ahci-fix-PxCI-register-race.patch)
* tcg-i386-Fix-dup_vec-in-non-AVX2-codepath.patch (Closes: #900372)
-- Michael Tokarev <email address hidden> Thu, 31 May 2018 13:22:55 +0300
-
qemu (1:2.12+dfsg-1) unstable; urgency=medium
* new upstream release
* get-orig-source: do not remove roms/* directories,
since we will use these to build the roms
* disable building on hppa arch (not supported upstream since ong time)
* Use https://download.qemu.org to download new tarballs (Closes: #895067)
* add Breaks: binfmt-support (<<2.1.7) so that --fix-binary works;
also fix qemu-user-static description (Closes: #896478)
-- Michael Tokarev <email address hidden> Thu, 26 Apr 2018 20:29:36 +0300
-
qemu (1:2.12~rc3+dfsg-2) unstable; urgency=medium
* fix typo in previous changelog entry
* add riscv32/riscv64 to qemu-debootstrap
* install gtk message catalogs into qemu-system-common (Closes: #878130)
(and install-gtk-message-catalogs-if-CONFIG_GTK.patch)
* tcg_mips-handle-large-offsets-from-target-env-to-tlb_table.patch:
fix FTBFS on mips targets
-- Michael Tokarev <email address hidden> Sat, 14 Apr 2018 17:01:24 +0300
-
qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
* new upstream 2.12 release (Release Candidate 3)
Closes: #892041, CVE-2018-7550
Closes: #884806, CVE-2017-15124
Closes: #887392, CVE-2018-5683
Closes: #892497, CVE-2018-7858
Closes: #882136, CVE-2017-16845
Closes: #886532, #892947, #891375, #887892, #860822, #851694
* refresh local debian patches
* d/rules: enable new system (hppa riscv32 riscv64) and
user (aarch64_be xtensa xtensaeb riskc32 riscv64) targets
Closes: #893767
* fix d/source/options to match current reality
* drop use-data-path.patch, upstream now has --firmwarepath= option
* enable capstone disassembler library support
(build-depend on libcapstone-dev)
* debian/extract-config-opts: use tab for option / condition separator
* qemu-block-extra: install only block modules
* make `qemu' metapackage to be dummy, to remove it in a future release
* do not suggest kmod, it is pointless
* install /usr/bin/qemu-pr-helper to qemu-utils package
* switch from sdl2 to gtk ui
Closes: #839695, #886671, #879536, #879534, #879532, #879193, #894852
* qemu-system-ppc: forgotten qemu-system-ppc64le.1 link
* mention closing of #880582 by 2.11
* package will built against spice 0.14, so Closes: #854959
* check sfdisk presence in qemu-make-debian-root (Closes: #872098)
* check mke2fs presence in qemu-make-debian-root (Closes: #887207)
* debian/binfmt-update-in: include forgotten hppa (Closes: #891261)
* debian/TODO: removed some old ToDo items
* use binfmt-support --fix-binary option (Closes: #868030)
-- Michael Tokarev <email address hidden> Thu, 12 Apr 2018 19:04:03 +0300
-
qemu (1:2.11+dfsg-1) unstable; urgency=medium
[ Michael Tokarev ]
* update to new upstream (2.11) release
Closes: #883625, CVE-2017-17381
Closes: #880832, CVE-2017-15289
Closes: #880836, CVE-2017-15268
Closes: #883399, CVE-2017-15119
Closes: #883406, CVE-2017-15118
* update to new upstream, remove old patches, refresh debian patches
* disable sdl audio driver (pulse or oss should work fine)
* do not build-depend on libx11-dev (libsdl2-dev already depends on it)
* move libpulse-dev build-dep to a better place
* clean up d/control from various old conflicts/replaces/provides
* remove --with-system-pixman, not used anymore
* remove ubuntu-specific qemu-system-aarch64 transitional package (trusty)
* remove ubuntu-specific mentions of old qemu-kvm-spice package (precise)
* remove old comment about /etc/kvm from qemu-kvm description
* add Suggests: openbios-sparc for qemu-system-sparc on ubuntu
(similar to what is done for qemu-system-ppc)
* update get-orig-source.sh with new blobs/submodules
* update debian/watch a bit
[ Aurelien Jarno ]
* debian/control-in: build qemu-system and qemu-user on mips64 and
mips64el. Closes: #880485.
[ Christian Ehrhardt ]
* ppc64[le]: provide symlink matching arch name
* d/control-in: Enable seccomp for ppc64el,
this bumps minimum libseccomp version
-- Michael Tokarev <email address hidden> Thu, 11 Jan 2018 14:42:12 +0300
-
qemu (1:2.10.0+dfsg-2) unstable; urgency=medium
* update to upstream 2.10.1 point release
Closes: #877160
Closes: CVE-2017-13673
* remove 3 patches included upstream:
multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch
slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch
* 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch
Closes: #877890, CVE-2017-15038
* remove-trailing-whitespace-from-qemu-options.hx.patch
Closes: #875711
* drop dh_makeshlibs call (was for libcacard)
* drop linux-libc-dev build-dependency (it gets pulled by libc-dev)
* switch from sdl1 to sdl2 (Closes: #870025)
-- Michael Tokarev <email address hidden> Sun, 08 Oct 2017 12:51:09 +0300
-
qemu (1:2.10.0+dfsg-1) unstable; urgency=medium
* remove blobs, to DFSG'ify it again (there's still
no source for some blobs included in upstream tarball)
There's no way to revert to 2-number version due to prev. upload
* update from upstream git (no changes but include date & commit-id):
multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
* update previous changelog entry (fix bug/closes refs):
Closes: #873851, CVE-2017-13672
Closes: #874606, CVE-2017-14167
Closes: #873875, CVE-2017-13711
-- Michael Tokarev <email address hidden> Sat, 23 Sep 2017 18:35:29 +0300
-
qemu (1:2.8+dfsg-7) unstable; urgency=medium
* uploading to unstable all fixes which went to stretch-security
(exactly the same as 2.8+dfsg-6+deb9u2)
-- Michael Tokarev <email address hidden> Sat, 05 Aug 2017 16:35:01 +0300
-
qemu (1:2.8+dfsg-6) unstable; urgency=high
* 9pfs-local-forbid-client-access-to-metadata-CVE-2017-7493.patch
Closes: CVE-2017-7493
* group all 9p patches together
* drop obsolete comment about libiscsi on ubuntu from d/control
-- Michael Tokarev <email address hidden> Tue, 23 May 2017 09:58:03 +0300
-
qemu (1:2.8+dfsg-5) unstable; urgency=high
* Security fix release
* 9pfs-local-set-path-of-export-root-to-dot-CVE-2017-7471.patch
Closes: #860785, CVE-2017-7471
* 9pfs-xattr-fix-memory-leak-in-v9fs_list_xattr-CVE-2017-8086.patch
Closes: #861348, CVE-2017-8086
* vmw_pvscsi-check-message-ring-page-count-at-init-CVE-2017-8112.patch
Closes: #861351, CVE-2017-8112
* scsi-avoid-an-off-by-one-error-in-megasas_mmio_write-CVE-2017-8380.patch
Closes: #862282, CVE-2017-8380
* input-limit-kbd-queue-depth-CVE-2017-8379.patch
Closes: #862289, CVE-2017-8379
* audio-release-capture-buffers-CVE-2017-8309.patch
Closes: #862280, CVE-2017-8309
-- Michael Tokarev <email address hidden> Wed, 17 May 2017 09:01:24 +0300
-
qemu (1:2.8+dfsg-4) unstable; urgency=high
* usb-ohci-limit-the-number-of-link-eds-CVE-2017-6505.patch
Closes: #856969, CVE-2017-6505
* linux-user-fix-apt-get-update-on-linux-user-hppa.patch
Closes: #846084
* update to 2.8.1 upstream stable/bugfix release
(v2.8.1.diff from upstream, except of seabios blob bits).
Closes: #857744, CVE-2016-9603
Patches dropped because they're included in 2.8.1 release:
9pfs-symlink-attack-fixes-CVE-2016-9602.patch
char-fix-ctrl-a-b-not-working.patch
cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
cirrus-fix-oob-access-issue-CVE-2017-2615.patch
cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
linux-user-fix-s390x-safe-syscall-for-z900.patch
nbd_client-fix-drop_sync-CVE-2017-2630.patch
s390x-use-qemu-cpu-model-in-user-mode.patch
sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
* bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1
* 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
(Closes: #859854, CVE-2017-7377)
* dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch
Closes: #840950, CVE-2016-8667
* make d/control un-writable to stop users from changing a generated file
* two patches from upstream to fix user-mode network with IPv6
slirp-make-RA-build-more-flexible.patch
slirp-send-RDNSS-in-RA-only-if-host-has-an-IPv6-DNS.patch
(Closes: #844566)
-- Michael Tokarev <email address hidden> Mon, 03 Apr 2017 16:28:49 +0300
-
qemu (1:2.8+dfsg-3) unstable; urgency=high
* urgency high due to security fixes
[ Michael Tokarev ]
* serial-fix-memory-leak-in-serial-exit-CVE-2017-5579.patch
Closes: #853002, CVE-2017-5579
* cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
(needed for the next patch, CVE-2017-2620 fix)
* cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
Closes: #855791, CVE-2017-2620
* nbd_client-fix-drop_sync-CVE-2017-2630.diff
Closes: #855227, CVE-2017-2630
* sd-sdhci-check-transfer-mode-register-in-multi-block-CVE-2017-5987.patch
Closes: #855159, CVE-2017-5987
* vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
Closes: #855616, CVE-2017-6058
* 3 CVE fixes from upstream for #853996:
sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
megasas-fix-guest-triggered-memory-leak-CVE-2017-5856.patch
virtio-gpu-fix-resource-leak-in-virgl_cmd_resource-CVE-2017-5857.patch
Closes: #853996, CVE-2017-5667, CVE-2017-5856, CVE-2017-5857
* usb-ccid-check-ccid-apdu-length-CVE-2017-5898.patch
Closes: #854729, CVE-2017-5898
* virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
Closes: #854730, CVE-2017-5931
* xhci-apply-limits-to-loops-CVE-2017-5973.patch
Closes: #855611, CVE-2017-5973
* net-imx-limit-buffer-descriptor-count-CVE-2016-7907.patch
Closes: #839986, CVE-2016-7907
* cirrus-fix-oob-access-issue-CVE-2017-2615.patch
Closes: #854731, CVE-2017-2615
* 9pfs-symlink-attack-fixes-CVE-2016-9602.patch
Closes: #853006
* vnc-do-not-disconnect-on-EAGAIN.patch
Closes: #854032
* xhci-fix-event-queue-IRQ-handling.patch (win7 xhci issue fix)
* xhci-only-free-completed-transfers.patch
Closes: #855659
* char-fix-ctrl-a-b-not-working.patch
Closes: https://bugs.launchpad.net/bugs/1654137
* char-drop-data-written-to-a-disconnected-pty.patch
Closes: https://bugs.launchpad.net/bugs/1667033
* s390x-use-qemu-cpu-model-in-user-mode.patch
Closes: #854893
* d/control is autogenerated, add comment
* check if debootstrap is available in qemu-debootstrap
Closes: #846497
[ Christian Ehrhardt ]
* (ubuntu) no more skip enable libiscsi (now in main)
* (ubuntu) Disable glusterfs (Universe dependency)
* (ubuntu) have qemu-system-arm suggest: qemu-efi;
this should be a stronger relationship, but qemu-efi is still
in universe right now.
* (ubuntu) change dependencies for fix of wrong acl for newly
created device node on ubuntu
-- Michael Tokarev <email address hidden> Tue, 28 Feb 2017 11:40:18 +0300
-
qemu (1:2.8+dfsg-2) unstable; urgency=medium
* Revert "update binfmt registration for mipsn32"
Reopens: #829243
Closes: #843032
Will re-enable it for stretch+1, since for now upgrades
from jessie are broken (jessie comes with 3.16 kernel),
and there's no easy fix for this
* Revert "enable virtio gpu (virglrenderer) and opengl support"
Revert "switch from sdl1 to gtk3"
Revert other gtk2/drm/vte/virgl-related changes
Reopens: #813658, #839695
The change were too close to stretch release and too large,
bringing too much graphics stuff for headless servers,
will re-think this for stretch+1.
sdl1 back: Closes: #851509
virtio-3d bugs: Closes: #849798, #852119
* mention closing of #769983 (multi-threaded linux-user) by 2.7
* mention closing of #842455, CVE-2016-9101 by 2.8
* audio-ac97-add-exit-function-CVE-2017-5525.patch (Closes: #852021)
* audio-es1370-add-exit-function-CVE-2017-5526.patch (Closes: #851910)
* watchdog-6300esb-add-exit-function-CVE-2016-10155.patch (Closes: #852232)
-- Michael Tokarev <email address hidden> Mon, 23 Jan 2017 14:06:54 +0300
-
qemu (1:2.8+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #837191, CVE-2016-7156
Closes: #837316, CVE-2016-7170
Closes: #839835, CVE-2016-7908
Closes: #839834, CVE-2016-7909
Closes: #840228, CVE-2016-7994
Closes: #840236, CVE-2016-7995
Closes: #840343, CVE-2016-8576
Closes: #840341, CVE-2016-8577
Closes: #840340, CVE-2016-8578
Closes: #840948, CVE-2016-8668
Closes: #840945, CVE-2016-8669
Closes: #841950, CVE-2016-8909
Closes: #841955, CVE-2016-8910
Closes: #842463, CVE-2016-9102 CVE-2016-9103 CVE-2016-9104
CVE-2016-9105 CVE-2016-9106
Closes: #846797, CVE-2016-9776
Closes: #847381, CVE-2016-9845
Closes: #847382, CVE-2017-9846
Closes: #847953, CVE-2016-9907
Closes: #847400, CVE-2016-9908
Closes: #847951, CVE-2016-9911
Closes: #847391, CVE-2016-9912
Closes: #847496, CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916
Closes: #847960, CVE-2016-9921 CVE-2016-9922
Closes: #847957, CVE-2016-9923
Closes: #819755, #833162
Hopefully closes: #844361
* remove unicore32 linux-user target, removed upstream
* remove all patches which were applied upstream (most of them)
* actually fix #841060
* doc-don-t-mention-memory-it-is-m.patch, Closes: #833619
* don't pass --enable-uuid (always enabled)
* build-depend on libncursesw5-dev, not libncurses5-dev
* install trace-events-all in qemu-system-common
* do not install qemu-tech.html (not provided by upstream anymore)
* switch from sdl1 to gtk3 (Closes: #839695)
* enable virtio gpu (virglrenderer) and opengl support (Closes: #813658)
* strip out -ldrm out of OPENGL_LIBS, since libdrm is actually not needed
* enable nfs support (libnfs-dev), in qemu-block-extra
* enable glusterfs support (glusterfs-common), in qemu-block-extra
(Closes: #775431)
* enable numa support (libnuma-dev) (Closes: #758189)
-- Michael Tokarev <email address hidden> Wed, 28 Dec 2016 15:31:37 +0300
-
qemu (1:2.7+dfsg-3) unstable; urgency=medium
* add PIE.patch to change loadable modules linker flags, from Adrian
(Closes: #837574)
* linux-user-fix-s390x-safe-syscall-for-z900.patch - fix FTBFS on s390x
* mention CVE-2016-7466 for 2.7+dfsg-1 (Closes: #838687, CVE-2016-7466)
-- Michael Tokarev <email address hidden> Thu, 27 Oct 2016 19:38:01 +0300
-
qemu (1:2.7+dfsg-2) unstable; urgency=medium
* fix distribution field in previous changelog entry
* add depends: on seabios >= 1.9 with linuxboot_dma.bin
(Closes: #840853, #841060, #842161)
* add more links for openbios-sparc to qemu-system-sparc,
bump dependency (Closes: #827456)
* include license for qemu logo files (Closes: #785362)
-- Michael Tokarev <email address hidden> Wed, 26 Oct 2016 20:04:15 +0300
-
qemu (1:2.7+dfsg-1) UNRELEASED; urgency=medium
* Acknowledge the previous NMU. Thank you Andrew!
* New upstream release, 2.7 (Closes: #748043, #839292)
Closes: #838850, CVE-2016-7161
Closes: #473240 (qcow encryption support has been removed)
* removed patches which went upstream, refreshed use-data-path.patch
* renamed remaining patches to include CVE#s and added Bug-Debian headers
* added Depends on lsb-base to qemu-guest-agent (Closes: #840740)
* update binfmt registration for mipsn32 (Closes: #829243)
Thank you Adam Borowski for investigation and the patch
* replace CVE-2016-7156 (#837339) patch with actual code from upstream
* scsi-mptsas-use-g_new0-to-allocate-MPTSASRequest-obj-CVE-2016-7423.patch
(Closes: #838145, CVE-2016-7423)
* virtio-add-check-for-descriptor-s-mapped-address-CVE-2016-7422.patch
(Closes: #838146, CVE-2016-7422)
* scsi-pvscsi-limit-process-IO-loop-to-ring-size-CVE-2016-7421.patch
(Closes: #838147, CVE-2016-7421)
-- Michael Tokarev <email address hidden> Fri, 14 Oct 2016 13:31:40 +0300
-
qemu (1:2.6+dfsg-3.1) unstable; urgency=high
* Non-maintainer upload.
* Security fixes from upstream:
- virtio-error-out-if-guest-exceeds-virtqueue-size-CVE-2015-5403.patch
(Closes: #832619, CVE-2015-5403)
- scsi-pvscsi-avoid-infinite-loop-while-building-SG-list.patch
(Closes: #837339, CVE-2016-7156)
- scsi-pvscsi-check-page-count-while-initialising-descriptor-rings.patch
(Closes: #837174, CVE-2016-7155)
- CVE-2016-6351: scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
and scsi-esp-fix-migration.patch (Closes: #832621, CVE-2016-6351)
- virtio-check-vring-descriptor-buffer-length.patch
(Closes: #832767, CVE-2016-6490)
- net-vmxnet3-check-for-device_active-before-write.patch
(Closes: #834904, CVE-2016-6833)
- net-check-fragment-length-during-fragmentation.patch
(Closes: #834905, CVE-2016-6834)
- net-vmxnet-check-IP-header-length.patch (Closes: #835031, CVE-2016-6835)
- net-vmxnet-initialise-local-tx-descriptor.patch
(Closes: #834944, CVE-2016-6836)
- net-vmxnet-use-g_new-for-pkt-initialisation.patch
(Closes: #834902, CVE-2016-6888)
- CVE-2016-7116: 9pfs-forbid-.-and-.-in-file-names.patch,
9pfs-forbid-illegal-path-names.patch and
9pfs-handle-walk-of-.-in-the-root-directory.patch
(Closes: #836502, CVE-2016-7116)
- CVE-2016-7157: scsi-mptconfig-fix-an-assert-expression.patch and
scsi-mptconfig-fix-misuse-of-MPTSAS_CONFIG_PACK.patch
(Closes: #837603, CVE-2016-7157)
-- Andrew James <email address hidden> Wed, 14 Sep 2016 00:56:18 -0600
-
qemu (1:2.6+dfsg-3) unstable; urgency=high
* more security fixes picked from upstream:
- CVE-2016-4454 fix (vmsvga) (Closes: CVE-2016-4454)
vmsvga-add-more-fifo-checks-CVE-2016-4454.patch
vmsvga-move-fifo-sanity-checks-to-vmsvga_fifo_length-CVE-2016-4454.patch
vmsvga-shadow-fifo-registers-CVE-2016-4454.patch
- vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch
(Closes: CVE-2016-4453)
- scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch
(Closes: #826152, CVE-2016-5238)
* set urgency to high due to the amount of
security fixes accumulated so far
-- Michael Tokarev <email address hidden> Wed, 15 Jun 2016 08:54:12 +0300
-
qemu (1:2.6+dfsg-2) unstable; urgency=medium
* add missing log entries for previous upload,
remove closing of #807006 (it is not closed)
* Added vga-add-sr_vbe-register-set.patch from upstream
This fixes regression (in particular with win7 installer)
introduced by the fix for CVE-2016-3712 (commit fd3c136)
* fix-linking-relocatable-objects-on-sparc.patch (Closes: #807006)
* Lots of security patches from upstream:
- net-mipsnet-check-packet-length-against-buffer-CVE-2016-4002.patch
(Closes: #821061, CVE-2016-4002)
- i386-kvmvapic-initialise-imm32-variable-CVE-2016-4020.patch
(Closes: #821062, CVE-2016-4020)
- esp-check-command-buffer-length-before-write-CVE-2016-4439.patch,
esp-check-dma-length-before-reading-scsi-command-CVE-2016-4441.patch
(Closes: #824856, CVE-2016-4439, CVE-2016-4441)
- scsi-mptsas-infinite-loop-while-fetching-requests-CVE-2016-4964.patch
(Closes: #825207, CVE-2016-4964)
- scsi-pvscsi-check-command-descriptor-ring-buffer-size-CVE-2016-4952.patch
(Closes: #825210, CVE-2016-4952)
- scsi-megasas-use-appropriate-property-buffer-size-CVE-2016-5106.patch
(Closes: #825615, CVE-2016-5106)
- scsi-megasas-initialise-local-configuration-data-buffer-CVE-2016-5105.patch
(Closes: #825614, CVE-2016-5105)
- scsi-megasas-check-read_queue_head-index-value-CVE-2016-5107.patch
(Closes: #825616, CVE-2016-5107)
- block-iscsi-avoid-potential-overflow-of-acb-task-cdb-CVE-2016-5126.patch
(Closes: #826151, CVE-2016-5126)
- scsi-esp-check-TI-buffer-index-before-read-write-CVE-2016-5338.patch
(Closes: #827024, CVE-2016-5338)
- scsi-megasas-null-terminate-bios-version-buffer-CVE-2016-5337.patch
(Closes: #827026, CVE-2016-5337)
* hw-dma-omap-spelling-fix-endianness.patch (lintian)
* arm-spelling-fix-mismatch.patch (lintian)
-- Michael Tokarev <email address hidden> Mon, 13 Jun 2016 12:10:44 +0300
-
qemu (1:2.6+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #799115
Closes: #822369, #823588
Closes: #813698
Closes: #807006
Closes: #805827
Closes: #813585
Closes: #823830 CVE-2016-3710 CVE-2016-3712
Closes: #813193 CVE-2016-2198
Closes: #813194 CVE-2016-2197
Closes: #815008 CVE-2016-2392
Closes: #815009 CVE-2016-2391
Closes: #815680 CVE-2016-2538
Closes: #821038 CVE-2016-4001
Closes: #822344 CVE-2016-4037
Closes: #817181 CVE-2016-2841
Closes: #817182 CVE-2016-2857
Closes: #817183 CVE-2016-2858
- removed all patches applied upstream
- removed mjt-set-oem-in-rsdt-like-slic.diff, feature has been
implemented in upstream differently
- refreshed local patches
* do not recommend sharutils for qemu-utils anymore (Closes: #820449)
* typo fix in qemu-system-misc description (Closes: #822883)
* allow qemu-debootstrap to create mips64el chroot (Closes: #817234)
-- Michael Tokarev <email address hidden> Wed, 18 May 2016 14:44:14 +0300
-
qemu (1:2.5+dfsg-5) unstable; urgency=medium
* fix misspellings in previous debian/changelog entry
* e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch
(Closes: #812307, CVE-2016-1981)
* hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch
(Closes: #809237, CVE-2015-8619)
* use `command -v' instead of `type' to check for command existance
-- Michael Tokarev <email address hidden> Thu, 28 Jan 2016 18:39:21 +0300
-
qemu (1:2.5+dfsg-4) unstable; urgency=medium
* change misspelling of won't in NEWS (lintian)
* two patches from upstream to enable sigaltstack syscal (linux-user)
(Closes: #805826)
* word-wrapped last entry in debian/changelog
* use type to find out whenever update-binfmts is available
* fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
(Partial) patch targetted 2.3 which fixes the read side of the issue
(Closes: CVE-2016-1714)
* i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
(Closes: #811201, CVE-2016-1922)
-- Michael Tokarev <email address hidden> Thu, 21 Jan 2016 13:06:06 +0300
-
qemu (1:2.5+dfsg-3) unstable; urgency=high
[ Aurelien Jarno ]
* debian/copyright: fix a spelling error reported by lintian: dependecy -> dependency.
[ Michael Tokarev ]
* net-vmxnet3-avoid-memory-leakage-in-activate_device-CVE-2015-8567-CVE-2015-8568.patch
(Closes: #808145, CVE-2015-8567, CVE-2015-8568)
* scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch
(Closes: #809232, CVE-2015-8613)
* net-rocker-fix-an-incorrect-array-bounds-check-CVE-2015-8701.patch
(Closes: #809313, CVE-2015-8701)
-- Michael Tokarev <email address hidden> Sun, 10 Jan 2016 10:59:46 +0300
-
qemu (1:2.5+dfsg-2) unstable; urgency=high
* ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
(Closes: #808144, CVE-2015-8558)
* virtio-9p-use-accessor-to-get-thread_pool.patch (Closes: #808357)
* two upstream patches from xsa-155 fixing unsafe shared memory access in xen
(Closes: #809229, CVE-2015-8550)
* net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
(Closes: #810519, CVE-2015-8743)
* ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
(Closes: #810527, CVE-2016-1568)
* changed build-depends from libpng12-dev to libpng-dev (Closes: #810205)
-- Michael Tokarev <email address hidden> Sat, 09 Jan 2016 21:40:43 +0300
-
qemu (1:2.5+dfsg-1) unstable; urgency=medium
* new upstream release
(Closes: #801158)
Closes: #806373 CVE-2015-8345
Closes: #806742 CVE-2015-7504
Closes: #806741 CVE-2015-7512
Closes: #808131 CVE-2015-7549
Closes: #808130 CVE-2015-8504
* adopt for the new upstream:
- removed patches which are upstream now
- build-depend on libcacard-dev and stop requiring libtool
- removed libcacard refs from debian/qemu-system-common.docs
- moved qmp docs out of subdir following upstream
- removed pc-bios/vgabios-virtio.bin
* enable new linux-user target: tilegx
* install qemu-ga manpage
* install ivshmem-server and ivshmem-client to qemu-utils
* stop using cylinders/heads/sectors for sfdisk
in qemu-make-debian-root (Closes: #785470)
* modify qemu-make-debian-root to use some current tools
(this simplifies things, removes usage of uudecode)
(usefulness of this utility is questionable anyway)
-- Michael Tokarev <email address hidden> Wed, 16 Dec 2015 20:00:04 +0300
-
qemu (1:2.4+dfsg-5) unstable; urgency=medium
* trace-remove-malloc-tracing.patch from upstream.
(Closes: #802633)
* stop building libcacard, as it is now in its own separate
source package and has been removed from upstream qemu in 2.5.
Here we just stop producing libcacard binaries, but still use
embedded libcacard source to link with it statically. In 2.5
we will switch to external libcacard. (Closes: #805410)
-- Michael Tokarev <email address hidden> Sun, 29 Nov 2015 12:22:52 +0300
-
qemu (1:2.4+dfsg-4) unstable; urgency=medium
* applied 3 patches from upstream to fix virtio-net
possible remote DoS (Closes: #799452 CVE-2015-7295)
* remove now-unused /etc/qemu too (Closes: #797608)
-- Michael Tokarev <email address hidden> Thu, 08 Oct 2015 20:30:03 +0300
-
qemu (1:2.4+dfsg-3) unstable; urgency=high
* ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
fix for Heap overflow vulnerability in ne2000_receive() function
(Closes: #799074 CVE-2015-5279)
* ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
(Closes: #799073 CVE-2015-5278)
* some binfmt reorg:
- extend aarch64 to include one more byte as other arches do
- set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
OSABI=3 (GNU/Linux) in addition to NONE/SysV
(Closes: #784605 #794737)
- tighten sh4 & sh4eb, fixing OSABI mask to be \xfc not 0
-- Michael Tokarev <email address hidden> Tue, 15 Sep 2015 19:30:18 +0300
-
qemu (1:2.4+dfsg-2) unstable; urgency=high
* Add e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch.
CVE-2015-6815: net: e1000 infinite loop issue in processing transmit
descriptor. (Closes: #798101 CVE-2015-6815)
* Add ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch.
CVE-2015-6855: ide: qemu allows arbitrary commands to be sent to an ATAPI
device from guest, while illegal comands might have security impact,
f.e. WIN_READ_NATIVE_MAX results in divide by zero error.
(Closes: CVE-2015-6855)
-- Michael Tokarev <email address hidden> Fri, 11 Sep 2015 19:54:07 +0300
-
qemu (1:2.4+dfsg-1a) unstable; urgency=medium
* new upstream (2.4.0) release
Closes: #795461, #793811, #794610, #795087, #794611, #793388
CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5745
CVE-2015-5166 CVE-2015-5158
Closes: #793817
* removed all upstreamed patches
* remove --enable-vnc-ws option (not used anymore)
* update mjt-set-oem-in-rsdt-like-slic.diff
* vnc-fix-memory-corruption-CVE-2015-5225.patch from upstream
Closes: #796465 CVE-2015-5225
* remove now-unused /etc/qemu/target-x86_64.conf
-- Michael Tokarev <email address hidden> Mon, 31 Aug 2015 16:28:08 +0300
-
qemu (1:2.4+dfsg-1) UNRELEASED; urgency=medium
* new upstream (2.4.0) release (Closes: CVE-2015-3214 #795461,
CVE-2015-5154 #793811, CVE-2015-5165 #794610, CVE-2015-5745 #795087,
CVE-2015-5166 #794611, CVE-2015-5158 #793388)
(Closes: #793817)
* removed all upstreamed patches
* remove --enable-vnc-ws option (not used anymore)
* update mjt-set-oem-in-rsdt-like-slic.diff
* vnc-fix-memory-corruption-CVE-2015-5225.patch from upstream
(Closes: CVE-2015-5225 #796465)
* remove now-unused /etc/qemu/target-x86_64.conf
-- Michael Tokarev <email address hidden> Mon, 31 Aug 2015 12:29:44 +0300
-
qemu (1:2.3+dfsg-6a) unstable; urgency=medium
* fix d/copyright leftover in previous upload
-- Michael Tokarev <email address hidden> Thu, 11 Jun 2015 20:31:07 +0300
-
qemu (1:2.3+dfsg-6) unstable; urgency=high
* pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch
from upstream (Closes: #788460 CVE-2015-3209)
-- Michael Tokarev <email address hidden> Thu, 11 Jun 2015 20:03:40 +0300
-
qemu (1:2.3+dfsg-5) unstable; urgency=high
* slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
(Closes: CVE-2015-4037)
* 11 patches for XEN PCI pass-through issues
(Closes: #787547 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106)
* kbd-add-brazil-kbd-keys-*.patch, adding two keys found on Brazilian
keyboards (Closes: #772422)
-- Michael Tokarev <email address hidden> Wed, 03 Jun 2015 17:18:58 +0300
-
qemu (1:2.3+dfsg-4) unstable; urgency=medium
* rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
patch from upstream to fix FTBFS on some arches
* libcacard-dev: depend on libnss3-dev (Closes: #785798)
* libcacard-dev: do not depend on pkg-config
-- Michael Tokarev <email address hidden> Wed, 20 May 2015 14:21:09 +0300
-
qemu (1:2.3+dfsg-3) unstable; urgency=high
* fdc-force-the-fifo-access-to-be-in-bounds-CVE-2015-3456.patch
(Closes: CVE-2015-3456)
* fix the OSABI binfmt mask for x86_64 arch, to actually fix #763043.
Original fix didn't work, because "someone" forgot arithmetics.
(Really Closes: #763043)
* align binfmt magics/masks to be in single column
-- Michael Tokarev <email address hidden> Tue, 12 May 2015 23:02:29 +0300
-
qemu (1:2.1+dfsg-11) unstable; urgency=medium
* bump epoch and reupload to cancel 2.2+dfsg-1exp upload
mistakenly done to unstable. No other changes.
-- Michael Tokarev <email address hidden> Wed, 10 Dec 2014 00:52:28 +0300
-
qemu (2.1+dfsg-10) unstable; urgency=medium
* make (debian-specific) x86 data path (with seabios and ipxe
in it) non-x86-specific, since other arches use firmware
files too (Closes: #772127)
* add seabios to Recommends to qemu-system-misc, qemu-system-mips,
qemu-system-ppc and qemu-system-sparc packages, because these
packages contains emulators using vgabios which is part of
seabios package (#772127).
* add ipxe-qemu to Recommends to qemu-system-misc, qemu-system-arm,
qemu-system-mips, qemu-system-ppc, qemu-system-sparc packages,
because these packages contains emulators using network boot
roms (#772127), in a similar way.
-- Michael Tokarev <email address hidden> Tue, 09 Dec 2014 13:47:36 +0300
-
qemu (2.1+dfsg-9) unstable; urgency=high
* apply upstream patches for CVE-2014-8106
(cirrus: insufficient blit region checks)
(Closes: #772025 CVE-2014-8106)
-- Michael Tokarev <email address hidden> Thu, 04 Dec 2014 00:10:43 +0300
-
qemu (2.1+dfsg-8) unstable; urgency=low
[ Michael Tokarev ]
* add Built-Using control field for qemu-user-static package:
take contents of qemu-user ${shlibs:Depends} and transform it
into list of source packages with versions. (Closes: #768926)
* run remove-alternatives in qemu-system.postinst (the metapkg)
too, not only in qemu-system-XX.postinst, to handle upgrades
from wheezy (Closes: #768244)
* several fixes for debian/qemu-user.1 manpage. It needs more
work, but at least some easy and obvious errors are fixed now.
(Closes: #763841)
* migration-fix-parameter-validation-on-ram-load.patch from upstream
(Closes: #769451 CVE-2014-7840)
* fix x86_64 binfmt mask to allow more values in ELF_OSABI field
(byte7). Current gcc/binfmt sometimes produces binaries with
this field set to 3 (OSABI_GNU) not 0 (OSABI_SYSV) as used to be.
Set mask to 0xfb not 0xff here, to allow 0 (traditional SYSV),
1 (HPUX), 2 (NETBSD) or 3 (GNU). This lets 2 more types than
necessary, but qemu will reject wrong types so no harm is done.
Some other binfmts ignore this field completely (with mask=0).
Maybe some day we'll have 2 different binfmt registrations for
the 2 different ABI types. (Closes: #763043)
* usb-host-fix-usb_host_speed_compat-tyops.patch -- fix host usb devices
attach, without this patch many USB devices does not work
* qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch - trivial
patch from upstream to fix segfault in -device foo,help (Closes: #770880)
[ Aurelien Jarno ]
* Add tcg-mips-fix-store-softmmu-slow-path.patch from upstream to fix
TCG support on mips/mipsel hosts (Closes: #769470).
[ Ian Campbell ]
* Backport patch to fix unmapping of persistent grants in the Xen qdisk
backend (Closes: #770468).
-- Michael Tokarev <email address hidden> Thu, 27 Nov 2014 18:32:45 +0300
-
qemu (2.1+dfsg-7) unstable; urgency=high
* urgency is high due to 2 security fixes
(one current and one forgotten in previous release)
and because of possible data corruption bugfix
* vnc-sanitize-bits_per_pixel-from-the-client-CVE-2014-7815.patch
from upstream (Closes: CVE-2014-7815)
* fix spelling mistake in previous changelog entry
* add two patches from upstream for block/raw-posix.c to work around
probs in FS_IOC_FIEMAP ioctl and to prefer seek_hole over fiemap.
This should fix a long-standing ghost data corruption observed
in various places.
-- Michael Tokarev <email address hidden> Mon, 03 Nov 2014 18:44:34 +0300
-
qemu (2.1+dfsg-6) unstable; urgency=medium
* mention closing of CVE-2014-3615 by 2.1.2 (2.1+dfsg-5)
* 9p-use-little-endian-format-for-xattr-values.patch (Closes: #755740)
* mention closing of #760386
* mention closing of more CVEs by 2.1+dfsg-1
* recognize ppc64el in qemu-debootstrap (Luca Falavigna) (Closes: #760949)
* use dpkg-vendor to let derived distros to use our d/rules
* use /usr/share/dpkg/architecture.mk to get DEB_HOST_* and DEB_BUILD_*
variables. This restores cross building support.
* use /usr/share/dpkg/buildflags.mk for CFLAGS LDFLAGS &Co
* pass -DVENDOR_{DEBIAN,UBUNTU} to compiler
* do not treat ppc* and ppc*le as compatible for binfmt registrations
* mention ACPI SLIC to RSDT id copying if slic table is supplied,
thank you Tim Small for the patch (Closes: #765075)
* apply 5 patches from upstream to fix a security issue in
vmware-vga (Closes: #765496 CVE-2014-3689)
* apply two patche from upstream to make qemu to work with samba4
(Closes: #747636)
-- Michael Tokarev <email address hidden> Mon, 03 Nov 2014 18:07:48 +0300
-
qemu (2.1+dfsg-5) unstable; urgency=medium
* upstream bugfix release v2.1.2
(Closes: #762532 CVE-2014-3640 CVE-2014-5388)
* Add x32 to the list of supported architectures
(patch by Thorsten Glaser)
* fix wrong reference in kvm.1 (Closes: #761137)
* removed patches (applied upstream):
l2tp-linux-only.patch
ide-only-constrain-read_write-requests-to-drive-size.diff
pc-reserve-more-memory-for-acpi.patch
-- Michael Tokarev <email address hidden> Fri, 26 Sep 2014 17:43:26 +0400
-
qemu (2.1+dfsg-4) unstable; urgency=medium
* mention libnuma-dev but not enable for now
* 9p-readdir.patch: fix readdir in 9p mapped mode (Closes: #755738)
* pc-reserve-more-memory-for-acpi.patch: fix linux -kernel not working
with new qemu (Closes: #759522)
* qemu-options-add-missing--drive-discard-option-to-cmdline-help.diff -
documentation fix
* mention that 2.1 closed #754336.
* move qemu-bridge-helper to /usr/lib/qemu/ subdir (lintian)
* debian/binfmt-update-in (Serge Hallyn):
- don't run in a container
- add ppc64le as target
* add apport hook from ubuntu package (ubuntu-only for now)
-- Michael Tokarev <email address hidden> Sun, 31 Aug 2014 09:32:59 +0400
-
qemu (2.1+dfsg-3) unstable; urgency=medium
* set SHELL = /bin/sh -e, so that more complex shell constructs
in d/rules will fail if any command fail inside
* check for pipe2() being a stub too, like utimensat() etc
* build-depend on gnutls-dev, not libgnutls*-dev, so the
buuld system will pick default gnutls impl (so it works for
backports and future versions)
* build-depend on libjpeg-dev not libjpeg8-dev
* minimum version of seabios is 1.7.5 (Closes: #757958)
* ide-only-constrain-read_write-requests-to-drive-size.diff
(Closes: #757927)
* added use-arch-data-path.patch, to be able to search for binary
blobs in several (arch-specific) data directories instead of just one.
* removed all blob/firmware symlinks from qemu-system-x86, using
arch-specific datapath instead (/usr/share/seabios:/usr/lib/ipxe/qemu)
* removed retry-pxe-after-efi.patch and depend on ipxe-qemu which
introduced efi boot roms. qemu should not try to load "wrong"
ROM, or else migration will fail due to rom size mismatch.
* include /usr/lib/qemu-bridge-helper binary, but not make it setuid
due to security concerns outlined in #691138 (Closes: #691138)
* make vnc-jpeg not debian-specific
* install kvm-spice symlinks on ubuntu
-- Michael Tokarev <email address hidden> Thu, 14 Aug 2014 14:30:24 +0400
-
qemu (2.1+dfsg-2) unstable; urgency=medium
* l2tp-linux-only.patch: fix FTBFS on kfreebsd
* imx_timer_TIMER_MAX_clash.diff: fix ITIMER_MAX definition clash
* remove kfreebsd hack which disabled usb support on this platform
since qemu-1.3: it isn't needed anymore
-- Michael Tokarev <email address hidden> Sat, 02 Aug 2014 00:51:04 +0400
-
qemu (2.1+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #739589 CVE-2014-3461
Closes: #735618
* versioned build-depend on libiscsi-dev (>>1.9.0~)
* added ppc64le user target
* fix description of qemu-user-binfmt wrt "empty" (Closes: #755988)
* use /usr/share/dpkg/pkg-info.mk instead of inventing the same locally
* added debian/get-orig-source.sh (and a d/rules target)
* set ubuntu vcs branch to ubuntu-utopic
* binfmt-update-in: make sure to filter out compat arches
-- Michael Tokarev <email address hidden> Fri, 01 Aug 2014 20:06:22 +0400
-
qemu (2.0.0+dfsg-7) unstable; urgency=medium
* clarify description of qemu-user-binfmt a bit
* build-depend on acpica-tools (iasl) in order to rebuild .dsl files
* remove qemu-keymaps package, since it is not used by other tools
anymore, and ship keymaps in qemu-system-common.
* remove (and break by qemu-system-common) old qemu-common for
ubuntu too, since it was transitional-to-qemu-keymaps pkg
* reorganize docs (Closes: #751376):
- do not ship docs in qemu (meta)package, except of qemu-doc.html
- ship most of docs/* in qemu-system-common in /usr/share/doc/q-s-c/
- make symlinks from /usr/share/doc/qemu-system-foo/common to ../q-s-c/
- ship doc-base file for qemu-system-common too (for qemu-doc.html)
- rename qemu.1 manpage to qemu-system.1
* qemu-user-static & qemu-user-binfmt conflict with each other, not break.
* mention that qemu-user-binfmt is empty package (lintian)
-- Michael Tokarev <email address hidden> Thu, 24 Jul 2014 16:51:16 +0400
-
qemu (2.0.0+dfsg-6) unstable; urgency=medium
* build-depend on libgnutls28-dev not libgnutls-dev
* added qcow1 block format validation patches from upstream:
block-fmt-validation/qcow1-check-maximum-cluster-size.patch
block-fmt-validation/qcow1-stricter-backing-file-length-check.patch
block-fmt-validation/qcow1-validate-image-size-CVE-2014-0223.patch
block-fmt-validation/qcow1-validate-L2-table-size-CVE-2014-0222.patch
(Finally closes: #742730, CVE-2014-0222, CVE-2014-0223)
-- Michael Tokarev <email address hidden> Fri, 23 May 2014 12:12:38 +0400
-
qemu (2.0.0+dfsg-5) unstable; urgency=medium
* re-re-enable rbd (ceph) support again (Closes: #689239)
Should watch for breakage and for runtime dependencies closely from now on.
* fix qemu-kvm package description (stop mentioning it is transitional)
* move all binfmt handling from many files to d/binfmt-update-in
* introduce qemu-user-binfmt (dummy) package to support binfmt
registration of qemu-user binaries (Closes: #677529)
-- Michael Tokarev <email address hidden> Tue, 13 May 2014 21:15:48 +0400
-
qemu (2.0.0+dfsg-4) unstable; urgency=medium
* suggests ovmf, not recommends it as it is not in -main (Closes: #745698)
* cputlb-fix-regression-with-TCG-interpreter.patch (Closes: #744342)
-- Michael Tokarev <email address hidden> Wed, 30 Apr 2014 10:03:55 +0400
-
qemu (2.0.0+dfsg-3) unstable; urgency=low
* 2.0.0 closed #744213 (CVE-2013-4544) and #745157 (CVE-2014-2894)
* mjt-set-oem-in-rsdt-like-slic.diff: apply a (hackish) patch to simplify
running OEM versions of windows vista and 7 in qemu using SLIC table
from current hardware.
* set VENDOR in d/rules
* added forgotten qemu-kvm Pre-Depends field
* switch back from sdl1 to sdl2, as the latter apparently isn't ready yet
(Closes: #745269)
-- Michael Tokarev <email address hidden> Mon, 21 Apr 2014 12:34:03 +0400
-
qemu (2.0.0+dfsg-2) unstable; urgency=medium
* resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current
Debian kFreeBSD system still.
-- Michael Tokarev <email address hidden> Thu, 17 Apr 2014 22:04:38 +0400
-
qemu (2.0.0+dfsg-1) unstable; urgency=low
* 2.0 actually does not close #739589,
remove it from from last changelog entry
* mention closing of #707629 by 2.0
* mention a list of CVE IDs closed by #742730
* mention closing of CVE-2013-4377 by 1.7.0-6
* do not set --enable-uname-release=2.6.32 for qemu-user anymore
(was needed for old ubuntu builders)
* removed 02_kfreebsd.patch: it adds configure check for futimens() and
futimesat() syscalls on FreeBSD, however futimens() appeared in FreeBSD
5.0, and futimesat() in 8.0, and 8.0 is the earliest supported version
* kmod dependency is linux-any
* doc-grammify-allows-to.patch: fix some lintian warnings
* remove alternatives for qemu: different architectures
aren't really alternatives and never had been
* update Standards-Version to 3.9.5 (no changes needed)
* exec-limit-translation-limiting-in-address_space_translate-to-xen.diff -
fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1
or 2.0, among other things
-- Michael Tokarev <email address hidden> Thu, 17 Apr 2014 18:27:15 +0400
-
qemu (1.7.0+dfsg-9) unstable; urgency=medium
* remove rbd/rados/ceph support *again*, till they'll actually provide
some symbol/library version mechanism
(Closes: #744364, Reopens: #729961, #689239)
-- Michael Tokarev <email address hidden> Sun, 13 Apr 2014 18:49:46 +0400
-
qemu (1.7.0+dfsg-8) unstable; urgency=low
* fix a brown-paper-bag bug in the previous upload
-- Michael Tokarev <email address hidden> Fri, 11 Apr 2014 22:01:32 +0400
-
qemu (1.7.0+dfsg-7) unstable; urgency=high
* fix guest-triggerable buffer overrun in virtio-net device
(Closes: #744221 CVE-2014-0150)
-- Michael Tokarev <email address hidden> Fri, 11 Apr 2014 20:27:16 +0400
-
qemu (1.7.0+dfsg-6) unstable; urgency=medium
* make ceph (rbd) support linux-only, since it exists only on linux
-- Michael Tokarev <email address hidden> Sat, 05 Apr 2014 13:59:48 +0400
-
qemu (1.7.0+dfsg-5) unstable; urgency=medium
* remove OVMF.fd symlink added in -4, it belongs to ovmf (Closes: #741494)
* qemu-debootstrap: add support for arm64 architecture (Closes: #740112)
* mention closing of #725176 by 1.7.0
-- Michael Tokarev <email address hidden> Thu, 13 Mar 2014 06:21:01 +0400
-
qemu (1.7.0+dfsg-4) unstable; urgency=medium
[ Michael Tokarev ]
* 1.7.1 stable upstream release (Closes: #719633)
* implement-posix-timers.diff from upstream (Closes: #732258)
* address_space_translate-do-not-cross-page-boundaries.diff -
upstream bugfix for xen
* break libvirt << 1.2, not just 1.0, we need 1.2+ after qemu-1.6.
* add linux-user-fixed-s390x-clone-argument-order.patch (Closes: #739800)
* re-enable cepth (rbd) support (Closes: #729961, #689239)
[ Steve Langasek ]
* (from Ubuntu) add symlink for OVMF.fd, which is now available in Debian
non-free.
* libusbredir is enabled in Ubuntu too, so sync debian/control.
* Enable building for ppc64el (in both Debian and Ubuntu): Debian does not
have a ppc64el port yet, but qemu builds out of the box there so it's
safe/appropriate to enable.
* Merge in Ubuntu-specific (and Ubuntu-tagged) debian/control changes.
* Enable building for arm64; the arm64 target is not yet merged, but the
package doesn't need arm64 target support to build for an arm64 host.
[ Riku Voipio ]
* control: build-depend on python:any (change originally made
in Aug-2013 but reverted by mjt later)
-- Michael Tokarev <email address hidden> Wed, 12 Mar 2014 18:34:03 +0400
-
qemu (1.7.0+dfsg-3) unstable; urgency=low
* qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86
* qemu-system-ppc: depend on openbios-ppc >= 1.1+svn1229 to fix boot issues
* qemu-system-sparc: depend on openbios-sparc >= 1.1+svn1229 too
* remove unused lintian overrides for qemu-user from qemu (meta)package
* qemu-system-*: depend on unversioned qemu-keymaps and qemu-system-common
packages (no particular version of any is hard-required)
* remove debian/README.source (was from quilt)
* add myself to debian/copyright
* reorder d/control to have Recommends:/Suggests: closer to Depends.
* rename d/control to d/control-in and add a d/rules rule to build it
based on ${VENDOR}
* allow different content in d/control for debian/ubuntu
* added debian/README-components-versions
* fixed qemu-armeb binfmt (Closes: #735078)
* added powerpcspe host arch (Closes: #734696)
* do not check for presence of update-alternatives which is part of dpkg
(Closes: #733222)
* do not call update-alternative --remove from postrm:remove
(lintian complains about this)
* add efi netrom links. This requires new ipxe-qemu.
-- Michael Tokarev <email address hidden> Thu, 16 Jan 2014 15:17:46 +0400
-
qemu (1.7.0+dfsg-2) unstable; urgency=low
* switch from vgabios to seavgabios
* rework update-alternatives handling for qemu-system (Closes: #722914)
* mention closing of #326886, #390444, #706237 and CVE-2013-4375 for 1.7.0
* rearrange libvte-dev build-dependency to come together with gtk, and
comment it out (since gtk frontend isn't being built)
* re-introduce qemu-kvm package with just a wrapper (/usr/bin/kvm)
and make this wrapper to force kvm mode (Closes: #727762)
* use less strict dependency on qemu-keymaps
* added fix-smb-security-share.patch by Michael Büsch (Closes: #727756)
* added move-ncalrpc-dir-to-tmp.patch by Michael Büsch (Closes: #728876)
-- Michael Tokarev <email address hidden> Fri, 29 Nov 2013 00:16:44 +0400
-
qemu (1.7.0+dfsg-1) unstable; urgency=low
* new upstream release (Closes: #724758)
* tweak kvm loading script to not load module for 3.4+ kernel
(kernel autoloads kvm modules since 3.4) (Closes: #717811)
* mention closing of #721713, #710971, #674201
* refresh use-fixed-data-path.patch to contain just the min. changes
* fix pxe-eepro100.rom link (never worked in qemu due to wrong name)
* remove old $Id$ line from debian/rules
-- Michael Tokarev <email address hidden> Thu, 28 Nov 2013 03:14:21 +0400
-
qemu (1.6.0+dfsg-2) unstable; urgency=low
* Build-depend in seccomp again once it is in -testing
* 1.6.1 upstream bugfix release (Closes: #725944)
* fix "allows [one] to" in qemu-ga description
* fix descriptions for qemu-system and qemu-system-common packages
-- Michael Tokarev <email address hidden> Fri, 11 Oct 2013 01:15:48 +0400
-
qemu (1.6.0+dfsg-1) unstable; urgency=low
[ Michael Tokarev ]
* final upstream v1.6.0 (Closes: #718180, #714273, #605525, #701855)
* removed configure-explicitly-disable-virtfs-if-softmmu=no.patch
* mention closing of #717724 by 1.6
* mention closing of #710971 by 1.5 (which disabled gtk support)
[ Riku Voipio ]
* - set --cross-prefix in debian/rules when cross-compiling
-- Michael Tokarev <email address hidden> Mon, 02 Sep 2013 15:18:49 +0400
-
qemu (1.5.0+dfsg-5) unstable; urgency=low
* new upstream 1.5.1 stable/bugfix release (as qemu-1.5.1.diff)
removed qemu_openpty_raw-helper.patch (included upstream)
* configure-explicitly-disable-virtfs-if-softmmu=no.patch -- do not
build virtfs-proxy-helper stuff if not building system emulator
(fix FTBFS on s390)
* disable gtk ui and build dependencies, as it adds almost nothing
compared with sdl (well, except bugs and limitations), and has
lots of additional dependencies
* remove obsolete /etc/init.d/qemu-kvm (Closes: #712898)
* fix versions of obsolete qemu-kvm conffiles to be removed
* provide manpage for obsolete kvm (Closes: #716891, #586973)
* add --daemonize option to the guest-agent startup script (Closes: #715502)
* clarify what qemu-guest-agent does (Closes: #714270) and provide
its json schema as a doc
-- Michael Tokarev <email address hidden> Tue, 23 Jul 2013 22:39:54 +0400
-
qemu (1.5.0+dfsg-4) unstable; urgency=medium
* urgency is medium to make it go faster because, on one hand, we've
been in unstable for quite a bit longer than needed already and
have nothing but (build) fixes in there, but on the other hand
we're holding migration of other packages which are waiting for
us, again, for too long already
* added qemu_openpty_raw-helper.patch - a cleanup patch submitted upstream
which removes #include <termios.h> from common header and hence works
around FTBFS problem on debian sparc where somehow, <termios.h> conflicts
with <linux/termio.h>.
-- Michael Tokarev <email address hidden> Thu, 06 Jun 2013 01:50:32 +0400
-
qemu (1.5.0+dfsg-3) unstable; urgency=low
* fix sections: misc => otherosfs
* remove obsolete conffiles (kvm-ifup, kvm-ifdown, target-x86_64.conf)
from /etc/kvm/ in qemu-kvm (Closes: #710328)
* rework debian/rules a bit, to build various bits depending on
which packages are requested, not depending on ad-hoc host/arch
logic
* do not fail at install if kvm module loading failed on x86 or
if modprobe isn't installed (Closes: #710496)
* also suggest kmod to be able to load x86 kvm modules
* suggest sgabios for qemu-system-x86 and put a symlink to sgabios.bin
(Closes: #696985)
* add rules to build just one of arch/indep parts, to make
buildd log scanner happier (E-binary-arch-produces-all)
* use verbose build by default (V=1) and let it to be overridden
-- Michael Tokarev <email address hidden> Sun, 02 Jun 2013 01:49:47 +0400
-
qemu (1.5.0+dfsg-2) unstable; urgency=low
* merged development history of wheezy and experimental branches.
Now the history is ordered by version, but is not chronological.
As a base we now have wheezy (1.1.2+dfsg-6a) version.
* removed trailing whitespaces from changelog file
* run dh_installinit properly (Closes: #709199)
* run dh_installman (Closes: #709241)
* remove build-dependendy on texi2html, upstream switched to makeinfo
-- Michael Tokarev <email address hidden> Tue, 28 May 2013 10:48:41 +0400
-
qemu (1.5.0+dfsg-1) unstable; urgency=low
* update to 1.5.0 (Closes: #707732)
* upload to unstable
* mention that 1.5 closes #697641 and #705544
* bump dependency on openbios (openbios-ppc for qemu-system-ppc,
openbios-sparc for qemu-system-sparc) from 1.0+svn1060 to 1.1
(Closes: #707727)
* bump dependency on seabios to be >= 1.7.2-2
* add retry-pxe-after-efi.patch to try pxe-XXXX.rom after unsuccessfully
trying efi-XXXX.rom - this is for NICs, until pxe-qemu package will be
able to provide necessary efi-XXXX.rom files.
* add (versioned) dependency on libusb-1.0 now when the right version
is available in debian
* use-fixed-data-path.patch: do not try to derive data path from
executable location, always use /usr/share/qemu
-- Michael Tokarev <email address hidden> Tue, 21 May 2013 00:49:47 +0400
-
qemu (1.1.2+dfsg-6a) unstable; urgency=low
* reupload to remove two unrelated files slipped in debian/
-- Michael Tokarev <email address hidden> Mon, 18 Mar 2013 10:09:37 +0400
-
qemu (1.1.2+dfsg-6) unstable; urgency=low
* another bugfix for USB, upstream from early days of past-1.1.
usb-split-endpoint-init-and-reset.patch. With certain redirected
to guest USB devices, qemu process may crash:
usb_packet_complete: Assertion `((&ep->queue)->tqh_first) == p' failed.
The patch fixes this by de-coupling reset and complete paths.
Big thanks goes to Joseph Price who found the fix by doing a
reverse git bisection.
(Closes: #701926)
-- Michael Tokarev <email address hidden> Mon, 18 Mar 2013 09:07:24 +0400
-
qemu (1.1.2+dfsg-5) unstable; urgency=low
* fix USB regression introduced in 1.1 (Closes: #683983)
uhci-don-t-queue-up-packets-after-one-with-the-SPD-flag-set.patch
Big thanks to Peter Schaefer (https://bugs.launchpad.net/bugs/1033727)
for the help identifying the fix.
-- Michael Tokarev <email address hidden> Mon, 14 Jan 2013 12:20:29 +0400
-
qemu (1.1.2+dfsg-4) unstable; urgency=medium
* linux-user-fix-mips-32-on-64-prealloc-case.patch (Closes: #668658)
* e1000-discard-oversized-packets-based-on-SBP_LPE.patch: the second
half of the fix for CVE-2012-6075. (Finally Closes: #696051)
-- Michael Tokarev <email address hidden> Wed, 09 Jan 2013 23:05:17 +0400
-
qemu (1.1.2+dfsg-3) unstable; urgency=low
* add build-dependency on libcap-dev [linux-any] to enable virtfs support
which has been dropped in 1.1. (Closes: #677654)
* intel_hda-do-not-call-msi_reset-when-only-device-state-needs-resetting.patch
patch to fix Fixing reset of MSI function in intel-hda virtual device.
The fix (applied to stable-1.1.1) was partially wrong, as it actually
added the msi_reset() call to two code paths instead of one as planned.
Fix this by splitting the function in question into two parts.
(Closes: #688964)
* blockdev-preserve-readonly-and-snapshot-states-across-media-changes.patch:
allow opening of read-only cdrom images/devices (Closes: #686776)
* ahci-properly-reset-PxCMD-on-HBA-reset.patch: fix windows install on ahci
(Closes: #696052)
* e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch:
discard too long rx packets which may overflow guest buffer
(Closes: #696051)
* eepro100-fix-network-hang-when-rx-buffers-run-out.patch:
fix e100 stall (Closes: #696061)
* fix possible network stalls/slowness in e1000 device emulation:
net-notify-iothread-after-flushing-queue.patch
e1000-flush-queue-whenever-can_receive-can-go-from-false-to-true.patch
(Closes: #696063)
* fixes-related-to-processing-of-qemu-s-numa-option.patch:
fixes numa handling (Closes: #691343)
* qcow2-fix-avail_sectors-in-cluster-allocation-code.patch:
fixes data corruption in stacked qcow2 (Closes: #695905)
* qcow2-fix-refcount-table-size-calculation.patch: another possible
corruption or crash in qcow2 (Closes: #691569)
* tap-reset-vnet-header-size-on-open.patch: always ensure tap device is
in known state initially (Closes: #696057)
* vmdk-fix-data-corruption-bug-in-WRITE-and-READ-handling.patch:
possible data corruption bug in vmdk image format (Closes: #696050)
-- Michael Tokarev <email address hidden> Sun, 16 Dec 2012 23:08:40 +0400
-
qemu (1.1.2+dfsg-2) unstable; urgency=low
* remove debian/patches/fix-armhf-prctl.patch, it is included
upstream in 1.1.0 version and is misapplied since 1.1.0~rc3+dfsg-1.
* drop -jN passing to downstream makes, as it breaks dpkg-buildpackage -j
and actually breaks build (Closes: #597524 - said to be fixed in 0.14.1
but was still present)
* add revert-serial-fix-retry-logic.patch that restores
old (semi-)working behavour of a virtual serial port.
-- Michael Tokarev <email address hidden> Wed, 19 Sep 2012 13:54:05 +0400
-
qemu (1.1.2+dfsg-1) unstable; urgency=low
[Michael Tokarev]
* new upstream stable/bugfix release, fixing a LOT of bugs,
including CVE-2012-3515 (Closes: #686973, #681985)
* bump versioned depends of seabios to 1.7.0~, since this version ships
kvmvapic.bin.
* ship /usr/share/qemu/qemu-icon.bmp (Closes: #681317)
* do not build-depend on ceph (librbd-dev librados-dev), since ceph is
having longstanding issues in wheezy.
* add tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch - upstream fix
to un-break s390[x] emulation code. Similar fixes were included for
other platforms in 1.1.2 changeset. Without this fix, qemu is basically
useless on s390.
* document -netdev option in the manpage, a long-standing omission
(net-add--netdev-options-to-man-page.patch)
[Vagrant Cascadian]
* qemu-system: Add symlinks for extboot.bin, kvmvapic.bin and vapic.bin to
binaries shipped in seabios. Closes: #678217, #678217.
* qemu-system: Remove dead link for ne2k_isa.rom, which is not included in
ipxe. Closes: #678217.
* qemu-system: Bump versioned openbios-sparc and openbios-ppc Depends to
1.0+svn1060, to ensure we use at least version which is used by upstream.
Wheezy already has the right version, but we should not break partial
upgrades.
-- Michael Tokarev <email address hidden> Sun, 09 Sep 2012 18:52:57 +0400
-
qemu (1.1.0+dfsg-1) unstable; urgency=low
[ Vagrant Cascadian ]
* New upstream release.
[ Michael Tokarev ]
* do-not-include-libutil.h.patch - don't include libutil.h&Co when not
needed. Fixes FTBFS on kFreebsd with recent libbsd-dev.
* drop libbsd-dev support on kFreebsd - no longer needed.
* do not build USB host support on kFreebsd (qemu uses obsolete,
now removed, USB API). Use the same hack/technique as FreeBSD
qemu port does -- changing HOST_USB to "stub" after configure run.
-- Vagrant Cascadian <email address hidden> Thu, 07 Jun 2012 13:44:26 -0700
-
qemu (1.0.1+dfsg-1) unstable; urgency=low
[ Aurelien Jarno ]
* New upstream stable version:
- remove debian/patches/fix-malta-i8259
- remove debian/patches/qemu-ifunc-ppc.patch
- remove debian/patches/x86-fix-cmpxchg.patch
[ Michael Tokarev ]
* apply patch to change backticks `` in debian/rules variables
to $(shell) construct, by Allard Hoeve. (Closes: #660133)
* depend on vgabios >= 0.6c-3~ not 0.6c-3, to assist backporting
[ Hector Oron ]
* Fix prctl syscall (Closes: #656926, #651083).
[ Vagrant Cascadian ]
* Update to Standards-Version 3.9.3, no changes necessary.
-- Vagrant Cascadian <email address hidden> Mon, 05 Mar 2012 13:05:14 -0800
-
qemu (1.0+dfsg-3) unstable; urgency=low
[ Aurelien Jarno ]
* Add a build-depends on libfdt-dev to enable some more emulated machines.
* Really add binfmt support for s390x.
[ Michael Tokarev ]
* Depend on ipxe-qemu | ipxe (<< 1.0.0+git-20120202.f6840ba-2)
after ipxe package split. This will probably need to be changed
to just ipxe-qemu once it will be landed properly.
[ Vagrant Cascadian ]
* Apply patch to use dpkg-buildflags (Closes: #656276).
Thanks to Moritz Muehlenhoff.
-- Vagrant Cascadian <email address hidden> Mon, 06 Feb 2012 17:56:15 -0800
-
qemu (1.0+dfsg-2) unstable; urgency=low
[ Aurelien Jarno ]
* Add patch from upstream to fix cmpxchg on x86.
* Add patch to not link user builds with NSS (Closes: #648202).
* Add binfmt support for s390x.
* Bump depends on openbios-ppc and openbios-sparc on versions
compatible with version 1.0.
* Build on s390x (Closes: #651048).
[ Vagrant Cascadian ]
* qemu-make-debian-root: Fix argument processing to handle when both -s and
-k are specified. Thanks to Mats Erik Andersson (Closes: #638047).
* Add Patch from upstream to fix regression on malta with i8259 interrupts.
* qemu-debootstrap: Add support for armhf and s390x.
* debian/rules: remove config.log in the clean target.
* qemu-make-debian-root: Use debootstrap's minbase variant, instead of a
long list of excludes.
-- Vagrant Cascadian <email address hidden> Mon, 09 Jan 2012 16:01:17 -0800
-
qemu (0.15.1+dfsg-3) unstable; urgency=low
* Add patch from upstream to fix FTBFS on ia64.
-- Vagrant Cascadian <email address hidden> Fri, 09 Dec 2011 23:48:21 -0800
-
qemu (0.15.1+dfsg-2) unstable; urgency=low
* Add patch that fixes a buffer overrun (CVE-2011-4111).
* Enable spice support on amd64:
- Add Build-Depends: libspice-server-dev, libspice-protocol-dev
* debian/rules: Use dh_prep instead of "dh_clean -k", which is deprecated.
-- Vagrant Cascadian <email address hidden> Mon, 28 Nov 2011 20:34:50 -0800
-
qemu (0.15.1+dfsg-1) unstable; urgency=low
* New upstream version.
-- Vagrant Cascadian <email address hidden> Sun, 06 Nov 2011 10:37:31 -0800
-
qemu (0.15.0+dfsg-1) unstable; urgency=low
* New upstream version.
* Install new qemu-system, qemu-user and qemu-user-static variants:
lm32, microblazeel, s390x, unicore32
* Patch from upstream to set QEMU_INCLUDES before QEMU_CFLAGS.
* Update debian/watch to check http://qemu.org/download.
-- Vagrant Cascadian <email address hidden> Mon, 03 Oct 2011 12:29:18 -0700
-
qemu (0.14.1+dfsg-3) unstable; urgency=low
[ Aurelien Jarno ] * Add patches/qemu-ifunc-ppc.patch and patches/qemu-ifunc-sparc.patch to fix FTBFS on ppc and sparc. [ Vagrant Cascadian ] * Apply patch to fix qemu-user-static mipsel emulation (Closes: #562887). * Drop support for esd (Closes: #633390). Thanks to Adrian Bunk. * Add dummy debian/rules build-indep/build-arch targets to resolve lintian warnings and future policy requirements. * Remove needless mention of "Author(s)" which triggers a lintian warning. * Fix maintainer-script-without-set-e lintian checks. * Fix hyphen-used-as-minus-sign lintian check for qemu-debootstrap manpage. -- Vagrant Cascadian <email address hidden> Sat, 23 Jul 2011 10:18:37 +0200
-
qemu (0.14.1+dfsg-2) unstable; urgency=low
* Add override for qemu-user-static binaries which embed needed libraries. * Add qemu-debootstrap manpage. * Add patch to fix typo in qemu-system-* (runnning -> running). * Update to Standards-Version 3.9.2, no changes necessary. -- Vagrant Cascadian <email address hidden> Sat, 02 Jul 2011 22:29:17 -0700
-
qemu (0.14.0+dfsg-5.1) unstable; urgency=low
* Non-maintainer upload. * Replace "librados1-dev" by "librados-dev" in Build-Dependencies. -- Mehdi Dogguy <email address hidden> Fri, 29 Apr 2011 17:45:05 +0200
-
qemu (0.14.0+dfsg-5) unstable; urgency=low
* Don't register qemu-mips(el) with binfmt on mips(el). Closes: #618369. -- Aurelien Jarno <email address hidden> Thu, 17 Mar 2011 20:13:27 +0100
-
qemu (0.14.0+dfsg-4) unstable; urgency=low
* Reupload without automatically generated patch debian-changes-0.14.0+dfsg-3. -- Aurelien Jarno <email address hidden> Mon, 28 Feb 2011 15:10:04 +0100
-
qemu (0.14.0+dfsg-3) unstable; urgency=low
[ Aurelien Jarno ] * Depends on vgabios (>= 0.6c-3) and add symlinks for qxl, stdvga and vmware bioses. Closes: #614252, #614169. * Tighten build-depends on linux-libc-dev to (>= 2.6.34), to get vhost-net support. * Build-depends on xfslibs-dev in order to get TRIM support on XFS filesystems. * Build-depends on librados1-dev to get rdb support. Closes: #614150. -- Aurelien Jarno <email address hidden> Mon, 28 Feb 2011 09:06:00 +0100
-
qemu (0.14.0+dfsg-2) unstable; urgency=low
[ Aurelien Jarno ] * Tighten dependencies on openbios-ppc, openbios-sparc and seabios to the versions in upstream 0.14.0. * patches/02_kfreebsd.patch: don't consider futimens/utimensat available if it is a stub. -- Aurelien Jarno <email address hidden> Sun, 20 Feb 2011 00:36:20 +0100
-
qemu (0.14.0+dfsg-1) unstable; urgency=low
[ Vagrant Cascadian ] * New upstream release candidate version. * qemu-user-static: - Drop binfmt support for emulating amd64 on i386, as it is broken and including it interferes with environments capable of running amd64 natively. Closes: #604712. - Remove binfmt support for installed targets in postinst before installing supported targets, to ensure no-longer-supported targets are actually removed. - Remove binfmt support for installed targets in prerm. [ Aurelien Jarno ] * Fix configuration files directory. Closes: #600735. * Enable AIO support. [ Vagrant Cascadian ] * Update debian/copyright to refer to upstream git repositry and clarify which binary blobs are removed to make the dfsg-free tarball. * Refresh debian/patches/security/leftover.patch. -- Vagrant Cascadian <email address hidden> Fri, 18 Feb 2011 21:07:01 -0800
-
qemu (0.12.5+dfsg-3) unstable; urgency=medium
* qemu-user-static: - Drop binfmt support for emulating amd64 on i386, as it is broken and including it interferes with environments capable of running amd64 natively. Closes: #604712. - Remove binfmt support for installed targets in postinst before installing supported targets, to ensure no-longer-supported targets are actually removed. - Remove binfmt support for installed targets in prerm. -- Vagrant Cascadian <email address hidden> Sun, 28 Nov 2010 15:57:11 -0800
-
qemu (0.12.5+dfsg-2) unstable; urgency=low
* mips/mipsel binfmt registration: also match EI_ABIVERSION=1, used by
OpenWRT. Closes: #591543.
* Update 99_stable.diff from the stable branch:
- Fix windows XP boot with libvirt. Closes: bug#579166.
-- Aurelien Jarno <email address hidden> Tue, 17 Aug 2010 12:56:30 +0200
-
qemu (0.12.5+dfsg-1) unstable; urgency=low
* New upstream stable version.
* qemu-system: don't suggests kqemu-source. Closes: bug#589217.
* qemu-keymaps: fix short description.
-- Aurelien Jarno <email address hidden> Fri, 23 Jul 2010 19:02:14 +0200
-
qemu (0.12.4+dfsg-4) unstable; urgency=high
* Update debian/copyright. Closes: bug#588911.
* Update 99_stable.diff from the stable branch:
- Add documentation for the stdio signal option. Closes: bug#588514.
* Split out keymaps in the qemu-keymaps package. Closes: bug#559174.
* Bump Standards-Version to 3.9.0 (no changes).
-- Aurelien Jarno <email address hidden> Wed, 14 Jul 2010 15:13:04 +0200
-
qemu (0.12.4+dfsg-3) unstable; urgency=low
* Update 99_stable.diff from the stable branch.
-- Aurelien Jarno <email address hidden> Wed, 16 Jun 2010 23:07:36 +0200
-
qemu (0.12.4+dfsg-2) unstable; urgency=low
[ Vagrant Cascadian ]
* qemu-system: Depend on etherboot-qemu package for PXE roms.
Closes: #552406.
[ Aurelien Jarno ]
* Add 99_stable.diff to update from the stable branch.
* Use --with-pkgversion to set the packaging version.
-- Aurelien Jarno <email address hidden> Wed, 02 Jun 2010 21:24:26 +0200
-
qemu (0.12.4+dfsg-1) unstable; urgency=low
* New upstream stable version:
- remove debian/patches/01_redir_doc.patch
- remove debian/patches/04_cmd646.patch
- update debian/patches/06_sh4.diff
-- Aurelien Jarno <email address hidden> Fri, 07 May 2010 19:43:48 +0200
-
qemu (0.12.3+dfsg-4) unstable; urgency=low
* Add 05_bochs_vbe.diff backported from uptream to support vgabios
0.6c.
* Add 06_sh4.diff containing a few SH4 specific fixes backported from
upstream.
-- Aurelien Jarno <email address hidden> Fri, 09 Apr 2010 01:44:38 +0200
-
qemu (0.12.3+dfsg-3) unstable; urgency=low
* Add symlink for seabios's multiboot.bin.
* Change configure-stamp depends to non-phony target $(QUILT_STAMPFN).
Closes: #574444.
* Fix a crash in cmd646 bmdma code that can be triggered by the guest.
Closes: #574539.
* Explain that KQEMU support has been removed in qemu-system.NEWS.
* Build-Conflicts with oss4-dev, as this package install a broken
<linux/soundcard.h> header. Closes: #575320.
-- Aurelien Jarno <email address hidden> Sat, 03 Apr 2010 17:07:23 +0200
-
qemu (0.12.3+dfsg-2) unstable; urgency=low
[ Aurelien Jarno ]
* Disable KVM support on PowerPC, as it needs at least 2.6.33 kernel
headers.
[ Vagrant Cascadian ]
* Support pselect for linux-user arm target. Patch by Michael Casadevall.
* Add symlink for seabios's linuxboot.bin to fix -kernel option. Thanks to
Sami Liedes. Closes: #574174.
* qemu-system: Switch back to using versioned dependencies for vgabios,
bochsbios, openhackware, openbios-ppc and openbios-sparc rather than
recommends/conflicts, to ensure a proper upgrade path. Closes: #573397.
Reopens: #436094.
-- Vagrant Cascadian <email address hidden> Fri, 19 Mar 2010 09:31:29 -0700
-
qemu (0.12.3+dfsg-1) unstable; urgency=low
[ Vagrant Cascadian ]
* New upstream version:
- Fix access to block devices on GNU/kFreeBSD. Closes: #558447.
- Correctly update clock when waking up from sleep. Closes: #414165.
- Slirp works with other network interfaces. Closes: #407702.
- Add the possibility to specify a host to bind to with the -redir
option. Closes: #366847.
- Fix cirrus graphics card with windows 98. Closes: #522124.
* Indicate repackaged upstream tarball by adding "+dfsg" to the version.
Closes: #388740.
* Remove second libgnutls-dev from build depends.
* Update debian/watch with current location of tarball releases.
* Drop binutils-gold patch, applied upstream.
* Switch from bochsbios to seabios. Update bios.bin symlink and
recommends/conflicts.
* Bump Standards-Version to 3.8.4 (no changes).
* Update my email address to <email address hidden>.
[ Aurelien Jarno ]
* Create a kvm group in postinst and set the group of /dev/kvm to kvm.
Closes: #570544.
* Add mips and mipsel to the list of supported architectures.
* Add patches/01_redir_doc.patch to fix a mistake in the redirection
documentation.
* Add patches/02_kfreebsd.patch to use the legacy USB stack on
GNU/kFreeBSD.
* Force the depends from qemu on qemu-system, qemu-user and qemu-utils
to (>= {source:Version}).
* Update openbios related conflicts.
-- Vagrant Cascadian <email address hidden> Sun, 07 Mar 2010 09:20:43 -0800
-
qemu (0.11.1-2) unstable; urgency=low
* Add versioned build-depends on etherboot.
* Add PXE boot support for virtio network adapters.
* Move qemu-make-debian-root to qemu-utils package, as it only produces disk
images not useable by qemu-user. Lower recommends on debootstrap to
suggests. Add Conflicts and Replaces on older versions of qemu-user.
* Register /usr/bin/qemu with the alternatives system. Closes: #413840.
* qemu: Add ${misc:Depends} so that debhelper can add dependencies if needed.
-- Vagrant Cascadian <email address hidden> Fri, 08 Jan 2010 09:26:11 -0800
-
qemu (0.11.1-1) unstable; urgency=low
[ Aurelien Jarno ]
* New upstream version.
* Drop build-depends on libfreebsd-dev on GNU/kFreeBSD.
* qemu: suggests qemu-user-static.
* qemu-user-static: register QEMU with binfmt mecanism. Closes:
#306637.
* Bump conflicts on openbios-ppc to (<< 1.0+svn505-1).
* Add 01-binutils-gold.diff to fix FTBFS with binutils-gold. Closes:
#556301.
* Add sparc64 support.
* Use new roms location in etherboot package.
[ Vagrant Cascadian ]
* qemu-utils, qemu-user, qemu-system: Set both Conflicts and Replaces for
older versions of qemu to ensure proper upgrade path.
* Add versioned build-dep on linux-libc-dev to ensure that KVM support is
enabled.
* qemu-system: Lower dependencies on vgabios, bochsbios, openhackware,
openbios-ppc and openbios-sparc to recommends. Conflict with versions that
are incompatible. Closes: #436094.
* qemu-utils: Tighten the versioned conflicts with kvm, as not all older
versions actually conflict.
* qemu-make-debian-root: Apply modified patch from Nicolas Boulenguez that
documents usage of -s, exits on error, and mentions that it is normally
run as root. Closes: #447034.
-- Aurelien Jarno <email address hidden> Sun, 27 Dec 2009 12:09:11 +0100
-
qemu (0.11.0-6) unstable; urgency=low
* Update from stable-0.11 branch.
* qemu-utils: add Replaces: qemu (<< 0.11.0-2). Closes: #556627,
#556860.
-- Aurelien Jarno <email address hidden> Fri, 20 Nov 2009 08:24:32 +0100
-
qemu (0.11.0-5) unstable; urgency=low
* Change the Conflicts: into Replaces: to handle the move of /etc/ifup
from one package to another correctly. Tighten the version. Closes:
#556627.
-- Aurelien Jarno <email address hidden> Wed, 18 Nov 2009 16:30:39 +0000
-
qemu (0.11.0-3) unstable; urgency=low
* qemu-system, qemu-user: fix conflicts version. Closes: #556627.
* qemu-utils: conflicts with kvm (<= 85+dfsg-4.1), as it also provides
qemu-io.
-- Aurelien Jarno <email address hidden> Tue, 17 Nov 2009 09:49:24 +0100
-
qemu (0.11.0-1) unstable; urgency=low
[ Aurelien Jarno ]
* New upstream version.
- Documents virtio NIC. Closes: #541182.
- Increase the maximum TCG op a target instruction op can expand to.
Closes: #530645, #542297.
- KVM is enabled by default. Closes: #520894.
* Drop 65_kfreebsd.patch.
* Split the qemu package and use out of tree building. Based on a patch
from Vagrant Cascadian. Closes: #524774.
* Only recommends debootstrap for qemu-user and qemu-user static. Closes:
#543356.
* Remove /usr/share/qemu/proll.elf. Closes: bug#542247.
* Add build-depends on libcurl4-gnutls-dev, libgnutls-dev and libsasl2-dev
to enable new upstream features.
* Bump Standards-Version to 3.8.3 (no changes).
* Update Vcs-* fields to point to the new git repository.
* Add Vagrant Cascadian <email address hidden> to uploaders, and set
DM-Upload-Allowed to yes.
-- Aurelien Jarno <email address hidden> Mon, 26 Oct 2009 10:17:57 +0000
-
qemu (0.10.6-1) unstable; urgency=low
[ Josh Triplett ]
* Remove myself from Uploaders.
[ Aurelien Jarno ]
* New upstream version.
* Bump Standards-Version to 3.8.2 (no changes).
* Update debian/watch (closes: bug#538781).
-- Aurelien Jarno <email address hidden> Fri, 31 Jul 2009 15:25:36 +0200
-
qemu (0.10.5-1) unstable; urgency=low
* New upstream version.
-- Aurelien Jarno <email address hidden> Sun, 24 May 2009 16:15:35 +0200
-
qemu (0.10.4-1) unstable; urgency=low
* New upstream version.
* debian/NEWS.Debian: new file, describing the cache policy options
(closes: bug#526832).
* debian/patches/70_versatile_memsize.patch: new patch to set a upper
limit on the memory size of the versatile boards (closes:
bug#527264).
-- Aurelien Jarno <email address hidden> Tue, 12 May 2009 18:31:29 +0200
-
qemu (0.10.3-1) unstable; urgency=low
* New upstream version.
* Tighten dependency on bochsbios.
-- Aurelien Jarno <email address hidden> Sat, 02 May 2009 10:14:21 +0200
-
qemu (0.10.2-2) unstable; urgency=low
* Add missing comma in build-depends (closes: bug#524207).
* Tighten dependency on vgabios.
-- Aurelien Jarno <email address hidden> Wed, 15 Apr 2009 22:30:43 +0200
-
qemu (0.10.1-1) unstable; urgency=low
[ Aurelien Jarno ]
* New upstream stable release:
- patches/80_stable-branch.patch: remove.
* debian/control:
- Remove depends on proll.
- Move depends on device-tree-compiler to build-depends.
- Bump Standards-Version to 3.8.1 (no changes).
* patches/82_qemu-img_decimal.patch: new patch from upstream to make
qemu-img accept sizes with decimal values (closes: bug#501400).
-- Aurelien Jarno <email address hidden> Sun, 22 Mar 2009 10:13:17 +0100
-
qemu (0.10.0-1) unstable; urgency=low
[ Aurelien Jarno ]
* New upstream release:
- Fix fr-be keyboard mapping (closes: bug#514462).
- Fix stat64 structure on ppc-linux-user (closes: bug#470231).
- Add a chroot option (closes: bug#415996).
- Add evdev support (closes: bug#513210).
- Fix loop on symlinks in user mode (closes: bug#297572).
- Bump depends on openbios-sparc.
- Depends on openbios-ppc.
- Update 12_signal_powerpc_support.patch.
- Update 21_net_soopts.patch.
- Drop 44_socklen_t_check.patch (merged upstream).
- Drop 49_null_check.patch (merged upstream).
- Update 64_ppc_asm_constraints.patch.
- Drop security/CVE-2008-0928-fedora.patch (merged upstream).
- Drop security/CVE-2007-5730.patch (merged upstream).
* patches/80_stable-branch.patch: add patches from stable branch:
- Fix race condition between signal handler/execution loop (closes:
bug#474386, bug#501731).
* debian/copyright: update.
* Compile and install .dtb files:
- debian/control: build-depends on device-tree-compiler.
- debian/patches/81_compile_dtb.patch: new patch from upstream.
- debian/rules: compile and install bamboo.dtb and mpc8544.dtb.
-- Aurelien Jarno <email address hidden> Sat, 07 Mar 2009 06:20:34 +0100
-
qemu (0.9.1-10) unstable; urgency=low
* debian/patches/96_security.patch: fix off-by-one bug limiting VNC
passwords to 7 chars (CVE-2008-5714).
-- Aurelien Jarno <email address hidden> Sun, 28 Dec 2008 12:38:40 +0100
-
qemu (0.9.1-9) unstable; urgency=low
* debian/patches/94_security.patch: fix remote DoS via VNC
(CORE-2008-1210/CVE-2008-2382).
-- Aurelien Jarno <email address hidden> Tue, 23 Dec 2008 15:06:11 +0100
-
qemu (0.9.1-8) unstable; urgency=low
* debian/patches:
- cherry-pick from svn: 61_pseudotty.patch 62_fix-ptyblocking.patch
closes: #494831
-- Riku Voipio <email address hidden> Wed, 19 Nov 2008 23:21:43 +0200
-
qemu (0.9.1-7) unstable; urgency=low
* debian/qemu-make-debian-root:
- Fix bug introduced when fixing bug#496394 (Closes: bug#502325).
-- Aurelien Jarno <email address hidden> Thu, 16 Oct 2008 22:18:39 +0200
