-
qemu (1:4.0+dfsg-0ubuntu9.8) eoan; urgency=medium
* debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP: #1878973)
-- Christian Ehrhardt <email address hidden> Tue, 02 Jun 2020 10:42:49 +0200
-
qemu (1:4.0+dfsg-0ubuntu9.7) eoan; urgency=medium
* d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP: #1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
-- Rafael David Tinoco <email address hidden> Wed, 27 May 2020 20:07:57 +0000
-
qemu (1:4.0+dfsg-0ubuntu9.6) eoan-security; urgency=medium
* SECURITY UPDATE: overflow via PCIe extended config space
- debian/patches/ubuntu/CVE-2019-15034.patch: fix pcie support in
hw/display/bochs-display.c.
- CVE-2019-15034
* SECURITY UPDATE: memory leak in zrle_compress_data
- debian/patches/ubuntu/CVE-2019-20382.patch: fix memory leak when vnc
disconnect in ui/vnc-enc-tight.c, ui/vnc-enc-zrle.inc.c, ui/vnc.c,
ui/vnc.h.
- CVE-2019-20382
* SECURITY UPDATE: weak sig generation in Pointer Auth support for ARM
- debian/patches/ubuntu/CVE-2020-10702.patch: fix PAuth sbox functions
in target/arm/pauth_helper.c.
- CVE-2020-10702
* SECURITY UPDATE: use-after-free in ip_reass()
- debian/patches/ubuntu/CVE-2020-1983.patch: fix buffer handling in
slirp/src/ip_input.c.
- CVE-2020-1983
-- Marc Deslauriers <email address hidden> Thu, 14 May 2020 08:31:48 -0400
-
qemu (1:4.0+dfsg-0ubuntu9.5) eoan; urgency=medium
* allow qemu to load old modules post upgrade (LP: #1847361)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
-- Christian Ehrhardt <email address hidden> Mon, 02 Mar 2020 15:21:27 +0100
-
qemu (1:4.0+dfsg-0ubuntu9.4) eoan-security; urgency=medium
* SECURITY UPDATE: OOB heap access via unexpected iSCSI Server response
- debian/patches/ubuntu/CVE-2020-1711.patch: cap block count from GET
LBA STATUS in block/iscsi.c.
- CVE-2020-1711
* SECURITY UPDATE: heap-based overflow in slirp networking
- debian/patches/ubuntu/CVE-2020-7039-1.patch: fix oob issue in
slirp/src/tcp_subr.c.
- debian/patches/ubuntu/CVE-2020-7039-2.patch: use correct size while
emulating IRC commands in slirp/src/tcp_subr.c.
- debian/patches/ubuntu/CVE-2020-7039-3.patch: use correct size while
emulating commands in slirp/src/tcp_subr.c.
- CVE-2020-7039
* SECURITY UPDATE: buffer overflow via incorrect snprintf return codes
- debian/patches/ubuntu/CVE-2020-8608-1.patch: add slirp_fmt() helpers
to slirp/src/util.c, slirp/src/util.h.
- debian/patches/ubuntu/CVE-2020-8608-2.patch: fix unsafe snprintf()
usages in slirp/src/tcp_subr.c.
- CVE-2020-8608
-- Marc Deslauriers <email address hidden> Tue, 11 Feb 2020 14:24:01 -0500
-
qemu (1:4.0+dfsg-0ubuntu9.3) eoan; urgency=medium
* d/p/lp1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch:
fix bitmap index to prevent OOB access when # of vqs > 64 (LP: #1859527)
-- Dan Streetman <email address hidden> Wed, 22 Jan 2020 08:50:56 -0500
-
qemu (1:4.0+dfsg-0ubuntu9.2) eoan; urgency=medium
* d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
fix a potential hang when qemu or qemu-img where accessing http backed
disks via libcurl (LP: #1848556)
* d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
-- Christian Ehrhardt <email address hidden> Mon, 21 Oct 2019 14:51:45 +0200
-
qemu (1:4.0+dfsg-0ubuntu9.1) eoan-security; urgency=medium
* SECURITY UPDATE: infinite loop when executing LSI scsi adapter
emulator scripts
- d/p/u/CVE-2019-12068.patch: Move the existing loop exit
- CVE-2019-12068
* SECURITY UPDATE: null pointer dereference in qxl display driver
- d/p/u/CVE-2019-12155.patch: qxl: check release info object
- CVE-2019-12155
* SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
- d/p/u/CVE-2019-13164.patch: qemu-bridge-helper: restrict
interface name to IFNAMSIZ
- CVE-2019-13164
* SECURITY UPDATE: heap overflow in slirp
- d/p/u/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
on big packet input
- CVE-2019-14378
* SECURITY UPDATE: use after free vulnerability in slirp
- d/p/u/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
- CVE-2019-15890
* Add support for exposing "taa-no" flag to guests:
- d/p/u/CVE-2019-11135-taa-no.patch
- CVE-2019-11135
* Add support for exposing "pschange-mc-no" to guests:
- d/p/u/pschange-mce.patch
-- Steve Beattie <email address hidden> Thu, 07 Nov 2019 22:49:36 -0800
-
qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
* d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
update the z15 model name (LP: #1842774)
-- Christian Ehrhardt <email address hidden> Tue, 24 Sep 2019 11:42:58 +0200
-
qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium
* d/binfmt-update-in: fix binfmt being called in some containers
(LP: #1840956)
-- Christian Ehrhardt <email address hidden> Mon, 09 Sep 2019 11:03:13 +0200
-
qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:07:25 +0000
-
qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium
* d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags
(LP: #1841066)
-- Christian Ehrhardt <email address hidden> Mon, 26 Aug 2019 12:08:04 +0200
-
qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium
* d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer
s390x machines (LP: #1836154)
-- Christian Ehrhardt <email address hidden> Wed, 17 Jul 2019 13:20:42 +0200
-
qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium
* d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617)
- pick Debian change for (#889885)
move ovmf to recommends on debian and update aarch ovmf refs
- stop Ubuntu to drop ovmf/qemu-efi to a suggest
-- Christian Ehrhardt <email address hidden> Fri, 12 Jul 2019 12:48:24 +0200
-
qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium
* d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues
for missing SIOCGSTAMP definition; final fix is still in discussion
upstream (LP: 1836159)
qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
* d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
fix naming of the new vector facitlity (LP: #1836066)
* d/control-in: update VCS links in control template as well
-- Christian Ehrhardt <email address hidden> Thu, 11 Jul 2019 10:10:00 +0200
-
qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium
* d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac:
fix naming of the new vector facitlity (LP: #1836066)
* d/control-in: update VCS links in control template as well
-- Christian Ehrhardt <email address hidden> Thu, 11 Jul 2019 08:18:44 +0200
-
qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
* Merge with Upstream release of qemu 4.0.
Among many other things this fixes LP Bugs:
LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
LP: #1828038 - Update s390x CPU Model for more HW support
LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
Remaining Changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Enable nesting by default
- d/qemu-system-x86.modprobe: set nested=1 module option on intel.
(is default on amd)
- d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- arch aware kvm wrappers
- d/control: update VCS links
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- enable RDMA config option
- add libibumad-dev build-dep
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- Move s390x roms to a new qemu-system-data-s390x
- d/qemu-system-data.install: install s390x roms as architecture:all in
qemu-system-data
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390-netboot.img with upstream Makefile
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
As that hack to build s390-ccw.img rom can't build s390x-netboot.img
replace it with a build-indep using the upstream makefiles.
This is less prone to miss future changes/fixes that are done to the
makefiles
- d/control-in: add breaks/replaces for moving s390x roms from
qemu-system-s390x to qemu-system-data
- remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
[From not yet uploaded Debian branch]
- d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
- d/rules: fix qemu-kvm service for debhelper compat >=12
- disable pvrdma - besides several security holes there are many other
bugs there as well
* Dropped patches that are upstream in v4.0
- d/p/do-not-link-everything-with-xen.patch
- d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
- d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
- d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
- d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
- d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
- d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
(LP: 1759509)
- d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
- d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
- d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
- d/p/ubuntu/CVE-2018-20815.patch
- d/p/ubuntu/CVE-2019-5008.patch
- d/p/ubuntu/CVE-2019-9824.patch
- d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
avoid misdetection of simplified nesting blocking all migrations
* Dropped further patches
d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
[upstream deprecated the whole subsystem instead of applying the fix]
* Added Changes
- updated ubuntu machine types for v4.0
- added eoan types
- fixed s390x issue of upstream types having a "v" prefix
- add back dropped machine types to avoid more issues like LP: 1802944
- fix kvm split irqchip default in ubuntu q35 machine type
- drop no more needed spapr_machine_2_11_sxxm_instance_options and
adapt updated CamelCase
- -hpb types now need to use GlobalProperties
- pc_compat_2_0 got a _fn suffix and slight changes
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
SLOF of qemu 4.0
- Refreshed patches still needed for v4.0 context changes
- d/p/use-fixed-data-path.patch
- d/p/ubuntu/enable-svm-by-default.patch
- d/p/ubuntu/enable-md-clear.patch
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
- d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
(LP: #1830243)
- d/control: disable bluetooth being deprecated
- d/control*: remove sdlabi which was removed upstream
- d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
- d/control*: enable docs (now explicit) and provide new build-dep
python3-sphinx
- d/not-installed: ignore new interop docs and extra icons for now
- d/not-installed: do not install elf2dmp until namespaced
- d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
- d/qemu-system-data.install: use new paths for formerly used icons
- d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
fix i386 build error
-- Christian Ehrhardt <email address hidden> Mon, 24 Jun 2019 16:33:19 +0200
-
qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium
* d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
fix migrations from old machines (LP: #1829868).
* d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
toleration for future machines (LP: #1830704
-- Christian Ehrhardt <email address hidden> Tue, 28 May 2019 11:30:42 +0200
-
qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium
* SECURITY UPDATE: Add support for exposing md-clear functionality
to guests
- d/p/ubuntu/enable-md-clear.patch
- d/p/ubuntu/enable-md-no.patch
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* SECURITY UPDATE: heap overflow when loading device tree blob
- d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
copy the device tree blob into is.
- CVE-2018-20815
* SECURITY UPDATE: device driver denial of service via NULL pointer
dereference
- d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
routine
- CVE-2019-5008
* SECURITY UPDATE: information leak in SLiRP
- d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
emulating ident.
- CVE-2019-9824
-- Steve Beattie <email address hidden> Wed, 08 May 2019 09:27:53 -0700
-
qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
* qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
- d/qemu-guest-agent.install: use correct path for fsfreeze-hook
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile.
* i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
CVE-2019-3812
-- Christian Ehrhardt <email address hidden> Mon, 18 Mar 2019 09:20:07 +0100
