-
qemu (1:5.2+dfsg-9ubuntu3.3) hirsute; urgency=medium
* d/p/u/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch:
fix uretprobe in s390x TCG (LP: #1929926)
-- Christian Ehrhardt <email address hidden> Tue, 12 Oct 2021 09:04:44 +0200
-
qemu (1:5.2+dfsg-9ubuntu3.2) hirsute; urgency=medium
* d/rules fix microvm default machine type for a new build system
(LP: #1936894) - Thanks to Michael Tokarev for the fix.
* enhance loading of old modules post upgrade (LP: #1913421)
- d/rules: clear all (current and former) modules on purge
- d/rules: test for exec and prepare /var/run/qemu if needed
-- Christian Ehrhardt <email address hidden> Thu, 19 Aug 2021 11:25:17 +0200
-
qemu (1:5.2+dfsg-9ubuntu3.1) hirsute-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
- debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
hw/pci-host/prep.c.
- debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
hw/pci-host/designware.c.
- debian/patches/CVE-2020-15469-3.patch: add quirk device write method
in hw/vfio/pci-quirks.c.
- debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
hw/ppc/prep_systemio.c.
- debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
method in hw/nvram/nrf51_nvm.c.
- debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
hw/ppc/spapr_pci.c.
- debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
in hw/misc/tz-ppc.c.
- debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
in hw/misc/imx7_ccm.c.
- CVE-2020-15469
* SECURITY UPDATE: out of bounds read in ide_atapi_cmd_reply_end
- debian/patches/CVE-2020-29443-2.patch: check logical block address
and read size in hw/ide/atapi.c.
- CVE-2020-29443
* SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
- debian/patches/CVE-2020-35504.patch: always check current_req is not
NULL before use in DMA callbacks in hw/scsi/esp.c.
- CVE-2020-35504
* SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
- debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
current_dev is non-NULL in hw/scsi/esp.c.
- CVE-2020-35505
* SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
- debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
- CVE-2021-3392
* SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
- debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
command time out in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
register when transfer is in progress in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-3.patch: correctly set the controller
status for ADMA in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-4.patch: limit block size only when
SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
s->fifo_buffer[] when a different block size is programmed in
hw/sd/sdhci.c.
- CVE-2021-3409
* SECURITY UPDATE: DoS in USB redirector device
- debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
in hw/usb/redirect.c.
- debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
in hw/usb/combined-packet.c.
- CVE-2021-3527
* SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
- debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-2.patch: fix resource leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-3.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-4.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-5.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-6.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-7.patch: fix OOB write in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
in contrib/vhost-user-gpu/vhost-user-gpu.c,
contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
- CVE-2021-3544
- CVE-2021-3545
- CVE-2021-3546
* SECURITY UPDATE: mremap overflow in the pvrdma device
- debian/patches/CVE-2021-3582.patch: check lengths in
hw/rdma/vmw/pvrdma_cmd.c.
- CVE-2021-3582
* SECURITY UPDATE: integer overflow in pvrdma device
- debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
in hw/rdma/vmw/pvrdma_main.c.
- CVE-2021-3607
* SECURITY UPDATE: uninitialized memory unmap in pvrdma device
- debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
hw/rdma/vmw/pvrdma_dev_ring.c.
- CVE-2021-3608
-- Marc Deslauriers <email address hidden> Thu, 08 Jul 2021 09:51:29 -0400
-
qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium
* d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
(LP: #1921754)
* d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
(LP: #1921880)
-- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200
-
qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium
* d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch:
fix go in qemu-s390x-static (LP: #1922010)
-- Christian Ehrhardt <email address hidden> Wed, 31 Mar 2021 10:01:40 +0200
-
qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable; Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
- d/rules: Drop generating package version into maintainer scripts
- d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
the bad old prerm (LP 1906245 1905377)
- d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
ld usage of -no-pie (LP 1907789)
- d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
virtio-9p-ccw being missing (LP 1916230)
- d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
to glib2.0 >=2.67.3 (LP 1916705)
-- Christian Ehrhardt <email address hidden> Thu, 18 Mar 2021 11:13:49 +0100
-
qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium
* d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
to glib2.0 >=2.67.3 (LP: #1916705)
qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable, includes fixes for
- build operates differently if source is a git repo (LP: #1887535)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
- d/rules: Drop generating package version into maintainer scripts
- d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
the bad old prerm (LP 1906245 1905377)
- d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
ld usage of -no-pie (LP 1907789)
* Added changes
- d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
virtio-9p-ccw being missing (LP: #1916230)
qemu (1:5.2+dfsg-6) unstable; urgency=medium
* deprecate qemu-debootstrap. It is not needed anymore with
binfmt F flag, since everything now works without --foreign
debootstrap argument and copying the right qemu binary into
the chroot. Closes: #901197
* fix the brown-paper bag bug: wrong argument order
in the linux-user-binfmt patch (really closes: #970460)
qemu (1:5.2+dfsg-5) unstable; urgency=medium
* d/rules: ensure b/ subdir exists before building palcode and qboot
* d/changelog: #959530 is not fixed by 5.2+dfsg-4
* 3 virtiofsd patches Closes: #980814, CVE-2020-35517
virtiofsd: potential privileged host device access from guest
- virtiofsd-extract-lo_do_open-from-lo_open.patch
- virtiofsd-optionally-return-inode-pointer-from-lo_do_lookup.patch
- virtiofsd-prevent-opening-of-special-files-CVE-2020-35517.patch
qemu (1:5.2+dfsg-4) unstable; urgency=medium
[ Michael Tokarev ]
* require libfdt >= 1.5.0-2 due to #931046
* qemu-user: attempt to preserve argv[0] when run under binfmt
(Closes: #970460)
This changes the enterpreter name for all linux-user registered
binfmts, so it potentially can break stuff. The actual binary
being registered now is /usr/libexec/qemu-binfmt/foo-binfmt-P,
which is a symlink to actual /usr/lib/qemu-foo[-static].
* ignore .git-submodule-status when building source
* some security fixes from upstream:
o arm_gic-fix-interrupt-ID-in-GICD_SGIR-CVE-2021-20221.patch
Closes: CVE-2021-20221
GIC (armv7): out-of-bound heap buffer access via an interrupt ID field
o 9pfs-Fully-restart-unreclaim-loop-CVE-2021-20181.patch
Closes: CVE-2021-20181
* non-security fixes from upstream:
pc-bios-descriptors-fix-paths-in-json-files.patch - fixes wrong paths
in edk2-firmware-related json files introduced in 5.2
[ Christian Ehrhardt ]
* d/control-in: avoid version mismatch of installed binaries
(Closes: #956377)
[ Dan Streetman ]
* Backport configure param --with-git-submodules and set to 'ignore'
-- Christian Ehrhardt <email address hidden> Wed, 24 Feb 2021 08:39:09 +0100
-
qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable, includes fixes for
- build operates differently if source is a git repo (LP: #1887535)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
- d/rules: Drop generating package version into maintainer scripts
- d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
the bad old prerm (LP 1906245 1905377)
- d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
ld usage of -no-pie (LP 1907789)
* Added changes
- d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
virtio-9p-ccw being missing (LP: #1916230)
qemu (1:5.2+dfsg-6) unstable; urgency=medium
* deprecate qemu-debootstrap. It is not needed anymore with
binfmt F flag, since everything now works without --foreign
debootstrap argument and copying the right qemu binary into
the chroot. Closes: #901197
* fix the brown-paper bag bug: wrong argument order
in the linux-user-binfmt patch (really closes: #970460)
qemu (1:5.2+dfsg-5) unstable; urgency=medium
* d/rules: ensure b/ subdir exists before building palcode and qboot
* d/changelog: #959530 is not fixed by 5.2+dfsg-4
* 3 virtiofsd patches Closes: #980814, CVE-2020-35517
virtiofsd: potential privileged host device access from guest
- virtiofsd-extract-lo_do_open-from-lo_open.patch
- virtiofsd-optionally-return-inode-pointer-from-lo_do_lookup.patch
- virtiofsd-prevent-opening-of-special-files-CVE-2020-35517.patch
qemu (1:5.2+dfsg-4) unstable; urgency=medium
[ Michael Tokarev ]
* require libfdt >= 1.5.0-2 due to #931046
* qemu-user: attempt to preserve argv[0] when run under binfmt
(Closes: #970460)
This changes the enterpreter name for all linux-user registered
binfmts, so it potentially can break stuff. The actual binary
being registered now is /usr/libexec/qemu-binfmt/foo-binfmt-P,
which is a symlink to actual /usr/lib/qemu-foo[-static].
* ignore .git-submodule-status when building source
* some security fixes from upstream:
o arm_gic-fix-interrupt-ID-in-GICD_SGIR-CVE-2021-20221.patch
Closes: CVE-2021-20221
GIC (armv7): out-of-bound heap buffer access via an interrupt ID field
o 9pfs-Fully-restart-unreclaim-loop-CVE-2021-20181.patch
Closes: CVE-2021-20181
* non-security fixes from upstream:
pc-bios-descriptors-fix-paths-in-json-files.patch - fixes wrong paths
in edk2-firmware-related json files introduced in 5.2
[ Christian Ehrhardt ]
* d/control-in: avoid version mismatch of installed binaries
(Closes: #956377)
[ Dan Streetman ]
* Backport configure param --with-git-submodules and set to 'ignore'
-- Christian Ehrhardt <email address hidden> Mon, 22 Feb 2021 11:40:36 +0100
-
qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium
* No change rebuild to pick up liburing. (LP: #1914145)
-- Mauricio Faria de Oliveira <email address hidden> Wed, 03 Feb 2021 19:44:54 -0300
-
qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable, includes fixes for
- qemu-user-static are partially dynamically linked (LP: #1908331)
- qemu crashing when using spice without qemu-system-gui being
installed (LP: #1908577)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
- d/rules: Drop generating package version into maintainer scripts
- d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
the bad old prerm (LP 1906245 1905377)
- d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
ld usage of -no-pie (LP 1907789)
-- Christian Ehrhardt <email address hidden> Tue, 05 Jan 2021 12:43:42 +0100
-
qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable
- includes fix for CVE-2020-17380
- includes a fix for s390x PCI device reset (LP: #1907656)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
- d/rules: Drop generating package version into maintainer scripts
- d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
the bad old prerm (LP 1906245 1905377)
* Dropped Changes:
- d/control, d/rules: build with gcc-9 on armhf as workaround until
resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
fails]
* Added Changes:
- Refreshed ubuntu machine types for hirsute@5.2
- d/control: regenerated from d/control-in
- d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
ld usage of -no-pie (LP: #1907789)
qemu (1:5.2+dfsg-2) unstable; urgency=medium
* move ui-opengl.so module from qemu-system-gui to qemu-system-common,
as other modules want it (Closes: #976996, #977022)
* do not install dropped ppc64abi32 binfmt for qemu-user[-static]
(Closes: #977015)
qemu (1:5.2+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #965978, CVE-2020-15859 (22dc8663d9fc7baa22100544c600b6285a63c7a3)
Closes: #970539, CVE-2020-25084 (21bc31524e8ca487e976f713b878d7338ee00df2)
Closes: #970540, CVE-2020-25085 (dfba99f17feb6d4a129da19d38df1bcd8579d1c3)
Closes: #970541, CVE-2020-25624 (1328fe0c32d5474604105b8105310e944976b058)
Closes: #970542, CVE-2020-25625 (1be90ebecc95b09a2ee5af3f60c412b45a766c4f)
Closes: #974687, CVE-2020-25707 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
Closes: #975276, CVE-2020-25723 (2fdb42d840400d58f2e706ecca82c142b97bcbd6)
Closes: #975265, CVE-2020-27616 (ca1f9cbfdce4d63b10d57de80fef89a89d92a540)
Closes: #973324, CVE-2020-27617 (7564bf7701f00214cdc8a678a9f7df765244def1)
Closes: #972864, CVE-2020-27661 (bea2a9e3e00b275dc40cfa09c760c715b8753e03)
Closes: CVE-2020-27821 (1370d61ae3c9934861d2349349447605202f04e9)
Closes: #976388, CVE-2020-28916 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
* remove obsolete patches
* refresh use-fixed-data-path.patch and debian/get-orig-source.sh
* bump minimum meson version required for build to 0.55.3
* update build rules for several components
* remove deprecated lm32 and unicore32 system emulators
* remove deprecated ppc64abi32 and tilegx linux-user emulators
* install ui-spice-core.so & chardev-spice.so in qemu-system-common
* install ui-egl-headless.so in qemu-system-common
* install hw-display-virtio-*.so in qemu-system-common
* install ui-opengl.so in qemu-system-gui
* install qemu-pr-helper.8 in qemu-system-common
* qemu-pr-helper moved to usr/bin/ again
* qboot.rom renamed from bios-microvm.bin
* remove several unused lintian overrides
* add spelling.diff patch to fix a few spelling errors
* update Standards-Version to 4.5.1
* fix a few trailing whitespaces in d/control and d/changelog
* require libcapstone >= 4.0.2 (v4) for build
-- Christian Ehrhardt <email address hidden> Wed, 09 Dec 2020 16:44:47 +0100
-
qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium
* d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
the bad old prerm (LP: #1906245)
-- Christian Ehrhardt <email address hidden> Mon, 30 Nov 2020 12:53:03 +0100
-
qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium
* Fix upgrade module handling (LP: #1905377)
This was accetped in a slightly different form in qemu_5.0-6 and therefore
allows to drop some former delta that is now conflicting.
Ubuntu still keeps enabling --enable-module-upgrades, but only for
qemu-xen which doesn't exist in Debian
- Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
- d/rules: Drop generating package version into maintainer scripts
-- Christian Ehrhardt <email address hidden> Tue, 24 Nov 2020 11:16:01 +0100
-
qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
* Merge with Debian testing, remaining changes:
Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/control: regenerate debian/control out of control-in
* Dropped changes [in Debian or no more needed]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- Pick further changes for groovy from debian/master since 5.0-5
- ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
- revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
- exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
- megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
- megasas-use-unsigned-type-for-positive-numeric-fields.patch
- megasas-fix-possible-out-of-bounds-array-access.patch
- nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
- es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
- a few patches from the stable series:
- fix-tulip-breakage.patch
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
- acpi-tmr-allow-2-byte-reads.patch
- reapply CVE-2020-13253 fixes from upstream
- linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
- linux-user-add-netlink-RTM_SETLINK-command.patch
- d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
- qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
- acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
- acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
- xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
- do not install outdated (0.12 and before) Changelog
- xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
- sm501 OOB read/write due to integer overflow in sm501_2d_operation()
- riscv-allow-64-bit-access-to-SiFive-CLINT.patch
another fix for revert-memory-accept-.. CVE-2020-13754
- seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
- d/control-in: build-dep libcap is no more needed
- arch aware kvm wrappers
[upstream now automatically enables KVM if available and called with
kvm* name, provides KVM as before but with auto-fallback to tcg.
Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
* Dropped changes [upstream now]
- d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
setup_len
- d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
- d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
- d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
from vfio-ccw (LP 1887935)
- fix qemu-user-static initialization to allow executing systemd (LP 1890881)
- fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
- d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
SQXBR (LP 1883984)
- d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
- d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
environments (LP 1887763)
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
- update d/p/ubuntu/lp-1835546-* to the final versions
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
* Added Changes:
- update ubuntu machine types for hirsute@5.1
- d/control: regenerated from d/control-in
- d/control, d/rules: build with gcc-9 on armhf as workaround until
resolved in gcc-10 (LP: 1890435)
qemu (1:5.1+dfsg-4) unstable; urgency=high
* mention closing of CVE-2020-16092 by 5.1
* usb-fix-setup_len-init-CVE-2020-14364.patch
Closes: #968947, CVE-2020-14364
(OOB r/w access in USB emulation)
qemu (1:5.1+dfsg-3) unstable; urgency=medium
* fix one more issue in last upload. This is what happens when
you do "obvious" stuff in a hurry without proper testing..
qemu (1:5.1+dfsg-2) unstable; urgency=medium
* fix brown-paper bag bug in last upload
qemu (1:5.1+dfsg-1) unstable; urgency=medium
* hw-display-qxl.so depends on spice so install it
only if it is built just like ui-spice-app
* note #931046 for libfdt
qemu (1:5.1+dfsg-0exp1) experimental; urgency=medium
* new upstream release 5.1.0. Make source DFSG-clean again
Closes: #968088
Closes: CVE-2020-16092 (net_tx_pkt_add_raw_fragment in e1000e & vmxnet3)
* remove all patches which are applied upstream
* do not install non-existing doc/qemu/*-ref.*
* qemu-pr-helper is now in /usr/lib/qemu not /usr/bin
* virtfs-proxy-helper is in /usr/lib/qemu now, not /usr/bin
* new architecture: qemu-system-avr
* refresh d/get-orig-source.sh
* d/get-orig-source.sh: report already removed files in dfsg-clean
* install common modules in qemu-system-common
* lintian tag renamed: shared-lib-without-dependency-information to
shared-library-lacks-prerequisites
qemu (1:5.0-14) unstable; urgency=high
* this is a bugfix release before breaking toys with the new upstream
* riscv-allow-64-bit-access-to-SiFive-CLINT.patch
(another fix for revert-memory-accept-..-CVE-2020-13754)
* install /usr/lib/*/qemu/ui-curses.so in qemu-system-common
Closes: #966517
qemu (1:5.0-13) unstable; urgency=medium
* seabios-hppa-fno-ipa-sra.patch
fix ftbfs with gcc-10
qemu (1:5.0-12) unstable; urgency=medium
* acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
* xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
* do not install outdated (0.12 and before) Changelog (Closes: #965381)
* xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
* sm501 OOB read/write due to integer overflow in sm501_2d_operation()
List of patches:
sm501-convert-printf-abort-to-qemu_log_mask.patch
sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
sm501-use-BIT-macro-to-shorten-constant.patch
sm501-clean-up-local-variables-in-sm501_2d_operation.patch
sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
Closes: #961451, CVE-2020-12829
qemu (1:5.0-11) unstable; urgency=high
* d/control-in: only enable opengl (libdrm&Co) on linux
* d/control-in: spice: drop versioned deps (even jessie version is enough),
drop libspice-protocol-dev (automatically pulled by libspice-server-dev),
and build on more architectures
* change from debhelper versioned dependency to debhelper-compat (=12)
* acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
Urgency = high due to this issue.
qemu (1:5.0-10) unstable; urgency=medium
* fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x)
* use the same $(if) construct to simplify #ifdeffery
qemu (1:5.0-9) unstable; urgency=medium
* move kvm executable/script from qemu-kvm to qemu-system-foo,
make it multi-arch, and remove qemu-kvm package
* remove libcacard leftovers from d/.gitignore
* linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
(Closes: #965109)
* linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
* libudev is linux-specific, do not build-depend on it
on kfreebsd and others
* install virtiofsd in d/rules (!sparc64) instead of
d/qemu-system-common.install (fixes FTBFS on sparc64)
* confirm -static-pie not working today still
* d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
* qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
* build all modules since there are modules anyway,
no need to hack them in d/rules
* fix spelling in a patch name/subject inlast upload
* d/rules: do not use dh_install and dh_movefiles for individual
pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files
listed in d/foo.install too, in addition to given on command-line
* remove trailing whitespace from d/changelog
qemu (1:5.0-8) unstable; urgency=medium
* d/control: rdma is linux-only, do not enable it on kfreebsd & hurd
* add comment about virtiofsd conditional to d/qemu-system-common.install
Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing
seccomp onn that platform, we should either make virtiofsd conditional
(!sparc64) or fix seccomp on sparc64 and build-depend on it
* openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466)
* seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467)
* slof-remove-user-and-host-from-release-version.patch (Closes: #963472)
* slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470)
* update previous changelog, mention #945997
* reapply CVE-2020-13253 fixed from upstream:
sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
Closes: #961297, CVE-2020-13253
qemu (1:5.0-7) unstable; urgency=medium
* Revert "d/rules: report config log from the correct subdir - base build"
* Revert "d/rules: report config log from the correct subdir - microvm build"
* acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
* remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch -
upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253)
* explicitly specify --enable-tools on hppa and do the same trick
with --enable-tcg-interpreter --enable-tools on a few other unsupported
arches (Closes: #964372, #945997)
qemu (1:5.0-6) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture
* d/rules: makefile definitions can't be recursive - sys_systems for s390x
* d/rules: report config log from the correct subdir - base build
* d/rules: report config log from the correct subdir - microvm build
* d/control-in: disable rbd support unavailable on riscv
* fix assert in qemu guest agent that crashes on shutdown (LP: #1878973)
* d/control-in: build-dep libcap is no more needed
* d/rules: update -spice compat (Ubuntu only)
[ Michael Tokarev ]
* save block modules on upgrades (LP: #1847361)
After upgrade a still running qemu of a former version can't load the
new modules e.g. for extended storage support. Qemu 5.0 has the code to
allow defining a path that it will load these modules from.
* ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
infinite recursion via a crafted mm_index value during
ati_mm_read or ati_mm_write call.
* revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
* exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
* megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
* megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
* megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
* nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
This flaw occurs when an nbd-client sends a spec-compliant request that is
near the boundary of maximum permitted request length. A remote nbd-client
could use this flaw to crash the qemu-nbd server resulting in a DoS.
* es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
properly validate the frame count, which allows guest OS users to trigger
an out-of-bounds access during an es1370_write() operation
* sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated
address, which leads to an out-of-bounds read during sdhci_write()
operations. A guest OS user can crash the QEMU process.
And a preparational patch,
sdcard-update-coding-style-to-make-checkpatch-happy.patch
* a few patches from the stable series:
- fix-tulip-breakage.patch
The tulip network driver in a qemu-system-hppa emulation is broken in
the sense that bigger network packages aren't received any longer and
thus even running e.g. "apt update" inside the VM fails. Fix this.
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
[ Aurelien Jarno ]
* Remove myself from maintainers
-- Christian Ehrhardt <email address hidden> Thu, 29 Oct 2020 12:37:31 +0100
-
qemu (1:5.0-5ubuntu11) hirsute; urgency=medium
* d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
machine type to match how it originally was released (LP: #1902654)
-- Christian Ehrhardt <email address hidden> Mon, 09 Nov 2020 08:19:07 +0100
-
qemu (1:5.0-5ubuntu10) hirsute; urgency=medium
* No-change rebuild for brltty soname change.
-- Matthias Klose <email address hidden> Mon, 02 Nov 2020 16:59:33 +0100
-
qemu (1:5.0-5ubuntu9) groovy; urgency=medium
* d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
setup_len
CVE-2020-14364
-- Christian Ehrhardt <email address hidden> Tue, 22 Sep 2020 16:53:18 +0200
